Does UAC kill the need to run as a regular user?

security windows uac

Professionally, I've run as a standard user for a decade, and had mastered all the little tips and tricks to administering an enterprise using nothing but runas. Now in trots UAC, and while it makes some situations easier... For the most part all this thing does it get in my way.

I'm an Administrator, Outlook is the only process running on my pc that doesn't need elevated credentials! Yet I spend all day not only accepting prompts, but entering my password 200+ times a day. I believe in the REAL security UAC provides my environment, but the password over and over... it's maddening.

My question is this, with UAC forcing us to run a standard user is it safe? Can we go back to the NT days. Would you trust UAC enough to just log in with your admin account? Does UAC do enough to protect your Domain credentials?

Update: Put another way do we place UAC on the same level as sudo? Yes there will be bugs, but can we start to reorganize how we do business around this feature, or is this to protect my mom(not ready for primetime)?


NO.

Check this out: http://www.istartedsomething.com/20090131/microsoft-dismisses-windows-7-uac-security-flaw-insists-by-design/

And this: http://www.withinwindows.com/2009/02/04/windows-7-auto-elevation-mistake-lets-malware-elevate-freely-easily/

EDIT

I think I might be out of date, I am not sure the current status of UAC now. According to this: http://blogs.msdn.com/e7/archive/2009/02/05/uac-feedback-and-follow-up.aspx they fixed the first issue.


A qualified yes, UAC allows windows to treat an administrator as a limited administrator. You have all the rights of an admin but have to do a UAC event each time. Why does this matter? The UAC dialog box is no ordinary MsgBox() it is actually in a separate user space and separate desktop instance. With an image of what you where seeing before it popped up in the background. You can't (at least I haven't been able to) call any user interface manipulation APIs to interact with the UAC from your user session. So this does (it appears) grant some level of security. If your logged in as admin and some application that you didn't expect (or don't remember invoking) pops up a UAC it can't go on with what it was doing without your intervention.


No. UAC is not a security boundary, as stated by Microsoft themselves. Even at home, I run as a limited user.

Related

Compress and host large amounts of static HTML
Why attend Tech.Ed?
file ownership for new files with administrator - why is it giving ownership to the group administrators?
Apache RewriteRule for proxying
How should I convert a physical drive to a VHD for use with VirtualPC?
Document Control Software
What does $0^+$ mean [closed]
A generating set of cardinality $n$ in the free group $F_n$ is a free basis.
What are the asymptotic bounds for the $L^1$-norm of the Dirichlet kernel?
Consider $g_n(x)= \sqrt{x^2+1/n}$ for $x \in [-1,1]$ and $n$ be a natural number. Find the limit $g(x)$ of $g_n(x)$. Is the convergence uniform? [duplicate]
Can a linear function have zero slope?
How does one arrive at the basic limit formulation for the Stieltjes constants?