Windows 7 RTM Review: Improvements But Security Issues Remain

This acknowledgement was necessary because in Vista the user does not operate day-to-day as an administrator (even if he or she has administrator rights). When performing an administrative action, the UAC prompt bumps up user credentials to admin levels to perform only that task.

Windows 7 keeps UAC in place, but implements a number of changes in an effort to make the alerting and acknowledging system more palatable to users and administrators alike.

Levels of enforcement make things worse

The new OS introduces levels of enforcement to UAC, presented via a Settings panel with a slider bar that can easily move the user between four different modes of enforcement.

At the strictest level – analogous to how UAC worked in Windows Vista – the system will always prompt the user when changes are made to system settings or when installed applications try to access restricted parts of the file system.

Windows 7’s default level, however, notifies the user when applications try to make changes, but not when the user does. An easy way to experience the difference is by accessing Computer Management. In the strict mode, the user must acknowledge (or approve) to even view the panel, while in the default mode an administrative user can go right in and start changing things.

The third mode is similar to the default, but doesn’t require the use of the Secure Desktop – the isolated interface that otherwise appears to the user and can’t be tampered with by a program. The fourth mode, meanwhile, never notifies the user or asks for approval. This mode is recommended for use only when accessing a program known to founder under UAC purview.

In truth, the new settings – including the new default – serve to worsen the security protections UAC affords. I’ve turned UAC in Windows 7 up to the Vista-like maximum on my machine.

Applocker whitelists applications

An interesting complement to UAC is available to Windows 7 Ultimate and Enterprise customers. Called AppLocker (a descendant of XP and Vista’s Software Restrictions Policies), this feature provides application whitelisting – specific authorisation for applications to run on a computer. A user or an administrator creates a policy that allows only authorised applications to run at all, and all others (whether malware or simply unapproved code) will not be able to start.

Control over AppLocker policies resides within Microsoft’s familiar Group Policy architecture. Using the Group Policy editor, I could view existing policies, create new ones, and decide whether to enforce the policies or simply audit them to find out whether people were using applications that could run afoul of the new security.

According to AppLocker, there are three categories of executable code (windows executables, Windows installers and scripts), and each must be configured separately. I could choose enforcement for one classification and audit-only for another.