Part 2 of 3: User Account Control: Why You Need It. Why You Don't.
Now, don’t get me wrong. Even without the prompts UAC is a valuable component of Vista’s improved security model. With it, we get core system protection from malware. Running as a non-administrator, a malware infection is less likely to impact the system. Heck, a malware infection overall is less likely to occur due to UAC’s integration with Windows Integrity Control. Using WIC we divide all rights, NTFS permissions notwithstanding, into the “haves” and the “have nots”. Users protected by UAC go into the “have” group, while nearly everything coming out of Internet Explorer goes into the “have not” bucket. Malware need not apply since in most cases it automatically arrives in-system as a “have not”.
Click past the fold for more…
We also get protection against dialog box spoofing. When malware attempts to install itself or begin running its nefarious intentions, UAC’s prompt lets us know that a process is attempting to run that needs administrative rights. For administrative users who have a clue and are watching carefully, this provides an extra, added protection against malware popping up windows asking for approval to install itself and begin running.
A tangential benefit is the pressure UAC puts on 3rd party software vendors. UAC’s redefinition of which areas in the file system are copacetic for software to install helps enforce good software development practices onto vendors. Thanks to UAC, vendors are now stuck between the stick and the carrot of Microsoft forcing them to write better-secured software. If you’ve ever had to begrudgingly grant administrative privileges to “Stan in Accounting” because one minor piece of poorly-written software he needs requires it, you’ll be happy over the long haul when UAC’s political pressure forces that app’s vendor to recode it correctly.
Read the full column in Windows Administration in Realtime!
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine