Windows Vista UAC Explained

Perhaps the most notable change from Windows XP to Vista is the addition of the UAC (User Account Control) which is the cause of the security dialogs prompting for permission to perform system actions. Considering this is just a tip, I am going to be brief in my explanation and defer to Microsoft for the details.

First off, UAC is a good thing. While some�”experts” and anti-Vista people are quick to point out you get prompted for virtually anything you do, this simply is not true. I’ve been running Vista for about 3 months now with UAC enabled and it is no hindrance at all.�Now that I have my system set up, I rarely see a UAC prompt.

Typically you are prompted when you do one of the following:

* Install a program or Active X control.

* Try to manipulate files and folders in system directories (C:,� \Windows, \Program Files, etc.).

* Modify a system settings (i.e. anything in the control panel).

* Modify system services or drivers (i.e. anything in Computer Management).

I am just pointing out what I have noticed. If you do not want the UAC notifications, you can easily disable them.�

This is virtually the exact way Linux and Mac have worked for years. Since under the 2000/XP model, practically every user has administrative rights on the machine, this made it easy for viruses and spyware to install and hide itself… because it would have the same rights on the machine as the user. Even worse, due to the nature of malware it all happens behind the scenes, making it very hard to combat.

Microsoft recently published a fantastic explanation about what UAC is and is not http://www.microsoft.com/technet/tec.../SecurityWatch on their web site which I would recommend you read. I will end this tip with a quote from the article:

In its current form, UAC will not stop really good attackers, or ones who have the help of really good attackers. If the bad guys can’t think of any other way to defeat UAC, they will almost certainly resort to asking the user to do it for them. Given the choice of dancing pigs and security, we know from experience that the dancing pigs win every time. Users have learned to dismiss dialogs, and so they will until we manage to teach them otherwise. This results from many contributing factors, including the fact that there are too many warning dialogs, that the messages in them are useless, and that many of the manuals for whatever devices users buy include a note to “please click yes to the security warning dialog to dismiss it.

UAC does not provide foolproof security. In fact, it makes the good old local privilege elevation attack interesting again. This is a class of attack that has largely been discounted because, on Windows, nearly everyone was an admin anyway so elevating to some other admin was quite pointless. That said, UAC definitely changes the nature of such attacks and transforms the rules of the game to be much more like what prevailed on UNIX for more than 20 years.