|
User Account Control and User Security
Windows User Account Control is a feature available in Microsoft
operating systems since Windows Vista. According to Microsoft, it "is a
fundamental component of Microsoft's overall
security vision" and "helps mitigate the impact of malware"
[https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works]
So what is Windows UAC, what it attempts to solve and what it solves?
User control is a concept known from original UNIX, since early 1970s.
In simple, it means that there are multiple users, and files/objects
(in UNIX "everything is a file") have permissions set. Owning user,
group to which (s)he belongs and other users (anybody) can/can't read,
write or execute the file.
In UNIX the problem to solve and the solution was pretty clear. There
was one big computer and many real, physical users who sat at
individual terminals and could work with the system possibly at the same time. If getting too high permissions (going overprivileged),
users could accidentially or intentionally harm each other or the
entire system. Consequently, users were granted only permissions enough
to do anything with their partition of resources, which they needed to
do their work. A superuser root was defined for IT administration people who managed system software, other users and performed other management tasks.
In Windows it was always there, despite that prior to Vista UAC was not
named "a feature" and was not largely advertised. Windows NT, which is
the base of today's Windows, was designed and developed a full-featured
multi-user operating system since its inception; originally it was
intended for enterprise multi-user and server use.
But Windows is used on Personal Computers, and almost all its use today
is personal. You are the owner and mostly the only user of your PC, you
need to install/uninstall programs, configure computer - in other words
perform administration tasks. Of course, you need superuser access, but
who are these other users, whom you need to control? What tools UAC
brings to you to improve your computer's security?
For most of the time the only tool you will meet is an alert dialog
with caption "User Accout Control" that asks you: "Do you want to allow
the following program to make changes to this computer?" and displays
the program's name. The alert appears when the program is started,
either because it requests Administrator privileges in its manifest, or
because you chose "Run as administrator" from menu when starting it.
Leaving aside the later case that doesn't make any sense - you are
alerted on your own conscious decision to run a program as
administrator - the first case tells you something about the program
being started: that it wants to have all possible access to your
computer.
So you are presented a choice: you need to decide whether to allow the program all access or not. How would you decide?
Probably you will first look on the program's name and may be think for
a moment if the program's functionality needs administrator access. If
it's something well known to you that you started yourself, the answer
is easy. Otherwise, if you are really careful you may check the
progam's author and digital signatures. Let's suppose that all is good,
will you allow administrator privileges?
UAC doesn't provide you with instruments to make an educated decision.
The program may be innocent, but contain bugs or functionality that can
be exploited (be especially careful when asked about administrator
privileges to run programs that you didn't start yourself, especially
such as command prompt, reg etc.) Some well-known programs may request
administrator privileges for no apparent reason (Skype, Adobe ARM).
Finally, installers almost always request administrator privileges -
and you can never be sure when installing a new program that it won't
attempt something bad as part of "installation".
UAC doesn't help understand if a program attempts something dangerous,
it only lets you decide if provide it with enough privileges to harm or
not.
Besides, there is enough harm that can be done with improper access without administrator privileges.
Summarizing, we can see that Windows User Account Control doesn't
change a lot security level of your computer. Threat today comes from
programs, not users, and only tools that implement Programs Access
Control (block or alert on particular dangerous access attempted by a
program) can significantly improve your security.
|
|
|
|
|
|
|
|