You have to feel sorry for Microsoft's User Account Control, or UAC. It was introduced with Windows Vista, and was designed to improve overall system security by limiting applications to a lower set of privileges. The intent and underlying approach were noble, but the implementation and impact on standard users – at least in Windows Vista -- wasn't executed so well. Many Vista users complained about being inundated by UAC prompts when performing simple software installs or changes, and UAC quickly emerged as -- perhaps unfairly -- one of the most maligned features of Windows Vista.
It earned the dubious distinction of being singled out for ridicule in one of the many Mac vs. PC TV commercials, and generated enough negative interest from Windows IT Pro readers that a quick search through our archives reveals not one, but two separate FAQ documents authored to help IT pros rid themselves of UAC: "Q. How can I disable the UAC (User Account Control) feature in Windows Vista?" and the even more urgent "Q: What's the fastest, easiest way to disable User Account Control (UAC) on a Windows Vista machine?"
Responding to feedback from users and IT administrators, Microsoft made significant changes and improvements to UAC in Windows 7, and the once common griping about excessive UAC prompts faded into the background. Granted, UAC under Windows 7 isn't perfect, with researchers at Sophos claiming back in 2009 that UAC in Windows 7 -- at least in it's default state -- isn't very effective at stopping viruses. That's not entirely fair, as every admin knows that an essential component of computer security is installing good, frequently-updated anti-virus software. UAC isn't anti-virus software, but it does help make things difficult for malware and other types of software that are doing things they shouldn't.
That's exactly the message given by Microsoft's Joe Faulhaber, a software design engineer who posted an entry on the the Microsoft Malware Protection Center official blog this morning entitled "UAC plays defense against Malware." In his post Faulhaber argues that "malware authors really hate UAC" and generally try to code their apps to avoid or go around the feature when possible. Here's an excerpt from Faulhaber's post that describes in more detail how Malware authors try to bypass the obstacles that UAC places in their path:
“When UAC was introduced, the verdict from malware authors was remarkably clear – go around it. This was a total change from Windows XP, and advice on malware forums was nearly universal. Instead of running malware as an administrator from locations easily accessible with administrator rights, just start running in the user profile with user rights. This was unfortunately not a big problem for malware. However it did become very difficult for malware to elevate to administrator rights, which was the purpose of UAC, most malware have decided to simply go around it.”
Faulhaber stresses that UAC isn't specifically intended for protection against malware, but used and configured properly it can make the jobs of malware authors more difficult. "In addition to always updating your software and running up to date antivirus, the best thing to do is to leave UAC enabled," writes Faulhaber. "UAC is not intended as malware protection, but it's another layer of security to help improve the safety of Windows. If you've been attacked from malware, please check the UAC setting in the control panel to see if it's been tampered."
UAC may have received more than it's fair share of criticism over the years, but it's clear that the technology has also evolved and matured into something that can be an effective tool for enhancing Windows security.
What are your thoughts on UAC in Vista and in Windows 7? Feel free to add a comment to this blog post or start up a discussion on Twitter.