One of the default settings in Windows is insecure. Here is how to make this setting (User Account Control, UAC) more secure:
- Click on the Start Menu.
- Click on Control Panel.
- Type “UAC” in the search pane.
- Click on “Change User Account Control settings”.
- Push the slider all the way up to “Always notify”.
- Click on OK.
- Reboot your computer.
Assuming you have a decent antivirus and choose wisely the programs you install, you are now protected against security threats!
Now for some technical explanations:
You probably know the infamous “are you sure” dialog introduced in Windows Vista. These dialogs are privilege elevation prompts and are part of a system called User Account Control (UAC). The whole concept of UAC is to prevent users from using an administrator account for their everyday tasks, thus protecting them from viruses and other malware.
Something you may not know is that Microsoft changed these prompts in Windows 7 because there were too many complaints with Vista. Most of the changes were well designed, but one of them is so bad it defeats the whole concept of UAC.
Leo Davidson made a proof of concept in 2009 that uses Microsoft UAC whitelists to launch any program with elevated privileges. This proof of concept may be easily modified to create a virus with full access to your computer, without any elevation prompt.
For the curious, here is a link to the proof of concept: http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
Luckily changing the setting as mentioned above seems to prevent this problem.
Why didn’t Microsoft choose the right setting by default? It was probably a business decision…
Bottom line: change the security setting then forget all this stuff and have fun!