|12 Jun 2009||#22|
Quoted From Microsoft:
How UAC Works
Updated: May 11, 2009
Applies To: Windows 7,Windows Server 2008 R2
User Account Control (UAC) helps prevent malicious programs (also called malware) from damaging a computer and helps organizations deploy a better-managed desktop.
With UAC, applications and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized applications and prevent inadvertent changes to system settings.
What are the benefits of the new and changed features?
By default, standard users and administrators access resources and run applications in the security context of standard users. When a user logs on to a computer, the system creates an access token for that user. The access token contains information about the level of access that the user is granted, including specific security identifiers (SIDs) and Windows privileges.
When an administrator logs on, two separate access tokens are created for the user: a standard user access token and an administrator access token. The standard user access token contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs have been removed. The standard user access token is used to start applications that do not perform administrative tasks (standard user applications).
When the user runs applications that perform administrative tasks (administrator applications), the user is prompted to change or "elevate" the security context from a standard user to an administrator, called Admin Approval Mode. In this mode, the administrator must provide approval for applications to run on the secure desktop with administrative privileges. The improvements to UAC in Windows 7 and Windows Server 2008 R2 result in an improved user experience when configuring and troubleshooting your computer.
What's New in User Account Control in Windows 7 and Windows Server 2008 R2
How UAC Works
With Se7en, it hardly ever pops up so I don't know what the big deal is. And if a user has a program or two that is unsigned and thus requires approval, they can set it up so the program will run without prompt.
|My System Specs|
|12 Jun 2009||#24|
I agree completely OEM, also with the original post. I don't personally see UAC as a 'problem' it's just one more thing that lets me know exactly what my computer is doing.
I read an interesting article where the writer basically said that, when implementing new security systems, there has to be a trade off in usability. He gave the analogy of your front door. Your house is the operating system, and UAC (or third party firewalls) are the locks. If you disable UAC in Windows, you are essentially taking all the locks off your door and anyone can just walk in unannounced. This may be nice for you because you don't need to do anything when you want to enter or leave, but thieves can also walk straight in. Alternatively, you can put a lock (or multiple) on your door. This means that, provided you have the key, you can still access your house without too much worry, but it makes it a lot harder for thieves to waltz in.
The trade off comes in when deciding how many locks to put on your door. You can have a lot, and as a result, have very good security. However, if you ever want to enter or leave your own house, you will need to unlock every single lock.
Alternatively, you can have only one or two locks, and it's still fairly simple to enter and leave your own house, but it makes it easier for others to come in as well.
I guess the point of all this is that when Microsoft first brought out UAC with Vista, there were so many people whinging because it was too intrusive (they had put too many locks on the door). With Windows 7, as some people have stated, they have dialed that back quite a bit (especially with administrators). Hopefully, this time they have achieved a good balance between usability and security. Only time will tell...
I'll try and find that article or a similar one. I have a sneaking suspicion that it was in a magazine... I'll edit if I can or can't find it...
|My System Specs|
|Thread Tools||Search this Thread|
© Designer Media Ltd
All times are GMT -5. The time now is 10:57.