Admins Are Omnipotent | Windows Vista Security. Securing Vista Against Malicious Attacks

Admins are omnipotent-all the time. Even when you only log on to read e-mail. Or surf the Web. Or download files from your favorite file sharing service. Or write a letter to your congressman. Or accidentally click on an attachment that you shouldn't. Or when your kid chats with friends online.

Those tasks, when taken by a user that is an administrator, have complete and unfettered access to the computer. Any one of those tasks, or any task that manages to subvert one of them, can do absolutely anything on the computer: steal all your personal information and send it to a criminal syndicate in a country you've never heard of, install new rootkits when you stick a music CD into your comptuer, upgrade existing rootkits when you log on, use your computer to attack the Federal Reserve Bank of San Francisco, install adware, spyware, botware, malware, and trojans. All of it. All while you, or your kids, or your aging parents, or your dog, are surfing the Web for information on, say, scuba diving in Sharm El Sheikh (http://www.sharmguide.com/). Two years ago, Intel CEO Paul Ottellini revealed that he spends an hour a week removing spyware from his daughter's computer. Notwithstanding the obvious questions of what Web sites this computer goes to, you cannot help but wonder how many hours he would spend if she were not browsing the Web with admin privileges. As it were, each accidental click does not have to result in spyware being installed, if you do not browse the Web as an admin. Sadly, doing so was not exactly easy.

The point we are trying to get across, not particularly succinctly, is that the vast majority of things you do when you run your computer on a day-to-day basis are not inherently administrative tasks. Yet, too many of them require administrative privileges. Therefore, because it is too painful to figure out how to make what we need to do work without being admins, we make everyone an admin. This is what enables so many attacks against users to be so successful.

UAC was designed as a first step toward rectifying this situation. The primary goals of UAC, included making many more people able to run as nonadmins most of the time.