Last week, I discussed some popular myths about the built-in Administrator account. Today, I will talk about a related myth. This myth isn't spread by secret revealers, Microsoft's marketing is the origin of this rumor. It is about this big change that UAC (User Account Control) supposedly brought to the Windows world. Security expert have always criticized that in Windows end users usually are logged on as administrators. This is very different to the UNIX world where even system administrators log on as root only every now and then. It appears that in Windows Vista everything is different because the default user type is now the standard user.
- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
Darren Canavor, a Microsoft program manager wrote almost three years ago about Vista:
In Windows Vista we made numerous changes to our user account model. Standard users are now the default user type for new accounts created after initial setup.
Is this really true? I seriously doubt that.
First of all, the first account that is created when Vista is installed is a member of the administrators group. Most home users who bought computers with Vista pre-installed use this account. Therefore, the majority of all Windows users still have administrator privileges more or less in the same sense as with Windows 95 or MS DOS.
You might object that Vista's UAC makes sure that administrators run with limited privileges by default. Whenever a Vista administrator launches an application it runs only with standard user privileges (medium integrity level). This is true and certainly a good thing. However, this doesn't change the fact that most end users still work with administrator privileges on their Windows machine. All they have to do is to confirm a UAC prompt and everything is just like in the good old Windows 95 days.
There are new reports that the infection rate of Windows Vista is much lower than that of Windows XP. This might partly be attributed to UAC. However, the interesting questions is whether the UAC prompts helped to prevent infections? I believe that the UAC was never really designed to prevent infections with warning dialogs because most users are trained to confirm all kinds of popups anyway.
It is no secret that Microsoft's main reason of introducing UAC was to force developers to program applications that only require standard user rights. No software vendor can afford to annoy customers with constant prompts. Now that the UAC is established we will see far less UAC prompts than after Vista's release.
Moreover, the fact that Windows 7 by default will only issue a UAC dialog whenever a program tries to make changes to the system, but not if the user changes Windows settings, will further reduce the number of UAC prompts. So everything is perfect now? No more nagging UAC and still a secure Windows? I don't think so. In my opinion, the silent elevation security hole in Windows 7 shows that the whole UAC concept is flawed.
The real problem is that most home users and also many end users in corporate environments are still administrators on their machines. This hasn't changed with the introduction of UAC. It is the main reason why the number of Windows computers that are part of a botnet is increasing steadily. The guys behind these botnets are a lot smarter than those script kiddies who just use virus kits to create the next killer worm. These infected machines most likely don't appear in Microsoft's statistics because the botnet creators don't just want attention like the script kiddies. Thus, they do everything not to be detected, in particular they don't damage computers like old-fashioned computer viruses. I seriously doubt that UAC or similar technologies is an effective remedy against the rising threat of rootkits and botnets.
What has to be changed is that end users need to not be allowed to make system changes. Thanks to the Internet, this is possible. In the pre-Internet era, people went to computer shops and bought software in colorful cardboard boxes to install it at home on their computers. This is not necessary anymore. In fact, I don't understand why software still has to be installed at all. The only reason why end users require administrator privileges on their machines is because they have to install software.
Subscribe to 4sysops newsletter!
This is an outdated desktop model. In my view, Microsoft shouldn't focus on gimmicks like the superbar, UAC modifications and XPMode. Instead, as the biggest software company, they should lead us into a new era where users only use computers but no longer have to administer them. Computer administration is the job of system administrators, but not of end users. New technologies such as application virtualization and rich internet applications made this possible. Microsoft only has to fully embrace these new technologies instead of fiddling around with an outdated desktop model. But please don’t get me wrong. I am not saying that the future belongs to web apps. I am still a fat PC.
Want to write for 4sysops? We are looking for new authors.
The “outdated desktop model” is the least of microsofts problems. No system does administer itself especially not windows. The inability to change the rotten core (archecture) of windows due to maintain compatibility (and keep customer) forces microsoft to make cosmetic changes on the surface.
UAC is the forced “solution” for programs in userland that are designed to run as admin. Why had so many programs problems? Well, there wasn’t a useable standard (restricted) user before Vista, therefore no customer did it, therefore no one complained. Microsofts lazy guidelines were just paper.
Even Microsoft didn’t care, they ran all services as “system”-user up to Windows XP and got hit by many worms.
By the way: Have you ever wondered why the percentage of critical (security) updates is so high? Right, too much code runs as admin/in kernel space, which is far too big anyway compared to other OS.
A full rewrite of windows is too expensive (ask shareholders about that idea + see what happened with longhorn) so don’t expect any miracles in the future.
Just remember: Wait for the next release (which is the best and safest of all windows releases ever, as usual,) and hope they make their homework. You know the saying: Hope dies last, mine died with every windows release again.
Of course, no system administers itself. But who says that end users have to manage their systems? My point is that thanks to the Internet this is not necessary anymore. Security is not really a technical problem, it is mostly a user problem. As long as non-computer savvy people have rights on their computers which they don’t deserve, hackers will have an easy win. This wouldn’t be different with any other operating system. Therefore, Microsoft doesn’t have to change the core architecture of Windows to get a secure system. They only have to make sure that end users can do everything they want without requiring administrator privileges. And this starts with giving up the idea that applications have to be installed on desktop computers. I am pretty sure that in the future applications will only be launched, i.e. downloaded an started. The part of the application that has to be managed will run in the cloud. The rich user interface runs on the fat client. It is already doable today. Microsoft is just too slow to adopt this new desktop model.
Letting people i dont know administer the computer?
Ok at work, but at home? Let the government take care of our computer habits? Jesus..
What did the internet changed for the need end-user administration? I administrate my network/computers via remote access (call it “internet”) but i’am needed (as an administrator) anyway.
face new problems:
1. If the user doesn´t manage their system who does? Microsoft?
2. If the user want to make a change which requires administrative rights (like installing software) you have to grant him this right. Even if the software is a virus/trojan: How can you tell (except with a virus scanner which can be wrong or insecure itself)?
…so what changes with a cloud (or: Why hasn’t the user waited for this?):
1. You give up the control of your computer a rely on hosted application of a 3rd party. THEY will have the same security problems but maybe (hopefully) they will do it better.
2. if they die (in the next crisis), your application dies too.
3. you are limited to permanent connection (speed?) but technologies like google gears might solve this to a certain point.
4. the service will cost money on a monthly basis or ads will “entertain” your work.
All these advantages (disadvantages for users) convinced most of the (even not fresh and hype) companies to make you an offer.
Sun declared in the late 70s “The network is the computer”, the cloud hype cooked up (again) this old dream, but the truth is: it isn’t the time (yet?).
1. computer are cheap for you and me, but not for everyone (think of “one laptop per child” initiatives)
2. you don’t have internet access everywhere (not even in cities)
3. the connection is slow (upload!)
4. people are not used to the idea (habit is slow) in general
5. and especially not to give 3rd parties access to private data (except exhibitionist blogges of course) which doesn’t fall under privacy laws of your country (a lot of people fear google apps).
When was microsoft ever fast? They feed the cash-cow enough to stay alive, but nothing more. If you want fast and user-friendly changes: not gonna happen, change the plattform.
Maybe at 50% market-share they understand. Remember when they kept telling people that Vista is the best windows ever (a real success)? I think they believed it, they really couldn’t understand what someone could criticize on Vista.
I don’t have much of an opinion on UAC… It is what it is. If it causes trouble for an application/user, then I have to disable it.
I do have beef with the Internet delivery thing… Why? I’m currently working off a 256kbit connection, the max connection available to me is 1Mbit.
How can I use cloud apps and still download my por- err, technical PDFs/look up Kbase articles and stream my right-wing propaganda all at the same time?
I guess cloud apps can be rolled out in industrialized countries 1st. I’ll skip it until I’m too senile to work.
Greets from Brazil.
Err, Do you know the people who fix your car? Does the government do this for you?
Stefan, the Internet allows you to launch applications without installing them. Application virtualization and Rich Internet Apps made this possible. I guess in 99% of all cases when an end user requires admin privileges, he or she installs software. If software doesn’t have to be installed anymore, then end users won’t require admin privileges. I agree that Microsoft is often slow. This is just because they are big. Big animals move slow. But that isn’t really a problem because their size helps them to survive. However, I am quite sure that the change I outlined in the article will come sooner rather than later.
Hi Leonardo, so you are back to Brazil now? Lucky you! I think a 1Mbit connection is fast enough for this technology. The application has to be downloaded only once. It stays on the PC in the cache until it has to be updated. The only difference to old fashioned Windows apps is that they can’t change the OS or other applications by design. Thus if you can run Windows apps in Brazil, then you can also run Rich Internet apps.
No, I do not know the people who fix my car, therefore i remove all my personal belongings (data) BEFORE they get the car.
I would do the same the with rich internet applications, but what is the purpose of a application without data.
The fact that a programm don’t has to be installed into the system (instead only executed) do not make them secure by design. If a ria only runs in my home directory what is the advantage compared to other “portable” programs (execept the speed i guess)?
If the “only difference [..] is that they can’t change the OS” why is it a new era?
Today (microsoft finally archived that, more or less) every program runs as unpriviledged user, except the stuff that needs direct access to hardware like the GUI of the OS. You only need administrative right for permanent changes on the system (copying files into your system-dirs, for other users, and to set global registry keys).
Do not expect the big animal to make big jumps and remember what happened with the big dinosaur animals once. They were to slow to adapt.
That’s one reason why I encrypt all my personal files. So just in case my laptop ever needs a repair, I won’t have to worry. Confidential data is certainly an issue when it comes to Internet-based apps. But I believe in the long run encryption technology will solve this problem.
As I outlined in the article, in Vista apps run with standard rights, but most end users still have admin privileges. With RIAs or virtualized apps this is not necessary anymore because they don’t have to be installed.
As to the dinosaurs, they ruled the planet for several million years. So don’t expect the Microsofties to die out any time soon. 😉
I believe that WinNT OS Model is fine though not perfect. To use an MS OS out-of-the-box is dangerous and only a foolish and incompetent net admin would accept/trust such default system config in his work environment. But we all know the operating system is configurable – to suit various security and business needs. The sad fact is there are many MS customers – mostly home users who don’t know how or are just too lazy or busy to spend time on how to secure it.
I work as a network admin in an all-Windows domain environment with Win7 and XP Pro workstations, with internet connectivity. I haven’t had major problems with MS OS – both Windows XP and Windows 7.
I admire Microsoft’s new UAC security feature in Windows 7 and i always enable it. The reason is simple – the UAC security feature is for administrative accounts and tasks – this is what many people do not understand. For me, UAC is like Windows XP’s “Unsafe Files Prompt” security feature – it’s nothing new, just a fancy name.
Microsoft has recommended to use LUAP approach to control users and processes. I implemented it in my environment and it worked for me. I’m the only admin user and the rest of my co-employees use standard/limited accounts.
They run some legacy applications without problems. Originally, these apps require admin privileges but they now run via limited accounts. All you need is a careful and thorough testing and planning software setup and config when it comes to deploying software. You just have to honor MS recommendations regarding the use of their OS.
Microsoft has set guidelines for programmers to follow but the reality is that many developers don’t follow or honor them. If all your business applications require admin privileges in order to run – i think you can blame the developers for their laziness.
For many years I ran XP with standard rights. The few apps who needed admin rights were launched with the ‘Run As’ window. This worked perfectly for me and I will continue to work this way with Vista. I went even further, in the rare case I was logged in with admin rights I pulled my network cable OUT of my PC.