I'm not sure if I published this article before, but lot's of people keep asking me Vista is more secure than XP...the short answer is yes and the lengthy article below will attept to explain one aspect of Vista Security.
User Account Control (UAC) was introduced in Windows Vista as way to control administrative access to programs and settings while logged in as an administrator.
UAC allows Vista users to operate their PC's as administrators, however programs and settings requiring administrative permissions must be granted explicit permission from the Vista administrator, these programs no longer launch automatically even though the administrator is logged in.
So, how does the average user allow a program or setting to execute (or run)? Vista uses something called User Interface Privilege Isolation (UIPI) which creates another video layer with a prompt that asks the administrator if it's OK to run a program or change a setting. Vista decides which processes (applications or settings) are subject to User Interface Privilege Isolation by using something called the Process Integrity Level. The lower a process integrity level of a windows process the more chance it will be subject to UAC with UIPI. Processes with a high integrity level automatically bypass UAC.
When UAC with UIPI was introduced into Vista users were immediately annoyed with "security popups" (the UIPI prompt) asking them if it's ok to run a program or change a setting. I must admit that UAC is annoying, however it is a great way to prevent malicious program excution or installs. Vista users should always be wary of low integrity processes, and UAC with UIPI allows you to know what's safe and what isn't.
UAC can be turned off. I don't recommend it, however it is possible. To turn off UAC with UIPI follow the steps below:
1. Click the Vista globe at the bottom (formally start button)
2. Click the control panel
3. Click Classic View (off to the top left)
4. Double click on User Accounts
5. Click "Turn User Account Control on or off"
6. Uncheck User Account Control (UAC)
7. Click OK
8. Reboot
9. UAC with UIPI is now turn off
UAC needs one simple improvement to make it completely stellar - stopping the constant prompts! If a process has already been approved to run, why prompt us again? I have a feeling we'll see this change for UAC in the future. Until then, keep UAC running and it'll help you keep your PC clean!
{ 6 comments… read them below or add one }
“UAC needs one simple improvement to make it completely stellar – stopping the constant prompts! If a process has already been approved to run, why prompt us again?”
Actually, Symantec has created something called “UAC Tool” which has a remember answer option.
http://www.nortonlabs.com/
NAV/NIS are NOT needed for this!
Oh wow! That’s awesome, thanks for letting us know.
Check smart uac replacement too: http://www.replaceuac.com/
BTW Smart UAC replacement also has a malware database
@ Emperor – Cool, thanks for the tip man!
Actually constant notifications are there to prevent hijacking of applications. If one apllication is launched and approved by user, that doesn’t mean it will also be next time.
Besides, i don’t see UAC to be annyoing at all and i’m and expert user when it comes to Windows OS. In fact it saved my sorry ass few times when i was playing around with samples and by mistake pressed Enter+Del instead Shift+Del.
On WinXP that would result in me cleaning the OS for next couple of minutes. On Vista i just click Cancel and thats it.
Things where i expect UAC to react i automatically click Ok. But when it pops up when i don’t expect it, then i check the app details and what launched it.
It’s not annoying and i just love it.
I must be one of the weird bunch of guys who really like Vista and also it’s UAC feature. Other 99% of the ppl don’t seem to share the same level of enthusiasm…