Why You Shouldn’t Disable User Account Control (UAC) in Windows

image

User Account Control is an important security feature in the latest versions of Windows. While we’ve explained how to disable UAC in the past, you shouldn’t disable it – it helps keep your computer secure.

If you reflexively disable UAC when setting up a computer, you should give it another try – UAC and the Windows software ecosystem have come a long way from when UAC was introduced with Windows Vista.

Administrator vs. Standard User Accounts

Historically, Windows users used administrator accounts for day-to-day computer activities. Sure, in Windows XP you could create a standard user account, with less permissions for day-to-day use, but almost no one did. While using a standard user account was possible, many applications wouldn’t run properly in one. Windows applications generally assumed they had administrator privileges.

This was bad – it’s not a good idea to run every single application on your computer as administrator. Malicious applications could change important system settings behind your back. Security holes in applications (even applications built into Windows, such as Internet Explorer) could allow malware to take over the entire computer.

Using a standard user account was also more complex – instead of having a single user account, you’d have two user accounts. To run an application with maximum privileges (for example, to install a new program on your system), you’d have to right-click its EXE file and select Run as Administrator. Once you clicked this, you’d have to type the Administrator account’s password – this would be a completely separate password from your main, Standard user account.

image

What User Account Control Does

User Account Control helps fix the security architecture problems of past Windows versions. Users can use administrator accounts for day-to-day computing, but all applications running under the administrator account don’t run with full administrator access. For example, when using UAC, Internet Explorer and other web browsers don’t run with administrator privileges – this helps protect you from vulnerabilities in your browser and other applications.

The only price you pay for using UAC is seeing an occasional box that you have to click Yes to (or click No if you weren’t expecting a prompt.) This is easier than using a standard user account – you don’t have to manually launch applications as administrator, they’ll just present a UAC prompt when they require administrator access. You don’t have to type a password, either – just click a button. The UAC dialog is presented on a special, secure desktop that programs can’t access, which is why the screen appears grayed out when a UAC prompt appears.

image

UAC Makes Using a Less-Privileged Account More Convenient

UAC also has some tricks up its sleeve that you may not be aware of. For example, some applications could never run under standard user accounts because they wanted to write files to the Program Files folder, which is a protected location. UAC detects this and provides a virtualized folder – when an application wants to write to its Program Files folder, it actually writes to a special VirtualStore folder. UAC fools the application into thinking it’s writing to Program Files, allowing it to run without administrator privileges.

Other tweaks made when UAC was introduced also make it more convenient to use a computer without administrator privileges – for example, standard user accounts are allowed to change power settings, modify the time zone, and perform some other system tasks with no prompts. Previously, only administrator user accounts could make these changes.

image

UAC Isn’t As Annoying As It Seems

In spite of all this, there are many people who now disable UAC as a reflex, without thinking about the implications. However, if you tried UAC when Windows Vista was new and applications weren’t prepared for it, you’ll find that it’s a lot less annoying to use today.

  • UAC Is More Polished In Windows 7 – Windows 7 has a more refined UAC system with less UAC prompts than Windows Vista had.
  • Applications Have Become More Compatible – Application developers no longer assume their applications have full administrator privileges. You won’t see as many UAC prompts in day-to-day use. (In fact, you may not see any UAC prompts in day-to-day computer use if you use well-designed software – only when installing new applications and modifying system settings.)
  • UAC Is Most Annoying When Setting Up a Computer – When you install Windows or get a new computer, UAC seems worse than it actually is. When you’re installing all your favorite applications and tweaking Windows settings, you’re bound to see UAC prompt after UAC prompt. You may be tempted to disable UAC at this stage, but don’t worry – UAC won’t prompt you anywhere near as much when you’re done setting up your computer.

If you use an application that shows you a UAC prompt every time you start it, there are ways to bypass the UAC prompt – it’s better than disabling UAC entirely:

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 09/18/12
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!