= Introduction =
I’ve seen many people just assume UAC is nothing more then annoying prompts (Even an Apple advertisement did so and they should know better) and a roadblock to them doing things.
I’m going to explain in this post why it is more then that.
= What is User Account Control =
UAC makes it so programs that don’t need full administrative privileges don’t have them to protect against unknown bugs in the programs.
It is similar to the way things are handled on UNIX/Linux and OS X.
= Examples of how it protects =
== Internet Surfing with programs like Internet Explorer ==
If a new security hole is found that allows bad programs to load when just loading a web page, UAC prevents that bad program from complete control over the computer.
In this case since Internet Explorer runs under the Low Integrity Level that UAC provides then that bad program can only do a small number of things like mess up the IE cache folder. Your OS install, programs and data will still be safe on the hard drive.
Unfortunately it does still allow read access to your drive as explained in FAQ #7.
== Programs that accidentally corrupt Operating System and Program files ==
For example say you have an alternative file manager and you have a folder like C:\Documents\Program Files you want to delete, if that program had a bug where it then tried to delete C:\Program Files instead, that would be prevented by UAC.
That is an unlikely example but bad data loss bugs to happen.
= FAQ =
== There are way to many prompts, they are annoying ==
True. In part because UAC was added to an OS where designing for least privilege was not a big concern for a while. As Windows develops and more programs are designed with UAC in mind there should be less prompts for normal things.
Update: This is already happening with Service Pack 1. When renaming a folder or file in a protected location the prompts have gone from 4 to 1.
== I don’t need it, I have a firewall ==
A firewall won’t stop things like web pages exploiting security holes in Internet Explorer.
== I don’t need it, I have antimalware software ==
Most antimalware programs detect things using a database of known bad things.
If a bad program gets to your machine before your local database is updated they won’t be found.
== I have UAC off and haven’t had any malware problems ==
Just because you don’t have problems with it off, doesn’t mean it’s useless. It’s another layer of protection that is good to have as listed above.
== I like to randomly download things and install them ==
I guess UAC won’t really help here though antimalware software won’t help much either with installing random things.
== I’m a power user. I download various things that can be trusted and I tweak OS settings all the time. The prompts are annoying. ==
In this case you can disable the prompts by following the instructions at http://www.computerperformance.co.uk/vista/user_account_control.htm
You will still have some protection from things like program bugs but any bad program that decides to elevate will be able to without prompts.
== Can I remove the prompt for programs I trust ==
Yes, you can.
See the article Run an Elevated Program without UAC Prompt.
== Are there any problems with UAC? ==
Yes. Here are some:
A. If the purpose of a bad program is to read secure data you have that can be freely accessed by your user account without additional passwords then it can still copy that data.
Note: This is a problem without UAC too.
B. A bad program with running with the Medium Integrity Level (the default level) can still erase all your document files you have write/delete access to.
Note: This is a problem without UAC too.
The advantage with UAC here is while you still have to restore the those files from a backup, you don’t have to reinstall your OS and programs too like you would otherwise.
C+. There are more problems then those. I’ll have to research online a bit more to figure out what they are and a way to find to write them out.
Note: Even with it’s flaws, it should still be better with UAC then without it.
= Article History =
Revision 5 – 2008-03-24 – Updated FAQ
Revision 4 – 2008-03-20 – Moved to techoddity, formatting updated and UAC Prompt disable link added
Revision 3 – 2008-03-19 – Update FAQ
Revision 2 – 2008-01-29 – Explain in more detail, update formatting
Revision 1 – 2008-01-27 – First published