Vista User Account Control

Q: What is UAC?

A: UAC is the abbreviation for User Account Control, a security “feature” added to Vista by Microsoft. As a Vista user, you have very likely interacted with UAC when you tried to install applications on your Vista machine or to make changes to system settings. They are the prompts that cause your screen to go grey while you’re asked to cancel or allow a certain action.

Q: Why is Norton Labs working on a replacement to this Vista feature?

A: Microsoft did a great job of adding additional security in the underlying kernel components that trigger UAC alerts. Since disabling UAC also disables these additional kernel security features, it is useful (from a security standpoint) to leave UAC enabled. The issue is that the UAC prompts are annoying, and most users end up disabling UAC when they get sick of seeing these prompts. Norton Labs is working to create a white list of unnecessary UAC prompts so that users can benefit from the additional kernel security features while interacting with a UAC prompt less frequently.

We decided to write this tool after we noticed two alarming trends with UAC. The first is that users fully disable UAC – this is a horrible workaround to a minor usability issue (since it disables isolation and virtualization - which in turn removes IE's protected mode). The second is that users get so used to responding to UAC prompts with "allow" that the prompts are often not even read by the user (Chicken Little “the sky is falling” syndrome).

Q: So... what does this replacement offer me?

A: The Norton UAC tool allows an application to run with silently-elevated privileges only in a specific context, one previously approved by the user with the "don't ask again" check box selected. This means that there is a difference between regedit.exe launched from the start->run box, regedit.exe originating from a shortcut double-click, and regedit.exe launched from a double click on a .reg file (and the context actually changes with each .reg file), and regedit.exe launched by an application (malicious or not). Given the contextual awareness of Norton UAC tool's automatic responses, the Norton UAC tool provides a usability improvement over Vista's default UAC prompts, while maintaining obvious security improvements in the Vista kernel (such as isolation, file/registry virtualization, and user interface privilege isolation) that are all disabled when UAC is disabled.

Q: What kind of impact does this tool have to my system?

A: As for the impact to your system, the Norton UAC tool produces no running processes and is only active during a UAC prompt. We worked very hard to ensure the Norton UAC tool is as fast or faster than the built-in Vista UAC prompts.

Q: What does Norton Labs get out of my testing?

A: DATA! Each time you see a prompt, the Norton Labs UAC Replacement sends meta information about what caused the prompt, and why, to our server. This data will be used, in aggregate, to help Norton Labs build a white list that can be shipped with the UAC replacement and LiveUpdated as needed. Also, we are collecting information on the subject matter of prompts in addition to the response times to determine if reducing the overall number of prompts (by allowing users to remember their answers) causes users to spend more time reading the prompts. Microsoft records very similar timing and response information for all of Vista and Office when you agree to take part in the Customer Experience Improvement Program.

Q: What do you mean by "meta information"?

A: The meta information contains file name and file hashes for the EXE that caused the prompt and the EXE that is to be the recipient of the elevated privileges. In addition, the meta information contains file name and file hashes for DLLs that were active in either of the two EXEs, response information (e.g. what option did the user choose, how quickly, and did they choose "do not ask me again"), and date/time info.