Don't You Think It Gets Tired of Seeking Approval?

[rjbinney]

I have a program that I have been running successfully for quite a while.

Recently it has started asking for permission to run: "User Account Control: Do you want to allow this app from an unknown publisher to make changes to your device?".

This happens if I launch the program from its icon or from an associated file.

I am the Admin for this machine. I have tried running this program As Administrator, and that has not helped.

The software itself has not updated, but I don't know if this changed relative to a Windows Update. (Not certain exactly what update I was on when I first noticed this, but I have been on 10 Pro Version 1709 Build 16299.192; I just received 1709 16299.248 and am still having the issue.)

Don't really care why this has changed, but would like to know how to make it stop.

[Geek-9pm]

Depends on the app. 

Apparently you have downloaded an app written by somebody who pays little attention to the need for security and did not register their business.

Why not tell us the name or description of the App.Where and how did you get it?

About half of the 'unknown source' programs are either malicious or harmful in some way. Such code was made by somebody who wants to hurt you. Or does not not care if he hurts you.

[Mark.]

my solution has always been to set Control Panel, User Accounts, Change User Account Control settings, slide to Never Notify.
you'll stop all UAC warnings then...  BUT BEWARE, you stop ALL warnings, but that's exactly how I want it.

[rjbinney]

It's qBitTorrent, and, like I said, its version has not changed - but its behavior has (which leads me to believe it's Window's reaction that's changed, not the application). I don't want UAC to whitelist EVERYTHING, for the reasons Geek alluded to. Is there no effective way to change UAC for just one particular piece of software?

[BC_Programmer]

Windows updates have not altered the behaviour of UAC inherently. Settings may have changed, I suppose.

UAC prompt appears when:

-You launch an application who's embedded manifest indicates that it requires administrator permissions and UAC is enabled

-You launch an application which has the "Compatibility" setting of "Run as Administrator" and UAC is enabled

-The application itself attempts to elevate. (Usually, the application checks if it has admin, notices it doesn't, then relaunches itself with the "runas" verb which elevates it and in that process windows shows the UAC prompt if UAC is enabled.

-"Admin Approval Mode" is set to prompt for unverified executables and the signing certificate used to sign the executable has expired.

-The "Admin Approval Mode" Group Policy is in place and UAC is enabled. In this mode the UAC prompts require you to enter a password and I don't think they are skipped by the level of UAC.

We can eliminate the last option simply because it is so unlikely- unless you ARE being prompted for a password, that is! The second to last seems plausible but qbittorrent is not signed at all, so there is no certificate to expire.

That leaves perhaps you've accidentally set the compatibility settings in the program or perhaps some setting in the program that has been altered has it attempting to self elevate? Perhaps settings related to file associations?

Unfortunately there isn't a UAC "whitelist". Possibly fortunate because that would defeat the purpose and provide a relatively easy way for malicious software to elevate itself without displaying the consent dialog.

Apparently you have downloaded an app written by somebody who pays little attention to the need for security and did not register their business.

"Unknown publisher" means that the application isn't signed. It says 'Unknown publisher' even if there is a publisher, (Which was changed in Win8 iirc) the logic being that since it isn't signed you cannot "know" that it is actually from that publisher.

About half of the 'unknown source' programs are either malicious or harmful in some way. Such code was made by somebody who wants to hurt you. Or does not not care if he hurts you.

The authenticode signing process is intended only to allow you to know that the application you have has not been tampered with since the publisher created it. It does not say or indicate anything about it being safe. Nothing prevents malware from being digitally signed in the same manner. Given it has a annual charge associated with it it is no surprise it's not exactly taken off for Open Source products that don't have financial backing. Notepad++, Audacity, DOSBox, foobar2000, Autohotkey, Inkscape, Handbrake, and innumerable other programs do not have authenticode signatures. Which half of these are malware?

[rjbinney]

Wow, thanks for all the info.

I'm stuck in a loop on the math, though - how do I calculate half of "innumerable"!? (Can I guess, though? Is "foobar2000" a bad one?).

I'm not getting a password prompt, so your bullet point 5 can definitely be eliminated.

I don't know if I understand how I could have accidentally set compatibility settings in the program, but I can't unequivocally deny it, either. What can I check to find out? (Right-click on icon in Taskbar, right-click program name, select "Properties=>Compatibility", the only boxes ticked are "Disable fullscreen optimizations" and "Run as administrator".)

Oh, wait. Bullet two - I do have Compatibility setting of Run as Admin set. Let me UNcheck that and test.

Be right back.

OK, that actually worked. I wonder how/when/why I would have ticked that... I know I have to run Palm Desktop as Admin, and their icons are near each other on my Taskbar, so maybe I fat-fingered it...?)

Anyway, that seems to be the trick.

So, thanks!

And, once again, Geek's Hobbesian view of the techworld didn't bear fruit...

[Geek-9pm]

Of interest:
https://en.wikipedia.org/wiki/QBittorrent
That torrent program is cross-platform, has many versions and the source code is open. Also, thee is no effort to prevent it from becoming malware. It does not have anything to verify itself. Nor does it have anything to prevent  malware from infecting it. Of course you can scan it with your  favorite AV program before you use it.

Furthermore, the torrent content itself can have malicious or unwelcome hitchhikers. The torrent protocol is weak with regard to security. The  exception is when an effort is made to use a variant of the protocol that includes protection.
This has been documented and is one reason why the consensus of many is that you should only use a torrent only with a 'sandbox'. Said sandbox is a small self-sacrificing  computer apart from anything important to you.
Just trying to help.   

[BC_Programmer]

I find it's sometimes rather easy to adjust settings and then forget they were set some time later. After all it might be difficult to recall what we did for 3 or 4 seconds 5 or 6 months later! And then we go hunting down the cause, and after ripping everything apart we discover it was some innocent setting we had forgotten about or dismissed because we didn't remember setting it.

I'm stuck in a loop on the math, though - how do I calculate half of "innumerable"!? (Can I guess, though? Is "foobar2000" a bad one?).

Ha, those last segments were largely aimed at comments by Geek-9pm, which, unsurprisingly, had almost nothing to do with your problem. My issue there was with his claim that about half of software that isn't signed is malicious or harmful, which I think is a rather unfounded claim. And I do confess that it was something of a trick question because all of the programs I explicitly listed are perfectly legitimate.

[Geek-9pm]

Hobbes, Thomas
[häbz]

DEFINITION
(1588–1679), English philosopher. He believed that human action was motivated entirely by selfish concerns, notably fear of death. He is best known for his treatise Leviathan, or the Matter, Form, and Power of a Commonwealth, Ecclesiastical and Civil (1651).

[rjbinney]

Was alluding more to the concept of "solitary, poor, nasty, brutish, and short" - it seems you sometimes ascribe less-than-noble motives to makers and distributors of soft- and hardware...

Not trying to start a flame war, just explaining my "Hobbes" comment....

[Geek-9pm]

Ha Ha! Thar is funny! 

[Coco423]

That is funny, but torrenting any files or even having thr presence of qBitTorrent might infect your compyter with malicious items.

[BC_Programmer]

Simply having the software installed has no chance or capability to infect a system. You have to explicitly download torrents and those torrents have to contain malicious items.

[Geek-9pm]

Simply having the software installed has no chance or capability to infect a system. You have to explicitly download torrents and those torrents have to contain malicious items.

BC, normally I have great respect for your insight, but I think you need to think that over. Your statement needs to be qualified. You ought to say
'having, but never used bi torrent is not harmful.' However, once it has been used, and if not used carefully, there is the slight risk  risk of a malicious  bit of data getting into the system.
This brings up the possibility of a two-fold attack. I do not know what the right buzz-word is, but a bit of malware comes in and starts your torrent program in the background and the torrent then contains a payload much more malevolent. 
To my knowledge that has not been reported. 
Here is some documentation about qBitTorrent that might be informative.
https://github.com/qbittorrent/qBittorrent/wiki
However, one would have to do a lot o reading to see if there is a potentiate with having the program installed but not active.

A quick search show that same think just having it on your PC is a potent ion problem.
Here is a key phrase that gets a lot of hits:
  Will a torrent harm me?
Here is just one of many:
http://ask-leo.com/will_bittorrent_harm_my_computer.html
He says:

BitTorrent itself is highly unlikely to harm your computer.
However what you download using BitTorrent - well, that's a different story. Some caution is called for

However,  BitTorrent is not the same program, but uses the protocol.
BTW, when I torrent, I like Vuze.
https://www.vuze.com/
It is among the best. 

[rjbinney]

Vuze got super-bloated and too filled with ads a few years back. Back in its azureus (sp?) days I used it, but...

(As in most things, wise use mitigates risks. My concern was its sudden asking for approval - not the dangers of the software's objectives - which is why I didn't lead with the type of application it was in the OP.)

[Geek-9pm]

Advertising helps pay for the program. 
Otherwise some, not just a few, developers introduce a PUP (potentially unwanted program) into your computer. I prefer advertising rather that PUPs. 

[BC_Programmer]

BC, normally I have great respect for your insight, but I think you need to think that over. Your statement needs to be qualified. You ought to say
'having, but never used bi torrent is not harmful.' However, once it has been used, and if not used carefully, there is the slight risk  risk of a malicious  bit of data getting into the system.

qBittorrent, and most torrent clients in general, are no more harmful to have installed, or to use, than a browser.

It's when you misuse them that you cause problems. if Bittorrent clients present a "risk of infection" just being installed, then so do browsers. But nobody ever makes a fuss about that. In both cases the risk lies in downloading illegitimate or pirated files. Ironically, when it comes to that, downloading via browsers pretty much guarantee an infection, but infected torrents are actually more sparse than many would have you believe. (Except if you are dumb enough to torrent AV software, which is 99.9% of the time infected)

This brings up the possibility of a two-fold attack. I do not know what the right buzz-word is, but a bit of malware comes in and starts your torrent program in the background and the torrent then contains a payload much more malevolent.  To my knowledge that has not been reported. 

It's not been reported because it simply doesn't happen. Different torrent clients work differently so it's not likely to be able to launch the resulting content on it's own. Another issue with that theory being that Torrent clients typically require user input when opening a torrent or magnet link before proceeding, at which point it is on the user if they say "OK" to "super malicious unknown file with major infections.torrent", and then later when the malware asks them to launch the malicious files they downloaded for them. I'd say it's possible for such programs to simply roll in their own simple torrent client, similar to how malware now rolls in cryptocurrency miners, but that's a lot of work for something that can be downloaded much more easily via http, which is how most trojan downloaders do it. And even in the cases where it might use a torrent downloader for it's payload, that isn't any different than if it uses HTTP; it doesn't mean clients like qbittorrent are malicious or present a risk of infection anymore than a web browser does. You cannot really speak of "potentials" in a vacuum to come to a conclusion about specific software, particularly when using fabricated theoretical uses.

A quick search show that same think just having it on your PC is a potent ion problem.
Here is a key phrase that gets a lot of hits:
  Will a torrent harm me?

And Plenty of People think the world is flat or that the governments are ruled by lizard people. If your point is that there are ignorant people out there trying to inform themselves, then I agree, but I'm not sure how it relates here.

There are probably a lot of people who ask "Can Carrots kill me" but it neither suggests a risk that carrots will rise up and overthrow humanity nor that carrots possess any significant danger to health when ingested. It suggests some people want to learn the answer.

(The answer, I expect, is that only if you eat enough that the Vitamin A becomes a toxic dose, which is probably hundreds of carrots)

[Geek-9pm]

https://www.livescience.com/35430-seven-good-foods-you-can-overdose-on-110201.html

Carrots are full of vitamins, minerals and fibers that are good for your health. But eating too many carrots can bring in too much beta-carotene the molecule responsible for carrots' bright orange hue and a precursor of vitamin A. This can lead to excess blood carotene which can discolor the skin.
Known as carotenemia, the condition occurs because carotene is a fat-soluble molecule. Excessive quantities of it tend to accumulate in the outermost layer of skin, resulting in yellow- or orange-pigmented skin, particularly in the palms, soles, knees and nasal area.
Although carotenemia occurs mostly in infants when they are fed too much pureed carrot baby food, it can occur in adults as well. In a case report published in The Journal of Dermatology in 2006, a 66-year-old woman's skin turned yellow-orange after she took too many carotene oral supplements. One cup of raw chopped carrots has about 15 mg of carotene, according to the U.S. Department of Agriculture's Nutrient Database, so you'd need to eat half a cup of chopped carrots every day for months, in order to turn to her shade of yellow.

I will cut down on my carrot intake. 

[rjbinney]

Because of the multi-connection nature of torrents (which makes 'em so dang efficient), of course there's zero accountability if something goes wrong.

That presumes, of course, you're using torrenting programs to spread bad stuff - they are an effective way of sharing large files among groups of, say, co-workers, as well.

In general, I have found that - due to the nature of hashing and hosting - torrents that are infected are routinely flagged and marked as such. Now, of course, that means someone had to get infected and cry foul, so there is still risk...  I also use torrents because it's easier and faster than ripping my vinyl to iTunes (So come at me, RIAA!), and while it's possible that MP3 files are false flags, it's beyond unlikely.

OK. Way off topic.

[Geek-9pm]

Because of the multi-connection nature of torrents (which makes 'em so dang efficient), of course there's zero accountability if something goes wrong.
...
OK. Way off topic.

Yes, it is.
Sometime tomorrow I will start a new thread about the future and advantages of a 'torrent' protocol for doing very good things. Torrents are not always bad, in fact, the future of the Internet is with torrent-like infrastructure. I will post  in the Other area  tomorrow.

[rjbinney]

Carrots can't kill you.

Obama wasn't a lizard person.

BUT... Tomatoes will f#@k you up.

[Coco423]

I didn't mean to get this way off topic with that post - I meant to help the topic starter.

[rjbinney]

Too late now. We're all doomed.

[Coco423]

What do you mean by that?

[rjbinney]

Malware.

Carrots.

Killer tomatoes.


It's as bleak as I've ever seen it.

[Coco423]

Can we please at least getsomewhat back on topic?

[BC_Programmer]

Can we please at least getsomewhat back on topic?

There isn't really a topic left. Their original concerns were resolved. 

[Coco423]

Oh. Well, might as well join in. I dont like torrents for certain things. I am very cautios with even normal files. Progtams and APKs, I avoid, as they might have malicious items in them, may be cracked, and I suggest you avoid programs and APKs through torrents too.

[rjbinney]

There isn't really a topic left. Their original concerns were resolved. 

Happy to start something anew.

NEW TOPIC
Dear Internet,

What is the deal with hot dogs? They come ten in a pack, and buns come eight to a pack! I mean, come on!

Love,
the OP

[Geek-9pm]

I will try to change the topic.
If it works, we shall talk about Hot Dogs and Buns.