Vista User Account Control

Contributed by sunkumarspace

User Account Control (UAC) is a feature of Microsoft Vista that changes the architecture of the access token creation process and prevents users from logging on with full administrative rights.

While the intent of this feature may have been enhanced security, all too often users need administrative rights for routine tasks like installing/updating programs and changing operating system settings. Additionally, many software applications need the appropriate access to run properly. This leads to poor user experiences because UAC always prompts the user on every administrative task. The prompts are slow to display and appear frequently without warning. Also, UAC prompts are confusing and do not provide users with any recommendations. This actually raises security concerns because prompting the user for every action with the intent that the user misses nothing is a false security model. The more a user is prompted, the more likely it is that he or she will dismiss the prompt without reading it.

The Norton UAC Tool does not disable UAC, it simply intercepts the prompt.  So you will still have the full protection of UAC (IE in Protected Mode, full file and protection, etc).

The Norton User Account Control tool will replace parts of the UAC system. It will utilize the UAC security feature from the architecture, while simultaneously improving user-friendliness significantly. The tool prompts recommendations based on an assessment on the user-action i.e. the signature information of the executable. The tool also has a “remember me” feature that allows users to suppress future prompts from the same action.

The goal of this tool is eventually build a white-list (as well as black-list) database on various administrative actions, and to enable users to make smart decisions without unnecessary prompts, using prompts only as a last resort. The prompt will provide users with as much information as possible, as well as recommendations on the action requested. The Norton User Account Control tool will collect user input as well as information about the application that causes UAC prompts. This data will be processed to help build and improve the comprehensiveness and robustness of the white list.

UAC is the abbreviation for User Account Control, a security “feature” added to Vista by Microsoft. As a Vista user, you have very likely interacted with UAC when you tried to install applications on your Vista machine or to make changes to system settings. They are the prompts that cause your screen to go grey while you’re asked to cancel or allow a certain action.

The Norton UAC tool allows an application to run with silently-elevated privileges only in a specific context, one previously approved by the user with the "don’t ask again" check box selected. This means that there is a difference between regedit.exe launched from the start->run box, regedit.exe originating from a shortcut double-click, and regedit.exe launched from a double click on a .reg file (and the context actually changes with each .reg file), and regedit.exe launched by an application (malicious or not). Given the contextual awareness of Norton UAC tool’s automatic responses, the Norton UAC tool provides a usability improvement over Vista’s default UAC prompts, while maintaining obvious security improvements in the Vista kernel (such as isolation, file/registry virtualization, and user interface privilege isolation) that are all disabled when UAC is disabled.

As for the impact to your system, the Norton UAC tool produces no running processes and is only active during a UAC prompt. We worked very hard to ensure the Norton UAC tool is as fast or faster than the built-in Vista UAC prompts.

According to techsupportalert the downside is that:

“Well that is pretty simple: Norton wants meta data.  When the Norton UAC Tool is used meta data about what caused the prompt and why is gathered.  Norton is also looking for what subject matter information was issued during the prompt and how long users waited until allowing or disallowing the prompt.  This information is phoned home to the Norton servers.  Norton is apparently trying to build up a white list and blacklist of programs to later add to their tool.”

The meta information contains file name and file hashes for the EXE that caused the prompt and the EXE that is to be the recipient of the elevated privileges. In addition, the meta information contains file name and file hashes for DLLs that were active in either of the two EXEs, response information (e.g. what option did the user choose, how quickly, and did they choose "do not ask me again"), and date/time info.

This program is less intrusive and also seems no intrusive at times also not heavy on system performances, also it does not work as running process thus not putting weight on the system and also it activates when UAC activates .


size:    1.12 MB for x86 and 1.55 MB for x64.

Status: free , no registration required


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *