By Larry Seltzer
2008-06-04

User Access Control in Windows Vista has been such a controversial development that it's worth re-examining periodically. Let's restate the purpose of UAC: It is to allow the user to run the system as a standard user, not administrator, and still have relatively easy access to privileged operations when they are necessary.

UAC (click here for Microsoft's expanded description of it) is more than that; even when running as administrators, users still run in a less-privileged context and are warned when privileged operations are being requested. The way Microsoft sees it, UAC also encompasses their efforts to make many operations, such as changing system time, available to standard users.

It's hard to deny the value of this. The overwhelming majority of malware currently is delivered through social engineering tricks, such as opening porn or a greeting card. These should not be privileged operations, and UAC is a way of taking a time-out and having the user make sure that a potentially dangerous operation is being performed deliberately and in an informed manner. The same is true of vulnerabilities, those of which get past other Vista defenses such as ASLR and service hardening, which should trigger UAC in a way that should alert the user. In fact, a recent test of anti-rootkit tools found that UAC popped up and warned as every rootkit in the test tried to execute.

Continued @ eWeek