If you've used Vista, you've probably been exposed to the UAC dialog. It's the security dialog that pops up when the screen goes gray, and asks you permission to perform a task which requires admin-level elevation. The idea behind it is that once programs are written for Vista (with UAC in mind), they'll sort themselves into two categories: Trusted programs that require administrative privileges (and have to pass a UAC prompt) to do their jobs, and programs that run fine without administrative privileges.
The big problem with rolling out UAC is how to deal with all of the legacy applications that have to still work. I roughly divide legacy (pre-Vista) programs into five six categories:
The majority of programs that run don't try to do anything forbidden like writing to system directories or opening . These programs will run fine under Vista.
Even a well-intentioned app might open a system registry key for full access when it only reads the key, or might write its settings to a config file in the program files directory, because that was perfectly OK under XP where everybody ran as Administrator. For these apps that didn't really need admin access, the system virtualizes these accesses. A virtualized program is allowed to read and write as if they're writing to the system, but those changes are virtualized under the user's AppData folder.
Some programs are fully intended to administer the system, and cannot run properly in restricted user mode. Simply double-clicking this utility will cause it to fail, because the system doesn't know that it needs elevation. These legacy programs must be launched with elevated privileges in order to work. The three common ways to do this are to right-click the .exe and select "Run as Administrator", to select "Run as Administrator" in the compatibility tab of the program's properties dialog, or to run cmd.exe as administrator and launch from there. Any of these methods will get you a UAC prompt, of course. Fortunately most people don't need to run programs in this category very often.
Though many in the blogosphere would be quick to disagree, I'm actually glad that the UAC dialog is showing up here. The dialog serves two purposes for me. It is a warning flag whenever something is about to get access to my system's tender bits. It is also a reminder that whenever it isn't there, the OS is making certain that whatever's running can't get at my system's tender bits.
Some programs we just don't want to allow admin privileges to. This is the class of programs for which UAC was invented.
An installer is a special case of one of the previous categories which often needs more privileges than the program it installs. This is because installers have to set up directories, resources, and registry keys. Though it is possible to create an installer which does not need admin privileges, most legacy installers do need them and will fail without elevation, resulting in a bad user experience. The Vista planners recognized this, and made installers a special-case. Because most legacy installers will fail if they are not run elevated, Windows Vista will automatically elevate the privilege of any legacy installer.(after raising a UAC dialog, of course)
Eventually, application designers will write more Vista-aware programs, which understand how to work around the different privilege levels. A Vista-aware program can contain a manifest, which contains metadata on the program including whether or not it needs elevation. Because unnecessary UAC dialogs annoy users, software vendors will work to avoid them. In the ideal application world, then, the following happens with our five categories.
Ideally, when the only programs that legitimately require elevation are system utilities and driver installers, the user will see very few UAC dialogs, and will be vigilant for malware whenever it rears its ugly head. What a wonderful world it will be, then. :-)
Some programs would run just fine on the OS, except that they bind to one specific version to the exclusion of later versions. You may have seen this one, which pops up a dialog in setup on Vista saying "You must run this program on Windows XP". The program checks GetWindowsVersion equal to XP, rather than checking that it's greater or equal. For these buggy programs, there's Compatibility Mode. When you run a program in Compatibilty Mode for a given version of Windows, Vista will lie to the program and pretend to be that version, causing it to run correctly. To turn on Compatibility mode for a program, right-click the program
and select Properties. In the Compatibility tab, select "Run in
Next time: See if you can spot the social engineering hole in this model.
UPDATE: It seems I mixed up virtualization with compatibility mode. Fixed above (#2 and #6)