Robert McLaws: Windows Edition

Blogging about Windows since before Vista became a bad word

The Long-Term Impact of User Account Control

TechNet Magazine has a great article this month about UAC.

UAC was not deliberately designed to be the most annoying feature in the history of Windows. Rather, this set of technologies was designed to set us on a path where users do not need to expose their systems to potentially malicious code as frequently as they have during the past few years.

In its current form, UAC will not stop really good attackers, or ones who have the help of really good attackers. If the bad guys can't think of any other way to defeat UAC, they will almost certainly resort to asking the user to do it for them. Given the choice of dancing pigs and security, we know from experience that the dancing pigs win every time. Users have learned to dismiss dialogs, and so they will until we manage to teach them otherwise. This results from many contributing factors, including the fact that there are too many warning dialogs, that the messages in them are useless, and that many of the manuals for whatever devices users buy include a note to "please click yes to the security warning dialog to dismiss it."

UAC does not provide foolproof security. In fact, it makes the good old local privilege elevation attack interesting again. This is a class of attack that has largely been discounted because, on Windows, nearly everyone was an admin anyway so elevating to some other admin was quite pointless. That said, UAC definitely changes the nature of such attacks and transforms the rules of the game to be much more like what prevailed on UNIX for more than 20 years.

I think it's funny that people have been doing so much complaining about it... I have UAC enabled on all my machines and I hardly get ANY dialogs at all. But then again, I don't use many legacy programs, either. Whichever side of the UAC fence you're on, it's a great read.



  • Keeron said:

    Same here, not many legacy programs and been using Vista (standard user w/ UAC on all times) ever since the first connect builds... Whenever I get a UAC prompt, I am expecting it - either I ran a setup program or tried to do an admin task (write files to root, or edit config files in program file dir, etc). If you are someone just doing things on the system all over the place, running programs from the web frequently, installing a lot, dealing with config files and system tasks - and run as a standard user, UAC _can_ get annoying..but then again, you should use an admin account instead :) (or go back to XP)

    September 7, 2007 2:20 AM
  • Matt Sharpe said:

    I like UAC. I don't find it annoying at all. In day-to-day PC usage, I rarely encounter it. And even then, it's only when I'm being geeky and looking at stuff like the reliability and performance monitor.

    I have explained UAC to my parents and I'm confident that they will be cautious if and when they encounter it. I don't think it's the hardest thing to educate people about. Perhaps Windows should come with a welcome tutorial for new users, explaining UAC.

    September 7, 2007 3:41 AM
  • Matthew Cawley said:

    Has my main system is designed for development and system management, UAC can get very iritating when dealing with really simple commands such as changing basic system settings.

    What Microsoft should do is allow a policy setting for the UAC so that you can disable UAC on specific functions such as changing basic settings but leave it enabled for other task such as installing Programs.

    It's a bit like a firewall at the moment but the firewall asks you every single time you connect to the internet.

    Maybe a checkbox that says "Allows allow this program to be run without UAC" would make things easier as you would only have to do it once

    September 7, 2007 5:58 AM
  • Trevor said:

    I found it really annoying when you just want to mess around with system files.  It asks you every-darn-time you want to move a file around in directories like program files or windows.  I'd like a way to say "Im doing some system stuff, stop harassing me" and it throws a big red security flag in the bottom right that pops up flashes and reminds me that im running elevated or whatever and that i should click this off when im done...just like when i turn the firewall off and dont install virus protection.

    Otherwise, i'll just turn off UAC and live with the consequences.

    September 7, 2007 7:56 AM
  • Matt S. said:

    I think UAC is a great idea and if im just milling around the computer, surfing, etc, then I am not really bothered much at all by UAC. But, I have seen that I get the majority of my UAC prompts because of my secondary HD. Vista hates when you move files between two hard drives. There are also a few bugs when doing so as well. It can get annoying, luckily I have learned to keep my file moving to a minimum.

    September 7, 2007 2:01 PM
  • Matt,

    I don't have problems moving files around between hard drives. I *have* had that problem when the permissions haven't been aligned tho. You may need to take ownership of the files on the second drive drive before you mess with them. I know that can be really irritating tho.

    September 7, 2007 8:23 PM
  • Bobby said:

    MSConfig, tools, Disable UAC, Launch.  

    It is the first thing I do the second I get near a vista machine.  Even in my Vista VMs.  John Q Public may need it.  The buyer of a WalMart PC may need it, but I do not.  The only thing a new feature in an MS OS brings is more attack vectors.  This new and additional attack vector is exactly what the quoted author is brining to our collective attentions.

    For the average tech person who loads up their computer with their software set and uses the software, i can see where they wouldn't see the dialog boxes much. However my whole usage of a computer centers around the installing and uninstalling of new and test software.  As always the impact of any feature is in how the user uses their technology and not the technology itself.

    September 9, 2007 7:58 AM
  • Spencer said:

    Yeah, the first thing I do when I install Vista is turn off the UAC.  Popping up warnings for ridiculous things just go too much for me.  

    September 13, 2007 8:17 AM