Windows Vista UAC Effective Defense Against Rootkits
Considering turning off UAC on your Windows Vista computer? You might want to think again.
UAC is Microsoft’s User Account Control. It’s a sometimes nagging interface that can help to protect your computer. It has specific rules on what an administrator can and cannot do. When UAC is turned on, the software on your computer is running without administrative permissions. If you or your computer attempts to perform an action that requires administrative privileges, UAC pops up a window asking if you want to elevate to administrator so the action can be completed.
The good - if left on, UAC can be an extremely effective defense against many infections. Most recently proven in a paper by AV-Test.org when they tried to infect a Windows Vista test system with rootkits. Rootkits are the nastiest of infections that work by installing a system driver that hides other infections as they steal your information or ruin your operating system. With UAC turned on, AV-Test couldn’t get any of the rootkits to install. In order to install the rootkits, they had to disable UAC.
The bad - it’s sometimes annoying. Really annoying. Especially when initially setting up a computer. When you install a program, change network settings, and reconfigure many system settings, UAC will always pop up the window, sometimes multiple times, asking for permission.
There are a lot of things that Microsoft can do to improve UAC for your typical consumer. First, rethink what things require administrative permissions. Many things that UAC asks for permission for should not require those permissions. Next, place a time limit on the elevated privileges. Right now UAC promotes the user until the action is over, thus making it necessary to ask multiple times if the first action initiates a second or third action that requires the elevated privileges. Finally, grant the ability to set a timeframe for elevated privileges. If a user is going to be testing network settings or installing a bunch of software, they should be able to tell UAC to promote them for the next fifteen minutes, or half hour.
Windows Vista Service Pack 1 made improvements to reduce the number of UAC prompts. After initial setup, UAC prompts average fewer than two per session. If you’ve had UAC disabled on your system(s) it’s a good time to reconsider. If you decide to enable UAC, tell us about your experience in the comments.
With all things considered, Windows Vista UAC is certainly a step in the right direction. Sure, it can be annoying, and Microsoft can do some things to make it more user friendly. However, it’s far less annoying, and far less costly than getting your computer infected with a nasty rootkit. The results from AV-Test show just how effective UAC can be when left on, even against the nastiest of nasty infections. Is it worth it to click “Continue” every now and then?
Ubuntu User said,
Wrote on June 1, 2008 @ 7:20 am
This is so old news in ubuntu. These types of policies are success stories for Microsoft, but just a walk in the park for Linux users around.
SpuD said,
Wrote on June 1, 2008 @ 8:28 am
[quote] There are a lot of things that Microsoft can do to improve UAC for your typical consumer. First, rethink what things require administrative permissions. Many things that UAC asks for permission for should not require those permissions. Next, place a time limit on the elevated privileges. Right now UAC promotes the user until the action is over, thus making it necessary to ask multiple times if the first action initiates a second or third action that requires the elevated privileges. Finally, grant the ability to set a timeframe for elevated privileges. If a user is going to be testing network settings or installing a bunch of software, they should be able to tell UAC to promote them for the next fifteen minutes, or half hour.
[/quote]
Yeap if they did this i would definatley have it on permantley!
It's a great idea and as proven can stop you getting infected but it is definatley really anoying, before the SP1 i had it every time i tried to open up any program say itunes and had to accept more than 2 - 3 times!
Microsoft should defintaley consider adding some of these feature to it!
SpuD
WindowsObserver.com » Blog Archive » Windows Vista Google Alerts for 01 June 2008 said,
Wrote on June 2, 2008 @ 4:21 am
[...] Windows Vista UAC Effective Defence Against RootkitsBy ScHwErV Considering turning off UAC on your Windows Vista computer? You might want to think again. UAC is Microsoft’s User Account Control. It’sa sometimes nagging interface that can help to… [[ This is a content summary only. ...Geeks to Go! - Tech experts answer... - http://www.geekstogo.com [...]
sarahw said,
Wrote on June 12, 2008 @ 1:42 pm
Some non-Microsoft programs will not update unless you have UAC turned off.
While UAC is a good idea, it can certainly be improved.
Some programs should be able to preform basic tasks without a user prompt.
PaulT said,
Wrote on June 20, 2008 @ 5:03 pm
I remember having many issues with UAC while testing games, including many online, at Vivendi Games' Sierra Online.
There were so many issues (and I experienced more in my newest PC when I upgraded to Vista last fall) that it convinced me to turn off UAC from the very beginning with my new PC.
After having many issues with a huge amount of Vista features, I found a guide online and disabled a vast and large amount of unneeded services to enable my computer to run better, also enabling my L2 cache that Microsoft seems to purposely turn off to force people into upgrading hardware that would otherwise perform far better.
As the last user said, UAC is both poorly implemented and poorly supported by third-parties.
Tom Rogers said,
Wrote on June 29, 2008 @ 12:52 pm
I am primary a mac user but have examined Vista in detail. I think the answer to the problems with UAC lies less in when it prompts people but more in how.