User Access Control – Necessary Evil or Nuisance
User Access Control was first released as a security feature of Windows Vista in 2006. It’s that screen that comes up whenever you try to install something that gives you a chance to deny the application full access to your computer. When it first came out, it was understandable that there were applications that had issues with it. But almost seven years later, we still run into applications whose vendor’s advocate disabling this feature.
UAC has created an environment where poorly made applications, like computer viruses and other malware, detect that they are running as a limited user, even when the user who falls victim to them has full computer access. This effectively limits the damage that this malware can do, and allows us, or your anti-virus program, to have to work a lot less to clean it up. So why disable it?
The logic behind it is to allow older programs to run in an environment similar to the way they had run on Windows 2000 and Windows XP. However, programs that would require this have two major design flaws. The first is that they require full access for just their daily general use. Well written programs like Microsoft Office or QuickBooks have never had such a requirement and run fine on a limited user account. The second is that they don’t prompt to be elevated to full access because of User Access Control. Now this wouldn’t have been an issue before Windows Vista, but if the program vendor didn’t make it require full access in the first place, this wouldn’t have ever been an issue.
If your organization requires the use of a program that is pre-2006 and hasn’t been updated since, then you probably don’t have much of a choice but to disable UAC and open yourself up to these vulnerabilities. However, if you have been using a program that has been maintained and supported by its vendor continuously over the years, and they still ask you to disable UAC, there’s no excuse; they either need to update their program to comply with a security mechanism that has been in place for almost seven years, or you should find a replacement for the functionality this program provides.
