The best way to keep a system secure is to limit what users can do on a system. The less they can change, the less damage programs run by them can do, assuming there are no security holes, of course.
Windows XP comes with two standard levels of user account: administrator and user. The idea is that regular users can’t make fundamental changes to the system. Unfortunately, many programs fail to function as standard users because they try to perform tasks that the user isn’t permitted to do. This might include writing to restricted sections of the Windows registry. A growing number of applications will run fine as a ‘user’, but this remains an issue.
Many XP users, then, run as an administrator, meaning all programs should run OK, providing they’re XP compatible. Of course, running as an administrator means it’s much easier to break a system, be it thanks to making a mistake, or thanks to malicious software.
Vista takes the concept of limited user accounts further, in an attempt to both better protect the system and improve usability.
How it works
Vista adopts a policy similar to that seen in other Operating Systems such as Linux, whereby user privileges are restricted all of the time, except when they need to be escalated to perform a certain task. As such, whether a user has administrative privileges or not, programs and tasks are generally performed with restricted privileges.
However, a time comes when privilege elevation is required. This might be program installation or system settings changes. At this point, Vista’s User Account Control (UAC) will present a prompt. Regular users will have to enter an administrator’s password to perform the task. Administrators, however, simply need to confirm that they want the task to take place. In either case, this prevents a task from running with elevated privileges without confirmation.
Some applications still like to write to files and registry entries in places that aren’t allowed with restricted privileges. In Vista, this can be overcome with file and registry virtualization. An application behaving in the aforementioned way is presented with virtualized portions of the registry and file system. The application can do what it wants, but doesn’t affect the files and registry entries as seen by other programs; it has its own ‘virtual’ copies.
Prompting before elevating privileges will go a long way to preventing malicious software from rampaging across systems. However, these prompts can sometimes get monotonous, leading users to jump to the confirmation button without checking what’s actually going on. It’s important that users remain vigilant, so as to avoid putting a system at risk.