Considering turning off UAC on your Windows Vista computer? You might want to think again.
UAC is Microsoft’s User Account Control. It’s a sometimes nagging interface that can help to protect your computer. It has specific rules on what an administrator can and cannot do. When UAC is turned on, the software on your computer is running without administrative permissions. If you or your computer attempts to perform an action that requires administrative privileges, UAC pops up a window asking if you want to elevate to administrator so the action can be completed.
The good – if left on, UAC can be an extremely effective defense against many infections. Most recently proven in a paper by AV-Test.org when they tried to infect a Windows Vista test system with rootkits. Rootkits are the nastiest of infections that work by installing a system driver that hides other infections as they steal your information or ruin your operating system. With UAC turned on, AV-Test couldn’t get any of the rootkits to install. In order to install the rootkits, they had to disable UAC.
The bad – it’s sometimes annoying. Really annoying. Especially when initially setting up a computer. When you install a program, change network settings, and reconfigure many system settings, UAC will always pop up the window, sometimes multiple times, asking for permission.
There are a lot of things that Microsoft can do to improve UAC for your typical consumer. First, rethink what things require administrative permissions. Many things that UAC asks for permission for should not require those permissions. Next, place a time limit on the elevated privileges. Right now UAC promotes the user until the action is over, thus making it necessary to ask multiple times if the first action initiates a second or third action that requires the elevated privileges. Finally, grant the ability to set a timeframe for elevated privileges. If a user is going to be testing network settings or installing a bunch of software, they should be able to tell UAC to promote them for the next fifteen minutes, or half hour.
Windows Vista Service Pack 1 made improvements to reduce the number of UAC prompts. After initial setup, UAC prompts average fewer than two per session. If you’ve had UAC disabled on your system(s) it’s a good time to reconsider. If you decide to enable UAC, tell us about your experience in the comments.
With all things considered, Windows Vista UAC is certainly a step in the right direction. Sure, it can be annoying, and Microsoft can do some things to make it more user friendly. However, it’s far less annoying, and far less costly than getting your computer infected with a nasty rootkit. The results from AV-Test show just how effective UAC can be when left on, even against the nastiest of nasty infections. Is it worth it to click “Continue” every now and then?