Some days ago I reviewed Smart UAC, a replacement for Vista’s UAC (User Account Control). Symantec is working on a similar tool, Norton Labs UAC (NUAC). The tool is currently in beta and I am not sure if this will be its final name. As with Smart UAC, the main feature of NUAC is its ability to suppress future prompts from the same action.
- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
NUAC’s setup asks you if you want to submit UAC prompts. This means that NUAC will send metadata about your actions to Symantec. This metadata contains information such as the filenames and the hashes of the executables and the DLLs involved in the action. Symantec intends to build a white and a black list for UAC prompts. I think this is an interesting idea. This technique works very well for SPAM and I believe it could improve security significantly on Windows PCs. If people know that a UAC alert has never shown up somewhere else, they will be extra careful. Moreover, UAC will be less likely to get on our nerves. Note that the current beta doesn’t use these lists yet.
NUAC is already a useful UAC extension. Its prompts have a “Don’t ask me again” check box, and the dialog box has a details pane which displays the location and the name of the application that caused the prompt.
What I like about Symantec’s solution is that the check box doesn’t just refer to the program that you are about to launch. NUAC will suppress future prompts only if you start the program in the same way. For example, if you launched the application through its desktop icon, NUAC will prompt you again if you start it from the command prompt. More important is that this also includes attempts by other programs that try to launch the application. Thus, disabling UAC for a certain action does not place the corresponding application at risk of unauthorized use by malware.
A downside of NUAC is that it doesn’t have an allow list like Smart UAC. That is, you can’t edit the stored actions. NUAC stores them in the Windows Registry under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SymConsent\Data. Each entry corresponds to a specific action. But the key names are encrypted, so you can’t easily assign actions to them. I tried some well-known hash codes to no avail. Thus if you want to remove a certain action from the allow list later, you have to keep track yourself of the NUAC entries by noting the Registry key names. Of course, you can also delete all keys in the Data folder, which means that you have to train NUAC again.
NUAC’s beta is free, but I fear the final product will cost something. Nevertheless, I prefer NUAC over Smart UAC simply because it impressed me as more reliable. I also like that it doesn’t disable UAC the way Smart UAC does. Instead, NUAC just extends Vista’s UAC.