Avast WEBforum
Other => General Topics => Topic started by: Go Pack Go on October 14, 2008, 02:41:26 AM
-
Is there much of a point in using WinPatrol if I use Windows Defender on Vista?
-
The programs have different functions.
Winpatrol watches for any changes on your system.
Since this is built into Vista, ( UAC ), Winpatrol isn't really needed IMHO.
-
Since this is built into Vista, ( UAC ), Winpatrol isn't really needed IMHO.
In fact, a lot of users are tired of UAC and have it disabled or allow anything to run with admin privileges... for such users, WinPatrol could help.
-
Winpatrol is designed more to complement you AV and AS programs.
I use both Winpatrol and Defender + UAC is up and running. Winpatrol has some cool features that Defender doesn't have. Plus it's very cool that you can see HijackThis logs, hidden files, ActiveX, IE Helpers, registered file types, secret startup locations etc. all in one program. Damn usefull for any malware fighter is also their PLUS knowledgebase.
A bit off-topic but i have something for my buddy Tech to try out. And anyone else using Vista that wants a different and better UAC and like me doesn't want to wait for Windows 7 to come out before they get it. Symantec(your favorite company Tech ;D ) released this UAC tool recently, don't know if you tried it yet but i will just say that this is how UAC should have looked like in the first place.
@Tech: You're gonna love this one trust me ;)
Description:
User Account Control (UAC) is a new security feature in Microsoft Windows Vista that changes the architecture of the access token creation process and prevents users from logging on with full administrative rights.
While the intent of this feature may have been enhanced security, all too often users need administrative rights for tasks like installing/updating programs, and many software applications need access to run properly.
The User Account Control tool has been designed to replace the Vista UAC, to simultaneously make your system more secure while significantly improving user-friendliness.
By default, any application launched by an administrator is running with a filtered, standard user access token. When the administrator attempts to perform a task, the UAC prompts the user to approve the action. This can lead to poor user experiences because the prompts can be slow to display, and appear frequently and without warning. What’s more, because the UAC may give a false sense of security since other processes can still access the desktop, it actually raises security concerns.
The net effect is that many users find the UAC security clearance and prompting process annoying, especially those who are a computer’s only user and have all the latest Norton Internet Security software installed and updated.
The User Account Control tool will collect user input as well as information on applications causing prompts. The data will be processed to improve the comprehensiveness and robustness of the white list, which will be updatable while running the tool online.
Link: Norton UAC (http://www.nortonlabs.com/inthelab/uac.php)
Tell me what you think people ? ;D
P.S: Both 32bit and 64bit versions are available ;)
EDIT: Screenshot:
(http://img160.imageshack.us/img160/7416/2073cw9.jpg)
-
Robustness of the white list, which will be updatable while running the tool online.
Is this a joke? Robustness of a white list? This must be a joke from Symantec...
-
(http://images.betanews.com/screenshots/1223573264-1.jpg)
From the FAQ page:
Q: What does Norton Labs get out of my testing?
A: DATA! Each time you see a prompt, the Norton Labs UAC Replacement sends meta information about what caused the prompt, and why, to our server. This data will be used, in aggregate, to help Norton Labs build a white list that can be shipped with the UAC replacement and LiveUpdated as needed.
Q: What do you mean by "meta information"?
A: The meta information contains file name and file hashes for the EXE that caused the prompt and the EXE that is to be the recipient of the elevated privileges. In addition, the meta information contains file name and file hashes for DLLs that were active in either of the two EXEs, response information (what option did the user choose, how quickly, and did they choose "do not ask me again"), and date/time info.
-
Wow... they're collecting info from all executables being used in the world... Very good! Can you imagine what statistics could be generated? ;D
-
I'm just glad i have a don't ask me again option in UAC now. ;D
-
I'm just glad i have a don't ask me again option in UAC now. ;D
:) same here, thanks for the link.tim
-
How would you configure that is the same request of UAC? By MD5, by behavior? It won't be that easy... which operations will be whitelisted, how, when?
-
@timcan: No problem at all ! ;)
@Tech: Sorry buddy i don't know what you mean with your question but i would suggest you ask around their forum if you have any questions related to NUAC. Here's the link :
http://community.norton.com/norton/board?board.id=uact
-
@Tech: Sorry buddy i don't know what you mean with your question but i would suggest you ask around their forum if you have any questions related to NUAC. Here's the link :
I'm not trusting this piece of software right now. Maybe it's a prejudice with Symantec.
I was asking how would a whitelist be created? Nowadays, if you star an action that requires elevation, UAC is started. I won't give Windows Explorer a way to go into this whitelist..., there would have no purpose on elevation if I did it so... I mean, how would an action be listed there? By the MD5 of the starter executable? By the process name?
-
Thanks Mikey,
I've installed it on my 2 systems running Vista.
Tech,
Not all things from Symantec are bad. ;)
-
Tech,
Not all things from Symantec are bad. ;)
Really... ;D ??? ;D
-
No problem Bob ...
@Tech: Honestly i have no idea why they would even want to create a default whitelist for UAC. Kinda defeats it's purpose doesn't it ? I really don't understand the logic behind this. BTW i haven't noticed that "whitelist" in action yet, everything that triggered a UAC popup before i installed this tool is still triggering it. So i have no idea how this whitelisting works or if it's even implemented in the tool already. I'll ask on their forum, see what they say.
What i do know though is that i always wanted the don't ask me again option in UAC and this tool let's me have just that. It's a keeper for me.
-
The "Don't ask me again" is building the whitelist, at least in your own computer.
-
But what if some users select(for the same program) the don't ask me again option and some users prefer to receive a uac prompt(i don't know say they don't want anybody else using the program on their account) ? So those that want the uac prompt won't get prompted because the program is in the whitelist(because of those first users)? And what does Symantec mean by unnecessary UAC prompts ? I don't know i think just the don't ask me again option is enough. Just my opinion. I've posted on their forum btw, hope somebody replies soon.
-
darth_mikey, keep us informed. Thank you ;)
-
You know i will ... ;)
-
Hey guys, i got some more info on the whitelists on their forum.
Hello,
In terms of security, "Unnecessary UAC prompts" are those caused by an privilege elevation which considered "safe". The reason we have UAC prompts the first place is privilege elevation raises security concerns, which the prompt is asking the users "you are about to elevate process privilege, are you sure? Do you know what you are doing?" "Is this elevation intended?" As you can see this can be annoying when the user knows what he is doing. For example, when the user just wants to launch regedit.
This White list will be "actions" which requires privilege considered safe, and we think it can be allowed without user's intervention. This whitest is not implemented in this beta release yet, but it is one of our goals. The data we collect during the public beta will be exams and used to design such whitest, if applicable. You are also right about...
"After all what one person considers an unnecessary UAC prompt might not be what another person considers an unnecessary UAC prompt(i.e.. he wants to see the uac prompt). So the second person wouldn't see a UAC prompt because it was whitefishes since many people opted for the don't ask me again option ? Will there be an option to disable the default whitest ?"
Some user might not want to use the community (Symantec) whitest, they want to see the prompt at least once, we will definitely have this option to not use the whitest, user can still use the "don't ask me again" feature to suppress previously approved actions. They are essentially building the whitest locally.
The idea is we can make many of these security decision for the user (to allow) with a whitest (actions that are known to be safe) for those who wants this security improvements in the Vista kernel but annoyed by the endless prompts. Of cause the option will be there to not use the whitest, or just tell the user if this action is on the whitest in the prompt.
-
I'm reviewing my position... NUAC can give you some easy going to common elevated actions...
What I'm not sure is that what will happen if a malware start the same action to infect the system and the user (or the Symantec whitelist) said "don't show me again this warning"... ?
-
Tech,
It is the user that makes the final determination what to bypass (White list) or what to be reminded about.
This program only gives you that ability. It doesn't make any decisions on it's own.
Once checked as safe and don't remind me again, it's the same as giving that function unlimited access.
-
It doesn't make any decisions on it's own.
"Don't show again" is a decision... how will the program separate the legit ones (started by user) from the bad ones (started by malware)?
it's the same as giving that function unlimited access.
That's the point...
How would it react to saving files into system folders, for instance?
Or moving them?