More Information About Windows 7 User Account Control
Starting with Windows Vista, Microsoft introduced a feature called User Account Control (UAC). This was one of the features people didn't like about Vista. Windows Vista was, in fact, a major overhaul. Windows Vista did have elements of Windows XP, which was nothing but Windows 2000 updated which was nothing but Windows NT updated. But Windows Vista was really a large step forward for the Windows line and not a tiny step forward like XP was. The Windows NT based system files were remade to allow the desktop environment to be prettier and more secure. Of course, most people thought that just because their computer said Windows Vista ready -- you can thank Intel for that -- that their computer was made for Windows Vista. All the extra stuff that Vista was doing required much more power than older computers could efficiently handle. The extra security measures built in Windows Visa, such as UAC, also broke some older programs. Many hardware companies thought that the old Windows NT based drivers that had always worked on Windows NT to Windows XP would also work on Windows Vista. And even though the final Windows Vista was released to hardware and software vendors 1 month before it went on sale, they still were lazy and did not properly support Windows Vista. UAC was the one of the security features they failed to take into account. The result was, of course, Vista getting a undeserved bad reputation.
Despite all that, hardware and software companies did catch up. And the bad reputation made Microsoft work extra hard for their next revision, Windows 7. This is probably Microsoft best consumer operating system ever. Windows 7 is Windows Vista optimized. We have a whole page on some of the obvious changes to Windows 7. But one feature that is still around is UAC. The difference is, this time software engineers are taking it into account. Since this blog was not active when Windows Vista first came out, we will explain what UAC is and why you need it. Then we will explain the changes in Windows 7's version of UAC.
What Is User Account Control?
Most operating system has a special user account type that has full unrestricted access to the entire system. In Windows, this is the Administrator. In Unix, Linux, and the Mac OS series this is the Root user. Unix and Linux from the beginning the concept of logging in as the root user for only a short time and once you were done to log out. For the most part, this was never an issue because users of Unix and Linux tend to be corporate environments or expert users who rarely install software and make system changes. The Windows Server series and Windows NT also pushed this idea too. However, people who use Windows generally aren't experts. They won't ever think about needing to log off, log in as the administrator or root, install the program, log off, and then continue. That is a lot of work just to install a program. So to make life easier for non-experts, Windows assumed everyone was an administrator. It made life easier for the user, but it also made life easier for malware and viruses. They could surruptiously install and make changes that were hard to get rid of. User Account Control was an attempt by Microsoft to reconcile easy to use with the security of not being an administrator.
With UAC enabled, there is only one full administrator account which was usually disabled. That account was called Administrator (easy enough to remember). Every other administrator account is really a partial administrator, which we will call PA from now on. An account that was a PA was really a standard non-administrator but with the ability to do administrator tasks. Whenever a PA tried to perform a task that required some access to the system files or the entries in the registry that were not specific to the user, the UAC would kick in. What the UAC would do is lockout all other tasks and fade the entire screen except for the UAC prompt. This way, no program could spoof the UAC requests and all accessibility features of Windows could be still be used. The UAC made you acknowledge what you were doing. Although there are backdoors, for the most part UAC prevented malware from installing covertly.
Unfortunately, some older programs could not handle UAC. The result was multiple prompts and some programs just not working at all. This was not the fault of the UAC feature. Rather, it was older programs not being written according to best practices to begin with. Even after Windows Vista came out, programmers were still trying to do things the way they always did even though they were never supposed to. Thus, some programs did not work properly in Vista. Of course, when a program used to work fine they are going to blame Vista and not the poorly written program. However, it is important to know that the programs that do not work with UAC would not work when the user is not an administrator. All programs should execute properly whether the user is an administrator or a standard user. What should be limited is installing and uninstalling a program. Poor programming also made it very prohibitive for Windows users to actually use root user security feature of Unix and Linux.
Another unfortunate side-effect of UAC is older programs that modify the system somehow are not always digitally signed. When the UAC dialog pops up, it displays the publisher of the program. The publisher is listed as part of the digital certificate in the file. Digital certificates are issued by Microsoft to ensure nobody can spoof one to make a program seem more credible. So when the UAC dialog pops up, the publisher is listed as "unknown". The net result of this is that people will be more apt to trust anything that pops up without reading or thinking. Fortunately, on newer programs this is not an issue because software companies are now getting the digital certificates. Be that as it may, we do recommend that if you did not do something which would cause the UAC dialog to appear, to deny the request.
In short, UAC is nothing but a compromise between the more secure way of using the system found in Unix and Linux with the convienence found in older versions of Windows. Since it is not completely like both, it does not provide all the benefits of both. UAC also forces programmers to do a better job and thus makes their programs more compatible over a wider range of environments.
Why Do I Need User Account Control?
For most people, using UAC can greatly reduce the chances of malware installing on your computer. It is not foolproof and it is not 100% secure. But it does make it much more difficult for malware to install on your machine.
Although expert users can likely get by without UAC, we recommend that you do not disable it. It will make you more security conscious, which is very important because the biggest security loophole is the user. Even the most secure system cannot protect against an errant user doing something he or she ought not to do. UAC forces the user to take a second look at their decision.
How Is User Account Control Different In Windows 7?
In Windows Vista, UAC would kick in for even the most trivial tasks which were not always dangerous. Any task that a standard user could not do would prompt the UAC dialog.
Windows 7 UAC now has an auto-elevation feature for some of these tasks. Any program digitally signed as being from Windows, which is different than being digitally signed as being from Microsoft, and located in 3 special pre-defined folders now have an auto-elevation feature set by default. This means no more UAC dialogs to, for example, change the time (which is required to be accurate to perform any interactions with the system through the internet such as for Windows Update). This same principle is also applied to help supress multiple UAC dialogs for the same task.
Some things were purposefully left out for auto-elevation because most people will not use it and thus they won't care about it being left out of auto-elevation. The command prompt is one example of this. Furthermore, no program that is not part of Windows will not be allowed to auto-elevate no matter how nice they ask Microsoft.
UAC now has 4 settings in Windows 7. Always on and always off are two settings that are inherited from Windows Vista. The default setting minimizes pop ups from Windows processes. The fourth setting is like the default setting except the desktop is not dimmed and thus you do not have to stop what you are doing to acknowledge the UAC prompt. Unless you have a special reason, you shouldn't use that fourth option because the dimming of the desktop is what prevents any spoofing of the UAC dialog.
When it is all said and done, UAC does indeed help make your system more secure and should not be disabled unless for special reasons.
References:
Microsoft TechNet magazine July 2009 issue pages 34-40 "Inside Windows 7 User Account Control"