In the mailbag this morning was this eweek article on how Vista's User Account Control (UAC) Will Reform Developers, where a Gartner analyst says that developers should ship software apps that (in some cases) don't require administrator rights. Speaking at Gartner's IT Security Summit this week, analyst Neil MacDonald said UAC "has plenty of people confused regarding what, exactly, it is."

In case you missed it, here's a technet article on UAC that explains how "Windows Vista makes it possible for organizations to deploy a more manageable and secure desktop in which administrators can run as standard users (formerly users) and still perform administrative tasks."

Although gizmodo noted that UAC was "pretty much the most annoying OS feature I've ever dealt with" it does have benefits. As Peter Watson notes (Microsoft Australia's chief security advisor)...

"There has been a lot of misunderstanding in the market around User Account Control (UAC). If you look at it from an architectural direction User Account Control is a great idea and strategically a direction that all operating systems and all technologies should be heading down."

Of interest: this article on how to make User Account Control (UAC) less annoying.

"[Gartner's] MacDonald had additional advice on deploying UAC:

  • Use the migration to Windows Vista as a catalyst to have more users run as "standard user." This may not be appropriate for all users, but can be for many.
  • For administrators, require approval when an administrative task is attempted.
  • When critical vulnerabilities are announced by Microsoft, see if the malicious code is restricted to running in the context of the user.
  • Note that if the organization's goal is to "lock down" the computing environment, UAC won't be enough, and third-party tools will be required."

Of interest...

Tags: , , , .