Znet blog post about UAC

I ran across this post about a design flaw in UAC in Windows 7

http://blogs.zdnet.com/hardware/?p=3410

I don't have Win7 installed but according to the post, the DEFAULT setting will not prompt you if UAC is turned off. Kind of lame, but according to Microsoft, this is working as intended.

I will be setting my UAC in Win 7 back to normal.

While reading the article I found this little post about UAC that better explains the intentions of UAC.

http://blogs.msdn.com/crispincowan/archive/2008/04/28/uac-desert-topping-or-floor-wax.aspx

UAC was intended to force developers to "clean up" their code and not demand excessive administrative privileges for the programs they write. Sadly, it looks like we are saddled with the cost of the transition.

 

What's wrong with the thread just two places down in the list? http://forum.notebookreview.com/showthread.php?t=347667

 

Yeah, I saw that. It is a bit of a flaw, it probably ought to be modified. But considering how many people don't use UAC at all, I'm not sure how big of an issue it is. Security software really has to be designed assuming no UAC will be used or it won't work on half of Vista PC's. So I can kind of see why Microsoft isn't too concerned - although only in a way that rather belittles UAC, which of course Microsoft couldn't straight-out say.

 

Apollo, most people do use UAC. Most people wouldn't know how to change the setting if they wanted to.

I'm not concerned that the initial setting is less secure in 7, what concerns me is that a malicious program could turn UAC off without any warning.

Greg

 

Really? I guess NBR tends to skew our views; the polls here always showed a strong majority not using UAC. That's the hazards of polling a tech site I guess.

 

The kind of people who visit these forums aren't who we should be concerned with losing their data. Most people here know enough about computer security that they are fine with UAC off, it's the mainstream consumer who we need to be worried about.

Greg