Windows Vista Security

Windows Vista Security, Taking Paranoia to another Level?

Over the last few years, most of us have been introduced to the new line of Macintosh commercials with the 2 type of computers. (I.e. Mr. Hello, I’m a Mac, and Mr. Hello, I’m a PC.) These commercials for me have provided some, but minimal if any, humor in the “Superiority “ of a Macintosh over a Windows based computer.  Now understand I am very open to using any Operating System or computer whether it is Windows based, Macintosh, Unix/BSD, Linux, or any other type to accomplish a task put in front of me. All operating systems have their strengths and weaknesses, but after 15 years in the IT field, there still in my eyes is not a “Perfect” Operating System.

The main reason I bring Mac commercials up in this article, is because of the most recent commercial released is based on Vista Security. The two computers are trying to talk back and forth, and there is a Secret Service looking gentleman behind the PC who is stopping all communication inbound or outbound with the Mac until the PC “Allows” or “Disallows” the action. Now if you have used Windows Vista, then you are aware of what feature they are mocking in the commercial, because you probably had to hit the “Allow” button just to read this article.

Now the feature that they are referring to in this commercial is called the Windows UAC (User Account Control) feature.  The UAC controls security for actions ranging from installing applications, to modifying network connections, to accessing core system files, and even down to the simple use of surfing the Internet. The real reason behind Microsoft’s implementation of this feature was more for the

Enterprise level infrastructure, in which desktop security has become too loose. Until

Vista, Network Engineers have some

times been forced to give a user MORE Administrative permissions then needed so they can do or run certain Administrative tasks that a standard Windows user cannot complete. These tasks can be something as simple as installing a printer driver, to allowing local Active X controls, or accessing Web Design Applications that need access to  local services. Unfortunately, to complete these simple tasks, an Administrator would have to grant Local Administrative rights to a user who may have just started with their company the day before just to get their applications working.

There is also another reason why Microsoft is implementing the UAC. A standard end user or home user that uses their computer for minor applications, surfing the Internet, or checking email has been vulnerable to hundreds if not thousands of exploits in their Operating System.

Most users have no idea that they are even being exploited because the exploits themselves are hidden and very difficult to find.  The UAC is designed to stop any invalid attempt to install a program that you did not ask to be installed. Hackers or malware companies use these “Backdoor Exploits” to maliciously Phish or steal personal information such as login info, passwords, credit card information, or personal data. A simple website can install a script or program on your computer that can log every keystroke you type into the PC and then send the logs to a destination of the exploiters choice. So if you have ever wondered how your email address keeps getting more and more spam or advertising emails every day, your PC may have been exploited.

Understand that there is a reason that the Macintosh Operating Systems are not exploited as much. Macintosh has less than 3% of the total PC market, and if you were a hacker or advertising company, wouldn’t you rather write an exploit that targets more than 60% of the PC market that Microsoft controls? Malware is designed to play off of the masses, so why would they target anyone BUT Microsoft?

In the new commercial, Macintosh makes it seem impossible to turn the UAC off without completely letting down ALL security for your Windows Vista computer. For the standard end user who does not understand system rights, privileges, and permissions, I would say that turning the UAC off is a bad idea. But for anyone who stays up to date on their Anti-Virus, Security, and Spyware removal software, turning off your UAC can be very harmless.

Important: I am not recommending that ANYONE turn the UAC  feature off, this option is at your own discretion and if you or your data become compromised by turning it off, then please understand that this article is intended to be used as information ONLY. It was not designed or wrote with the intention of helping people disable your UAC.

How to disable your UAC:

1.      Make sure you are logged in as an Administrative User Account.

2.      Click the START button, and then click on the “Control Panel” menu option.

3.      During this process the UAC will keep asking you if you are sure you want to access these next few links. Just click yes to accessing these links and you will be able to proceed.

4.      Once the Control Panel box opens, look for the “Classic View” link in the top left corner, and click the link.

5.      You will then need to scroll down through the options and find the “User Accounts” icon, and double-click the icon to open your user options.

6.      You will see a link that reads “Turn User Account Control on or off”, click that link.

7.      There will now be a check box that you can uncheck to disable your UAC. If it is already unchecked, then your UAC is already disabled.

8.      Once you have made sure the box is unchecked, click the OK button.

9.      You will then be prompted to reboot your computer. Click Restart Now, and upon your next boot you will no longer have the UAC watching over everything that you do.

You can repeat this process to enable the UAC again if you choose too. I have been running my Windows Vista Operating System for quite sometime now, and have had the UAC disabled since the day I installed the Operating System installed, and have had zero exploits or issues. Again, I do have a very popular Anti-Virus on my computer, as well as a multiple Spyware scanner and remo

val tools running on my system that I update every day. If you disable the UAC without these types of applications to protect you, then you are very vulnerable to security loop holes. 

I hope this article is helpful in helping you to understand the Vista Security a little more, and if you would like to know more, please contact me at rcorrea@dtidata.com.

Good luck,

Richard Correa, MCP, MCSA, MCSE, MCDBA
Senior Network Engineer
DTIData – DTI Networks
rcorrea@dtidata.comhttp://www.dtidata.com
http://www.dtinetworking.com