1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

telling UAC to run certain apps

Discussion in 'Windows 7' started by Jeff@couldbeinvalid.com, Jan 21, 2010.

  1. Jeff@couldbeinvalid.com

    Jeff@couldbeinvalid.com Flightless Bird

    I'm new to 7 so please bear with me.
    Everytime I run an app, UAC asks me if it is OK to run it. How do I
    tell it that I uses certain apps all the time and the answer will always
    be the same for these apps?

    Jeff
     
  2. Dave-UK

    Dave-UK Flightless Bird

    <Jeff@couldbeinvalid.com> wrote in message news:qC16n.2127$RS6.694@newsfe15.iad...
    > I'm new to 7 so please bear with me.
    > Everytime I run an app, UAC asks me if it is OK to run it. How do I
    > tell it that I uses certain apps all the time and the answer will always
    > be the same for these apps?
    >
    > Jeff


    You can't. All you can do is adjust the UAC settings to your liking.
    Control Panel > User Accounts > Change User Accounts Control settings.
    ( You may have to re-boot, depending on where you set it.)
     
  3. Jeff@couldbeinvalid.com

    Jeff@couldbeinvalid.com Flightless Bird

    On 1/21/2010 3:15 PM, Dave-UK wrote:
    >
    > <Jeff@couldbeinvalid.com> wrote in message
    > news:qC16n.2127$RS6.694@newsfe15.iad...
    >> I'm new to 7 so please bear with me.
    >> Everytime I run an app, UAC asks me if it is OK to run it. How do I
    >> tell it that I uses certain apps all the time and the answer will
    >> always be the same for these apps?
    >>
    >> Jeff

    >
    > You can't. All you can do is adjust the UAC settings to your liking.
    > Control Panel > User Accounts > Change User Accounts Control settings.
    > ( You may have to re-boot, depending on where you set it.)
    >
    >
    >

    That's kind of dumb. One would think it would work like a firewall does.
     
  4. Dave-UK

    Dave-UK Flightless Bird

    <Jeff@couldbeinvalid.com> wrote in message news:vU26n.47$BV.21@newsfe07.iad...
    > On 1/21/2010 3:15 PM, Dave-UK wrote:
    >>
    >> <Jeff@couldbeinvalid.com> wrote in message
    >> news:qC16n.2127$RS6.694@newsfe15.iad...
    >>> I'm new to 7 so please bear with me.
    >>> Everytime I run an app, UAC asks me if it is OK to run it. How do I
    >>> tell it that I uses certain apps all the time and the answer will
    >>> always be the same for these apps?
    >>>
    >>> Jeff

    >>
    >> You can't. All you can do is adjust the UAC settings to your liking.
    >> Control Panel > User Accounts > Change User Accounts Control settings.
    >> ( You may have to re-boot, depending on where you set it.)
    >>
    >>
    >>

    > That's kind of dumb. One would think it would work like a firewall does.


    It isn't dumb; if you could select various programs to go on a list to by-pass security
    then a malware author could add a virus to that list.
    If there is no list then there is no loophole.
    You can always turn off UAC, but then you would be back running like XP. Only you
    know your level of expertise in dealing with any malware that may come your way.
     
  5. DanS

    DanS Flightless Bird

    >>>> I'm new to 7 so please bear with me.
    >>>> Everytime I run an app, UAC asks me if it is OK to run it. How do I
    >>>> tell it that I uses certain apps all the time and the answer will
    >>>> always be the same for these apps?
    >>>>
    >>>> Jeff
    >>>
    >>> You can't. All you can do is adjust the UAC settings to your liking.
    >>> Control Panel > User Accounts > Change User Accounts Control
    >>> settings. ( You may have to re-boot, depending on where you set it.)
    >>>
    >>>
    >>>

    >> That's kind of dumb. One would think it would work like a firewall
    >> does.

    >
    > It isn't dumb; if you could select various programs to go on a list to
    > by-pass security then a malware author could add a virus to that list.
    > If there is no list then there is no loophole.


    Actually, the list could be UAC protected too, so that doesn't really
    apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
    checksum) the exe file and if it changed, then UAC could pop up a warning
    saying 'this previously allowed program has changed'.......

    There.....problem solved.....and not very hard either.
     
  6. Jeff@couldbeinvalid.com

    Jeff@couldbeinvalid.com Flightless Bird

    On 1/21/2010 4:40 PM, DanS wrote:
    >>>>> I'm new to 7 so please bear with me.
    >>>>> Everytime I run an app, UAC asks me if it is OK to run it. How do I
    >>>>> tell it that I uses certain apps all the time and the answer will
    >>>>> always be the same for these apps?
    >>>>>
    >>>>> Jeff
    >>>>
    >>>> You can't. All you can do is adjust the UAC settings to your liking.
    >>>> Control Panel> User Accounts> Change User Accounts Control
    >>>> settings. ( You may have to re-boot, depending on where you set it.)
    >>>>
    >>>>
    >>>>
    >>> That's kind of dumb. One would think it would work like a firewall
    >>> does.

    >>
    >> It isn't dumb; if you could select various programs to go on a list to
    >> by-pass security then a malware author could add a virus to that list.
    >> If there is no list then there is no loophole.

    >
    > Actually, the list could be UAC protected too, so that doesn't really
    > apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
    > checksum) the exe file and if it changed, then UAC could pop up a warning
    > saying 'this previously allowed program has changed'.......
    >
    > There.....problem solved.....and not very hard either.

    You beat me to it. As a lonmg time user of ZA that was exactly what I
    was thinking.
    Jeff
     
  7. DanS

    DanS Flightless Bird

    >>>> That's kind of dumb. One would think it would work like a firewall
    >>>> does.
    >>>
    >>> It isn't dumb; if you could select various programs to go on a list
    >>> to by-pass security then a malware author could add a virus to that
    >>> list. If there is no list then there is no loophole.

    >>
    >> Actually, the list could be UAC protected too, so that doesn't really
    >> apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
    >> checksum) the exe file and if it changed, then UAC could pop up a
    >> warning saying 'this previously allowed program has changed'.......
    >>
    >> There.....problem solved.....and not very hard either.


    > You beat me to it. As a lonmg time user of ZA that was exactly what I
    > was thinking.
    > Jeff


    Yes, I've used ZA for a long time too. One reason I had used it was
    because back when, it was a firewall. That was it. Then all the
    'security' vendors started to release all these 'security suites' which
    included this, that, the other thing, *and* the kitchen sink.

    ZoneLabs then did that too, but at the same time, relegated the firewall-
    only product to be a free for home use program.

    You can't beat that.
     
  8. Joel

    Joel Flightless Bird

    DanS <t.h.i.s.n.t.h.a.t@r.o.a.d.r.u.n.n.e.r.c.o.m> wrote:

    >"Dave-UK" <Here@Home.com> wrote:
    >
    >> It isn't dumb; if you could select various programs to go on a list to
    >> by-pass security then a malware author could add a virus to that list.
    >> If there is no list then there is no loophole.

    >
    >Actually, the list could be UAC protected too, so that doesn't really
    >apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
    >checksum) the exe file and if it changed, then UAC could pop up a warning
    >saying 'this previously allowed program has changed'.......
    >
    >There.....problem solved.....and not very hard either.



    Dave was right. The whole point of UAC would be defeated by using
    (which btw would be something far beyond MD5) cryptographic lists.
    Setting permissions on individual folders, and tolerating other
    dimensions of UAC, is the viable way to coexist with UAC - which I
    don't necessarily think is a bad idea. I prefer the 2K/XP way, but I
    also ran them for the last 10 years.

    --
    Joel Crump
     
  9. Dave-UK

    Dave-UK Flightless Bird


    > On 1/21/2010 4:40 PM, DanS wrote:
    >>>
    >>> It isn't dumb; if you could select various programs to go on a list to
    >>> by-pass security then a malware author could add a virus to that list.
    >>> If there is no list then there is no loophole.

    >>
    >> Actually, the list could be UAC protected too, so that doesn't really
    >> apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
    >> checksum) the exe file and if it changed, then UAC could pop up a warning
    >> saying 'this previously allowed program has changed'.......
    >>
    >> There.....problem solved.....and not very hard either.



    I only see your posts in other peoples replies as you are in my kill file.
    Probably because you reply to Alias, Yanaire, Frank or the other trolls.
    I don't know enough about UAC to offer you a technical argument but if you
    think you have a valid point about UAC you can always e-mail your suggestions
    to a man who, I think, will listen, Mark Russinovich.

    Inside Windows 7 User Account Control.
    Mark Russinovich.
    http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx
     
  10. Ken1943

    Ken1943 Flightless Bird

    On Thu, 21 Jan 2010 14:08:03 -0500, "Jeff@couldbeinvalid.com"
    <Jeff@couldbeinvalid.com> wrote:

    >I'm new to 7 so please bear with me.
    >Everytime I run an app, UAC asks me if it is OK to run it. How do I
    >tell it that I uses certain apps all the time and the answer will always
    >be the same for these apps?
    >
    >Jeff

    Was reading about a way using Task Schedular, but did not get into it
    further. I have UAC turned off !


    KenW
     
  11. DanS

    DanS Flightless Bird

    Joel <joelcrump@gmail.com> wrote in
    news:eek:lgil591m99l2nija5jiictalke59q96du@4ax.com:

    > DanS <t.h.i.s.n.t.h.a.t@r.o.a.d.r.u.n.n.e.r.c.o.m> wrote:
    >
    >>"Dave-UK" <Here@Home.com> wrote:
    >>
    >>> It isn't dumb; if you could select various programs to go on a list
    >>> to by-pass security then a malware author could add a virus to that
    >>> list. If there is no list then there is no loophole.

    >>
    >>Actually, the list could be UAC protected too, so that doesn't really
    >>apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
    >>checksum) the exe file and if it changed, then UAC could pop up a
    >>warning saying 'this previously allowed program has changed'.......
    >>
    >>There.....problem solved.....and not very hard either.

    >
    >
    > Dave was right. The whole point of UAC would be defeated by using
    > (which btw would be something far beyond MD5) cryptographic lists.


    The list (in the registry ?) doesn't need to be encrypted. It just needs
    to be UAC protected, like much of the registry is now. And the MD5 hash
    is just of the exe file. The hash is created, and stored in the UAC
    protected area of the registry. When the program is launced, UAC would
    check its list, and rehash the exe file. If the hash is still the same as
    as when the UAC exception was created, it will run the app. If the hash
    has changed, that means something changed the exe file, UAC will report
    this, and the exe will not run w/o the UAC prompt.

    I fail to see how that defeats anything. We can agree to disagree, and
    leave it at that.
     
  12. Thip

    Thip Flightless Bird

    "Ken1943" <kenw@no295no.net> wrote in message
    news:rjvil5dbg857rt1r5atcn0882mlh16ht9h@4ax.com...
    > On Thu, 21 Jan 2010 14:08:03 -0500, "Jeff@couldbeinvalid.com"
    > <Jeff@couldbeinvalid.com> wrote:
    >
    >>I'm new to 7 so please bear with me.
    >>Everytime I run an app, UAC asks me if it is OK to run it. How do I
    >>tell it that I uses certain apps all the time and the answer will always
    >>be the same for these apps?
    >>
    >>Jeff

    > Was reading about a way using Task Schedular, but did not get into it
    > further. I have UAC turned off !
    >
    >
    > KenW


    Me too. I hate it.
     
  13. Joel

    Joel Flightless Bird

    DanS <t.h.i.s.n.t.h.a.t@r.o.a.d.r.u.n.n.e.r.c.o.m> wrote:

    >>>Actually, the list could be UAC protected too, so that doesn't really
    >>>apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
    >>>checksum) the exe file and if it changed, then UAC could pop up a
    >>>warning saying 'this previously allowed program has changed'.......

    >>
    >> Dave was right. The whole point of UAC would be defeated by using
    >> (which btw would be something far beyond MD5) cryptographic lists.

    >
    >The list (in the registry ?) doesn't need to be encrypted.



    The MD5 (or other algorithm) hash is cryptographic - I wasn't
    referring to any specific method of storing the allowed-programs list.


    > It just needs
    >to be UAC protected, like much of the registry is now. And the MD5 hash
    >is just of the exe file. The hash is created, and stored in the UAC
    >protected area of the registry. When the program is launced, UAC would
    >check its list, and rehash the exe file. If the hash is still the same as
    >as when the UAC exception was created, it will run the app. If the hash
    >has changed, that means something changed the exe file, UAC will report
    >this, and the exe will not run w/o the UAC prompt.
    >
    >I fail to see how that defeats anything. We can agree to disagree, and
    >leave it at that.



    I'm not suggesting that you couldn't have software to use the
    technique you describe - but that it wouldn't relate to the purpose of
    UAC. The more exceptions you have to it, the more potential for
    breaking it. And in this particular case, it'd be more of a total
    backdoor than an exception - UAC is meant to give human interaction by
    an authorized user, to approve potentially unsafe behavior.

    Personally, I don't see the point of it, but it is necessary if one
    wants the kind of file-system protection (and OS-settings monitoring)
    that advanced operating systems are capable of. It would still be
    possible to tweak one's system to avoid most UAC prompts, without just
    disabling it and file-system protection altogether (but I'm glad that
    they allow me to do that if I choose to).

    --
    Joel Crump
     

Share This Page