How does CCleaner "skip" User Account Control warning?

[andrew_nz]

Under Options > Advanced there's an option that says "Skip user account control warning". This means that even from a portable build you can delete files in the C:\Windows directory (and other important directories) without having to press OK on a UAC pop up.

How is this possible? Isn't UAC meant to prevent that? Isn't that a fundamental part of what makes new versions of Windows more secure than old versions?

If no UAC is required does that mean a non admin user is able to delete stuff from those protected directories using CCleaner?

Edited October 22, 2021 by andrew_nz
minor typo

[nukecad]

The "Skip user account control warning" setting simply means that you won't get a UAC warning when launching CCleaner itself.

It is turned on (ticked) by default.

If you turn it off (untick it) then you will get the UAC warning everytime that you launch CCleaner.

So having it on simply saves you having to wait for the UAC to pop up and then tick 'Yes' every time you launch CCleaner.

That's all that setting does, it doesn't change anything else.

(PS. Many applications that would normally cause the UAC to be shown have an similar option to suppress it just for that app, Windows actually make it quite simple for an app to have that option).

[andrew_nz]

9 hours ago, nukecad said:

The "Skip user account control warning" setting simply means that you won't get a UAC warning when launching CCleaner itself.

It is turned on (ticked) by default.

If you turn it off (untick it) then you will get the UAC warning everytime that you launch CCleaner.

So having it on simply saves you having to wait for the UAC to pop up and then tick 'Yes' every time you launch CCleaner.

That's all that setting does, it doesn't change anything else.

(PS. Many applications that would normally cause the UAC to be shown have an similar option to suppress it just for that app, Windows actually make it quite simple for an app to have that option).

So if it had to delete from a protected directory it would get a UAC prompt then? Or just not be able to delete from it?

 

Edit: It can delete from protected directories with UAC skipped on, so UAC is useless to stop that kind of thing? Or there not protected directories?

Edited October 22, 2021 by andrew_nz

[andrew_nz]

I just created a folder called C:\Windows\testfolder and put a file in it, modifying or deleting that file brings up UAC prompts. This means unless you have admin rights and are intentionally deleting it, you can't. Yet I can can create a custom rule in CCleaner and delete it without any UAC prompts.

I don't understand this, are all UAC security measures totally optional? Any piece of software or malware can choose to ignore them?

Edited October 22, 2021 by andrew_nz

[andrew_nz]

You could easily create a custom rule and cripple someone's computer from a portable build of CCleaner, without admin rights.

[Nergal]

Yes you can indeed be malicious with the skip uac code. 

Here's what skipuac is

It creates a windows task that in the run program after the program exe a $(Arg0).

I have added this code to other programs that I have a task running them and it skips uac for that program too.  It's something microsoft put into existence but you are correct the only evidence a malware exploiting this argument is leaving behind a task (though they'll need to bypass uac on the creation of a task that's why ccleaner needs to be run as admin to implement the future skipping.)

[andrew_nz]

8 hours ago, Nergal said:

Yes you can indeed be malicious with the skip uac code. 

Here's what skipuac is

It creates a windows task that in the run program after the program exe a $(Arg0).

I have added this code to other programs that I have a task running them and it skips uac for that program too.  It's something microsoft put into existence but you are correct the only evidence a malware exploiting this argument is leaving behind a task (though they'll need to bypass uac on the creation of a task that's why ccleaner needs to be run as admin to implement the future skipping.)

Ok , that's encouraging that it needs to run as an admin once. Especially in regards to UAC in general and it's effectiveness in stopping malware attacks.  

In regards to CCleaner it could be installed by an admin and they simply forget to untick the UAC skip option. Then it could be used maliciously or irresponsibly (with the custom files and folders option.)

Not only could you easily kill a Windows installation you can probably delete/stop certain Windows components and 3rd party security software as part of a wider attack.  

I think having a "skip UAC" option in a program that allows a user to delete anything they want is irresponsible. It takes less than two seconds to ok a UAC prompt.

Edited October 23, 2021 by andrew_nz

[nukecad]

The UAC is simply an extra 'warning' in Windows, it's on by default but anyone with admin permision can set it to be more strict or less strict, or turn it off globally.

For an admin user  it pops up a window to remind/warn them that what they are about to do, or the app they about to run, could change the system and/or Windows settings and asks the admin user to conform that.

However for a non-Admin user it displays a different popup that asks for an admin username and password to complete the task.

If you have Skip UAC set in an app such as CCleaner then it's just the same as if you clicked 'Yes' to the popup as an admin, you are simply saying that you know the app you are about to use can change system files and you trust it to do that.
You are not giving permission for anything other that that app to do it's thing, and that permission is ended when you close the app.

Here is an article about how UAC works: https://www.digitalcitizen.life/uac-why-you-should-never-turn-it-off/

[andrew_nz]

  

6 hours ago, nukecad said:

The UAC is simply an extra 'warning' in Windows, it's on by default but anyone with admin permision can set it to be more strict or less strict, or turn it off globally.

For an admin user  it pops up a window to remind/warn them that what they are about to do, or the app they about to run, could change the system and/or Windows settings and asks the admin user to conform that.

However for a non-Admin user it displays a different popup that asks for an admin username and password to complete the task.

If you have Skip UAC set in an app such as CCleaner then it's just the same as if you clicked 'Yes' to the popup as an admin, you are simply saying that you know the app you are about to use can change system files and you trust it to do that.
You are not giving permission for anything other that that app to do it's thing, and that permission is ended when you close the app.

Here is an article about how UAC works: https://www.digitalcitizen.life/uac-why-you-should-never-turn-it-off/

Your probably getting confused because you are on a system as an admin with limited UAC prompts (set in control panel.) If you were on a computer as a non admin or with full UAC prompts you may understand better.

If you are a non admin user or you have UAC prompts on full, and you don't OK a UAC prompt or have a task that bypasses the UAC prompt you can not modify, add to or delete files in certain folders. Windows, Program Files etc. That is a fact, try it. That's why installers require a UAC/admin  prompt as they install even if they don't when you initially launch them. 

You may have limited UAC prompts by default as an admin user but that's not how a non admin account acts, it's bypassing UAC prompts it feels the admin is doing intentionally (with that setting), if you have UAC prompts on full and more importantly if your not an admin user you can not write in C:\Windows, C:\Program Files etc.

Edited October 23, 2021 by andrew_nz

[andrew_nz]

   

6 hours ago, nukecad said:

The UAC is simply an extra 'warning' in Windows, it's on by default but anyone with admin permision can set it to be more strict or less strict, or turn it off globally.

For an admin user  it pops up a window to remind/warn them that what they are about to do, or the app they about to run, could change the system and/or Windows settings and asks the admin user to conform that.

However for a non-Admin user it displays a different popup that asks for an admin username and password to complete the task.

If you have Skip UAC set in an app such as CCleaner then it's just the same as if you clicked 'Yes' to the popup as an admin, you are simply saying that you know the app you are about to use can change system files and you trust it to do that.
You are not giving permission for anything other that that app to do it's thing, and that permission is ended when you close the app.

Here is an article about how UAC works: https://www.digitalcitizen.life/uac-why-you-should-never-turn-it-off/

Please read about what folders a non admin user can write to, modify and delete from. They are all UAC checks if you have an admin  account.

You may have limited UAC prompts set for your user (in Control Panel > Users), that's just to make things more user friendly, Windows is bypassing UAC prompts it feels an admin is doing intentionally on that setting. If you have UAC prompts on full and more importantly if your not an admin user you can not write in C:\Windows, C:\Program Files etc.  That is a fact, try it. That's why installers require a UAC/admin prompt as they install even if they don't when you initially launch them. 

[nukecad]

13 hours ago, andrew_nz said:

  If you are a non admin user or you have UAC prompts on full, and you don't OK a UAC prompt or have a task that bypasses the UAC prompt you can not modify, add to or delete files in certain folders. Windows, Program Files etc. 

Which is why UAC asks a non-admin user to enter an admin username and password - to temporarily use admin rights for that task, and only for that task.

Some apps that can modify the system and settings allow you to choose to skip the UAC for that particular app but still using it for everything else.
For those particular apps it's up to you to as an admin user to decide if you want the UAC security on or not for that particular app.
As you rightly say a non-admin user should not have that choice, see below.

Some apps, such as antivirus/antimalware apps bypass UAC as standard and don't give you a choice, you wouldn't want the AV/AM not launching just because a non-admin user couldn't supply an admin password.

I know of at least one security app (Malwarebytes) that doesn't ask for UAC confirmation when it starts - but needs UAC confirmation if you want to stop it running.
That's to prevent non-admin users from turning off the antimalware protection.

In the end UAC is a tool - it's (mostly) your choice as an admin user if you use that tool or not.

 

Quote

If no UAC is required does that mean a non admin user is able to delete stuff from those protected directories using CCleaner?

To answer your original concern about a non-admin user getting elevated privileges by ticking 'Skip UAC' in CCleaner, - a non-admin user can't do that.
As you can see in this screenshot for a non-admin user the option is greyed out and unselectable:
(And yes, I usually just have an admin account and had to create a new non-admin account to get the screenshot).

PS. I did see your report/request but there is nothing wrong there and the posts can stand as they are

[andrew_nz]

11 hours ago, nukecad said:

Which is why UAC asks a non-admin user to enter an admin username and password - to temporarily use admin rights for that task, and only for that task.

Some apps that can modify the system and settings allow you to choose to skip the UAC for that particular app but still using it for everything else.
For those particular apps it's up to you to as an admin user to decide if you want the UAC security on or not for that particular app.
As you rightly say a non-admin user should not have that choice, see below.

Some apps, such as antivirus/antimalware apps bypass UAC as standard and don't give you a choice, you wouldn't want the AV/AM not launching just because a non-admin user couldn't supply an admin password.

I know of at least one security app (Malwarebytes) that doesn't ask for UAC confirmation when it starts - but needs UAC confirmation if you want to stop it running.
That's to prevent non-admin users from turning off the antimalware protection.

In the end UAC is a tool - it's (mostly) your choice as an admin user if you use that tool or not.

 

To answer your original concern about a non-admin user getting elevated privileges by ticking 'Skip UAC' in CCleaner, - a non-admin user can't do that.
As you can see in this screenshot for a non-admin user the option is greyed out and unselectable:
(And yes, I usually just have an admin account and had to create a new non-admin account to get the screenshot).

PS. I did see your report/request but there is nothing wrong there and the posts can stand as they are

Dude you mucked up then back tracked, you said UAC was an optional thing and had no real effects, it wasn't even a real permission.

Now you admit it does give write permissions to certain folders. UAC prompts and admin prompts are the same thing (User Account Control) it's the same code and system.

Like I said (verbatim) an admin can easily install and forget to untick the UAC skip option.

[Andavari]

On 23/10/2021 at 01:26, andrew_nz said:

I think having a "skip UAC" option in a program that allows a user to delete anything they want is irresponsible. It takes less than two seconds to ok a UAC prompt.

CCleaner has some protections built in, in that it won't delete absolutely everything even from non-protection non-system areas, I know having made winapp2.ini entries for it and it refusing to clean out a folder or files. To what extent they've built in protections I don't know, although it would be easy to "weaponize" it - sort how any software that can delete files would be easy enough to "weaponize."

As for the skip UAC feature for the last year I've had it disabled, otherwise with it enabled some things aren't cleaned as much in Win10 at least.

[nukecad]

Quote

Like I said (verbatim) an admin can easily install and forget to untick the UAC skip option.

And as I showed you in a screenshot - even if that happens the option is still greyed out and not applicable for a non-admin user.

When I created that new user I didn't reinstall CCleaner, it was my same CCleaner with 'Skip UAC' selected and active for the Admin user but greyed out, unselected, unselectable, and unusable for the non-admin user.

You seem to be trying to make an issue where one does not exist.
Trying to suggest that somehow CCleaner can give a non-admin user elevated permissions to do whatever they want on your cmputer? CCleaner can't do that.

PS. I also never said that UAC had no effect, obviously it does.

[andrew_nz]

11 hours ago, nukecad said:

And as I showed you in a screenshot - even if that happens the option is still greyed out and not applicable for a non-admin user.

When I created that new user I didn't reinstall CCleaner, it was my same CCleaner with 'Skip UAC' selected and active for the Admin user but greyed out, unselected, unselectable, and unusable for the non-admin user.

You seem to be trying to make an issue where one does not exist.
Trying to suggest that somehow CCleaner can give a non-admin user elevated permissions to do whatever they want on your cmputer? CCleaner can't do that.

PS. I also never said that UAC had no effect, obviously it does.

I just tested it.

I have a portable build in C:\OtherApplications (this is where I put anything portable , nice for avoiding "bundled" applications and unnecessary services, start ups  , also the PortableApps.com platform is just a handy way to get apps) , if I check "skip UAC" and log out and log in as a normal user it is launched with admin rights without a prompt.

Also installed CCleaner on a normal user, switching to admin for the install, by default the next time I open it as a normal user it has admin rights with no prompt

14 hours ago, Andavari said:

CCleaner has some protections built in, in that it won't delete absolutely everything even from non-protection non-system areas, I know having made winapp2.ini entries for it and it refusing to clean out a folder or files. To what extent they've built in protections I don't know, although it would be easy to "weaponize" it - sort how any software that can delete files would be easy enough to "weaponize."

As for the skip UAC feature for the last year I've had it disabled, otherwise with it enabled some things aren't cleaned as much in Win10 at least.

That's encouraging some safeguards are in place. It would be interesting to know if it's even been used in an attack, or maliciously.

[nukecad]

How do you think that CCleaner could be used in an attack?

I can think of one possible (not probable) way in which an advanced user who knows what they are doing and  who already has access to your computer might possibly use CCleaner to delete files that CCleaner wouldn't normally touch.
But it is not something that someone would do accidentally. (Although never say never, it would take a number of specific steps to do)
I haven't tried it to delete system files as a non-admin user, but it may be possible.

However if sombody malicious already has physical access to your computer then you have bigger problems.
If you don't trust someone then don't let them use your computer.
And if they are not physically sat at your computer (hacked in) then they already have elevated access anyway.

[andrew_nz]

15 hours ago, nukecad said:

How do you think that CCleaner could be used in an attack?

I can think of one possible (not probable) way in which an advanced user who knows what they are doing and  who already has access to your computer might possibly use CCleaner to delete files that CCleaner wouldn't normally touch.
But it is not something that someone would do accidentally. (Although never say never, it would take a number of specific steps to do)
I haven't tried it to delete system files as a non-admin user, but it may be possible.

However if sombody malicious already has physical access to your computer then you have bigger problems.
If you don't trust someone then don't let them use your computer.
And if they are not physically sat at your computer (hacked in) then they already have elevated access anyway.

There are lots of situations where employees, the public, contractors, guests would have access to a computer but you may not "trust" them. What a silly thing to say. Who should you trust absolutely? Do you do give everyone a polygraph before they touch the computer?

And of course giving a standard user (remotely or in person) the ability to delete anything can be used "maliciously"/"weaponized". Nergal and Andavari admitted that much.

[andrew_nz]

You could stop certain software and cripple/crash a computer by deleting protected files. I think I said that in one of my first posts.

Edited October 27, 2021 by andrew_nz

[andrew_nz]

The question is simply is the current system good enough in regards to disabling UAC skip?

UAC skip is allowed by default but you can turn it off. If a portable version is set to skip UAC it's set  that way for every user, but you could put it in a folder standard users have no access too. Is that good enough? Maybe. I wouldn't have the option personally.

Edited October 27, 2021 by andrew_nz

[nukecad]

11 hours ago, andrew_nz said:

There are lots of situations where employees, the public, contractors, guests would have access to a computer but you may not "trust" them. What a silly thing to say.

You really let all those log into your HOME computer?

Guests maybe, but you should know if you trust your guests or not.

If you have a system where employees/contractors can login then you should not be using CCleaner home editions (It's against the licence to start with).
There are Business/Endpoint/Cloud editions for that.

I'm sorry but you seem to be trying to find/make an issue where one doesn't exist.
As said before many applications allow you to skip the UAC, Microsoft included that option in the UAC system, nobody sees it as any problem.

If you can actually find, and demonstrate, a way in which skipping UAC for a particular app (not disabling UAC altogether) could be used to 'attack' a PC then Microsoft would like to hear from you.
They will even pay you for it: https://www.microsoft.com/en-us/msrc/bounty

 

[andrew_nz]

  

10 hours ago, nukecad said:

You really let all those log into your HOME computer?

Guests maybe, but you should know if you trust your guests or not.

If you have a system where employees/contractors can login then you should not be using CCleaner home editions (It's against the licence to start with).
There are Business/Endpoint/Cloud editions for that.

I'm sorry but you seem to be trying to find/make an issue where one doesn't exist.
As said before many applications allow you to skip the UAC, Microsoft included that option in the UAC system, nobody sees it as any problem.

If you can actually find, and demonstrate, a way in which skipping UAC for a particular app (not disabling UAC altogether) could be used to 'attack' a PC then Microsoft would like to hear from you.
They will even pay you for it: https://www.microsoft.com/en-us/msrc/bounty

 

 

Dude you are being embarrassing, you wouldn't do this in person. You've talked yourself into a corner and this isn't going anywhere, of course an app that can delete things as an admin can be used "maliciously"/"weaponized' as recognized by two others in this thread. The question is simply is skipping UAC by default a smart idea? Is allowing it to be set across multiple users a good idea? Goodbye.

Edited October 27, 2021 by andrew_nz