Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development
    • Networking

    Microsofts Plea: Dont Turn Off User Account Control

    By
    RYAN NARAINE
    -
    June 27, 2006
    Share
    Facebook
    Twitter
    Linkedin

      A Microsoft security guru is pleading with Windows Vista beta testers to not turn off the User Account Control feature, regardless of how annoying it is.

      Jesper Johansson, a senior security strategist in the Security Technology Unit at Microsoft, admits that the current implementation of UAC presents too many privilege escalation pop-up prompts, but he insists there is a method to the apparent madness.

      “Unless we get feedback on what works and what does not, we cant fix it. If you disable critical technologies that we are trying to get to work, we cant fix them,” Johansson said in a blog entry. “That means that, yes, some things will be annoying and not work quite right in the final release, unless people work with us to fix them,” he added.

      With UAC, formerly called LUA (Limited User Account), Microsoft believes it has significantly changed the malware threat landscape by limiting the way malicious code runs on the operating system.

      By default, current versions of Windows configure most user accounts as a member of the administrator group, giving users all system privileges and capabilities. This allows users to install and configure applications and make system changes, but it presents a serious security risk because malware writers could take complete control of an exploited system.

      In Windows Vista, UAC will separate standard user privileges and activities from those that require administrator access, a modification aimed at thwarting virus, spyware, Trojan and rootkit attacks.

      However, in its current implementation, UAC requires that users click on multiple security prompts before carrying out some of the most basic computer tasks.

      Faced with the reality that Vista beta testers are turning off the UAC feature in frustration, Johansson is pleading for some support. He explained that Microsoft is using crash dumps from the OCA (online crash analysis) error reporting tool to pinpoint legacy applications and other programs that are not UAC-compatible.

      /zimages/6/28571.gifMicrosofts transformation from laughingstock to industry heavyweight in the IT security sector is beginning to bear fruit. Click here to read more.

      “UAC allows us to quickly spot all the broken apps out there so that we can either shim them to run as nonadmins or get them fixed. This latter is at the same time the most subtle and arguably most important of the things UAC does. It is also in many cases the most obvious, and the reason many people want to turn UAC off,” Johansson said.

      “By doing so, they allow applications with fundamental design flaws to still work, reducing the pressure to actually fix those applications so they work as nonprivileged users, as most of them should. None of this will work unless Vista users actually keep UAC enabled.” he added.

      “Going out with statements like this is the worst feature ever and I already disabled it and will never re-enable it based on unfinished beta code is simply silly. Why not instead realize that allowing people to run as a nonadmin is one of the most important things that can be done when it comes to protecting your system, and that it wont happen if the only people trying to get it done are a few program managers at Microsoft?” Johansson argued.

      “If you find prompts that are absolutely egregious and need to go, send us feedback on that. We need to know,” he added.

      In future beta versions of Vista, Microsoft plans to make tweaks that will also apply application compatibility fixes, called “shims,” for applications that need help running as Standard User.

      At the recent TechEd conference in Boston, Microsoft security chief Ben Fathi told eWEEK the company is also considering automatic shimming for legacy applications that may never be changed to work with the default UAC settings. “There are line-of-business applications that will never work with UAC for a variety of reasons. Maybe they dont have the source code anymore or the person that wrote that code is gone. There are hundreds of these applications out there,” Fathi said.

      In addition to UAC, some of the main security features in Vista include ASLR (Address Space Layout Randomization), Windows Service Hardening, mitigating buffer overruns with hardware protection, kernel patch protection, and mandatory driver signing. Vista will also include network access protection, easier smart card deployments, and various technologies to protect against malware and hacker intrusions.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×