APC has brought up a very valid point about Vista’s prominent new security feature: User Account Control (UAC). They are using TweakVista as an example to show how easy it would be for malicious software to disable the UAC and manipulate the system.
TweakVista is an application that was designed several months ago for Vista 5270. It has several different customization options that may help you have a more pleasant experience, but at the same time it shows us how the UAC feature can be disabled in one simple click.
Microsoft’s response the the issue was:
If an application requires administrative privilege, such as Tweak Vista, a prompt is generated through User Access Control (UAC). If consent is given by the user, this then elevates the application to a higher (administrative) integrity level and allows privileged access to occur within the context of that application only. Note that for this to occur, the UAC prompt requires that a user must provide consent before the application will be allowed to run. UAC is only one component of the defence in depth security capabilities of Vista. It is the sum of all Vista’s security capabilities – UAC, IE7, Firewall, Defender, MIC, SID and CI – that protect users from inadvertently obtaining and then allowing malicious software to run. Microsoft recommends that users run with standard user privileges, and that they be very careful when running applications with administrative privileges.
Sure you are prompted for Administrative privileges, but what if you are installing an application? That means you will receive a prompt when you run the installation with administrative privileges…and then the program is free to do what it wants after you okay it. If it wants to disable the UAC in the middle of the installation then it can.
APC’s comment on this is:
It confirms what we have come to suspect about UAC – it’s very useful for standard users and totally useless for power users/administrators.
That is especially true. If a user doesn’t have to enter a password in the elevated prompt then they are pretty much free to do what they want with the system. However, if a user does not know the administrative password, such as at a school or business, then a program would never be able to receive the privileged access that it needs to disable the UAC. So it may be good for some people, but it is still way too easy to disable.
Microsoft needs to change this option so that it can only be altered through the Control Panel. I don’t believe this is something that software should be able to tamper with no matter if it is running elevated or not.