Vista ~ Introduction |
User Accounts! User accounts are handy things: they let you share a computer with others while providing each of you with privacy and the ability to customise the way Windows works. In Windows XP, every account created during the initial setup is given administrator status and, as you are encouraged to make an account for each user of the system, that leads to a herd of administrators running rampant. Under XP, administrators get to do anything they like, a powerful position indeed, and one which hackers are happy to take advantage of. You see, programs run with all the privileges of the currently logged on user, so on a compromised computer with an administrator logged in, malicious code gets to have its way with the system. Vista doesn't work like this. When you install Vista, you're asked to create a single user account. Although this is an administrator account, it does not have the unfettered administrator privileges offered by XP. On Vista, administrators are subject to certain controls and the operating system runs in a special mode called Admin Approval Mode (AAM). The only other type of account available in Vista is a standard account. Both users with standard accounts and administrators running in the default AAM are able to perform many everyday tasks without hindrance. You can:
and several other low-risk tasks. CredentialingOther, riskier tasks—installing applications, configuring parental controls or firewall settings, installing a device driver, and so on—require administrator privileges. If you attempt to perform such a task, a User Account Control (UAC) dialog box appears requiring consent before you can proceed. When a UAC dialog appears, it freezes your computer temporarily: you must respond to it before you can proceed. If you're logged on as an administrator, the only consent needed is for you to click the Continue button; if you're logged on as a standard user, a different dialog box appears, requiring you to supply an administrator password before you can continue.
Over-the-shoulder mode provides additional security on standard accounts. Microsoft calls this OTS (Over The Shoulder) Credentialing. The idea is that when you encounter such a dialog you call your administrator over (whether that's a member of your family or a system administrator in your organisation), they type in their password and click Submit, and off you go. Become an AdministratorThere are a couple of benefits to this system:
Chances are you've probably been using an administrator account on XP without realising the risks. Now, with Vista you can go ahead and use an administrator account and know that User Account Control will step in to help prevent you from doing something dangerous.
Configure advanced UAC options via the Security Policy editor, secpol.msc. (Click the image to see a full-sized screenshot.) Of course, UAC can't entirely stop you from doing something stupid, but the UAC dialogs are jarring enough that they'll make you think twice, and they will also alert you to malware which attempts to make changes to your system by stealth. Disabling UACDuring Vista's development, many beta testers gnashed their teeth over UAC. In its initial incarnation it really was a pain: UAC dialogs popped up endlessly and for seemingly innocuous tasks. The testers' howling brought a response: Microsoft dialled back the number of UAC prompts and made the process smoother. It also did something strange: it provided a very easy way to disable UAC altogether:
You can do it, but unless you have a really good reason to do so, it's a bad idea. If you're running Vista on a computer that's never connected to the Internet, it's probably pretty safe to switch off UAC; if you're turning it off just because you hate the prompts, think twice. When you're first setting up your system, the UAC prompts will seem excessive simply because you have to install many programs and change a bunch of system settings to get your PC configured perfectly. But once you've done that, you'll find UAC fades into the background most of the time. It's almost always worth keeping it active.
|
