Linked by Thom Holwerda on Fri 15th May 2009 07:11 UTC, submitted by Georgi Petrov
Windows Whenever we talk about Windows 7 on OSNews, you'll always hear me advise you to change the UAC settings by setting it to its highest level, since Windows 7's default simply isn't secure. You might wonder why you should deal with additional prompts - what is the security risk actually like? Well, it's pretty big.
Thread beginning with comment 363907
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Competition
by Drumhellar on Sat 16th May 2009 06:49 UTC in reply to "RE[3]: Competition"
Drumhellar
Member since:
2005-07-12

IMO, the sensible approach would have been:
- keep the existing XP/2k/NT4 security model (permissions based on account type/ACLs)

UAC is basically based on the old security model. Only now, it's actually enforced. For nearly 10 years Microsoft has been telling developers to write programs the new way. Some didn't, and now their programs break. UAC is meant to lesson the impact of that, while providing a new way for developers to keep the old, antiquated mind-set and allow things to run (mostly) smoothly.

make the default user non-Admin on new installations

Good idea. Users also need to be taught to be more security minded, not just the developers.

Reply Parent Score: 2

RE[5]: Competition
by abraxas on Sat 16th May 2009 16:14 in reply to "RE[4]: Competition"
abraxas Member since:
2005-07-07

UAC is basically based on the old security model. Only now, it's actually enforced. For nearly 10 years Microsoft has been telling developers to write programs the new way. Some didn't, and now their programs break. UAC is meant to lesson the impact of that, while providing a new way for developers to keep the old, antiquated mind-set and allow things to run (mostly) smoothly.


UAC elevates privileges based on a new access control system introduced with Vista called MIC. UAC requests privileges based on the integrity level of an object. If the integrity level required to access an object is higher than your current integrity level UAC is invoked.

Reply Parent Score: 2