In last week’s edition of The Windows Vista Report “Windows Vista’s
Personalization interface not as “clear” as other features” while
leading up to my main subject, inconsistencies with the Personalization
interface, I commented that even though I find the User Account Control (UAC) dialog
boxes a bit annoying, I understand that they are designed to protect my system and
so have accepted them as a necessary evil. Based on the comments about UAC in
that article’s Discussion area, and throughout the Internet community as a
whole, I see that some, but not many folks share that point of view.
Of course, I must admit that I can see how some would find UAC’s overly aggressive assumption that every user is a moron
and must be watched over like a child, a bit derisive–especially for a system
administrator. However, after witnessing how sneaky hackers can be when it
comes to quickly and quietly slipping destructive code into a system right
under the noses of unsuspecting users, I think that UAC is a good idea. In
fact, I believe that UAC is probably one of the best security technologies to
come out of Microsoft.
Since the prospect of UAC appears to have gotten a lot of
otherwise sensible, security-conscious folks up in arms, I’ve decided to delve
deeper into this topic and see what I could find to help put UAC back into a
Don’t disable UAC
As I began my investigation, I discovered that a lot of folks
are treating UAC as a pesky annoyance and simply disabling it in Windows Vista
Beta 2. However, that really is the wrong approach. UAC isn’t just about a few
pop-up dialog boxes; it’s about a huge paradigm shift that is aimed at making
the Windows operating system safer and more secure from the ground up. So, don’t
disable UAC and forget about it. Instead, you should embrace UAC and learn as
much about it as you can.
One of the first places that I would recommend you begin
learning more about UAC and its importance during the beta testing phase is
with Jesper Johansson’s blog. Jesper
is Senior Security Strategist in the Security Technology Unit at Microsoft. In
a recent posting, titled “Please
don’t disable security features, at least while we are testing them,” he
composed a very nice synopsis of the goals and reasons behind UAC. Use this
post as a starting point.
Account Control Overview
With the information from Jesper’s
post under your belt, you should then move on to the User
Account Control Overview white paper, located in the Windows Vista Security
and Protection section of Microsoft’s TechNet site. The information in this
whitepaper will provide you with a good understanding of what UAC is all about
and how Microsoft is pushing for a major shift in software development in order
to fully realize the benefits and security offered by UAC.
User Account Control page
The User Account Control Overview whitepaper is just one of
several available Windows Vista Security and Protection section of Microsoft’s
TechNet site. In fact, there’s a whole
sub section devoted to just UAC,
Windows Vista Security Enhancements
If you want to learn more about how UAC falls in with all of
Windows Vista’s other security features, you need to download and read Windows
Vista Security Enhancements, a Word document that provides detailed descriptions
of all the security enhancements in Windows Vista.
The MSDN UACBlog
If reading Jesper’s Blog whetted
your appetite for more blogs, then your next stop
should be UACBlog,
which is the Web Log for the User Account Control team. Here you’ll find all
kinds of information on UAC from various members of the team responsible for
the technology behind UAC. There’s even a video
demonstration that shows UAC in action and explains the benefits of running
Windows as a standard user.
So far, I’ve only provided links to UAC information provided
by Microsoft, which of course might seem to be a bit one sided. If you want
another perspective on UAC, here are some other sources to investigate:
- A fresh look at Vista’s User Account Control–In this three-part posting from his
Microsoft Report Blog, Ed Bott take a detailed
look at and provides support for the goals and benefits of UAC.
Vista UAP getting a bum rap?–In
this posting from his Real World IT Blog, George Ou
takes a look at why UAP (now called UAC) is misunderstood and goes on to
discuss UAC’s benefits.
Vista Feature Focus: User Account Control (http://www.winsupersite.com/showcase/winvista_ff_uac.asp)
This article, by Paul Thurrott,
who earlier derided UAC, provides a very nice overview of UAC as well as offers
support for the idea that UAC is a good thing.
After reading through the information presented here, has
your point of view on UAC changed? As always, if you have comments or
information to share about UAC, please take a moment to drop by the Discussion
area and let us hear.