4 Reasons Why Windows UAC Is Useless

If you use Windows Vista or 7, you know how annoying it is to have to approve everything every application does on your computer. This feature, known as User Account Control (UAC), gives you all those dialogs that spring up whenever you open something. Microsoft created UAC with the intention of making computing safer for end users and technicians alike. If you’re a “victim” of this “security measure,” you know why it’s a massive failure on the part of MS. It turns out that UAC might even hinder the security of home and office systems. Ouch!

Even if there’s a ton of text in bold on the screen, your average home user will click “Yes” if the dialog keeps repeating itself. This is otherwise known as a reflex, and develops in the act of repetition. Let’s face it. The majority of applications on your computer are safe. If 98% of applications that open in a computer are safe, the other 2% might go unpunished as the end user clicks “Yes” every single time the annoying dialog appears. Would you really take the time to read 200 dialogs in an 8 hour day, if you’re not paid to read them? Add all this to the fact that the “Yes” button isn’t labeled “Yes,” but “Continue” – a word the mind is less likely to want to process when it’s in a hurry.

uac-window

This reason is much less about why UAC doesn’t work and more about what people do as a result of being annoyed. Some high-end users will disable UAC manually, and then teach their less-versed friends how to do it. These naive friends will probably forget that UAC is a security feature and consider it more an annoyance, so they’ll disable it as soon as they learn how to. Disabling UAC eventually will put them at risk for certain vulnerabilities Microsoft didn’t compensate for if the users don’t have an anti-virus application installed. The ball keeps rolling and the picture isn’t pretty.

If you’ve ever had the misfortune of being infected while UAC is on, you know the truth. UAC will not protect you from malware, since there are tons of different ways to call the Windows function library (WinAPI) without having to actually go through the feature’s screening process. The simplest method that malware uses to bypass the supposed security feature involves acting as an innocent application then writing all of the “bad stuff” to your AppData folder, which isn’t touched by UAC. Of course, there are other ways to bypass UAC, but I won’t discuss them for the sake of not giving people ideas.

It’s not like malware has an evil vampire face or Jolly Roger icon on it for you to tell what’s what. Most people will look at something like “Internet Optimizer” as an innocent application name and cilck “Confirm” in the UAC dialog if they even read the text on it. The malware infects the computer and it’s a done deal. Windows has no way of telling you, “Hey, look at this! We think it’s malware!” Knowing this, it’s difficult for someone to ever benefit from UAC.

While the intention of UAC is good, it often gives people a false sense of security, or worse, causes annoyance to everyone. We don’t advise you to turn off UAC completely, but don’t ever assume this is going to protect you if you are going to click the “Continue” button without thinking through the consequences.

What’ do you say? Do you think the UAC is really useful?

13 comments

  1. Hate it. Sure it’s easy for myself to say that since i work in IT, but I’ve seen it cause more issues with it being enabled than it has being disabled =/

  2. All those years with UAV in 3.1, 95, NT, 98, 2000, & XP… MS definitely were onto something with UAC…

    Id est, UAC being the next big flop on MS’s list to go with things like Millennium…

    If like in a Unix environment it asked for a password… Then maybe it would have some use.
    But even then, it wouldn’t be as efficient as the Unix environment.

    • Asking for a password before every single button you press would hardly be considered a step forward. I suppose Unix does this more rarely?

      • In Unix, it will prompt you for password only if you are performing administrative tasks (or need superuser permission). Other than that, it won’t bother you at all.

        • That sounds like a better idea than bothering someone every time they click a button, as is the case in Windows 7.

        • Windows also prompt UAC on tasks which require some kind of permission. I use linux as well as mac and do not find the UAC any more bothering than linux password prompt.

          • Windows 7 did a good job in reducing the amount of instances in which UAC showed up, but Vista was damn annoying.

  3. I have never faced any issue with UAC. I have been using Windows 8-10 hours a day linux 4-6 hours. Never had any issues with any of them.

  4. UAC is useless for the vast majority of Windows users.  I’m a freelance IT tech that works for non-techs on a daily basis.  None of my clients, except for the precious few that have any tech savvy at all, understand what UAC is for.  All they see is an annoying popup that gets in the way.  They quickly learn that answering “Continue” is the only way to complete whatever it was they started.  Pavlov’s dog!  If the question pops up unexpectedly, the don’t understand why.  So they use their learned conditioning and click Continue.

    And my technically savvy clients, the few that exist, already know how to avoid malware in the first place so they don’t need UAC!

    The very people that UAC is designed to protect are the ones that are not equipped to properly evaluate the question posed by the popup.  UAC is a huge cop-out my MS — a way to dodge real responsibility by passing the decision to the hapless owner.  We tech types MUST realize that normal people (think your Aunt Martha) cannot answer that question with informed consent.

    The very fact that MS displays the question at all means they have failed on that point.  UAC is so utterly useless that I turn it off as a matter of course for all my clients. 

    Then I do something that is more effective:
    1. Remove their admin rights (with instructions on how to login as admin when installing software)
    2. Install good AV protection
    3. Install a more secure browser.

  5. I can think of one reason not to use this incredible annoying bogus, and that is filesharing, I cannot access the file share \pcc$ or anything without a local user account, and sometimes even that is handicapped, this started since Vista.

Comments are closed.

Sponsored Stories