The User Account Control feature from Windows Vista limits user privileges. The UAC works through the following:
• All users (even the Administrator) who log into the system will be treated as ‘Standard Users’ and thus, given minimal privileges.
• If an application initiated by a user attempts an action not allowed for the ‘Standard User’ account, the system asks the said user to validate the act (for Administrator users) or input the Administrator password (for Standard users).
Some actions outside of the rights of the Standard user are:
• Application and Driver Installation
• File Creation within System Directories
• Modification of the System Configuration
Anyone concerned with creating protection against malicious programs has come across events wherein specific actions are surely suspicious, but cannot be entirely identified as malicious. Said action may be malevolent within certain context, and as such must result in blocking or user notification. In another context, however, the action may come from a valid application.
Scenarios like these are quite common. Multitudes of benign applications perform actions that can be construed as suspicious, from the perspective of security. If the current user were to be informed about each one of these discrete action and would be requested for authentication, the user may shut off the security feature to prevent an overload.
With this logic, User Account Control is not a considerable security measure versus malicious code. The chances are high that a feature that riles the user will cause the user to render that feature inoperative. The user will, most likely, activate the ‘allow’ option or type in the Administrator password without much thought.
Conversely, users that log in using the Administrator account have additional levels of security under User Account Control. An application will initiate with a minimum of privileges under this account if it high privileges are not required. Apparent vulnerabilities in an application of this sort will not be as perilous as vulnerabilities in high-level applications.
There are a number of malicious programs that operate by intercepting warnings (from firewalls or other security features) regarding suspicious code. Said malware will cause the security solutions to permit such actions by ‘clicking on the associated switches.
The windows for these switches will appear on screen for a very short period, and as such, the likelihood of the user noticing the action will be slim to none. Windows Vista integrates protection against threats like these through the Secure Desktop. This means that a window which asks for increased privileges will need confirmation (via a password) to allow the action.
Note that all kinds of safeguards are subject to evasion. The benefits that this line of defense provides are conditional, and subsequently, short-term.