There's a long running thread titled something like 10 reasons to buy
Vista. Can you give just 5 good reasons to turn on UAC?
Here's a quote that has several good reasons for using UAC. It's based on
RC1 but it also applies to RTM.
"
File System and Registry Virtualization
In Windows Vista, many legacy applications that were not designed to support
standard user accounts can run without modification, using the built-in
file/registry virtualization feature. File/registry virtualization gives an
application its own "virtualized" view of a resource it is attempting to
change using a copy-on-write strategy. For example, when the application
attempts to write to a file in the program files directory, Windows Vista
gives the application its own private copy of the file in the user's profile
so the application will function properly.
Virtualization also provides logging by default for applications that
attempt to write to protected areas.
Microsoft's early testing of legacy applications running in standard user
mode using file/registry virtualization under Windows Vista has shown
promising application compatibility results. Although virtualization allows
the majority of legacy applications to run, it is a short-term measure-not a
long-term solution. Not only can a lack of compliance with User Account
Control affect the security of an application, but it can also reduce the
application's performance, require additional end-user training, and cause
application conflicts.
Over-the-Shoulder (OTS) Credentials
Whenever standard users attempt an administrative task, such as software
installation, they will be prompted for an administrator password. If they
know their local administrator password they may enter it then or ask an IT
administrator for assistance. This process is called over-the-shoulder (OTS)
credentials. IT administrators can disable this feature, in which case the
user is simply informed that they do not have the permission to perform the
operation.
Admin Approval Mode: Right Privilege at the Right Time
To help protect administrators while doing non-administrative operations,
the Windows Vista team has devised the Admin Approval Mode feature. This
feature allows administrators to perform normal day-to-day tasks such as
checking e-mail or browsing the Web while running with a standard user
token. If administrator privileges are needed for an operation, the
administrator will be notified and asked to provide either consent or
credentials, depending on system policy settings. The Windows Vista team
calls this approach "right privilege at the right time." There's no more
switching back and forth between standard user and local administrator,
juggling two user profiles.
No Need for the Power Users Group
The Power Users Group account in previous versions of Windows was designed
to give users specific administrator privileges to perform basic system
tasks while running applications. Unfortunately, this solution fixed the
symptom-application failure-but it did not fix the problem: applications
still fundamentally require unnecessary privileges.
User Account Control does not utilize the Power User mode because Standard
mode users can now perform most common configuration tasks. For legacy
applications that require administrative privileges under Windows XP, file
and registry virtualization in Windows Vista will help them run smoothly
without reconfiguration. For new, compliant applications, User Account
Control guidelines will define the correct protocol for file locations,
registry changes, and other common tasks.
Preventing Application-Based Shatter Attacks
Running in standard user mode gives customers increased protection against
inadvertent system-level damage caused by "shatter attacks" and malware,
such as root kits, spyware, and undetectable viruses. Shatter attacks take
over a user interface by using the Windows messaging system (how
applications communicate with the Windows operating system and each other)
to run malicious code or overwrite administrative processes. The primary
cause of this problem is that any application can send a message to any
other application on the same desktop. When the target application receives
a message, it has no way of discerning the process source or determining
whether the application sending the message is authorized to do so.
This class of security breach is not a single attack, but rather a type of
attack. Taken alone, each instance is not a critical problem. However, the
fact that this attack vector is present in many applications makes the
problem much more serious. The vulnerability lies in the way developers
write software that runs on Windows. Microsoft has always recommended that
software vendors refrain from using the messaging system for highly
privileged applications. Unfortunately, numerous software products still
haven't adopted this basic measure of protection.
User Account Control-compliant software applications isolate privileges by
design, reducing the attack surface of the operating system by reducing the
general set of privileges and helping prevent unauthorized applications from
running without the user's consent. A strictly enforced User Account Control
model makes it harder for worms and viruses to take over Windows-based
systems by ensuring that existing security measures are not disabled by
standard users running in Administrator mode.
Secure Desktop Prompting
In Windows Vista RC1 you will notice that, by default when User Account
Control prompts appear, the rest of the screen is darkened. The prompts are
being displayed in the Secure Desktop mode. The same mode you see when you
log on or press CTL+ALT+DELETE. Displaying User Account Control elevation
dialogs on the Secure Desktop helps protect the user from unknowingly
allowing a program to run with elevated privileges without their consent.
Without this protection, it is much easier to create malware that tricks the
user into approving an elevation request prompt that they really wanted to
deny. The Secure Desktop helps protect against this because other software
running on the machine is blocked from interacting with the user's
interface.
"
Quoted from:
http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx#EIC
Here's some more links about UAC. It's a lot of reading but if you read and
comprehend them you will see that UAC is much more than some annoying
prompts.
http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true
http://www.microsoft.com/downloads/...69-A648-49AF-BC5E-A2EEBB74C16B&displaylang=en
http://technet2.microsoft.com/Windo...2b2f-422c-b70e-b18ff918c2811033.mspx?mfr=true
Adam
I don't expect you will read all this material. Your mind is made up and I
don't think anything I can do will change it. I posted all of the above for
anyone else following the thread so they can read about UAC and make up
their own mind. You and I obviously disagree on UAC. Let's just leave it at
that and get back to helping people solve problems. I'm done with this
thread as it's turned into an argument rather than a discussion.
