Just turn it off... simple.
You'll be met with an 'are you absolutely sure you really, really wanna do that?' message, but it'll be the last one you see.

Party on.

It makes absolutely no difference at all how Microsoft makes a operating system or how secure they or anyone else thinks it is. There will always be someone out there in this big world of ours ready to prove that it can be broken. So if anyone thinks they are safe because their windows OS is the best, they are mistaken. When you run the internet you take the risk of these things happening and it will and there is not much we can about it. Your never 100% safe with any software, be it a OS or a antivirus or a firewall. Even still today, with my own customers they all seem to think, well I have the best OS or I have a anti virus and I am protected and when they do get a virus or some other bad thing, they simple do not understand that and the first thing I hear, is well, you made a mistake, I have a anti virus and I am protected. How wrong that is to believe.

If you have a computer, and your connected to the Internet, your NOT 100% safe and any OS, anti virus, firewall maker will tell you that. Nice isn't it.. :) Why you ask, because we have stupid ignorant people in this world that live only to hurt others and destroy their property...

I dont have this problem because I have the most secure windows ever made. Vista....I wont be buying that insecure W7.

lol

A recent IDC report (International Data Corporation) proclaimed that Sophos is 'Focused on serving the enterprise market exclusively' and so this is them trying to keep their business customers from thinking about changing their AV provider if\when they role out Windows7.

They are happy to slam Windows7 and\or UAC as they are a bit pissed at Microsoft for not giving them any seal of approval for their products and not involving them along with other AV companies on the development of Windows7's security interoperability.

Also it is a bit cheeky of them to slam Windows7 when they don't have any products that they officially suppport when running on Windows7!

If UAC doesn't help then WTF? It's supposed to help, but with it on or off, makes no difference, it's a POS; why bother?!

It's not an Anti-Virus program, genius.

I like the comments about UAC replacing AV software - they are correct - it would be a JOKE for Windows to provide built-in AV software. They have been torn down and taken to court over providing a WEB BROWSER as part of the OS installation - they would be torn to shreds if they offered a free/built-in AV solution as well.

If it weren't for the *fact* that I know Scott is simply trying to make sure the masses aren't deluded into believing they are exempt from viruses/malware regardless of the OS, I'd think this was simply an overstatement of the obvious. Once again, use a reputable AV software package.

Quick reminder: The VAST majority of viruses get into users systems *with their permission*. Opening strange emails/attachments, visiting elicit sites (ESPECIALLY porn/hack sites), installing *free* software (please, PLEASE do not read that I'm against Open Source - I use OpenOffice on a daily basis, as well as many other Open Source tools), etc.

Lol, what kind of stupid test is this? Of course FakeAV's installed without problems. They don't use ANY system drivers since they are fake AV's. And programs that don't do any system wide changes don't even require admin rights.

Aside from all this discussion about "this article is basically an AV software company ad", I'm troubled: why is there no result of UAC on maximum? rather than "may be self defeating", we would "know" whether UAC on "maximum" offers added security compared to UAC "default". But UAC "maximum" does not seem to have been tested. Why?

because the article is about default settings, which many users don't know how to change anyways (or don't bother to change)

"But UAC "maximum" does not seem to have been tested. Why?

1.) UAC is not anti-virus.

2.) Sophos wants to present Windows 7 as needing AV (like no-one knew that...) Setting UAC to maximum would not help spread that perception....

Imagine that..

An anti-virus company says a product that is *not* an anti-virus product doesn't catch viruses. Thought provoking, isn't it?

1.) UAC is not anti-virus software. Microsoft knows this. Hence the release of MSE.

2.) Sophos knows this. Betanews knows this. This is an ad. Nothing more.

3.) The "viruses" they used (most of which are actually trojans), do not attack a system without user intervention. They must be explicitly run, either via a malicious program, or as they did...by running them manually. This is *not* representative of *any* real-world situation.

This story has been on the net for several days now. It has been *thoroughly* discredited on numerous sites...even Slashdot.

Imagine my surprise when it gets picked up here... What, did you notice the hits the story generated on Slashdot and other sites and thought you simply had get yourself a piece of that action, Scott?

*awaits the sophos ads on betanews.com*, oh wait, I don't see any ads anymore.

Heck... if Microsoft could, they would add MSE and be done with the controversy, but then again, people complain of Microsoft monopolizing the Browser market for including a Browser which --like the Antivirus-- has become an essential tool in an operating system, they will not be able to. It is a shame because the end user is the one who has to live with the lack of proper protection from the moment they start their computer for the first time.

By the way, the way things are going, Ad blocking add ons and software will end up blocking Betanews if they keep posting infomertials. Scott, you need to resist the temptation... no matter how much Sophos pays for it.

Ya imagine that, remarkable isn't it. But PC_Tool is correct....

UAC in its entirely is self-defeating when users press the ok button automatically without reading just to quickly get passed its annoyance.....

Which is why all users should run a "limited user" account. Then, when they get a prompt, they'll have to do more than press "OK".

Has UAC somehow become synonymous with Anti-virus or Anti-Malware applications? Hmm...interesting.

"One benefit that UAC could have provided," he continued, "is an additional layer of protection that would help in the event that your anti-virus has failed to detect a new sample. It does not appear from my results that this is the case."

Why on earth would anyone need anti-virus software if Windows 7 UAC was somehow this miraculous? If that were the case they'd have to be called file repairers or something, because their only use would be to clean and repair infected files, not prevent them from affecting the system.

UAC is a safe-guard, not a substitute in any capacity for an av or am program. UAC prevents really, um, adventurous people....who travel the internet and click on any and every website, from being the victim of the typical 'get to website, website downloads and installs "something", ouch!' syndrome.

Personally, I don't think UAC is pointless. It may be, for the smart majority who know to perhaps, install programs like Web of Trust before we go clicking through the web, or those who have tried and true AV programs....but it certainly isn't for Grandma and Grandpa or every now and again PC users who just don't know what they SHOULD, the basics of surfing. It may not prevent virus or malware infections that are complex or advanced enough to come into the system in some unscrupulous way, but it will more than likely pop up big and bright if anything tries to run an .exe or .com or .bat file.

Problem was, people with knowledge of computers rant about the UAC. Thinking it's redundant and annoying. So the average joe or below average computer users will listen to the person with knowledge in computers saying, "HEY!! I don't want UAC also because it's annoying" Yet they have no knowledge what the UAC is. They then go surfing the net and then a pop-up appears. I better clicks YES to scan for a virus since the UAC is disable. *watches the virus install* Here the best part from the user. "Stupid Microsoft, why didn't they added a feature to warn me about installing a program that could be harmful to my computer"

You have to keep in mind. Even though we have a background in computers. We have to take consideration for the non computer knowledge people.

It's far more better than that you see you in Linux and OS X, it's so convenient to press that OK button rather than typing our password!!

Granted, the procedure on OS X and Linux to elevate priviledges is more complicated than on Windows. But here is the catch: on OS X and Linux, you are only asked to elevate priviledges when you need to. And it will ask you once, whereas UAC will routinely ask you at least twice per operation.

Another problem is that Windows apps are used to be able to get admin rights (for example, in order to edit the registry), whereas OS X and Linux apps have widely respected conventions that make it possible for them to never require admin rights.

Set any program to run as admin and each time you run it you get a UAC prompt. This is silly, just like all those 'are you sure?' prompts when leaving a game. For this reason alone I'm thinking of disabling UAC in 7.

He acknowledged Microsoft's free Security Essentials, but did he test Windows 7's default UAC together with MSSE (which, in my tests, downloads and installs faster than any other free AV with real-time protection; the initial update and scan may take longer, but user perceptions about the hassle level will be based solely on the download and install)?

I suspect he did test it, but doesn't want to point out that MSSE would have stopped everything which wasn't stopped by UAC or other Windows 7 security features.

I don't see how the default setting could be "self-defeating". It only allows for apps on MS's "whitelist" to auto elevate. And as far as I know only windows components are on said list. Apps run as admin still will trigger a UAC prompt.

And as for infecting a PC with no AV, I don't see how anything could protect against that...except well AV SOFTWARE lol

Exactly. And this guy works for an AV Software company. It just seems to me like he trying to prove that computers need AV Protection which we all know is true. It's just like what johnrc2 said, this is a non-story and certainly not news.

Wow, so this guy basically infected a system that didnt have any AV installed? That must have been so difficult. /s Seriously UAC wasnt meant to stop infections by any means, and I am sure this guy knows this. Sounds to me like he just wants to get his companys name out there by bashing UAC, etc. And you notice he didnt even test it with UAC turned on MAX just too see if there was any difference.

UAC is a safeguard. It may not be perfect but it is an added measure that only Vista and Win 7 have.

What a douche. "Hey a look at me I can infect a system that doesnt have AV software on it with trojans and worms oh my".

I agree. This "non-story" is all over the Internet, blindly repeated on every blog.

UAC as implemented in W7 is useless to a power user. I put up with it for a few weeks and then modified the account settings not to bother me anymore with absurd OK prompts.

It needs a SECURE, ENCRYPTED white list. I find it amazing that MS hasn't done this yet.