Does UAC actually increase protection from malware?

ffreeloader · #1 28-Apr-2008, 05:02 AM

Here is an interesting article written by a software developer who helps code iReboot, a utility that runs in the background to make it easier to dual-boot a Windows machine.

When Vista came out iReboot wouldn't work without UAC complaining, so Neosmart figured out how to make it work without UAC getting in the way. Their conclusion drawn from their experience working around UAC is that UAC, and Vista's much touted improved security, is not going to be a significant deterrent to malware authors.

Quote:

“

Back in August of 2007, NeoSmart Technologies released iReboot 1.0 - a tiny application that sits quietly and unobtrusively in the taskbar and is used to select which OS you'd like to reboot into.

iReboot isn't by any means a major application, but it's gathered a pretty strong following over the months, mostly by people interested in boosting productivity (or increasing laziness) to the max. But there was one flaw in iReboot that made all the hard work we put into making it as unobtrusive and minimalistic as possible almost meaningless: if you had UAC enabled, iReboot will not run automatically at startup, no matter what you do.

This behavior comes as a result of the architecture that Microsoft used to secure Windows Vista, which doesn't allow for applications requiring admin approval to run at startup. It doesn't matter what your application does or if you absolutely trust it beyond the shadow of the doubt, Windows Vista simply won't let an application that runs in elevated privileges mode to launch at startup - end of story.

Users of iReboot were quick to point out that this is a major drawback that made it almost useless - after all, it's far less productive to have to manually run an application when you want to reboot than it is to wait for that startup screen to appear and select the OS you want. So we set about finding a solution.

”

You can read the rest of the article from neosmart.net's blog here.

NightWalker · #2 28-Apr-2008, 07:05 AM

I don’t think UAC does improve system security. This is because the average computer user who would probably benefit from this kind of feature, and anyone else that has the feature enabled will after about a week’s use move from a conscious to a sub-conscious mode of ‘click continue’. For the first few days, you read the little message, decide it it’s a good thing trying to run, and click continue. After 12 or 15 prompts by UAC you will just click continue without reading the stupid message as its in the way of what your trying to do.... so good or bad, people will just condition themselves to click continue as quickly as they can to get the prompt off their screens.

dmarsh26 · #3 28-Apr-2008, 07:14 AM

Sounds like a non issue, version 1, badly written assumes all users are admin, version 2 slightly better now works with the user model properly.

Both programs could still have significant security vulerabilities, UAC does not protect you from that, it just ensures you are aware of at least instalation of apps or the first priviledged operation they try to perform.

Unfortunately its a pretty dumb beast meaning too many false positives, the nag factor soon generates an automatic click response and any 'security' it might of got you is lost...

The title of the article is wrong, UAC is not broken, its performing what it was designed to do, its just probably not a great design...

Crito · #4 15-Jun-2008, 05:57 PM

UAC is far less annoying after installing SP1. But the author touched upon an issue that many security Nazis refuse to address: security decreases end-user productivity. So the objective should be to use the right amount for the situation/environment. Any more than that is counterproductive.