UAC and WINDOWS 7

Now with Windows 7 you can control how the UAC function work so you can reduce all warning and make the notifications about System UAC prompts less harsh..

 

User Account Control (UAC)

Why User Account Control (UAC)is a technology and security infrastructure introduced with Microsoft ‘s Windows Vista operating system. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase in privilege level.

How many of us work on our computer as Administrator?

This is bad if you are using your XP computer and surf the web, stuff could happen. for example

I go to the bad web site that want to load malware on to my computer, because I am login in as administrator the computer believes that I have all the knowledge to protect my computer, so if I click on something to install it does, with no warnings.

In VISTA the UAC function act this way;

1f you are login into vistas as administrator vista has a new method for security called SPLIT token You look like you are login in as Administrator but you are using a standard user profile and when an APPLICATION or process needs Admin privileges you are prompted to give THAT process ONLY Admin permissions so rest of operating system is still running as standard user.

For those of you who use Linux this is different from SU as ROOT when now the WHOLE computer is no running as ROOT.

UAC allow only that process to be elevated. THIS IS GREAT.


Besides disabling many important security features built into Windows, disabling UAC also poses a risk relating to application compatibility.

Important security features:

UAC stops administrative programs from running that you do not start. With UAC on, no program can run with admin control of your computer without your permission. Disabling UAC allows any program to use your administrative power, even if you do not start it.

UAC is also the technology that allows Internet Explorer Protected Mode to work – turning off UAC gets rid of that.

Application Compatibility:

Many non-administrative programs assume that they will be running with administrative power, and so they write settings or files to locations that they are not supposed to write to (such as Program Files).

In Vista under UAC, non-admin programs cannot do this, even if the user is an administrator, so UAC has to deal somehow with these programs, since there are a bunch of them that do this.

In order to get these programs to work in Vista, UAC watches for these common write-to-protected-location scenarios. When it detects a write to a monitored location that is failing because the program does not have administrator power, UAC makes a copy of the modified data and saves it inside of your user profile folder WITHOUT modifying the file/data in the protected location, while making the program THINK that it was saved to the protected location.

Whenever a non-compliant program opens a file in a protected location, UAC first checks to see if there is a “modified” version of that file inside of your user profile folder, and if so, opens the modified file instead of the original, without the program realizing it.

This allows the program to function by making it THINK that it is writing to a protected location, when in reality it is not.

When you disable UAC, this compatibility feature of UAC is turned off.

This means that all those hidden copies of modified data are now invisible to applications, since they will be seeing the original, unmodified data that exists inside of the real protected folder that they now have access to.

The consequences of this transition can be quite drastic if you have many programs on your computer that relied on this compatibility feature to function, since they will no longer have access to any created or modified data that they think they have saved to protected locations – instead, they will only see the original data that was probably put in place when their application was installed.

User groups

 

Why join a User group

  User Groups: Meet and learn with your peers

 

User groups are typically independently run, volunteer groups that meet on a regular basis to discuss and share information on a variety of technical topics. Participation in a user group is an excellent, inexpensive way to receive technical content, education and to meet with your peers to get more out of the products, technologies, and resources which you are interested in. A users’ group (also users group or user group) is a type of club focused on the use of a particular technology

The Association of Personal Computer User Groups (APCUG) is an International, platform-independent, volunteer-run nonprofit organization devoted to helping user groups offer better services to their members group. Sort of a User group of user groups.

With over 300 member groups, there are probably several groups within a 250 mile radius of you. Look them up on the APCUG web site via the User Group Locator
and get to meet other people with the same hobbies as you.

I am currently President of APCUG, past Regional Advisor, Vice president, has been on, the Board Advisor of The PC Users Group of Connecticut and current board member of the CT– Information Systems Audit and Control Association. Go find a user group and learn and share



 

welcome to this blog

On the blog we will be cover technology issues, We will review new products , give methods of protecting your self online and from identify thief.

Other ares that will be covered on this site include, Microsoft Operating system, VISTA, Windows 7, Server 2008. and Windows Mobile.

The blog will be amened at end users, I will not be covering software development, or covering a subject very deeply as their are many sites on the net that fill that need.