4 Reasons Why Windows UAC Is Useless

If you use Windows Vista or 7, you know how annoying it is to have to approve everything every application does on your computer. This feature, known as User Account Control (UAC), gives you all those dialogs that spring up whenever you open something. Microsoft created UAC with the intention of making computing safer for end users and technicians alike. If you’re a “victim” of this “security measure,” you know why it’s a massive failure on the part of MS. It turns out that UAC might even hinder the security of home and office systems. Ouch!

Even if there’s a ton of text in bold on the screen, your average home user will click “Yes” if the dialog keeps repeating itself. This is otherwise known as a reflex, and develops in the act of repetition. Let’s face it. The majority of applications on your computer are safe. If 98% of applications that open in a computer are safe, the other 2% might go unpunished as the end user clicks “Yes” every single time the annoying dialog appears. Would you really take the time to read 200 dialogs in an 8 hour day, if you’re not paid to read them? Add all this to the fact that the “Yes” button isn’t labeled “Yes,” but “Continue” – a word the mind is less likely to want to process when it’s in a hurry.

uac-window

This reason is much less about why UAC doesn’t work and more about what people do as a result of being annoyed. Some high-end users will disable UAC manually, and then teach their less-versed friends how to do it. These naive friends will probably forget that UAC is a security feature and consider it more an annoyance, so they’ll disable it as soon as they learn how to. Disabling UAC eventually will put them at risk for certain vulnerabilities Microsoft didn’t compensate for if the users don’t have an anti-virus application installed. The ball keeps rolling and the picture isn’t pretty.

If you’ve ever had the misfortune of being infected while UAC is on, you know the truth. UAC will not protect you from malware, since there are tons of different ways to call the Windows function library (WinAPI) without having to actually go through the feature’s screening process. The simplest method that malware uses to bypass the supposed security feature involves acting as an innocent application then writing all of the “bad stuff” to your AppData folder, which isn’t touched by UAC. Of course, there are other ways to bypass UAC, but I won’t discuss them for the sake of not giving people ideas.

It’s not like malware has an evil vampire face or Jolly Roger icon on it for you to tell what’s what. Most people will look at something like “Internet Optimizer” as an innocent application name and cilck “Confirm” in the UAC dialog if they even read the text on it. The malware infects the computer and it’s a done deal. Windows has no way of telling you, “Hey, look at this! We think it’s malware!” Knowing this, it’s difficult for someone to ever benefit from UAC.

While the intention of UAC is good, it often gives people a false sense of security, or worse, causes annoyance to everyone. We don’t advise you to turn off UAC completely, but don’t ever assume this is going to protect you if you are going to click the “Continue” button without thinking through the consequences.

What’ do you say? Do you think the UAC is really useful?