Is there a way to remember a trusted program ...

Is there a way to have UAC remember a program I trust so that it won't popup
the UAC consent window everytime I start it?

I'm trying to load on startup 'Process Explorer' but I can since it requires
permission.

If the procedure to have a program load on startup is different than not
having the UAC window popup, I'd like to know for the popup as well since
there are other software that I would allow without question (unless they
change of course).

Thx in advance
--
Rej

Found out you can't do it.. sorry for the bother.

P.S. hope they add a feature that would allow us to remember trusted
programs until they get changed or modified.. pretty much every firewalls I
know have this feature. SP1 anyone?

--
Rej


"Rej" wrote:

Quote:

> Is there a way to have UAC remember a program I trust so that it won't popup
> the UAC consent window everytime I start it?
>
> I'm trying to load on startup 'Process Explorer' but I can since it requires
> permission.
>
> If the procedure to have a program load on startup is different than not
> having the UAC window popup, I'd like to know for the popup as well since
> there are other software that I would allow without question (unless they
> change of course).
>
> Thx in advance
> --
> Rej

Rej

If this were possible, it would make UAC useless. This would open a
vulnerability path that could be used to compromise the system since any
malicious program would be able to piggyback on the program that is
automatically granted system wide privileges.

--

Ronnie Vernon
Microsoft MVP
Windows Shell/User


"Rej" <Rej@discussions.microsoft.com> wrote in message
news:05BFEE09-7C1F-484F-BA2B-B49D0EA8F798@microsoft.com...

Quote:

> Is there a way to have UAC remember a program I trust so that it won't
> popup
> the UAC consent window everytime I start it?
>
> I'm trying to load on startup 'Process Explorer' but I can since it
> requires
> permission.
>
> If the procedure to have a program load on startup is different than not
> having the UAC window popup, I'd like to know for the popup as well since
> there are other software that I would allow without question (unless they
> change of course).
>
> Thx in advance
> --
> Rej

[QRtSH]

Quote:

> Re: Is there a way to remember a trusted program ...

....without malware being able to set itself as "trusted"?

Be careful what you wish for...

Quote:

>------------------------------------ ---- --- -- - - - -

"For every complex question, there's a simple
answer - and it's wrong." H.L. Mencken

Quote:

>------------------------------------ ---- --- -- - - - -

Rej wrote:

Quote:

> Found out you can't do it.. sorry for the bother.
>
> P.S. hope they add a feature that would allow us to remember trusted
> programs until they get changed or modified.. pretty much every firewalls I
> know have this feature. SP1 anyone?
>

This will not happen.

UAC is not a firewall.

The prompt is not just asking if you trust the program, but if you are
the one running it.

If it did not prompt, then any program could launch the trusted program
and use it against you.

For example, if you trusted a program that wiped all of the data from
your computer to not prompt, then any program, even programs that you do
not start or do not prompt, could launch that program and wipe data off
of your computer.


--
-JB
Microsoft MVP - Windows Shell/User
Windows Vista Support FAQ - http://www.jimmah.com/vista/

Ron,

Well, if I understand how Comodo Firewall Pro works, any program that tried
to access the internet had to do so *exactly* as it was at the time you
allowed it and asked to remember it.

So, if someone injects code into its memory space, Comodo will detect that
and stop the access and re-ask you for the access.. explaining why too. This
happens also for tons of reasons..
- Different parent (caller of application.. if it's not me, then it would
let me know),
- dll was hooked to app, it will detect that as well and ask
- etc etc.

To me, those seem to be the necessary security features that UAC could use
as well (with preferred/trusted app if that was included). This way, *noone
else* could start an app.. (different parent). If the app gets modified *in
any way*, it'd get blocked as well... etc

Thinking on this while I'm writing this, what if an app gets changed by a
virus while I'm using XP and then when I'm back to Vista, using the same app,
AND being the original user that ask it to start, I'd get the same UAC popup
and I'd tend to say -- ok continue -- without thinking twice about it... but
with the Comodo way, it would *know* that the program was modified in some
way and would tell me so.

Somethings to think about

REgards...
--
Rej


"Ronnie Vernon MVP" wrote:

Quote:

> Rej
>
> If this were possible, it would make UAC useless. This would open a
> vulnerability path that could be used to compromise the system since any
> malicious program would be able to piggyback on the program that is
> automatically granted system wide privileges.
>
> --
>
> Ronnie Vernon
> Microsoft MVP
> Windows Shell/User
>
>
> "Rej" <Rej@discussions.microsoft.com> wrote in message
> news:05BFEE09-7C1F-484F-BA2B-B49D0EA8F798@microsoft.com...

Quote:

>

Jimmy,

I hear ya on this, but check my answer to Ron below for my arguments.

Regards...
--
Rej


"Jimmy Brush" wrote:

Quote:

> Rej wrote:

Quote:

>
> This will not happen.
>
> UAC is not a firewall.
>
> The prompt is not just asking if you trust the program, but if you are
> the one running it.
>
> If it did not prompt, then any program could launch the trusted program
> and use it against you.
>
> For example, if you trusted a program that wiped all of the data from
> your computer to not prompt, then any program, even programs that you do
> not start or do not prompt, could launch that program and wipe data off
> of your computer.
>
>
> --
> -JB
> Microsoft MVP - Windows Shell/User
> Windows Vista Support FAQ - http://www.jimmah.com/vista/
>

c,

Aye, I hear you there .. there have been occasions in my life where I got
what I wished for and it didn't always turn out the way I anticipated

But what I'm hoping for is simply an easier way to manage the security (for
the users). I see tons of messages on the forums about how people are tired
to always have to click on the 'continue' button. To me, this is an
indication that perhaps ways should be found to alleviate the repeatedness
(spelling? -- french Canadadian here of the process.

See my post to Ron about what I said about how Comodo manages it's
protection. Although it's a firewall, they did implement some very solid
security features.

Btw, I don't work or am I in any way affiliated to them.. I was just
impressed with their implementations and thought I'd share it since it
*might* reflect hte subject matter.

Regards....

--
Rej


"cquirke (MVP Windows shell/user)" wrote:

Quote:

> [QRtSH]
>

Quote:

> ....without malware being able to set itself as "trusted"?
>
> Be careful what you wish for...
>
>
>

Quote:

> "For every complex question, there's a simple
> answer - and it's wrong." H.L. Mencken

Quote:

>

Ron,

Forgot to mention that the 'same app' used on both Xp and Vista is currently
Process Explorer and AutoRuns from SysInternals. Since they don't have
installers, I use the same .exes for both operating systems.

--
Rej


"Rej" wrote:

Quote:

> Ron,
>
> Well, if I understand how Comodo Firewall Pro works, any program that tried
> to access the internet had to do so *exactly* as it was at the time you
> allowed it and asked to remember it.
>
> So, if someone injects code into its memory space, Comodo will detect that
> and stop the access and re-ask you for the access.. explaining why too. This
> happens also for tons of reasons..
> - Different parent (caller of application.. if it's not me, then it would
> let me know),
> - dll was hooked to app, it will detect that as well and ask
> - etc etc.
>
> To me, those seem to be the necessary security features that UAC could use
> as well (with preferred/trusted app if that was included). This way, *noone
> else* could start an app.. (different parent). If the app gets modified *in
> any way*, it'd get blocked as well... etc
>
> Thinking on this while I'm writing this, what if an app gets changed by a
> virus while I'm using XP and then when I'm back to Vista, using the same app,
> AND being the original user that ask it to start, I'd get the same UAC popup
> and I'd tend to say -- ok continue -- without thinking twice about it... but
> with the Comodo way, it would *know* that the program was modified in some
> way and would tell me so.
>
> Somethings to think about
>
> REgards...
> --
> Rej
>
>
> "Ronnie Vernon MVP" wrote:
>

Quote:

Rej wrote:

Quote:

> Ron,
>
> Forgot to mention that the 'same app' used on both Xp and Vista is currently
> Process Explorer and AutoRuns from SysInternals. Since they don't have
> installers, I use the same .exes for both operating systems.
>

So, you're saying that UAC should remember what program launched the
admin program, and then only prompt if a different program tries to
launch the program?

That's a good idea.

Unfortunately, it 1) still doesn't ensure that *you* are the one
launching the program, it just ensures that a certain program is doing
the launching, and 2) it is not yet possible for the system to make that
assurance.

For example, let's say you launch a program from the start menu that you
want to always elevate without asking.

That's all well and good, and it seems like a reasonable tradeoff
between security and usability, but in reality it only appears so.

It is trivial to run code in the process of explorer, and really in any
process that lives in the same privilege level, and its not merely a
matter of "checksumming the file" to verify it hasn't been changed,
there are ways to get code to run inside of a process that wouldn't be
detectable using that method.

It's not just about you trusting the program, but just as much if not
more about ensuring that you are the one starting it.

I do think it is possible to do this without a prompt; however, the
problem is much more challenging than it appears at first glance .

--
-JB
Microsoft MVP - Windows Shell/User
Windows Vista Support FAQ - http://www.jimmah.com/vista/