Microsoft has reduced the actions that prompt you making it less annoying for the users. The software giant has made several changes, but the biggest change is the User Account Control “slider” setting which results in less annoyance and more security.
User Account Control safeguards your computer against hackers and protects it against malicious software. The tool prompts the user for the permission, if any application wants to make any changes to your computer. UAC is more flexible in Windows 7 than in Windows Vista. Now, every task doesn’t require your consent in Windows 7, and if you have administrator privileges, you can easily fine tune to UAC’s notification settings from the control panel.
Microsoft realized that allowing users to have administrative rights all the time is not acceptable under the mandates of Trustworthy Computing. So, Microsoft has made some changes, starting with the Vista. Those changes became UAC and consist of the following:
• Use virtualization to help programs run without administrative rights.
• If possible, operations requiring administrative rights will be changed to work with standard user rights. For example, granting standard users the ability to change time zone settings.
• Rework programs, so UAC knows when to request administrative rights.
• Ensure applications running with administrative rights are isolated from processes that are running standard privileges.
UAC is a complex tool. UAC, by default grants the user standard rights. If an application requires administrative rights to execute or load, UAC will prompt the user for permission to elevate privileges for that task. This change in approach prevents malware requiring administrative rights from installing automatically.
The rights elevation is handled by UAC’s Admin Approval Mode (AAM). AAM creates two profiles for the user at log-in, one with standard rights and one with administrative rights. As we mentioned above, UAC can elevate privileges.
The type of elevation used, depends on whether the user is from administrator group or not. If not, then UAC uses OTS, requiring permission from someone belonging to the local administrator group. If the user is a member of the local administrator group, UAC uses Consent elevation, asking the current user for permission.
Microsoft changed how UAC works in Windows 7. UAC in Windows 7 offers the user more flexibility. To find out the new options, go to Control Panel, select User Accounts, followed by Change User Account Control Settings. Here are the four new settings:
Top position: Is “Always Notify” and identical to the default mode in Vista.
Second position: Is the Windows 7 default setting, prompting the user when a non-Windows executable asks for privilege elevation.
Third position: Is similar to the second position. The difference being the prompt occurs on the user’s desktop rather than the secure desktop.
Bottom position: This setting turns off all protection afforded by UAC.
Besides offering users more say in how UAC works, Microsoft has added auto-elevation in an attempt to reduce the number of prompts submitted to the user. Due to the nature of auto-elevation, Microsoft is very particular about which programs can leverage privilege escalation.
They place the following restrictions:
• The executable must be digitally signed by the Windows publisher.
• The executable must be located in a secure Windows directory.
No comments:
Post a Comment