What is UAC?

What is UAC?

UAC stands for User Account Control, and is a new security feature of Windows Vista. Here is a typical example of an elevation prompt displayed by Vista:

A typical UAC elevation prompt

To understand what UAC does and why it is there, lets take a quick look at the history of the security of Microsoft Windows.

The old DOS-based versions of Windows (that is, Windows 3.x, Windows 9x, and Windows Millennium) did not have any built-in security at all: any user with physical access to the computer could log in to it (even without knowing the login password!), and get full access to all resources of the computer: s/he could read from, write to, or delete any file, s/he could change the system settings as s/he wanted, and so on. If the user was not careful and got the computer infected with a virus, the virus could do a considerable damage to the system, as well as other nasty stuff, like collecting email addresses, sending spam from infected machines, etc. The only way to secure such a computer was to use third-party security tools, such as our Folder Guard.

The lack of the built-in security was one of the main reasons why Microsoft started the development of Windows NT (the grand-grand-father of Windows Vista). Although it looked very much like Windows 95, Windows NT was very different under the hood, and the new code provided for the ability to set up user accounts with different sets of permissions, from unlimited (the Administrators) to very limited (the Guests).

That was a big step ahead. Now the computers could have different accounts for the administrators (the people responsible for making sure the computers worked well) and standard users (the people who were supposed to actually use the computers to do work). If a standard user was not careful and got the computer infected with a virus, the virus could only damage what the standard used had access to, the core system files and data of other users would be protected. This worked well for the organizations when administrators and users where actually different persons.


Advertisement:

It did not work so well for the home users and small businesses, where there was no properly trained computer administrator around to set up and maintain the computer. Because for one person to use two different accounts (one to play the administrator's role, and another one to actually use the computer for the day-to-day tasks) was way too much of a hassle. So the majority of people ended up using the computer with just the administrator's account. The result was that although Windows XP now had the means to secure the computer, such means were not used, and the computers remained as vulnerable as they were in the old Windows 95 days!

That was (and still is!) a serious problem that UAC was designed to solve. Instead of forcing us to create separate administrator and standard user accounts, UAC lets us use just one user account, but play two different roles with it: the role of a standard user for the day-to-day tasks, and the role of the administrator for system maintenance, when needed.

Think of it as two separate identities that UAC creates for you when you log in to Vista: the one of a standard user, and another one of an administrator. When you use the computer for the regular tasks (like checking email or editing documents), the standard user's identity is used. Only when you attempt to do a system maintenance task (like installing new software, or changing settings that affect other users), then UAC temporarily puts the administrator's hat on you and (with your permission) allows you to perform the task. When the task is finished, UAC returns to using your standard user identity. That's what all those elevation prompts are about: they ask you to confirm that you are about to perform a task that requires elevated (administrative) access to your computer.

How does UAC protect us? Since the virus infects your computer when you use it as a standard user, the virus cannot get access to the global system resources, and therefore the amount of damage it can do is severely limited. Although it still can corrupt your documents and read your email, it cannot infect Windows system files or install itself to be automatically activated everytime you login to the computer. If a virus attempts to modify the system files and settings, UAC will alert you by displaying an elevation prompt.

More information:

DISCLAIMER: THIS INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright © 2009, WinAbility® Software Corporation. All rights reserved. Privacy policy. Legal notices.