Windows Vista: User Account Control gone wild?

In last week’s edition of The Windows Vista Report “Windows Vista’s
Personalization interface not as “clear” as other features” while
leading up to my main subject, inconsistencies with the Personalization
interface, I commented that even though I find the User Account Control (UAC) dialog
boxes a bit annoying, I understand that they are designed to protect my system and
so have accepted them as a necessary evil. Based on the comments about UAC in
that article’s Discussion area, and throughout the Internet community as a
whole, I see that some, but not many folks share that point of view.

Of course, I must admit that I can see how some would find UAC’s overly aggressive assumption that every user is a moron
and must be watched over like a child, a bit derisive–especially for a system
administrator. However, after witnessing how sneaky hackers can be when it
comes to quickly and quietly slipping destructive code into a system right
under the noses of unsuspecting users, I think that UAC is a good idea. In
fact, I believe that UAC is probably one of the best security technologies to
come out of Microsoft.

Tips in your inbox

TechRepublic’s free Windows Vista Report newsletter features news, scuttlebutt, and tips on Longhorn development, including a look at new features planned for this next version of the Windows OS.

Automatically sign up today!

Since the prospect of UAC appears to have gotten a lot of
otherwise sensible, security-conscious folks up in arms, I’ve decided to delve
deeper into this topic and see what I could find to help put UAC back into a
proper perspective.

Don’t disable UAC

As I began my investigation, I discovered that a lot of folks
are treating UAC as a pesky annoyance and simply disabling it in Windows Vista
Beta 2. However, that really is the wrong approach. UAC isn’t just about a few
pop-up dialog boxes; it’s about a huge paradigm shift that is aimed at making
the Windows operating system safer and more secure from the ground up. So, don’t
disable UAC and forget about it. Instead, you should embrace UAC and learn as
much about it as you can.

Jesper’s blog

One of the first places that I would recommend you begin
learning more about UAC and its importance during the beta testing phase is
with Jesper Johansson’s blog. Jesper
is Senior Security Strategist in the Security Technology Unit at Microsoft. In
a recent posting, titled “Please
don’t disable security features, at least while we are testing them,” he
composed a very nice synopsis of the goals and reasons behind UAC. Use this
post as a starting point.

User
Account Control Overview

With the information from Jesper’s
post under your belt, you should then move on to the User
Account Control Overview white paper, located in the Windows Vista Security
and Protection section of Microsoft’s TechNet site. The information in this
whitepaper will provide you with a good understanding of what UAC is all about
and how Microsoft is pushing for a major shift in software development in order
to fully realize the benefits and security offered by UAC.

User Account Control page

The User Account Control Overview whitepaper is just one of
several available Windows Vista Security and Protection section of Microsoft’s
TechNet site. In fact, there’s a whole
sub section devoted to just UAC,

Windows Vista Security Enhancements

If you want to learn more about how UAC falls in with all of
Windows Vista’s other security features, you need to download and read Windows
Vista Security Enhancements, a Word document that provides detailed descriptions
of all the security enhancements in Windows Vista.

The MSDN UACBlog

If reading Jesper’s Blog whetted
your appetite for more blogs, then your next stop
should be UACBlog,
which is the Web Log for the User Account Control team. Here you’ll find all
kinds of information on UAC from various members of the team responsible for
the technology behind UAC. There’s even a video
demonstration that shows UAC in action and explains the benefits of running
Windows as a standard user.

Third-party perspectives

So far, I’ve only provided links to UAC information provided
by Microsoft, which of course might seem to be a bit one sided. If you want
another perspective on UAC, here are some other sources to investigate:

A fresh look at Vista’s User Account Control–In this three-part posting from his
Microsoft Report Blog, Ed Bott take a detailed
look at and provides support for the goals and benefits of UAC.
Is
Vista UAP getting a bum rap?–In
this posting from his Real World IT Blog, George Ou
takes a look at why UAP (now called UAC) is misunderstood and goes on to
discuss UAC’s benefits.
Windows
Vista Feature Focus: User Account Control (http://www.winsupersite.com/showcase/winvista_ff_uac.asp)

This article, by Paul Thurrott,
who earlier derided UAC, provides a very nice overview of UAC as well as offers
support for the idea that UAC is a good thing.

Conclusion

After reading through the information presented here, has
your point of view on UAC changed? As always, if you have comments or
information to share about UAC, please take a moment to drop by the Discussion
area and let us hear.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for developing mobile applications from a security, procedural and best practices standpoint. While it contains technical guidelines, it is not intended to serve as a programming guide but as a framework for operations. This policy can be customized as needed to fit ...

PURPOSE This checklist from TechRepublic Premium provides a method for auditing and documenting a client site and assembling an inventory of systems and software, as well as giving you a framework for developing recommendations, applying costs to them, and storing all that information in one file. Tracking client contact details, circuit information, network equipment, cloud ...

PURPOSE Recruiting a community engagement manager with the right combination of experience and communication skills will require a comprehensive screening process. This hiring kit from TechRepublic Premium provides a flexible framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY ...

Windows Vista: User Account Control gone wild?