User account control is one of the best security features in windows vista, and to conserve the security Microsoft has implemented in this new operating system, you should not disable it. I know, it’s annoying when even having administrative privilege on your account to be prompted with a dialog box to consent the action. This is because user accounts are not logged on with administrative privilege by default, instead when you perform something that needs administrative privilege windows switches to an administrative mode which in vista is called elevation and is this transition that needs your consent, the transition from standard user to administrator.

If you have been hit by a virus, worm, Trojan, or spyware, then you know how precious this user account control feature becomes. Here is why. When you logon with an administrator account on Windows XP or in any previous windows operating system, all the applications and programs that load on that profile assume administrative privileges, so that means that any piece of malicious code that loads during the start-up process has access to do whatever it wants on your system. That is also true when you are logged in on the system as an administrator on windows XP. Programs get executed without your consent because they assume they have administrative right, and guess what. They are right. Look how epidemic malicious software has become.

Well, this is no longer true on windows vista as long as you have user account control running. Because when someone logon with an administrator account, that account is assigned two tokens, one with administrator privilege and the other one with standard user level. The profile is loaded with standard user privilege only, and the administrator token is put on a stand-by mode. Any malicious software that is destined to run at the start-up process does not do any harm to your system, because it does not have the sufficient permissions to access the entire system. This is also true while you are logged in on the system, the administrator token is only called upon requesting something it needs administrative privilege: hence the annoying dialog box you get when doing that, But in that way you make sure nothing on your system runs without your consent.

I believe clicking on a dialog box to consent elevation to perform an administrative task is well worth, and I know people who have been stricken by malicious software will agreed with that.

Get the latest post from Help Desk Geek in a RSS reader. Subscribe to this blog.

This entry was posted on Thursday, November 8th, 2007 at 11:11 pm and is filed under Windows Vista Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.