Microsoft"s UAC in its Vista operating system release was meant to signify that finally, the company has gotten serious about securing Windows by limiting a user"s rights during day-to-day computer usage. It"s come to signify something much less than security or trust in the minds of some security experts, though. Security expert Joanna Rutkowska kicked off the dissection of UAC in her blog, and the latest salvo against User Account Control was heaved by Symantec Research Scientist Ollie Whitehouse with a Feb. 20 posting titled An Example of Why UAC Prompts in Vista Can"t Always Be Trusted.
The upshot: Microsoft has admitted that yes, UAC is liable to social engineering. The idea behind User Account Control is to limit user privileges as much as possible for most of a user"s interaction with the desktop. User rights are elevated only when necessary for administrative tasks, at which point a dialog box prompts the user to OK the escalation. Limiting normal permissions is a good thing, given that it reveals less operating system surface for an attacker to latch onto. The problem, according to Whitehouse, is the level of trust granted to UAC prompts—a level of trust that he thinks is undeserved.