Thursday, January 22, 2009

User Account Control (UAC)

Why User Account Control (UAC)is a technology and security infrastructure introduced with Microsoft 's Windows Vista operating system. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase in privilege level.

How many of us work on our computer as Administrator?

This is bad if you are using your XP computer and surf the web, stuff could happen. for example

I go to the bad web site that want to load malware on to my computer, because I am login in as administrator the computer believes that I have all the knowledge to protect my computer, so if I click on something to install it does, with no warnings.

In VISTA the UAC function act this way;

1f you are login into vistas as administrator vista has a new method for security called SPLIT token You look like you are login in as Administrator but you are using a standard user profile and when an APPLICATION or process needs Admin privileges you are prompted to give THAT process ONLY Admin permissions so rest of operating system is still running as standard user.

For those of you who use Linux this is different from SU as ROOT when now the WHOLE computer is no running as ROOT.

UAC allow only that process to be elevated. THIS IS GREAT.

Besides disabling many important security features built into Windows, disabling UAC also poses a risk relating to application compatibility.

Important security features:

UAC stops administrative programs from running that you do not start. With UAC on, no program can run with admin control of your computer without your permission. Disabling UAC allows any program to use your administrative power, even if you do not start it.

UAC is also the technology that allows Internet Explorer Protected Mode to work - turning off UAC gets rid of that.

Application Compatibility:

Many non-administrative programs assume that they will be running with administrative power, and so they write settings or files to locations that they are not supposed to write to (such as Program Files).

In Vista under UAC, non-admin programs cannot do this, even if the user is an administrator, so UAC has to deal somehow with these programs, since there are a bunch of them that do this.

In order to get these programs to work in Vista, UAC watches for these common write-to-protected-location scenarios. When it detects a write to a monitored location that is failing because the program does not have administrator power, UAC makes a copy of the modified data and saves it inside of your
user profile folder WITHOUT modifying the file/data in the protected location, while making the program THINK that it was saved to the protected location.

Whenever a non-compliant program opens a file in a protected location, UAC first checks to see if there is a "modified" version of that file inside of your user profile folder, and if so, opens the modified file instead of the original, without the program realizing it.

This allows the program to function by making it THINK that it is writing to a protected location, when in reality it is not.

When you disable UAC, this compatibility feature of UAC is turned off.

This means that all those hidden copies of modified data are now invisible to applications, since they will be seeing the original, unmodified data that exists inside of the real protected folder that they now have access to.

The consequences of this transition can be quite drastic if you have many programs on your computer that relied on this compatibility feature to function, since they will no longer have access to any created or modified data that they think they have saved to protected locations - instead, they will only see the original data that was probably put in place when their application was installed.