To install and run programs on Windows systems, one must have Administrator privileges. Running with Administrator privileges, however, makes compromising systems much easier, as in the following examples:
• A user may unknowingly download and install malware from a malicious or infected website.
• A user can be tricked into opening an email attachment that contains malware and potentially installs and runs on the computer without the user’s knowledge or consent.
• A removable drive (i.e. USB memory stick) can be inserted into a computer and Autoplay will attempt to run software (malicious or non-malicious) without user intervention.
• A user can install unsupported applications that can adversely affect a Windows system’s performance or reliability.
With UAC, Windows Vista provides a method of separating standard user privileges and tasks from those requiring Administrative access. In standard user mode, users will be able to perform more tasks and run applications without needing to be logged on as Administrator. In addition, while users are logged on as Administrator, the Administrator Approval Mode feature in the UAC technology also helps to prevent malware from infecting users’ computers. Even though users are logged on as Administrator, most programs and tasks will be run under standard user privileges. When users need to perform administrative tasks such as installing new software or modifying certain system settings, they will first be prompted for their consent before they can complete such tasks. Note, however, that from a security perspective this feature does not quite provide the same level of security as when a user simply logs on to an unprivileged account. Still, it provides a layer of protection that is missing in Windows XP or Windows Server 2003.