Does UAC actually increase protection from malware?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Here is an interesting article written by a software developer who helps code iReboot, a utility that runs in the background to make it easier to dual-boot a Windows machine.

When Vista came out iReboot wouldn't work without UAC complaining, so Neosmart figured out how to make it work without UAC getting in the way. Their conclusion drawn from their experience working around UAC is that UAC, and Vista's much touted improved security, is not going to be a significant deterrent to malware authors.

You can read the rest of the article from neosmart.net's blog here.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I don’t think UAC does improve system security. This is because the average computer user who would probably benefit from this kind of feature, and anyone else that has the feature enabled will after about a week’s use move from a conscious to a sub-conscious mode of ‘click continue’. For the first few days, you read the little message, decide it it’s a good thing trying to run, and click continue. After 12 or 15 prompts by UAC you will just click continue without reading the stupid message as its in the way of what your trying to do.... so good or bad, people will just condition themselves to click continue as quickly as they can to get the prompt off their screens.

 

Sounds like a non issue, version 1, badly written assumes all users are admin, version 2 slightly better now works with the user model properly.

Both programs could still have significant security vulerabilities, UAC does not protect you from that, it just ensures you are aware of at least instalation of apps or the first priviledged operation they try to perform.

Unfortunately its a pretty dumb beast meaning too many false positives, the nag factor soon generates an automatic click response and any 'security' it might of got you is lost...

The title of the article is wrong, UAC is not broken, its performing what it was designed to do, its just probably not a great design...

 

UAC is far less annoying after installing SP1. But the author touched upon an issue that many security Nazis refuse to address: security decreases end-user productivity. So the objective should be to use the right amount for the situation/environment. Any more than that is counterproductive.