Windows

Vista's UAC is a good beginning

Lately I have been hearing a lot of complaints about User Account Control (UAC). It may not be perfect but it is a great feature of Windows Vista. With UAC, you will finally be able to run your machine as a standard user as opposed to a computer administrator. If you are running Windows XP, you are most likely running as a computer administrator. From a security standpoint, this can open the floodgates to spyware, malware, viruses, etc. By running your computer as an administrator, a compromise can easily write to your system files. As a standard user, access would be denied.

Lately I have been hearing a lot of complaints about User Account Control (UAC). It may not be perfect but it is a great feature of Windows Vista. With UAC, you will finally be able to run your machine as a standard user as opposed to a computer administrator. If you are running Windows XP, you are most likely running as a computer administrator. From a security standpoint, this can open the floodgates to spyware, malware, viruses, etc. By running your computer as an administrator, a compromise can easily write to your system files. As a standard user, access would be denied.

There have been attemps to run as a standard user or Least-Privileged User Account (LUA) in Windows XP but it is difficult and cumbersome. I have read several blogs that show you how to do it with special applications but Windows XP was not designed to run this way.

On the other hand, Windows Vista was designed to run this way out of the box. In Windows Vista, when you run as a Computer Administrator, any administrative task will dim out the entire operating system and provide you with a dialog box to elevate your privileges to perform the specific task at hand.

When you run as a Standard User, an administrator password is required to perform the appropriate task. This is a true secure desktop implementation and is a great feature of Windows Vista.

What are your opinons of UAC? Do you like it or hate it? Let me know.

I have to add that I know it is a pain but I seem to have gotten use to it and am glad it exists. I do firmly believe Microsoft will make it better in a release to come.

Update: If you are interested in disabling UAC, see the following post, "Customizing UAC in Windows Vista."

17 comments
RFink
RFink

Log in as the user then su to superuser. Works for me. Everytime I read a Vista blog or thread the movie "March of the Penguins" pops in my head. :)

Oz_Media
Oz_Media

http://tinyurl.com/3jjxhm Now you can tell all the Unix lovers how you feel about Unix. Don't let your flippers freeze.

RFink
RFink

I do like its idea of security. I don't hate it either.

Oz_Media
Oz_Media

I would not try and say hat Vista is a great solution for everyone, and I have always been against MS's business practices too. I agree that Vista does require resources, but with a good heap-o-ram, it runs like a top. I am a person who really put a lot of software in his personal machine. I run professional audio mixing software, high end graphics software (Maya), the usual (bloated MS Office suite), and anything else I need for work and personal projects. I am also an avid gamer, store movies, edit video, web design, graphic design etc. I even run my vehicle disgnostic software from the same notebook withot issues. BUT...I was an avid Win2K fan, ditched XP a couple of times to revert back to Win2K as it ran the same software much more efficiently than XP did. So again, I am not being a hard advocate for Vista, Linux does make a good OS, and I have always preferred Novell over Win as a NOS. I just get tired of the same people, with NO Vista or MS knowledge to speak of, who simply troll Vista forums and spew the 'nix/XPSP3 rules gospel. Vista offers great feature advantages over XP, but if you have XP and aren't in the market for a new box there's no point in upgrading. If you are osidering an upgrade, a new box with plenty of RAM will be great with Vista. NOTE: I do strip down my GUI, no Aero, fancy menu shading, fades etc. In fact, my Vista notebook LOOKS like Win2 with Classic menus etc. Get rid of the bloat and it runs sweet!

The Scummy One
The Scummy One

I would disagree with your percentages a bit. I actually think it would be closer to 40 or 50%. As far as reasons not to use it, there are still a bunch available. And with this, there are still many who will refuse (like me) to use it at home. Personally, I dont want an OS that will suck up the resources and then prohibit me from doing what I want or even installing something. Even if those blocked items are few and far between, the DRM is still an issue. Besides, now that I have gotten a taste for the new Linux, it is easier than ever to jump away from MS (at home). However my XP box is still alive and kicking.

Oz_Media
Oz_Media

Sorry if I misunderstood your intent. It seems that Linux heads and XP junkies are looking for Vista forums so that they can feel better about using an older OS, by saying how much they love XP or Linux, what crap Vista is. In reality, I doubt that more than 20% have ever turned on a Vista box to know what they are talking about and just jump on the anti-Vista bandwagon to look cool and hip. It's funny how people who can't afford new hardware will simply flame anyhing that won't run on a P2.

NickNielsen
NickNielsen

Now all we have to do is convince third-party (read: game) developers to write their software to run in user space without needing more than read access to controlled directories or files. There's nothing more irritating than some application that wants to save your work in its home directory in C:\Program Files. Ever tried playing Oblivion in user mode? And maybe some day somebody will write a bug-free OS... Edit: apostrophe in its. That'll teach me to watch Naomi and the lizards while I'm posting. :D

Oz_Media
Oz_Media

UAC works well as a dummy's guide to not clicking through. For the IT support team it makes stupid moves from users a little harder for them to pull off and play dumb about. I have found from teh few I manage for friends and thier familes that they have fewer stupid click throughs from when they used XP. Is it annoying at first? Yup, but it did get a bit better. SP1 removed a click or two for the user that was really overkill.

anubhava.prodata
anubhava.prodata

If my UAC is off then my data has show and if UAC is On then Data not Visible.But by throw program it accept data. Can u help me regarding this topic. Thanks Anubhava Dimri anubhava.prodata@gmail.com 919250168195

Tony Hopkinson
Tony Hopkinson

Where is the data and where do you want to show it.

The Scummy One
The Scummy One

I can live with it if it werent sooo damned annoying. But if MS removed some of the extra clicks, maybe I should try out SP1

Oz_Media
Oz_Media

? SP1 reduces the number of UAC (User Account Control) prompts from 4 to 1 when creating or renaming a folder at a protected location. I have also noticed that this applies to copying files too. I notied my system was slower and buggier when I added SP1, it ran like a top with Vista raw before. After some tweakign, cleaning up, removing the Aero shite etc. I found that it now runs very well again. I have a pretty quick USB thumb drive which is Vista compatible too so it boosts performance to 4 gigs when needed, and THAT feature works well too.

The Scummy One
The Scummy One

Some programs that install files and drivers need multiple UAC warnings. However, the second or third warning may not pop-up at all, or will pop up behind windows. At this point the system appears hung pretty well, except still responsive with an end task command. The only solution I have found for this is if a program requires multiple UAC warnings when installing, turn off UAC because it may just not work properly. As a security feature, it is not too bad, it just pops up way too often to truly be useful. And this is the sad part really, because when it happens too often and on things that it shouldnt need to ask, then it becomes either aggrivating or annoying. At either of these points (or the first when it just stops working right) it gets turned off. And likely not back on! Then what good is it???

the_resonant_flux
the_resonant_flux

Where to begin! First off, my system stopped hibernating, suspending, or shutting down. had to manually kill it. and restart. wasn't at first sure of the connection to the uac, but that will make sense later. i had problems with AVG and not being able to download any files off the net. (avg was preventing the transfer to the hard drive) un-installed avg, then switched to avira. seems to work better now. then i realized i couldn't access my documents folders, any of them! come to realize all my permissions were removed. I then tried to set ownership of user folder and sub-folders seemed to work, so i moved on to setting permissions to all sub folders as well. come to find out a good number of the sub folders weren't taking to the owner change and would have to be manually changed one at a time. ( i believe this is when i decided it was going to take me all fricken day and turned off the uac ) low and behold, i had to restart, this worried me a bit. wasn't sure if the uac would turn off when i obviously couldn't successfully restart without a manual power off/on. (but oh wait, now i can hibernate restart and everything else again!!!) oh and i also ran the sfc.exe with no luck. (anybody think there's a new virus in town designed to kick the uac's bum???) is there a way to restore original uac settings??? i'm kinda at a loss. any idea how the uac can change permissions without the administrators?

jamesgrelsey
jamesgrelsey

UAC is an annoying Band-aid fix at best UAC might be a good beginning but to a bad ending! Microsoft needs to find ways to really FIX its security problems rather than pass them off on the end user. UAC is a Band-aid solution that hides the problem and creates more problems especially for the novice. Personally, I feel that if the only way to secure windows is to force every user to log-in as a limited user, confirm every action twice, and password protect the user from him/her self; well this seems like the best reason I've heard yet for switching. Vista is the biggest reason I've heard yet for user switching to other OSes. Lets face it, this is aimed at the novice who most often wouldn't know what should or should not be allowed to happen. To the advanced user this seems to be just as frustrating. I can not count the number of times I've wanted to say, "YES Bill G., that IS my final answer!" after clicking on the yellow bar's sub menu to allow an action and having to confirm (yet again) that I really am sure that I will blame myself and not Micro$haft if I'm wrong! Is this a good beginning? I'd say it's actually a fast plane going in the wrong direction. Then again I'm one of those who un-installed ie7 (what can I say Netcaptor does it better and faster) Myself, I'm really tired of Micro$hafts stop-gap and band-aid fixes when they actually finely admit a problem really exists.

jamesgrelsey
jamesgrelsey

UAC might be a good beginning but to a bad ending! Microsoft needs to find ways to really FIX its security problems rather than pass them off on the end user. UAC is a Band-aid solution that hides the problem and creates more problems especially for the novice. Personally, I feel that if the only way to secure windows is to force every user to log-in as a limited user, confirm every action twice, and password protect the user from him/her self; well this seems like the best reason I've heard yet for switching. Vista is the biggest reason I've heard yet for user switching to other OSes. Lets face it, this is aimed at the novice who most often wouldn't know what should or should not be allowed to happen. To the advanced user this seems to be just as frustrating. I can not count the number of times I've wanted to say, "YES Bill G., that IS my final answer!" after clicking on the yellow bar's sub menu to allow an action and having to confirm (yet again) that I really am sure that I will blame myself and not Micro$haft if I'm wrong! Is this a good beginning? I'd say it's actually a fast plane going in the wrong direction. Then again I'm one of those who un-installed ie7 (what can I say Netcaptor does it better and faster) Myself, I'm really tired of Micro$hafts stop-gap and band-aid fixes when they actually finely admit a problem really exists.

Tony Hopkinson
Tony Hopkinson

They want us to set things up so there is a defacto privilege layer. That way when they put a real one in the OS, everthing won't fall on it's arse. They can't just rely on us to move to MS' new security model can they, there are people out there still running 95 stuff in compatibility mode. If we stay that way, and they do the job properly none of that old stuff is going to work, ever, at all, not even a little bit. Vista was jazzed up so all the Gartner led types would want it, and then UAC was a nagger to persuade them to give us the resource to move wth the times. Backwards compatibility is a two edged sword.

Editor's Picks