• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

telling UAC to run certain apps

  • Thread starter Jeff@couldbeinvalid.com
  • Start date
J

Jeff@couldbeinvalid.com

Flightless Bird
I'm new to 7 so please bear with me.
Everytime I run an app, UAC asks me if it is OK to run it. How do I
tell it that I uses certain apps all the time and the answer will always
be the same for these apps?

Jeff
 
D

Dave-UK

Flightless Bird
<Jeff@couldbeinvalid.com> wrote in message news:qC16n.2127$RS6.694@newsfe15.iad...
> I'm new to 7 so please bear with me.
> Everytime I run an app, UAC asks me if it is OK to run it. How do I
> tell it that I uses certain apps all the time and the answer will always
> be the same for these apps?
>
> Jeff


You can't. All you can do is adjust the UAC settings to your liking.
Control Panel > User Accounts > Change User Accounts Control settings.
( You may have to re-boot, depending on where you set it.)
 
J

Jeff@couldbeinvalid.com

Flightless Bird
On 1/21/2010 3:15 PM, Dave-UK wrote:
>
> <Jeff@couldbeinvalid.com> wrote in message
> news:qC16n.2127$RS6.694@newsfe15.iad...
>> I'm new to 7 so please bear with me.
>> Everytime I run an app, UAC asks me if it is OK to run it. How do I
>> tell it that I uses certain apps all the time and the answer will
>> always be the same for these apps?
>>
>> Jeff

>
> You can't. All you can do is adjust the UAC settings to your liking.
> Control Panel > User Accounts > Change User Accounts Control settings.
> ( You may have to re-boot, depending on where you set it.)
>
>
>

That's kind of dumb. One would think it would work like a firewall does.
 
D

Dave-UK

Flightless Bird
<Jeff@couldbeinvalid.com> wrote in message news:vU26n.47$BV.21@newsfe07.iad...
> On 1/21/2010 3:15 PM, Dave-UK wrote:
>>
>> <Jeff@couldbeinvalid.com> wrote in message
>> news:qC16n.2127$RS6.694@newsfe15.iad...
>>> I'm new to 7 so please bear with me.
>>> Everytime I run an app, UAC asks me if it is OK to run it. How do I
>>> tell it that I uses certain apps all the time and the answer will
>>> always be the same for these apps?
>>>
>>> Jeff

>>
>> You can't. All you can do is adjust the UAC settings to your liking.
>> Control Panel > User Accounts > Change User Accounts Control settings.
>> ( You may have to re-boot, depending on where you set it.)
>>
>>
>>

> That's kind of dumb. One would think it would work like a firewall does.


It isn't dumb; if you could select various programs to go on a list to by-pass security
then a malware author could add a virus to that list.
If there is no list then there is no loophole.
You can always turn off UAC, but then you would be back running like XP. Only you
know your level of expertise in dealing with any malware that may come your way.
 
D

DanS

Flightless Bird
>>>> I'm new to 7 so please bear with me.
>>>> Everytime I run an app, UAC asks me if it is OK to run it. How do I
>>>> tell it that I uses certain apps all the time and the answer will
>>>> always be the same for these apps?
>>>>
>>>> Jeff
>>>
>>> You can't. All you can do is adjust the UAC settings to your liking.
>>> Control Panel > User Accounts > Change User Accounts Control
>>> settings. ( You may have to re-boot, depending on where you set it.)
>>>
>>>
>>>

>> That's kind of dumb. One would think it would work like a firewall
>> does.

>
> It isn't dumb; if you could select various programs to go on a list to
> by-pass security then a malware author could add a virus to that list.
> If there is no list then there is no loophole.


Actually, the list could be UAC protected too, so that doesn't really
apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
checksum) the exe file and if it changed, then UAC could pop up a warning
saying 'this previously allowed program has changed'.......

There.....problem solved.....and not very hard either.
 
J

Jeff@couldbeinvalid.com

Flightless Bird
On 1/21/2010 4:40 PM, DanS wrote:
>>>>> I'm new to 7 so please bear with me.
>>>>> Everytime I run an app, UAC asks me if it is OK to run it. How do I
>>>>> tell it that I uses certain apps all the time and the answer will
>>>>> always be the same for these apps?
>>>>>
>>>>> Jeff
>>>>
>>>> You can't. All you can do is adjust the UAC settings to your liking.
>>>> Control Panel> User Accounts> Change User Accounts Control
>>>> settings. ( You may have to re-boot, depending on where you set it.)
>>>>
>>>>
>>>>
>>> That's kind of dumb. One would think it would work like a firewall
>>> does.

>>
>> It isn't dumb; if you could select various programs to go on a list to
>> by-pass security then a malware author could add a virus to that list.
>> If there is no list then there is no loophole.

>
> Actually, the list could be UAC protected too, so that doesn't really
> apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
> checksum) the exe file and if it changed, then UAC could pop up a warning
> saying 'this previously allowed program has changed'.......
>
> There.....problem solved.....and not very hard either.

You beat me to it. As a lonmg time user of ZA that was exactly what I
was thinking.
Jeff
 
D

DanS

Flightless Bird
>>>> That's kind of dumb. One would think it would work like a firewall
>>>> does.
>>>
>>> It isn't dumb; if you could select various programs to go on a list
>>> to by-pass security then a malware author could add a virus to that
>>> list. If there is no list then there is no loophole.

>>
>> Actually, the list could be UAC protected too, so that doesn't really
>> apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
>> checksum) the exe file and if it changed, then UAC could pop up a
>> warning saying 'this previously allowed program has changed'.......
>>
>> There.....problem solved.....and not very hard either.


> You beat me to it. As a lonmg time user of ZA that was exactly what I
> was thinking.
> Jeff


Yes, I've used ZA for a long time too. One reason I had used it was
because back when, it was a firewall. That was it. Then all the
'security' vendors started to release all these 'security suites' which
included this, that, the other thing, *and* the kitchen sink.

ZoneLabs then did that too, but at the same time, relegated the firewall-
only product to be a free for home use program.

You can't beat that.
 
J

Joel

Flightless Bird
DanS <t.h.i.s.n.t.h.a.t@r.o.a.d.r.u.n.n.e.r.c.o.m> wrote:

>"Dave-UK" <Here@Home.com> wrote:
>
>> It isn't dumb; if you could select various programs to go on a list to
>> by-pass security then a malware author could add a virus to that list.
>> If there is no list then there is no loophole.

>
>Actually, the list could be UAC protected too, so that doesn't really
>apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
>checksum) the exe file and if it changed, then UAC could pop up a warning
>saying 'this previously allowed program has changed'.......
>
>There.....problem solved.....and not very hard either.



Dave was right. The whole point of UAC would be defeated by using
(which btw would be something far beyond MD5) cryptographic lists.
Setting permissions on individual folders, and tolerating other
dimensions of UAC, is the viable way to coexist with UAC - which I
don't necessarily think is a bad idea. I prefer the 2K/XP way, but I
also ran them for the last 10 years.

--
Joel Crump
 
D

Dave-UK

Flightless Bird

> On 1/21/2010 4:40 PM, DanS wrote:
>>>
>>> It isn't dumb; if you could select various programs to go on a list to
>>> by-pass security then a malware author could add a virus to that list.
>>> If there is no list then there is no loophole.

>>
>> Actually, the list could be UAC protected too, so that doesn't really
>> apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
>> checksum) the exe file and if it changed, then UAC could pop up a warning
>> saying 'this previously allowed program has changed'.......
>>
>> There.....problem solved.....and not very hard either.



I only see your posts in other peoples replies as you are in my kill file.
Probably because you reply to Alias, Yanaire, Frank or the other trolls.
I don't know enough about UAC to offer you a technical argument but if you
think you have a valid point about UAC you can always e-mail your suggestions
to a man who, I think, will listen, Mark Russinovich.

Inside Windows 7 User Account Control.
Mark Russinovich.
http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx
 
K

Ken1943

Flightless Bird
On Thu, 21 Jan 2010 14:08:03 -0500, "Jeff@couldbeinvalid.com"
<Jeff@couldbeinvalid.com> wrote:

>I'm new to 7 so please bear with me.
>Everytime I run an app, UAC asks me if it is OK to run it. How do I
>tell it that I uses certain apps all the time and the answer will always
>be the same for these apps?
>
>Jeff

Was reading about a way using Task Schedular, but did not get into it
further. I have UAC turned off !


KenW
 
D

DanS

Flightless Bird
Joel <joelcrump@gmail.com> wrote in
news:eek:lgil591m99l2nija5jiictalke59q96du@4ax.com:

> DanS <t.h.i.s.n.t.h.a.t@r.o.a.d.r.u.n.n.e.r.c.o.m> wrote:
>
>>"Dave-UK" <Here@Home.com> wrote:
>>
>>> It isn't dumb; if you could select various programs to go on a list
>>> to by-pass security then a malware author could add a virus to that
>>> list. If there is no list then there is no loophole.

>>
>>Actually, the list could be UAC protected too, so that doesn't really
>>apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
>>checksum) the exe file and if it changed, then UAC could pop up a
>>warning saying 'this previously allowed program has changed'.......
>>
>>There.....problem solved.....and not very hard either.

>
>
> Dave was right. The whole point of UAC would be defeated by using
> (which btw would be something far beyond MD5) cryptographic lists.


The list (in the registry ?) doesn't need to be encrypted. It just needs
to be UAC protected, like much of the registry is now. And the MD5 hash
is just of the exe file. The hash is created, and stored in the UAC
protected area of the registry. When the program is launced, UAC would
check its list, and rehash the exe file. If the hash is still the same as
as when the UAC exception was created, it will run the app. If the hash
has changed, that means something changed the exe file, UAC will report
this, and the exe will not run w/o the UAC prompt.

I fail to see how that defeats anything. We can agree to disagree, and
leave it at that.
 
T

Thip

Flightless Bird
"Ken1943" <kenw@no295no.net> wrote in message
news:rjvil5dbg857rt1r5atcn0882mlh16ht9h@4ax.com...
> On Thu, 21 Jan 2010 14:08:03 -0500, "Jeff@couldbeinvalid.com"
> <Jeff@couldbeinvalid.com> wrote:
>
>>I'm new to 7 so please bear with me.
>>Everytime I run an app, UAC asks me if it is OK to run it. How do I
>>tell it that I uses certain apps all the time and the answer will always
>>be the same for these apps?
>>
>>Jeff

> Was reading about a way using Task Schedular, but did not get into it
> further. I have UAC turned off !
>
>
> KenW


Me too. I hate it.
 
J

Joel

Flightless Bird
DanS <t.h.i.s.n.t.h.a.t@r.o.a.d.r.u.n.n.e.r.c.o.m> wrote:

>>>Actually, the list could be UAC protected too, so that doesn't really
>>>apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
>>>checksum) the exe file and if it changed, then UAC could pop up a
>>>warning saying 'this previously allowed program has changed'.......

>>
>> Dave was right. The whole point of UAC would be defeated by using
>> (which btw would be something far beyond MD5) cryptographic lists.

>
>The list (in the registry ?) doesn't need to be encrypted.



The MD5 (or other algorithm) hash is cryptographic - I wasn't
referring to any specific method of storing the allowed-programs list.


> It just needs
>to be UAC protected, like much of the registry is now. And the MD5 hash
>is just of the exe file. The hash is created, and stored in the UAC
>protected area of the registry. When the program is launced, UAC would
>check its list, and rehash the exe file. If the hash is still the same as
>as when the UAC exception was created, it will run the app. If the hash
>has changed, that means something changed the exe file, UAC will report
>this, and the exe will not run w/o the UAC prompt.
>
>I fail to see how that defeats anything. We can agree to disagree, and
>leave it at that.



I'm not suggesting that you couldn't have software to use the
technique you describe - but that it wouldn't relate to the purpose of
UAC. The more exceptions you have to it, the more potential for
breaking it. And in this particular case, it'd be more of a total
backdoor than an exception - UAC is meant to give human interaction by
an authorized user, to approve potentially unsafe behavior.

Personally, I don't see the point of it, but it is necessary if one
wants the kind of file-system protection (and OS-settings monitoring)
that advanced operating systems are capable of. It would still be
possible to tweak one's system to avoid most UAC prompts, without just
disabling it and file-system protection altogether (but I'm glad that
they allow me to do that if I choose to).

--
Joel Crump
 
Top