What are the security risks of lauching -no-deelevate option as suggested in this Article (link)
In order to solve the drag and drop issue under win7, article above suggests "Start Firefox Using the -no-deelevate command" but doesn't clarify what would be the risks on doing it.
I mean, the security risk is only mentioned in the next suggestion "partial workaround", saying it would be rather than lower security by using -no-deelevate instead, but also gives no information about what risks would be.
So I would like to know:
1) If I decide to use -no-deelevate option, what sort of risks I'm taking?
2) To a no fool internet user, is it worthy to take?
This is relevant for me cuz re-enable UAC makes user have to confirm dialog box to everything at all in Windows despite logged as full right administrator.
Nor less annoying are the other option "copy and paste" "save as", putting me under ridiculous situation of needy to use Opera browser only to be able of drag IMDB links and images into a folder, then backing to Firefox for everything else.
You can drag an image even to a folder in an USB external drive (OMG-WTF)
Thanks you all.
Modified by ccrc28
All Replies (1)
So you think that disabling UAC is a lower risk than running Firefox with lower integrity by using -no-deelevate and the former is acceptable (i.e. you do not worry), but you worry about Firefox?
It is up to you to decide how much effort is acceptable for your security, we can't advise you in this matter apart from suggesting to enable UAC or accept its limitations.
On Windows it is already easier to bypass security and you only need to confirm a UAC alert. If you disable UAC then not much security safety is left. On a platform like Linux you need to enter the administrator (root) password each time you need write permission for saving a file to a restricted location. Adequate security comes with a cost and you need to accept extra effort or else this has not much meaning if you bypass these measures.