Are there any security benefits to running as a Standard User in Windows 7 with UAC turned all the way up?

security windows-7 uac

Solution 1:

(Reference: In 2009, Microsoft engineers specified that UAC is "not a security boundary.")

And they are perfectly right. Your concern should be your user role on the system. If you setup yourself as a regular user, but are always seeing UAC prompts or having to elevate your privileges through a password prompt in order to do your work, you are effectively an Administrator of your system and you should log on as one.

UAC prompt security would in fact be compromised if you didn't, because invariably you are going to start to hit prompt options mechanically and essentially reducing the UAC prompt to just a subconscious confirmation layer between you and your daily actions. Soon enough you won't be able to distinguished between a rightful prompt and a prompt you should actually be suspicious of.

So, in short, if you are administering your machine, if you are constantly requiring administrative access to your computer, you are your computer Administrator and you should set your account as such.

Conversely, a regular user shouldn't see many prompts. Their daily operations of opening applications, sending documents to be printed, reading and replying emails, aren't (or shouldn't be) operations that require administrative privileges. It's when they try to do something they shouldn't, like installing an application or trying to change system settings that UAC will step in. Then they call in for the system administrator to take a look and either elevate their privileges for that operation by writing his password, or refuse to take part of that folly.

...

Security is thus still mostly a user concern and responsibility. UAC helps, no doubt. But by establishing responsibility boundaries by clearly separating the user and administrator roles (something we didn't have on Microsoft desktop operating systems before Vista). Doing this, UAC helps ensure that most (if not all) security concerns are delegated to the administrator.

It certainly introduces features that complicate certain malware. UAC Virtualization is one of them. But UAC doesn't want to replace user roles. Again, if you are an administrator, log in as an administrator.

For a deep understanding of UAC, Read Inside Windows 7 User Account Control, by none other than Mark Russinovich, one of the professionals responsible for it. I suggest in particular you follow his links as you read the whole text. Most particularly the conference video, and the ones that read "UAC Internals" and "revisit the relationship between UAC and security", in the Contents section. But generally speaking you should hit all links to gain a deep understanding of this feature. All you probably ever wanted to know, is there.

It took me about 3 days to fully read and interiorize all the concepts within. But it's well worth it if you take it at your own pace.

Related

How to adjust the sound volume in small increments in Mac OS 10.7 (Lion)? [closed]
Piping video device over SSH or tcptunnel?
What's a "powered" USB port?
Logging out of a network share drive without reboot?
Difference between "reg save" and "reg export"?
What is the "park-agent" service used for?
How does one add an axis label in Microsoft Office Excel 2010?
How can I remove all white parts from an image in Photoshop?
Check wireless card manufacturer and model in Linux Mint 11
Get active network interface on Windows
F12 and Ctrl+F5 not working correctly
Execute script/program when file changes