TechSpot

Can I overrule UAC with white-listed programs?

By gbhall
Oct 31, 2013
Post New Reply
  1. It is my belief that we are approaching a crisis point in Windows malware infestations. Recently I helped someone who found all the standard document types encrypted with two-factor encryption, along with a demand for payment to decrypt them (CryptoLocker malware). The only help I could offer was how not to have that happen again by setting a Group Policy to deny executables in %appdata%. This is done in software restriction policies of the local security policy.

    Now %appdata% typically is c:\users\username\appdata\roaming and can be written to by anything or anybody - it's for data after all - but nothing stops programs silently installing and executing from there as well. Hence the need for a software restriction policy - details http://windowssecrets.com/newsletter/cryptolocker-a-particularly-pernicious-virus/

    It is also wise to use UAC on level 1 to 3 http://en.wikipedia.org/wiki/User_Account_Control so every non-system application puts up a warning and you have to click to allow it to happen. That prevents most software installed in any place from running without you knowing. The problem is, UAC is a very blunt tool, and I would like to have certain programs I often use (for example backups) operate as white-listed programs so I don't have the irritation of the screen dimming and having to approve every time I use them.

    How do I do that ? UAC and local security policy seem to be two independant things.
     
  2. St1ckM4n

    St1ckM4n TS Evangelist Posts: 3,473   +622

    I don't think you can, that's the point. Otherwise apps would add themselves to the whitelist.

    At the end of the day, the person installing the malware is the users.
     
  3. gbhall

    gbhall TechSpot Chancellor Topic Starter Posts: 2,349   +50

    St1ckM4n There is some sense in what you say, but as all MS OS software has to be trusted, as does all digitally signed (certificated) or hash-tagged (verify unchanged since installed), then as I said, we are approaching a crisis point where one may not be able to safely install or run anything. There has to be a secure way to install and run, and too much confirmation being requested all the time just does not work, as MS found out way back with Vista.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.