Perhaps the most notable change from Windows XP to Vista is the addition of the UAC (User Account Control) which is the cause of the security dialogs prompting for permission to perform system actions. Considering this is just a tip, I am going to be brief in my explanation and defer to Microsoft for the details.
First off, UAC is a good thing. While some ”experts” and anti-Vista people are quick to point out you get prompted for virtually anything you do, this simply is not true. I’ve been running Vista for about 3 months now with UAC enabled and it is no hindrance at all. Now that I have my system set up, I rarely see a UAC prompt.
Typically you are prompted when you do one of the following:
- Install a program or Active X control.
- Try to manipulate files and folders in system directories (C:, \Windows, \Program Files, etc.).
- Modify a system settings (i.e. anything in the control panel).
- Modify system services or drivers (i.e. anything in Computer Management).
I am in no way trying to start a debate here, just pointing out what I have noticed. If you do not want the UAC notifications, you can easily disable them.Â
This is virtually the exact way Linux and Mac have worked for years. Since under the 2000/XP model, practically every user has administrative rights on the machine, this made it easy for viruses and spyware to install and hide itself… because it would have the same rights on the machine as the user. Even worse, due to the nature of malware it all happens behind the scenes, making it very hard to combat.
Microsoft recently published a fantastic explanation about what UAC is and is not on their web site which I would recommend you read. I will end this tip with a quote from the article:
In its current form, UAC will not stop really good attackers, or ones who have the help of really good attackers. If the bad guys can’t think of any other way to defeat UAC, they will almost certainly resort to asking the user to do it for them. Given the choice of dancing pigs and security, we know from experience that the dancing pigs win every time. Users have learned to dismiss dialogs, and so they will until we manage to teach them otherwise. This results from many contributing factors, including the fact that there are too many warning dialogs, that the messages in them are useless, and that many of the manuals for whatever devices users buy include a note to “please click yes to the security warning dialog to dismiss it.
UAC does not provide foolproof security. In fact, it makes the good old local privilege elevation attack interesting again. This is a class of attack that has largely been discounted because, on Windows, nearly everyone was an admin anyway so elevating to some other admin was quite pointless. That said, UAC definitely changes the nature of such attacks and transforms the rules of the game to be much more like what prevailed on UNIX for more than 20 years.
Like what you read?
If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:
I am not techie s you are, but I am on the net constantly and writers are very aware fo the dangers that lurk there because books get hijacked and payments siphoned… and long exposure on internet opens possibilities. A friend told me I was neurotic when i reported the stats on my firewall for attacks. It’s just plain reality and has nothing to do with me personally and mostly with botnets or creditcards, but to protect myself, I downloaded the Scotty Watchdog from WinPatrol which has a similar program. Anytiem there is a download or change in registry, i get a prompt warning me of change. There is a similar monitoring system inside AVG professional now so tha if there is some change in registry, Grisoft sets off an alarm asking for confirmation. Although i can’t always read all the technical terms, i find that such programs are good becaue they protect me. And in my one Alarm, I have it set to warn me of any internal or external allowance to or from internet. Maybe I’m not smart, but I do care about my little idiot box adn my work…and I routinely go over to Shields up and test my computer.
I had 14 trracking cookies in 6months… so if someone tells me that my internet connection was slow because I installed spyware or some other rot, I generally bristle because the reality is just bad service from Czech telecoms.
basic preventative medicne protexts the computer. You don’t always have to be tech savvy.
now if only someone could tell me how to heal the Firefox that vanished and left it’s scripts and icons all over my desktop.
I expect any good operating system upgrade to allow me to continue working as efficiently as before with the applications I am used to. I could not run XAMPP with UAC turned on. My life on the new laptop has been very much more efficient in other ways too since I turned it off.
Another thing: You quote microsoft ” Users have learned to dismiss dialogs, and so they will until we manage to teach them otherwise.” From Microsoft, this comes accross as from a schoolmaster with whip in hand, who does not like to let pupils think for themselves. The motives of Microsoft for foisting the obscurely novel menu system of MS Office 2007 on us has everything to do with marketing and contempt for the intelligence of the consumer than to do with good service and education.
The educated computer user, employing software and services of other companies and free software developers, and using intelligent practices with respect to visiting web pages or downloading software, does not need the big-brother/nanny oversight and high-handed interventions of Microsoft.
This is a response to Roger. To claim that MS is being heavy handed to educated computer users is to be disingenious. …unless you claim that the user who picks dancing pigs over a secure system is an “educated” computer user. Otherwise you’re simply whining – you agree with MS that that these people need to be trained / educated.
The opposite of being heavy handed is to provide choices, correct? For the educated computer users, hasn’t Microsoft done this? They can do precisely what you seem to have done – turn off UAC and implement their own security practices. Is that really your idea of “poor service” that is “heavy handed” and “contemptious”?