Windows Vista: User Account Control gone wild?

by Greg Shultz | Jun 29, 2006 7:00:00 AM

Tags: Microsoft Windows Vista (Longhorn), Operating systems, SECURITY, Greg Shultz, Jesper, User Account Control, Microsoft Windows Vista, Microsoft Windows

Takeaway: A closer look at Windows Vista: User Account Control

In last week's edition of The Windows Vista Report "Windows Vista's Personalization interface not as "clear" as other features" while leading up to my main subject, inconsistencies with the Personalization interface, I commented that even though I find the User Account Control (UAC) dialog boxes a bit annoying, I understand that they are designed to protect my system and so have accepted them as a necessary evil. Based on the comments about UAC in that article's Discussion area, and throughout the Internet community as a whole, I see that some, but not many folks share that point of view.

Of course, I must admit that I can see how some would find UAC's overly aggressive assumption that every user is a moron and must be watched over like a child, a bit derisive--especially for a system administrator. However, after witnessing how sneaky hackers can be when it comes to quickly and quietly slipping destructive code into a system right under the noses of unsuspecting users, I think that UAC is a good idea. In fact, I believe that UAC is probably one of the best security technologies to come out of Microsoft.

Since the prospect of UAC appears to have gotten a lot of otherwise sensible, security-conscious folks up in arms, I've decided to delve deeper into this topic and see what I could find to help put UAC back into a proper perspective.

Don't disable UAC

As I began my investigation, I discovered that a lot of folks are treating UAC as a pesky annoyance and simply disabling it in Windows Vista Beta 2. However, that really is the wrong approach. UAC isn't just about a few pop-up dialog boxes; it's about a huge paradigm shift that is aimed at making the Windows operating system safer and more secure from the ground up. So, don't disable UAC and forget about it. Instead, you should embrace UAC and learn as much about it as you can.

Jesper's blog

One of the first places that I would recommend you begin learning more about UAC and its importance during the beta testing phase is with Jesper Johansson's blog. Jesper is Senior Security Strategist in the Security Technology Unit at Microsoft. In a recent posting, titled "Please don't disable security features, at least while we are testing them," he composed a very nice synopsis of the goals and reasons behind UAC. Use this post as a starting point.

User Account Control Overview

With the information from Jesper's post under your belt, you should then move on to the User Account Control Overview white paper, located in the Windows Vista Security and Protection section of Microsoft's TechNet site. The information in this whitepaper will provide you with a good understanding of what UAC is all about and how Microsoft is pushing for a major shift in software development in order to fully realize the benefits and security offered by UAC.

User Account Control page

The User Account Control Overview whitepaper is just one of several available Windows Vista Security and Protection section of Microsoft's TechNet site. In fact, there's a whole sub section devoted to just UAC,

Windows Vista Security Enhancements

If you want to learn more about how UAC falls in with all of Windows Vista's other security features, you need to download and read Windows Vista Security Enhancements, a Word document that provides detailed descriptions of all the security enhancements in Windows Vista.

The MSDN UACBlog

If reading Jesper's Blog whetted your appetite for more blogs, then your next stop should be UACBlog, which is the Web Log for the User Account Control team. Here you'll find all kinds of information on UAC from various members of the team responsible for the technology behind UAC. There's even a video demonstration that shows UAC in action and explains the benefits of running Windows as a standard user.

Third-party perspectives

So far, I've only provided links to UAC information provided by Microsoft, which of course might seem to be a bit one sided. If you want another perspective on UAC, here are some other sources to investigate:

• A fresh look at Vista's User Account Control--In this three-part posting from his Microsoft Report Blog, Ed Bott take a detailed look at and provides support for the goals and benefits of UAC.
• Is Vista UAP getting a bum rap?--In this posting from his Real World IT Blog, George Ou takes a look at why UAP (now called UAC) is misunderstood and goes on to discuss UAC's benefits.
• Windows Vista Feature Focus: User Account Control (http://www.winsupersite.com/showcase/winvista_ff_uac.asp)
  This article, by Paul Thurrott, who earlier derided UAC, provides a very nice overview of UAC as well as offers support for the idea that UAC is a good thing.

Conclusion

After reading through the information presented here, has your point of view on UAC changed? As always, if you have comments or information to share about UAC, please take a moment to drop by the Discussion area and let us hear.

Print/View all Posts Comments on this article

Actually the UAC is something that I've been HAL 9000 | 06/30/06

Why shouldn't they? TonytheTiger | 06/30/06

The Parental Control HAL 9000 | 06/30/06

corporate use TonytheTiger | 06/30/06

Exactly HAL 9000 | 07/01/06

The legal issues are many and complicated faradhi | 07/01/06

'one of the best security technologies to come out of Microsoft'? uberpinguin | 06/30/06

But Over the Top LeeWB3 | 07/04/06

Agreed uberpinguin | 07/06/06

UAC a virtual hobble w/r/t to troubleshooting probs. In short: Sux. kate.kudirka@... | 09/02/08