Amid the hullabaloo about how intrusive Vista's User Account Control feature will be to the average user, Microsoft has been quietly ramping up the support infrastructure needed to help companies adopt it. eWEEK Labs' work with UAC shows that more work lies ahead, however.
With Vista's UAC, Microsoft has finally gotten serious about securing the Windows operating system by limiting a user's rights during day-to-day computer usage. UAC also finally brings the Windows operating system up to speed with just about every other major operating system available today.
UAC enables the concept of LUP (least user privilege), where users run with limited privileges for the bulk of their interaction with the desktop. User rights are elevated only when necessary to perform certain administrative tasks. By limiting the user's normal permissions, there is less attack surface on the operating system and less chance for the user to inadvertently—how should we put this—screw things up.
Under UAC, both administrators and standard (limited rights) users operate with the Standard User security token. When a process requiring elevated permissions is initiated, Vista may ask users to confirm their intention to run the process or ask for administrative credentials to perform the act (depending on the configuration). This interaction—be it a confirmation or a credentialing—occurs in the Secure Desktop, where users can't interact with the desktop, and vice versa—until the questions are answered.
For full story: