Many users of Windows Vista and Windows 7 are familiar with the User Access Control (UAC) feature. You know… that annoying popup that asks for your permission before completing nearly any task that involves modifying system files or installing software.
So many users find it so repetitive and annoying in fact, that there are help articles all across the web detailing how to disable the UAC feature on any Windows system. Even here at the Free Computer Maintenance blog, for its performance benefits.
Well, as it turns out, that feature is there for very good reason, and should be left enabled, according to one researcher at Microsoft.
As reported in a new blog post by Joe Faulhaber, a researcher at the Microsoft Malware Protection Center, an increasing number of Windows users are opening themselves up to attacks by rootkit and worm malware by turning off the User Access Control (UAC) feature.
In some cases, it even appears that malware is exploiting a workaround to deactivate the UAC feature on its own. In these instances the malware has three (3) primary ways to bypass the UAC:
- Exploit another service that already has administrator rights
- Convince a Windows user to click “OK” on a fraudulent UAC prompt, or
- Through a system that already has the UAC disabled
“The key factor here is that for malware to successfully turn UAC off, the malware must itself be elevated to run as administrator. Unfortunately, many Windows users have disabled UAC,” states Faulhaber.
Reports show that about 23% of computers reporting detections in a day had UAC disabled. Faulhaber goes on to mention that “while some threats directly turn off UAC, others have a lower success rate when UAC is on.”
This is all to say that in addition to keeping your antivirus program up-to-date and always updating your software, Microsoft recommends that you leave UAC enabled.
It might be somewhat annoying to give approval to so many tasks, but its better than the alternative of compromising your PC security. Put simply UAC helps defend your system against malware.
If User Access Control (UAC) is disabled on your computer, you can follow these steps to turn UAC back on.