Wednesday, September 12, 2018

Are standard users still useful when Windows 8 has UAC?


My last computer ran XP; administrators had unrestricted access (no UAC) and my normal day-to-day account was a standard user. I simply did a 'run as' then entered the admin credentials when I needed to do something such as install software. It made sense to have the day-to-day account be a limited one (like with Linux).


I've recently purchased a new Windows 8 computer. With User Account Control, when I am logged in as an administrator, UAC will pop up an allow/deny prompt if an application tries to make changes to the computer.


If I instead make my day-to-day account a standard account, when I do something that requires admin privileges, it will prompt me as well (but for a password and username). As both user accounts will prompt me anyway, is there any point to making my day to day account a standard one? What is the 'best' practice and do you all personally follow it?


Answer



UAC is not considered a security boundary. What this means is that there is only (relatively) weak protection preventing malicious software from "escaping" UAC and gaining administrator access. (In particular, Microsoft do not promise to fix issues that allow this to happen.)


Personally, I always use a standard user account on my home machine, except when I'm actually administering the computer.


No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...