Linked by Thom Holwerda on Fri 15th May 2009 07:11 UTC, submitted by Georgi Petrov
Windows Whenever we talk about Windows 7 on OSNews, you'll always hear me advise you to change the UAC settings by setting it to its highest level, since Windows 7's default simply isn't secure. You might wonder why you should deal with additional prompts - what is the security risk actually like? Well, it's pretty big.
Thread beginning with comment 363858
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Competition
by StephenBeDoper on Fri 15th May 2009 20:15 UTC in reply to "RE[2]: Competition"
StephenBeDoper
Member since:
2005-07-06

It's important to make clear that Microsoft took that approach in Windows Vista. And held on to it strictly.

The world cried foul. Including all the anti-MS people.


I'm as cynical of the "Anything But Microsoft" crowd as anyone - but UAC is one of the (several) reasons I've avoided Vista like the plague.

IMO, the sensible approach would have been:

- keep the existing XP/2k/NT4 security model (permissions based on account type/ACLs)
- make the default user non-Admin on new installations
- add the ability to prompt for elevation when a user tries to do something without sufficient permissions (E.g., when a normal user tries to change network settings)

And voila - no need for UAC.

Reply Parent Score: 4

RE[4]: Competition
by brandonlive on Fri 15th May 2009 21:43 in reply to "RE[3]: Competition"
brandonlive Member since:
2008-05-31

That results in a whole mess of compatibility and useability problems. When you run as a standard user and then launch a single program as an adminstrator account, the program running as an admin will have the admin user's profile, settings, permissions, etc. That's problematic for many scenarios.

The UAC model offers many advantages, both in useability/compatibility and in security. It allows Windows to securely prompt for *consent* (i.e. Continue / Cancel) versus asking for a password. Asking for a password for elevations is risky, as it will always be susceptible to spoofing and logging (unless you require a Secure Attention Sequence, i.e. Ctrl+Alt+Del press for every password entry).

UAC also provides the ability to easily *reduce* the privileges of a process, like Protected Mode IE (just one example) running on the same desktop, and to track objects/files created by those "low integrity" processes.

Lots of people think they know better than the Windows engineering team, but 99% of the time they are looking at a very small piece of the puzzle.

Reply Parent Score: 3

RE[4]: Competition
by Drumhellar on Sat 16th May 2009 06:49 in reply to "RE[3]: Competition"
Drumhellar Member since:
2005-07-12

IMO, the sensible approach would have been:
- keep the existing XP/2k/NT4 security model (permissions based on account type/ACLs)

UAC is basically based on the old security model. Only now, it's actually enforced. For nearly 10 years Microsoft has been telling developers to write programs the new way. Some didn't, and now their programs break. UAC is meant to lesson the impact of that, while providing a new way for developers to keep the old, antiquated mind-set and allow things to run (mostly) smoothly.

make the default user non-Admin on new installations

Good idea. Users also need to be taught to be more security minded, not just the developers.

Reply Parent Score: 2

RE[5]: Competition
by abraxas on Sat 16th May 2009 16:14 in reply to "RE[4]: Competition"
abraxas Member since:
2005-07-07

UAC is basically based on the old security model. Only now, it's actually enforced. For nearly 10 years Microsoft has been telling developers to write programs the new way. Some didn't, and now their programs break. UAC is meant to lesson the impact of that, while providing a new way for developers to keep the old, antiquated mind-set and allow things to run (mostly) smoothly.


UAC elevates privileges based on a new access control system introduced with Vista called MIC. UAC requests privileges based on the integrity level of an object. If the integrity level required to access an object is higher than your current integrity level UAC is invoked.

Reply Parent Score: 2