James Bannan discusses an interesting issue on APC magazine about UAC of Windows Vista. The simple tool tweakvista allows you to disable UAC without prompting for confirmation. This means that any malware which manages to get itself running on you computer can do the same. Remember, UAC’s purpose is to warn you that something which could be dangerous is going on.

There is an official statement from Microsoft about this case which I am partly quoting from APC magazine:

If an application requires administrative privilege, such as Tweak Vista, a prompt is generated through User Access Control (UAC). If consent is given by the user, this then elevates the application to a higher (administrative) integrity level and allows privileged access to occur within the context of that application only. Note that for this to occur, the UAC prompt requires that a user must provide consent before the application will be allowed to run.

So, the point is that UAC warns you before you start the malicious application which needs administrative privilege. However, everyone knows that malicious code usually just hooks up on other, seemingly harmless programs. So if you start an infected tool with the capabilities of tweakvista, you would be disabling UAC without realizing it.

I’ve said it before that pop-ups can never increase security. That’s why I usually disable the Internet Explorer enhanced security feature on any Windows server. If I decided that a web site I want to access from a server is secure enough, then I don’t need a pop-up asking me if I am really very, very sure that I want to do this.

It is the same with UAC. If I decide to run a program that means I really want to do it. The fact that UAC can be disabled by malware so easily shows that UAC decreases security. I guess, many inexperienced administrators rely on it. They think that if UAC didn’t complain after they started a tool, it can’t be so dangerous. What they don’t realize is that UAC was already disabled without their knowledge a long time ago.