Vista UAC can protect against Root Kits
Since Vista RTM’d people have complained to me about UAC (User Account Control) and how often they get warnings and popup’s. They just never seemed to get the point of it. I leave it on for all my Vista machines, even the VMs and even during demos to customers. Why? Easy. It protects my system from drive by style installations or modifications to my Vista machines. Its never really proven to be a hindrance to me, even during demos.
A colleague of mine tipped me off to the following articles.
Reading them was quite interesting. Tests showed that with UAC on, root kits couldn’t install themselves on Vista without alerting the user. No silently slipping onto the OS. However, its the comments at the end of each article that really intrigue me. Some people think Microsoft use UAC as a way of avoiding responsibility. Others, and rightly so in my mind, point out that the best you can do is warn/alert a user that something is attempting to modify their system … but if they don’t take the time to even read what’s on screen malware will always find its way onto a system. Software will always have its flaws.
UAC isn’t just about stopping malware … its about protecting users from themselves. It would appear that you can lead a horse to water but you cant’ stop it clicking continue, ok, yes I’m sure, no problem and diving right in.