The UAC count for the month.. that is, the number of times I've been "bothered" by a UAC prompt indicating that it needed approval for elevation.....
One time this month I've been prompted with a UAC prompt.
So everytime I see someone ask a question about "How do I turn off UAC", the thing I want to ask is "What are you doing that makes UAC prompt you?". The second question I want to ask is "Do you realize that by turning off UAC, you also turn off IE's protected mode?"
"Oh but I run Firefox" (or Opera or whatever), I hear you saying... doesn't matter, as has been seen in the past, Firefox can be used as a vector to attack via IE.
"But it's my machine", I see you post in the newsgroup. Fine, then take the time to understand that you just shut off IE in protected mode and what risk you just put your machine in. If you care about your machine and the data on that machine you'd leave it on.
And even when I hear noted security speakers and authors say "UAC isn't for you", I'd argue yes it is. Because I AM the biggest risk at my firm. I think I know better. I think I can surf safely. I'm even running with scissors at times (Administrator and Domain Admin rights) and I'm not smarter than the bad guys. I'm really not and I'm kidding myself if I think I am.
And the more I think I am smarter than the bad guys, the more at risk my firm is.
And finally, If I turn it off and don't experience it like what I'm asking my end users to do, am I a good administrator by not walking the walk and talking the talk? Experiencing what they are experiencing? If I truly think it's annoying and shut it off, then why am I asking my users to suffer? Isn't my job is to make security choices palatable? I'm not saying that they will love every moment of whatever security choice I make, but it's like the time someone in my office a several years ago, after they'd had a drive by browsing malware scare (of which we were not only a/v protected but patched as well), but regardless, it was the trigger event to not only push me into pushing non administrator on the desktops, but the folks in the office actually WANTED it. It took one 'in their face' example of a wrong google hit to hit home to them how brittle the edge of protection is in a small firm like mine. They understood how easy it was to put client information and data at risk and didn't want to be the cause of it in the office.
Sometimes when people understand the risks better, they make choices that are surprising. In fairness I don't know the impact of running in Standard user mode on Vista 'and' turning off UAC, whether that also disables the IE protected mode (and in fairness I should check for those that argue that Standard mode is the preferred manner of running Vista and then argue that they can counter that by turning off UAC and get a balance) but I like seeing THIS down at the bottom: and for now, UAC is on, not bothering me one bit, and Protected mode is on too.