Windows User Account Control

Microsoft introduced Windows User Account Control (UAC) with the release of Windows Vista in 2006, and it was one of the features that stuck around after Vista’s demise. UAC is a built in security feature that prevents programs from running without permission. In many cases, malware could be installed on a computer without user intervention. Malware could be installed by opening an infected email, visiting an infected web site, or even sharing infected removable storage media (floppy disks and USB flash devices, for example).

UAC theoretically provided some protection against malware infections by preventing software from running without administrator permissions. If a program tried to install on a computer, UAC would pause the installation and request administrator approval. In some cases, the administrator username and password may need to be used if a non-administrator user is logged in at the time. UAC serves another purposes of limiting users from installing unauthorized software – some of which could be infected with malware. Admittedly, UAC can be an intrusive pain in the neck, but it does provide some protection and should be left turned on to one degree or another.

The UAC interface can be accessed on the Control Panel as follows:

• Win7: click Start > Control Panel > User Accounts > Change User Account Control settings.
• Win8: click Start > down arrow > Control Panel > User Accounts > Change User Account Control settings.
• Win10: Click the Cortana search box and type “Control Panel”. When Control Panel opens, click User Accounts > Change User Account Control settings.

I’m using my Win7 VM for these screen captures, but the interface and pop-ups are similar in Win7, Win8, and Win10.

There are four UAC levels, as shown in the following screen captures, shown from strictest to most lenient. The second capture shows the default level. You can change between the levels by moving the vertical slider and then clicking the “OK” button. Changes to the UAC level will likely require a reboot to implement the level of security.

“Always notify me” displays a pop-up warning any time a user tries to make changes to Windows settings (like changing UAC) or install software. The screen will be locked with the security desktop (dimmed screen) until the user acknowledges the pop-up by either allowing or blocking the installation. This is the safest / strictest, but also the most intrusive level

“Notify me only when programs try to make changes to my computer” is a little less intrusive. It doesn’t display the security pop-up when you try to make changes to Windows settings, but still shows it when software installation is initiated. The screen will be locked with the security desktop (dimmed screen) until the user acknowledges the pop-up. I recommend staying with the default level in most cases.

“Notify me only when programs try to make changes to my computer (do not dim my desktop)”is similar to the previous level and shows it when software installation is initiated; however, the security desktop (dimmed screen) is not used. I normally use this level because I want the protection of UAC without the intrusiveness of the security screen.

“Never notify me” is the most lenient and most unsafe level to use. It disables UAC and leaves the computer vulnerable. Malware may be able to install itself without any form of user or administrator intervention.

The next few screen captures show the UAC pop-up and security screen at the different levels.

This is a screen capture of the security pop-up with the grayed out / dimmed security desktop:

This is a screen capture of the security pop-up without the grayed out / dimmed security desktop: 

This is a screen capture with UAC turned off. As you can see, there's not alert pop-up; the program installation simply begins.

In all three cases, I was attempting to install an update for CCleaner without specifically using administrator permissions.

The basic security pop-ups are similar in Win7, Win8, and Win10; however, MS added two new pop-ups for Win10. Win10 now has a pop-up advising that UAC blocked an unsafe program. This pop-up does not allow users to approve or disapprove the installation; it just blocks the installation altogether. The second pop-up prompts for confirmation to install a program from an unknown publisher. Legitimate software installations – in most cases – won’t prompt this alert, but it happens from time to time if Windows doesn’t recognize the developer or security signature. This alert will prompt the user whether or not they want to allow the installation to continue. The three levels are shown in the following image (borrowed from Wikipedia). From top to bottom: blocked app, app with unknown publisher, app with a known/trusted publisher:

That’s Windows User Account Control in a nutshell. UAC is intended to provide an additional layer of protection against malware and it does that fairly well. Turning it off isn’t recommended, even though it can sometimes seem overly intrusive. Dealing with UAC, though is MUCH easier than dealing with a malware infection – take it from someone who spent close to a week removing hundreds of malware infections from a single workstation (at work, not my own). You can read more online starting with the sources I listed below.

As always, I'm open to questions and constructive comments. Your feedback is welcome.

Sources:

• User Account Control
• How User Account Control works
• Guided Help: Adjust User Account Control settings in Windows 7 and Windows 8
• Disable User Account Control (UAC) the Easy Way on Win 7, 8, or 10
• Why You Shouldn’t Disable User Account Control (UAC) in Windows
• What is UAC (User Account Control) and why you should never turn it off