Analyst: Vista's UAC Will Reform Developers

When it comes to the new security functions in Windows Vista, User Account Control is the one people tend to scratch their heads over, Gartner Analyst Neil MacDonald said during his presentation on implementing Vista security at Gartner's IT Security Summit here on June 4. "It's one that has plenty of people confused regarding what, exactly, it is," MacDonald said.

In fact, UAC isn't one capability; rather, it's a set of Vista capabilities that collectively help to limit the ability of applications and users to make unsanctioned system changes—whether the user is running as an administrator or as a standard user. "The idea is that when a piece of software is asking for user credentials … you shouldn't just hand them over," MacDonald said. UAC's raison d'être is basically to cure the new operating system of a legacy of bad applications that freely granted administrator rights—a tendency that has eased malware writers' jobs. "Malicious code would be far less effective if users ran without administrative privileges," MacDonald said.

View: Full Story
News source: eWeek

Report a problem with article
Previous Story

Auslogics System Information 1.0.4.145

Next Story

PC Tools wins battle against Zango

35 Comments

Commenting is disabled on this article.

With the exception of programs for configurate the system, all the rest of programs can (and must) runs using only the resources of a mere folder (and to writen in the regedit is always optional, and can be replaced by a classic .ini file).

IMHO only specifics programs must be allowed to do changes in the system but even MS will try to f##ck the system, doing unnecesaries changes (for example installing Office).

"Malicious code would be far less effective if users ran without administrative privileges,"

OMG OMG !!! The guy is a genius ! Everyone has been saying that since when? oh maybe since Unix was designed?

As long as everyone remembers that UAC's purpose is not a technical measure, But a psychological one.
Maybe after enough prompts, Users will understand that you DON'T click OK to anything that pops up.

Yes...
But... saving a wallpaper image produces no UAC prompt and kills the program with a message like.. "has encountered a problem..."
Or basically saving a file outside of your user folder.
So there are issues that requires elevated rights within programs and currently Vista will give NO UAC prompt.
Still work to be done on this... and a lot of it is miss leading.

That sounds like a misconfigured system or faulty app, I have encountered no such issues and have never heard of anyone else with that problem while reading several windows help forums on a daily basis.

Run the latest build of WeatherWatcher and see what happens...

Any Visual Studio project that builds files or folders in the program files folder will be denied with no UAC prompt... access denied. This happens even if you run VS with elevated privileges. This is very common place.

Granted people need to use an installer geared for Vista, but when they don't there are issues regarding the UAC that give erroneous msgs.

Why tell us? Because it certainly does not make you look very smart to run without a simple, relatively unobtrusive [compared to unix limited users having to type a whole password] security measure in effect. Have fun, I hope you do not download any malware by accident.

Apparently you missed the sarcasm there. Besides, as many machines as I build every week, I find it highly annoying to setup a machine with the UAC running. SO, I turn it off, setup the machine, then turn it back on. Then of top of everything, I have to explain to some of the clients what the UAC is all about. With all the different setup configs, drivers, etc, the last thing I want to do is leave it on. Is that O.K with you?

Why disable UAC? Do you install drivers every day? When actually doing work and not fiddling around you rarely if ever encounter it.

The main gripe is how often the UAC prompts come up when using the system as an admin. The whole point of having that elevated group is to avoid BS like UAC when doing things like installing drivers.

The problems with UAC are compounded by the fact that Vista is a new OS so people are in fact updating system settings and files all the time to get various applications and hardware to work.

For me, UAC shouldn't even be turned on unless the person logged on is using the machine as a 'limited user' or the like. When all is said and done UAC is more of an annoyance than a helpful security tool and ends up getting turned off hence negating any security benefits it ever had to begin with.

Aahz said,
The main gripe is how often the UAC prompts come up when using the system as an admin. The whole point of having that elevated group is to avoid BS like UAC when doing things like installing drivers.

The problems with UAC are compounded by the fact that Vista is a new OS so people are in fact updating system settings and files all the time to get various applications and hardware to work.

For me, UAC shouldn't even be turned on unless the person logged on is using the machine as a 'limited user' or the like. When all is said and done UAC is more of an annoyance than a helpful security tool and ends up getting turned off hence negating any security benefits it ever had to begin with.

Actually, the limited user account shouldn't allow the types of changes for which UAC prompts at all. Limited user means that they can't change ANY system level settings or files.

I, for one, like the fact that if a program tries to change a system setting or does something outside of the normal application sandbox, I get notified and can stop it if needed.

Yes, if you turn UAC off it's value is negated, no kidding captain obvious. If you run 'rm -rf' as root on unix (or work-a-likes) it's security is negated as well. I could use your logic to say that running as a low-privelege user on unix is inconvenient and thus some will not do it so it's security is negated as well. I am sure you can see where that arguement fails. I like having admin with UAC, I get the security of a limited user without having to type a password when I want to do something above limited user levels. If I do not like it I have the option of turning it off, I can not see what people are complaining about here, no matter how hard I try. It gives you all the options unix has plus some and people turn around and say unix is better? That is so silly.

UAC? You mean, the thing that everybody immediately disables as soon as they install Vista because of how damn annoying and useless it is?

No thanks.

To add to the previous reply, it is also not 'useless', unless you go out of your way to use it incorrectly, but then, your point was not to argue, was it? It was simply to repeat a common lie about windows in a desperate attempt to make others hate it.

Everyone says this, but I still don't see how this is so. When I use Ubuntu or any other Linux distro, I get security prompts when I do the same things that I do on Vista, uninstall software, install software, try to access something I otherwise don't have permissions too, etc. Some would argue that having to type your password on *nix is more annoying than just confirming a prompt in Vista. I think UAC is a necessity, and those who turn it off are only setting up their systems for blatant security breaches, the kind that could happen on XP and earlier versions of Windows.

drygnfyre said,
Some would argue that having to type your password on *nix is more annoying than just confirming a prompt in Vista.

UAC only does it that way if you're logged in as an administrator, otherwise you get password prompts just as in *nix (or previous windows OS's when trying to access file shares).

yakumo said,

UAC only does it that way if you're logged in as an administrator, otherwise you get password prompts just as in *nix (or previous windows OS's when trying to access file shares).

Yes but Vista has the *option* of running with just a prompt, where as unix has to have the user enter a password or run with no protection. Having only a password option would make users more inclined to run without any protection because that is way more of a hassle than hitting 'allow'.

UAC? Turned that worthless annoyance off right away and haven't looked back.

Did you know that U.A.C. was the corporation that opened the gates to hell in Doom 3? Seems to also fit here as well.

Foub said,
UAC? Turned that worthless annoyance off right away and haven't looked back.

I did too. It kinda reminded back in the days of fixing everyone's computers infected with pop-ups.

Couldn't understand why I couldn't access my USB drive and UAC was in the way and shut that sucker right off. Most people I know that have reverted back to XP didn't know you could shut UAC off. Real easy to do. :P

the part I hate is when you turn it off, then that red baloon sits in the bottom right forever and everytime you turn on the computer it says you are at risk. That is unless you turn off all notifications....Hopefully thye just kill UAC with SP1

dagamer34 said,
You want widespread reform? Kill the registry.
You want bandaid situations? That's UAC for you.

you need uac regardless. Everyone needs the ability to perform something and provide credentials. This is not a registry issue (but the registry does need an overhaul)

dugbug said,

you need uac regardless. Everyone needs the ability to perform something and provide credentials. This is not a registry issue (but the registry does need an overhaul)

UAC is a bad copy of the Unix security model because Microsoft doesn't really understand what's worth a UAC prompt in the first place. Sigh. Maybe in Vienna. -_-

dagamer34 said,
UAC is a bad copy of the Unix security model because Microsoft doesn't really understand what's worth a UAC prompt in the first place. Sigh. Maybe in Vienna. -_-

There's very little that prompts UAC unnesisarily.

Doing stuff in Program Files? UAC Prompt.
Modifying something in HKLM? UAC Prompt.
Need access to files flagged with "Administrator", but not "User"? UAC Prompt.
Changing ANYTHING System wide? UAC Prompt.

It's not like they're prompting you when you go to change your Display settings.

Express said,
The fact that Vista also has file system and registry virtualization will still keep devs lazy.

Speaking of virtualization, why would any business run Vista at all, when they can run virtual machines of XP instead? Or even virtual machines of the apps themselves? The only limitation is licensing. Does MS allow Office 2007 to be legally run in a virtual machine on Linux or OS X?

Office is a primary reason businesses install Windows at all, with virtualization they won't have to install Windows to run Office (or their other Windows apps), unless the licensing prevents it.

So how long will that licensing scheme last before businesses decide enough is enough and switch to another Office suite that doesn't have these restrictions? And why should they "upgrade" to Vista?

Vista shipped without a killer app or feature. MS should have at least made it a good OS instead of another bug-ridden, bloated hack job, then maybe it would be worth buying. Right now, it's a hassle for consumers and not very attractive for businesses planning on upgrading their infrastructure in the next few years.

You say "lazy devs" as if they're some kind of scum. Truth be told, the applications written for Windows, for the most part, followed Microsoft's own advice. Example: Were the developers to blame for the DLL hell? It's just that Microsoft didn't have a proper solution. So please, next time your old application hits a UAC prompt, do go around blaming the developer. Instead, maybe you can ask Microsoft why there is no strategy.

Don't get me wrong. Microsoft is trying. I would dare say that they are starting to build a decent operating system (although I must note that it is so because of certain Unix-like features -- uac indeed reminds me of something, symbolic links scream unix too, and certainly, vista is the first microsoft operating system with a proper firewall).

But please, don't depict Microsoft as the angel and developers as the devil.

Seriously, these "developers" can hardly have looked in the way of *nix... Ever.

It's a bit embarassing to see a Windows edition to encourage working with proper privilegies more appear in Vista only now, but I don't think as embarrasing as seeing supposedly professionals being confused over what it is. It's a system to encourage users and developers alike to work in their user-local directories, and protect users from stuff doing machine-local changes without their permission. People have been used to working in this fashion (and being similarly protected by having to elevate to root privilegies) in Unix since about 30 years. This should really NOT be hard to get for any developer worth his/her salary.