vista uac.pngOne of the things that people complain the most about in Vista are the User Account Control (UAC) prompts, but they have actually started to prove themselves worth while. Over the past few months several people have asked me why the prompts can take awhile to appear, and also why the background dims itself. What they don’t realize is what’s going on behind-the-scenes to make UAC more than just a simple prompt.

Each time a UAC prompt is displayed the screen dims to indicate that Windows has switched to the Secure Desktop mode. This is significant because only trusted processes running as SYSTEM will be able to run while in the Secure Desktop mode.

The Secure Desktop mode is also used when you press Ctrl+Alt+Delete, and even on the login screen. The reason why this is important is that it doesn’t allow other applications (good or bad) to access those areas. For example, you wouldn’t want an application trying to snag your Windows password by monitoring the login screen, and Secure Desktop helps prevent that.

Similarly the Secure Desktop mode keeps malicious applications from trying to manipulate the UAC prompt. The UAC blog gives a good example of why the Secure Desktop is an important aspect of UAC:

So how does this spoofing attack work? You hide the real mouse cursor and show a fake one some number of pixels offset to the real one. So now when the user mouses over the elevation UI attempting to cancel it since the malicious software could brazenly announce itself as “I’m gonna own your PC.exe”, what’s really happening is that the hot spot of the mouse is invisibly over the “Allow” button. Click! Not what you thought would happen. This type of attack is also blocked on the Secure Desktop.

As you can imagine switching into the Secure Desktop mode can take a few seconds, just like it does to bring up the Ctrl+Alt+Delete screen. You can disable the Secure Desktop mode while leaving UAC enabled, but that just leaves the door open for malicious applications to spoof any of the prompts. At that point you might as well just disable UAC all together.

To sum things up: there is a valid reason why your screen dims itself when showing a UAC prompt, and it’s not because it just looks cool.