Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Access Control in Windows Vista has been such a controversial
development that it’s worth re-examining periodically. Let’s restate
the purpose of UAC: It is to allow the user to run the system as a
standard user, not administrator, and still have relatively easy access
to privileged operations when they are necessary.

UAC (click here for Microsoft’s expanded description of it)
is more than that; even when running as administrators, users still run
in a less-privileged context and are warned when privileged operations
are being requested. The way Microsoft sees it, UAC also encompasses
their efforts to make many operations, such as changing system time,
available to standard users.

It’s hard to deny the value of this. The overwhelming majority of
malware currently is delivered through social engineering tricks, such
as opening porn or a greeting card. These should not be privileged
operations, and UAC is a way of taking a time-out and having the user
make sure that a potentially dangerous operation is being performed
deliberately and in an informed manner. The same is true of
vulnerabilities, those of which get past other Vista defenses such as
ASLR and service hardening, which should trigger UAC in a way that
should alert the user. In fact, a recent test of anti-rootkit tools found that UAC popped up and warned as every rootkit in the test tried to execute.