How important is UAC for developers?

windows-vista uac

Our small team of developers primarily uses Windows Vista. There has been some debate about the importance of Vista UAC (User Account Control).

How important is UAC for experienced users, particularly developers, who are not likely to do not-so-smart things like open executables in email attachments?

And second: if UAC is disabled after a considerable amount of time, will the change adversely impact any programs (e.g., settings in Eclipse, etc)?


As a developer, if you code for UAC to be in place then your code will work on everything. I'm in an environment where security is of great concern and we can't buy a product that doesn't play nice with UAC.


I look at it this way... I'm a former security architect and incident response team lead. I've been a developer and a directory services administrator and infrastructure architect. Maybe I'm paranoid, but I run with UAC. There are too many zero days, too many legitimate sites getting hit, and too many new vectors out there for me to feel that I'm safe. It's also why I run with AdBlock Plus and NoScript on Firefox. Yes, it's an extra pain, but not as much as getting a system compromised and having to spend the time rebuilding it and reloading the apps.

I don't know that UAC changes any programs, per se, but it will impact how someone uses it and remembers what they have to do. A better solution is to go ahead and toggle those apps which need the rights (such as Visual Studio 2005) to run as Administrator from the start. Yes, you'll get the prompt, but then you have UAC on and still have the rights you need.


How important is UAC for experienced users, particularly developers, who are not likely to do not-so-smart things like open executables in email attachments?

I have to take issue with the idea that experienced users won't do / are less likely to do dumb things. Plenty of admins and developers got tricked by the weekly outlook worm du jour a few years ago.

Remember, you can only be "betrayed" by someone you trust. I trust myself and I don't run with rights I don't need.

I'm not sure if disabling UAC after a while will impact programs compared to turning it off straight away, but there are issues with programs behaving in unpredictable ways with UAC turned off.


Run as a normal user, as always - and use parts of UAC to easily change to a higher-privileged user when needed.

This shouldn't be any different than in NT4-XP running as a normal user and using runas to change to an admin when needed - only that UAC makes this a lot easier and trouble-free...

I don't see why you'd run any corporate desktop as an admin by default and using UAC to try and push down the privileges, prompting for elevation - this part of UAC seems like a consumer flirt trying to do something about those consumers always running as an admin without a clue.

But sure, if your corporate policy demands that they run as administrators for some reason - having UAC on won't hurt, in fact it will help in the same way as with consumers... so it would be best left on in any case.

Testing applications as normal users is something I just figured is always done regardless since NT4...

Related

Disable FastCGI Read Timeout in Nginx?
Apache rewrite all URLs to lowercase if contains at least one uppercase
What are the advantages of registered memory?
ZFS pool degraded on reboot
How can I change the SID of a user account in the Active Directory?
When accessing Samba shares from Windows 10, smbstatus is reporting duplicate nobody:nogroup PID entries
How do I find out the process id of the backgrounded process?
Renewing SBS2011 Exchange Self-Signed Certificate w/o changing home page in IE?
Pass your password to your SSH key via a script
Error when trying to add a 32bit driver to Server 2008 64bit
Is it possible to install MySQL extensions on Amazon RDS?
Puppet agent using 100% CPU, on a single node for an hour