Menu
I didn't upgrade to Vista until May or so and one of the things I've always heard developers I know in real life say is "first thing you should do is turn off that UAC crap"
Well, I've left it on this whole time for a few reasons. First, just as a failsafe in case I do something idiotic like have a momentary lapse of reason and run an attachment from an email, or in case I view a site which hits some unpatched exploit. Second, as a big of an experiment to see how good or bad it really is.
Finally, I figure that it enforces some better practices. I used to develop every website in Windows directly in inetpub\wwwroot (Visual Studio .NET 2003 more or less required this) but now I develop them elsewhere because the UAC clickfest is a nightmare. I figure this is Microsoft's way of saying "you should really be doing it this way".
By way of another analogy - if you wrote a web app which runs on XP and 2000 just fine but requires 50 different security features of Server 2003 to be turned off, the real solution might be instead to just fix the application such that it doesn't require the security features to be turned off.
But now I'm having to work with an app which is really really NOT designed to be developed outside of inetpub/wwwroot and so UAC is really a nuisance. It's beyond the scope of the project to rectify this. I want to stick to my guns and leave UAC on but I'm also worried about being so autopilot about clicking "Yes" or "Allow" three times every time I need to modify a file.
Am I just being hard headed? Do most developers on Vista leave the UAC on or off? And for the instance described above, is there a better/easier way?
768
For troubleshooting application problems, temporarily disabling UAC may help pinpoint the problem or relieve the issue. Be sure to restore this security setting as soon as the issue is resolved.
User Account Control (UAC) is a new feature that helps prevent malicious programs, also known as "malware," from damaging a system. UAC stops the automatic installation of unauthorized applications. UAC also prevents unintended changes to system settings.
If UAC is disabled, then IE Protected Mode is also disabled. What this means is if a vulnerability is triggered via Internet Explorer, then the resulting code that executes should have the same privileges as the logged-on user.
Desktop apps that make lots of system changes can fail to work once UAC is turned on, after their installation. However, they will function properly if you install them when UAC is turned on. When UAC is turned off, the virtualization techniques used by UAC for all applications are inactive.
I think it is necessary to leave UAC on on a test machine, so you can see what a real user would see using your app. However, I turn it off on my development machine since I find it distracting, and I trust myself enough to not need it.
(Hopefully your test machine != your dev machine right?)
All this being said, I support UAC, and I am not recommending anyone else turn it off, especially 'common users'.
192
I code in a standard user account, with UAC turned on.
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
