I currently have my Windows 7 machines set up so that my main user account, the one I use on a daily basis, is a Standard User. I have a separate account that is set as the Administrator.
The UAC is set to its most restrictive setting (Always Notify). This way, whenever an application needs administrative rights when I'm logged in to my Standard User account (which is 99% of the time), I receive a UAC prompt requiring me to input the password for my Administrator account.
I have subjected myself to this inconvenience with the belief that this setup provided me with some significant protection against possible security threats.
Is this an accurate perception? Or am I needlessly inconveniencing myself? Would I significantly increase the security risks to my system by turning the UAC setting down to a lower level?
Thanks for any advice you can offer.
(Reference: In 2009, Microsoft engineers specified that UAC is "not a security boundary.")
Answer
(Reference: In 2009, Microsoft engineers specified that UAC is "not a
security boundary.")
And they are perfectly right. Your concern should be your user role on the system. If you setup yourself as a regular user, but are always seeing UAC prompts or having to elevate your privileges through a password prompt in order to do your work, you are effectively an Administrator of your system and you should log on as one.
UAC prompt security would in fact be compromised if you didn't, because invariably you are going to start to hit prompt options mechanically and essentially reducing the UAC prompt to just a subconscious confirmation layer between you and your daily actions. Soon enough you won't be able to distinguished between a rightful prompt and a prompt you should actually be suspicious of.
So, in short, if you are administering your machine, if you are constantly requiring administrative access to your computer, you are your computer Administrator and you should set your account as such.
Conversely, a regular user shouldn't see many prompts. Their daily operations of opening applications, sending documents to be printed, reading and replying emails, aren't (or shouldn't be) operations that require administrative privileges. It's when they try to do something they shouldn't, like installing an application or trying to change system settings that UAC will step in. Then they call in for the system administrator to take a look and either elevate their privileges for that operation by writing his password, or refuse to take part of that folly.
...
Security is thus still mostly a user concern and responsibility. UAC helps, no doubt. But by establishing responsibility boundaries by clearly separating the user and administrator roles (something we didn't have on Microsoft desktop operating systems before Vista). Doing this, UAC helps ensure that most (if not all) security concerns are delegated to the administrator.
It certainly introduces features that complicate certain malware. UAC Virtualization is one of them. But UAC doesn't want to replace user roles. Again, if you are an administrator, log in as an administrator.
For a deep understanding of UAC, Read Inside Windows 7 User Account Control, by none other than Mark Russinovich, one of the professionals responsible for it. I suggest in particular you follow his links as you read the whole text. Most particularly the conference video, and the ones that read "UAC Internals" and "revisit the relationship between UAC and security", in the Contents section. But generally speaking you should hit all links to gain a deep understanding of this feature. All you probably ever wanted to know, is there.
It took me about 3 days to fully read and interiorize all the concepts within. But it's well worth it if you take it at your own pace.
No comments:
Post a Comment