Windows Vista UAC - pain point or protection?
Symantec just wants us to make the right decisions, by taking over decision making.
So why did Windows Vista's UAC "[bug] the heck out of me--to the point where I tuned it out and, eventually, turned it off"?
First, a quick mention of what Vista's UAC is - it stands for "User Account Control", and refers to a really neat security feature. When you log on as an administrator to Windows Vista, the token that you use for all your operations actually has the administrator portion disabled - denied. This means that you are effectively the same as a restricted, or normal, user. How wonderful is that from a security point of view?
If you accidentally or deliberately do something that would cause an administrative action to happen, your application is interrupted by being 'faded out' - the desktop goes a darker shade, and a window pops up prompting you to approve the administrative action. If you're an administrator, all you have to do is click "Continue" (or "Cancel" if you don't approve). If you're a restricted user, all you have to do is enter an administrator's user name and password.
This is a whole lot better than I used to have to do - using "Run As" from the command prompt or a right-click menu as I run the application, or in a few cases, actually logging off and back on as administrator to do the administrative action, and then logging off and back on as myself, a normal or restricted user.
So, where is this bad?
It's bad if you execute several administrative actions in sequence - or if something does it for you - and these actions aren't packaged up into a single executable.
So, okay, in that case I usually revert to my elevated command prompt, for sequences of actions that I initiate.
Where it comes up as a really bad thing is if you've got a non-elevated application that automatically carries out a number of other elevated tasks and applications on your behalf, meaning that you get bugged over and over and over for UAC prompts.
[I obviously don't run nearly enough bad software, because I love UAC. I think it's great, because it means I don't have to be administrator all the time, and I'm made aware of when I'm about to be dangerous.]
So, what Symantec's VP of consumer proctuds, Rowan Trollope, says bothers him is that he is running applications that keep calling out to other applications, all of which should be marked as elevated, or should be better integrated among themselves, or shouldn't be doing administrative tasks in the first place.
What application does he run the most, do you think?
What do you run, that causes you insufferable UAC prompts?