Source
User Account Control (UAC) is a new security feature in Microsoft Windows Vista that changes the architecture of the access token creation process and prevents users from logging on with full administrative rights.
While the intent of this feature may have been enhanced security, all too often users need administrative rights for tasks like installing/updating programs, and many software applications need access to run properly.
The User Account Control tool has been designed to replace the Vista UAC, to simultaneously make your system more secure while significantly improving user-friendliness.
By default, any application launched by an administrator is running with a filtered, standard user access token. When the administrator attempts to perform a task, the UAC prompts the user to approve the action. This can lead to poor user experiences because the prompts can be slow to display, and appear frequently and without warning. What’s more, because the UAC may give a false sense of security since other processes can still access the desktop, it actually raises security concerns.
The net effect is that many users find the UAC security clearance and prompting process annoying, especially those who are a computer’s only user and have all the latest Norton Internet Security software installed and updated.
The User Account Control tool will collect user input as well as information on applications causing prompts. The data will be processed to improve the comprehensiveness and robustness of the white list, which will be updatable while running the tool online.
Download UAC = limited user UAC in quiet mode = file and registry virtualisation only plus IE in protected mode, other limited user triggers are auto-elevated (quietely without prompt)
Norton's tool = limited user + remember for the executable triggering the action In this context:
UAC OFF = a bad choice
UAC in quiet mode = better than UAC off, but auto elevation provides an open door, then a second choice
UAC tool = good balance between security and useability, my first choice
UAC ON = best in theory, but in practice user are trained to auto allow everything reducing the security effect to "near zero".
The User Account Control tool has been designed to replace the Vista UAC, to simultaneously make your system more secure while significantly improving user-friendliness.
By default, any application launched by an administrator is running with a filtered, standard user access token. When the administrator attempts to perform a task, the UAC prompts the user to approve the action. This can lead to poor user experiences because the prompts can be slow to display, and appear frequently and without warning. What’s more, because the UAC may give a false sense of security since other processes can still access the desktop, it actually raises security concerns.
The net effect is that many users find the UAC security clearance and prompting process annoying, especially those who are a computer’s only user and have all the latest Norton Internet Security software installed and updated.
The User Account Control tool will collect user input as well as information on applications causing prompts. The data will be processed to improve the comprehensiveness and robustness of the white list, which will be updatable while running the tool online.
Download UAC = limited user UAC in quiet mode = file and registry virtualisation only plus IE in protected mode, other limited user triggers are auto-elevated (quietely without prompt)
Norton's tool = limited user + remember for the executable triggering the action In this context:
UAC OFF = a bad choice
UAC in quiet mode = better than UAC off, but auto elevation provides an open door, then a second choice
UAC tool = good balance between security and useability, my first choice
UAC ON = best in theory, but in practice user are trained to auto allow everything reducing the security effect to "near zero".
No comments:
Post a Comment