How Windows 7 UAC shapes enterprise security
There is a lot of buzz about the security features in the upcoming release of Microsoft’s Windows 7 operating system, especially User Account Control (UAC).
Microsoft designed UAC to control the elevated “administrator” privilege that is so dangerous from an IT security perspective.
UAC debuted in Windows Vista to help reduce privilege levels of all users, non-IT and IT employees alike, when tasks were being performed that did not require elevation.
Despite these good intentions, however, Vista’s UAC received a tremendous amount of negative feedback due to the number of “pop-up” windows that occur during routine use of the desktop.
Windows 7 features a new approach to UAC, providing a “slider” to control how often UAC pop-ups occur and for which actions they are monitoring.
The questions these changes raise include:
- What exactly does UAC do?
- How should UAC be set in order to protect your desktops?
- Is the “slider” a good decision?
What UAC is designed to do
When UAC is enabled in either Vista or Windows 7 the goal is the same - to protect the user from unknown malware and viruses running in the background, as well as from unauthorized changes to the operating system files and Registry.
When a task is triggered that causes a protected part of the operating system to be modified, UAC will prompt the user for consent (if an administrator) or prompt the user for the credentials necessary for the privilege to perform the action (if the user is a standard user).
For standard users, UAC is not an ideal solution. With the prompt for credentials that UAC provides, there are only two possible solutions to allow the action to be performed. The first is the “over the shoulder input from an IT employee” when there is a prompt, which is not feasible due to mere logistics.
The second is to give the user alternate credentials, which in essence grants the user administrative privileges to the entire computer. Both options provide poor solutions to the issue.
However, for administrators, UAC provides an excellent solution for protecting the computer against actions that were not launched by the user, but were launched from malicious code running in the background.
Without consenting to the prompt, the administrator is simply a standard user and the malicious code has no chance at modifying the OS files or Registry.