home about contact internet marketing book twitter business book archives subscribe

Is Windows User Account Control Reliable as a Security Device?


There is a very fine line between security and functionality. Windows User Account Control, or UAC, seems to be floating on the edge of both worlds. Supporters of the UAC feature sported in Windows Vista claim it is absolutely necessary for system security. For the majority of Vista users, we speak for everyone by saying Windows UAC really couldn’t get any more annoying.

35tafa1tmp.jpg

To Turn it off or Keep it on: That is the Question
Microsoft finally covered one of their major flaws in operating system design: previous versions of Windows allow users to have full access by default. When users are running in administrator mode, full access to the computer is given. If a piece of malware is obtained, it too will have the same access. Thus, the release of Windows Vista made sure that users used a less privileged user mode instead, eliminating this wide security hole.

The problem is that Windows User Account Control is aggravating. Home users may not appreciate the barrage of confirmation windows that spawn each time even the most docile actions are taken. This may have upset home users, but it turned IT professionals against the UAC immediately. Since IT professionals commonly need administrator access to do most tasks, it wouldn’t be uncommon to go through hundreds of confirmations throughout the course of a workday.

If a security system such as this didn’t work, we would of course want to turn it off. If we don’t need to put ourselves through the hassle, why do it? The question that everyone has been asking now becomes: does it actually help secure your system?

Windows UAC’s Integrity Reviewed
The only thing that the UAC system has going for it, is that it may stop security threats from accessing vital system resources. If it can’t do this job right, what is it good for? Ollie Whitehouse from Symantec’s Research department has found that Windows UAC isn’t as rugged as it may seem.

Whitehouse discovered a flaw in the UAC, where a successfully planted piece of malware may be able to gain access through the UAC itself. When the malware requests a specific DLL file pertaining to the Control Panel, the UAC confirmation appears. Once the user clicks “Confirm,” the malware is granted full access to the computer. This works on the basis of trickery- since users think the confirmation is legit.

And still, more variations of the workaround are in the works. Another form of the attack actually reads what the user has in his or her Start menu. The malware will then duplicate all shortcuts to programs that require administrator access. When the user runs the duplicated shortcut, they will of course confirm the prompt, thinking it is the legit program they have installed. And guess what? By this time, the malware has full and total control of your computer.

This was addressed with Microsoft, who claimed that it was not a real threat. It does require a certain amount of awareness, or lack thereof, from the user to work. Nevertheless, it seems that workarounds of the UAC are already coming to light, and this may just be the beginning.

The UAC Debate Rages On- With an End in Sight
In the examples above, the malware was created to specifically target Windows Vista machines. Since Vista is a new operating system, older pieces of malware will not affect the UAC in general. In this instance, who has the better argument- UAC supporters or those who condemn it?

While we are all for fighting for what you believe in, sometimes it is better to meet in the middle. Perhaps come to a compromise that makes both sides of the debate happy.

To do just that, a solution by the name of TweakUAC was created by WinAbility Software. Once the solution is downloaded and implemented, you can say goodbye to those annoying confirmation messages for good!

TweakUAC works by running in a special “quiet” mode. If you, like most IT professionals, need to configure your system- just run in quiet mode! Windows UAC is technically suppressed, and thus not enforcing security measures, but the confirmation messages will come to a complete halt. Once your configurations are completed, you may turn it back on just as easy as it was turned off.

This kind of functionality is great for home users too, who only need to turn off the UAC temporarily once in a while for configuring. It wouldn’t be a good idea to run in quiet mode all the time, as the UAC is technically disabled.

Turned Off
The Windows UAC is something to be relished. It does indeed protect against many types of malware from security threats of the past. Newer more advanced threats, however, will still pose a threat. It isn’t exactly taboo to turn Windows UAC off. In fact, many people do opt to shut it off completely. Some reason that with a good firewall and security package, it really isn’t necessary.

For the sake of simplicity, you may wish to turn it off as well. Just keep in mind that with the Windows UAC intact, your chances of contracting a deadly piece of malware is belittled. And although it may just be a chance as newer threats are created, sometimes that is all you need to save your computer from a complete and total failure.

[tags] windows uac, tweauac, Windows User Account Control, vista security [/tags]


Leave a Comment