April 30, 2008
The User Account Control feature in Windows Vista has been known to drive normally level-headed people over the edge with frustration. If you find it annoying, you might be tempted to turn it off. According to Microsoft research, somewhere between 12 and 16 percent of all Windows Vista users do exactly that. But before you take such a radical step, it helps to understand what UAC is actually doing on your behalf and how you can tone down its hard edges without sacrificing its protection.
The biggest misconception I hear about UAC is that it’s just another silly “Are you sure?” dialog box that users will quickly learn to ignore. That’s only one small part of the overall UAC system. The point of UAC is to allow you to run as a standard user, something that is nearly impossible in Windows XP and earlier Windows versions. In fact, with UAC enabled (the default setting) every user account in Windows Vista runs as a standard user. When you try to do something that requires administrative privileges, you see a UAC consent dialog box. If you’re an administrator, you simply have to click Continue when prompted. If you’re running as a standard user, you have to provide the user name and password of a member of the Administrators group.
UAC has four major benefits:
- On a shared computer, you can set up standard user accounts for users who don’t have the experience or training to make smart decisions about installing software or making system changes. As a result, they won’t be able to do any damage if a malicious website fools them into trying to install a piece of spyware or a Trojan.
- As an administrator, you get a warning before a piece of software attempts to make a change that can adversely affect the system. In Windows XP, clicking OK to a single malicious installer program could install a dozen programs in the background, with no warning to you. In Vista with UAC, you’ll have to give consent to each installation (and presumably will say No, early and often.)
- Badly written programs sometimes try to write user data to system areas, such as the Windows or Program Files folder or a registry key that affects all users. In Windows XP, running this type of program as a standard user would probably cause the program to fail. With Vista, those operations are intercepted and written to a virtualized location in your user profile. The program thinks it wrote a file to the Windows folder, but the actual file appears in your profile.
- Internet Explorer 7 runs in Protected Mode when UAC is on. That causes processes in a browser window to run at a low integrity level, where they’re blocked from interacting with processes that have a higher integrity level. The net effect is to stop entire classes of web-based attacks in their tracks.