User Account Control (UAC): What is it?

User Account Controls primary design goal was to help protect a Windows computer, Vista and later, from programs attempting to make a major change. When UAC is active it prompts the user and asks the user if the change is valid. The design goals of UAC have been achieved since by default it is enabled to notify each time a program tries to make a change; this is the recommended setting.

UAC, if deployed correctly can be a great tool for system administrators, but it can also be an annoying feature for the end users. By having UAC enabled it will make the user think twice about a possible change to the system. This method can only be deployed correctly when users are not in the Administrators group. If you have users that are in the Administrators group, they will most likely click “Yes” or “Allow” to every UAC prompt that comes up.

From my experience with UAC here are a few weaknesses I’ve observed. If Microsoft was looking for a more secure system I believe that they would’ve combined UAC and Windows Defender or Security Essentials into one package. UAC by itself will not detect malware; that is not its role. I haven’t read up on Windows 8 and its Defender integration but that is a start to having security right from the get go. Software developers can also develop programs that avoid triggering UAC, thus posing a risk to your system.

How secure is UAC? UAC is only as secure as the user and what they allow and don’t allow. A system will never be 100% secure; there will be flaws or holes in the system. Malicious programs will find a way around UAC if developed correctly. I personally never have UAC enabled, I haven’t ran into any major issues because I’m aware of every change that I make to my system and I have the knowledge to know if a change is valid or malicious.