Several months ago the highly-respected AV-Test.org ran a test to rank various antivirus applications. In that test they had 30 rootkits that were tested on both Windows XP and Vista. On Windows XP none of the seven antivirus suites could detect all of the rootkits, and only four of the 14 anti-rootkit tools proved to be 100% successful. Those aren’t very good odds.
On Vista the story was a little bit different. Only six of the 30 rootkits could actually run on the operating system, and that was after the testers turned off the User Account Control (UAC). The UAC stopped the rootkits cold in their tracks, provided that the user actually acknowledges the prompt and reacts accordingly.
I know that many of you are not big fans of UAC in Vista, but it does look like it does the job that Microsoft intended. Without Vista’s UAC the rootkits would be able to silently embed themselves onto your computer, and the protection UAC provides is especially important when the antivirus suites fail to do their job. That’s one of the reasons that I, to the amazement of many, have always left UAC enabled on my Vista machines.
P.S. Vista SP1 has made the User Account Control slightly less annoying, and here is a video demonstrating the differences.