User Account Control (UAC) continues to raise hackles — even though you’ll rarely encounter a UAC prompt in the course of your daily work. Alexander Wolfe ranks it at number 4 in his list of the Top 5 Things Microsoft Must Fix In Windows Vista In 2008:
4) Remove The Intrusive User-Account Controls Already.
What I wrote in August still holds true: Vista’s user-account controls are a joke. They’re faux security warnings, which protect computer users no better than the TSA’s confiscation of tiny liquid bottles wards off air terrorists.
Better to implement some intelligent protections, which assess whether an executable is from a signed (trusted) app, and pop up a dialog box only when that’s not the case.
First off, UAC does diffentiate trusted apps from others, but the distinction (a different colored warning box) is lost on most users, including myself. But he’s missing the point: In the wrong hands, good apps can do bad things. Suppose you managed to install some malware, and its purpose is to launch the Disk Management console (a signed, trusted app) and delete all your disk partitions. This malware runs silently in the background until UAC pops up to ask, in effect, “are you sure?” If you launched Disk Management yourself, you’d say yes. But if this UAC prompt comes up unexpectedly, you better a) say no, and b) figure out why it came up.
UAC brings other benefits as well (most significantly, running with a standard user token even when logged on as an administrator). I contend that the benefits of UAC outweigh the occasional inconvenience. In Windows Vista Inside Out (pp. 358-9), we detail some ways that make it easier to live with UAC.