The risks of disabling User Account Control (UAC) on Windows Vista

BROWSE BY TAG Application Security,   Application and Platform Security,   Windows Security: Alerts, Updates and Best Practices,   Operating System Security,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Security Do Facebook URL security concerns justify blocking social networks? Is there a way to block iPhone widgets that bypass Web filters? Should enterprises be concerned with Twitter in the workplace? Are there still Google Desktop security problems? Can an IP spoofing tool be used to spam SPF servers? Will an application usage policy best control network bandwidth? How can URL-shortening services be manipulated? Is my security program ready for Web application firewall deployment? How to ensure the security of a shopping cart application When to use the service features of the Metasploit hacking tool Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Disabling User Account Control (UAC) in Windows Vista does make quite a difference to both the user experience and the security posture of Windows Vista, improving the former while degradating the latter. As you say, ignoring the mechanism leaves Vista acting a bit like XP. Many readers might say that is not all bad, at least if the client machine has been properly configured and the user is reasonably experienced and security-savvy.

While most Vista users would probably agree that UAC, with its scary prompts and darkening of the screen, is the most annoying "feature" of Vista, many could probably live with the Microsoft OS asking user permission to install software, just as users are asked in Linux or Mac OS X. But when Vista asks about each and every change to things like Start menu folders or even the system clock, it can get a bit much. Hence the abundance of Web pages out there devoted to showing you how to turn off UAC.

So why didn't Microsoft set Vista's default level of user interrogation closer to that of rival OSes? The answer may lie in the many different avenues of attack that exist on a Windows system running Microsoft applications, whether it's Vista or XP.

Microsoft evolved its software, both OS and applications, from a closed environment to the wide-open world of Internet hosts, without a fundamental redesign. Just as Microsoft Office applications have had to live with Microsoft's decision to embed programming capabilities within data files (resulting in the abuse of macros and VB script), its operating systems have had to live with an excess of sharing abilities and other hooks originally designed for home and office environments where users are known and trusted (not untrusted networks like the Internet).

Now Vista offers the ability to run Internet Explorer in a secure "protected mode." Obviously, in an enterprise setting, it makes sense to control who can turn off UAC. For the general user population, consider denying administrator privileges altogether, forcing users to work at the level of a standard user so they won't be able to do things that trigger UAC elevation prompts for administrators.

For a group of experienced, responsible users who are running Vista with administrator privileges but getting annoyed by it, consider allowing them to run UAC in "quiet mode." This setting leaves UAC on, preserves protected mode in Internet Explorer, and prevents prompts when a user attempts an administrative task. The UAC will run, however, with the standard user permissions by default. There are several free utilities, such as TweakUAC, that simplify setting up quiet mode. The Group Policy Editor in Vista Ultimate also works. In Vista Home Basic or Home Premium, two registry key values must be changed from their default of 2 to 0: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem]

The values to change are: "ConsentPromptBehaviorAdmin" and "ConsentPromptBehaviorUser"

These modifications do not leave the user completely unprotected. UAC will still offer up an alert if the user, or some process, tries to run unsigned code, provided "ValidateAdminCodeSignatures" has not been changed from the default of 0 for "Off." As more code is being signed, I suggest avoiding the temptation to turn off validation.

In fact, exercise caution when changing any of the policy settings unless you are sure what the implications will be. In regard to other Vista features that can be used to secure Vista when UAC is disabled, I'm not sure what those might be, other than perhaps some restrictive combination of user groups and permission settings, the basic logon/startup protection and file encryption. I would certainly want to make sure some sort of memory-resident malware detection was running before UAC was disabled. While UAC is annoying, it is likely to get less annoying over time as fewer events trigger alerts, and running in "quiet mode" seems like a good compromise for experienced users.

More information:

• Features of Windows Vista SP1 may encourage wider adoption of the OS. Learn how.
• Vista WIL can help enterprises take control of data integrity levels with these tips.