User Account Control – What is it? Should I Enable it or Disable it?

Computer Security, Glossary

Users who in recent times have migrated to Windows Vista, and even more recently, to Windows 7, have run into this. More configurable in 7 than in Vista (probably based on the feedback of annoyed users who felt UAC was often getting in the way of their interaction with the computer) it is nonetheless still present (enabled) by default. So what is UAC? and what is its purpose?

UAC is a security mechanism that prompts the user for a choice to allow or deny certain actions in a computer. What kind of actions? they are called “elevated”, meaning actions that require higher-than-usual privileges in the computer – actions usually performed by an “administrator” as opposed to a regular user. Examples: installing or uninstalling a program, or device. Creating or deleting a file or folder in certain core locations of the computer.  One of the expressed purposes of this is to make sure those elevated actions are being approved by the user and not performed without his/her OK. To that degree they can safeguard against malware since malware often include elevated actions to carry out and perpetuate an infection.

One less known purpose of UAC is to annoy. While some might think I’m joking, I’m not. It was apparently put there so that software developers would be more careful in their creation of  the routines in their software to avoid abuse of elevation requests. If abused, it would translate in too many of the actions of certain programs causing UAC to prompt the user for approval or denial of the action, thus annoying the user.

While Windows 7 kept UAC, at least there is one difference in how the user can control it. In Vista, it’s either enabled or disabled, while in Windows 7 there is a “sliding bar” that gives several different levels of protection between “totally on” and “totally off”. This is a change, and some will call it an improvement (because you can set it to NOT be prompting you for OK constantly), but unfortunately in Windows 7 the default level opens the door to unauthorized applications executing elevated tasks, thus defeating the purpose of UAC as far as security is concerned.

So my recommendation, in Vista: leave it turned on, or turn it on if it’s currently turned off. In Windows 7: raise it to the top level.

Sure, it might be somewhat bothersome, but it sure beats  having malicious programs running unchecked  in your computer.

If you need help changing the settings for UAC, contact me.

Leave a Reply

Your email address will not be published. Required fields are marked *