User Account Control Limits Exploit Impact

Following the lead of competing OSs such as Apple OS X and Linux, Windows Vista will allow users to run with the least privilege needed to perform a task such as running an application or installing new software. Using the least possible privilege to perform a task limits the damage that a mistake or malicious software can inflict on a computer, because such attacks operate in the security environment of the current user, and if that user’s security environment forbids access to system files or services, the attacker is similarly limited. However, because many Windows applications assume that users have administrative privileges, Microsoft has tried to balance security and reliability with application compatibility.

The Problem of Privilege

Windows NT, Windows 2000, and Windows XP all allow different users to be assigned different privileges, such as rights to create a new account, install software, or open a file for backup. In addition, specially privileged user accounts (system, local, and network service) are used by Windows’ Service Control Manager, which runs various Windows OS services and processes that run for all users and applications under these specialized system accounts.