Last week, I discussed some popular myths about the built-in Administrator account. Today, I will talk about a related myth. This myth isn't spread by secret revealers, Microsoft's marketing is the origin of this rumor. It is about this big change that UAC (User Account Control) supposedly brought to the Windows world. Security expert have always criticized that in Windows end users usually are logged on as administrators. This is very different to the UNIX world where even system administrators log on as root only every now and then. It appears that in Windows Vista everything is different because the default user type is now the standard user.
Latest posts by Michael Pietroforte (see all)
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
- PowerShell remoting with SSH public key authentication - Thu, May 3 2018
Darren Canavor, a Microsoft program manager wrote almost three years ago about Vista:
In Windows Vista we made numerous changes to our user account model. Standard users are now the default user type for new accounts created after initial setup.
Is this really true? I seriously doubt that.
First of all, the first account that is created when Vista is installed is a member of the administrators group. Most home users who bought computers with Vista pre-installed use this account. Therefore, the majority of all Windows users still have administrator privileges more or less in the same sense as with Windows 95 or MS DOS.
You might object that Vista's UAC makes sure that administrators run with limited privileges by default. Whenever a Vista administrator launches an application it runs only with standard user privileges (medium integrity level). This is true and certainly a good thing. However, this doesn't change the fact that most end users still work with administrator privileges on their Windows machine. All they have to do is to confirm a UAC prompt and everything is just like in the good old Windows 95 days.
There are new reports that the infection rate of Windows Vista is much lower than that of Windows XP. This might partly be attributed to UAC. However, the interesting questions is whether the UAC prompts helped to prevent infections? I believe that the UAC was never really designed to prevent infections with warning dialogs because most users are trained to confirm all kinds of popups anyway.
It is no secret that Microsoft's main reason of introducing UAC was to force developers to program applications that only require standard user rights. No software vendor can afford to annoy customers with constant prompts. Now that the UAC is established we will see far less UAC prompts than after Vista's release.
Moreover, the fact that Windows 7 by default will only issue a UAC dialog whenever a program tries to make changes to the system, but not if the user changes Windows settings, will further reduce the number of UAC prompts. So everything is perfect now? No more nagging UAC and still a secure Windows? I don't think so. In my opinion, the silent elevation security hole in Windows 7 shows that the whole UAC concept is flawed.
The real problem is that most home users and also many end users in corporate environments are still administrators on their machines. This hasn't changed with the introduction of UAC. It is the main reason why the number of Windows computers that are part of a botnet is increasing steadily. The guys behind these botnets are a lot smarter than those script kiddies who just use virus kits to create the next killer worm. These infected machines most likely don't appear in Microsoft's statistics because the botnet creators don't just want attention like the script kiddies. Thus, they do everything not to be detected, in particular they don't damage computers like old-fashioned computer viruses. I seriously doubt that UAC or similar technologies is an effective remedy against the rising threat of rootkits and botnets.
What has to be changed is that end users need to not be allowed to make system changes. Thanks to the Internet, this is possible. In the pre-Internet era, people went to computer shops and bought software in colorful cardboard boxes to install it at home on their computers. This is not necessary anymore. In fact, I don't understand why software still has to be installed at all. The only reason why end users require administrator privileges on their machines is because they have to install software.
This is an outdated desktop model. In my view, Microsoft shouldn't focus on gimmicks like the superbar, UAC modifications and XPMode. Instead, as the biggest software company, they should lead us into a new era where users only use computers but no longer have to administer them. Computer administration is the job of system administrators, but not of end users. New technologies such as application virtualization and rich internet applications made this possible. Microsoft only has to fully embrace these new technologies instead of fiddling around with an outdated desktop model. But please don’t get me wrong. I am not saying that the future belongs to web apps. I am still a fat PC.