Friday: Mark Russinovich explains UAC

Windows Internals is one of my favorite Windows books (in the list of books that I'll never finish). So I was keen on seeing Mark's talk about Vista kernel and UAC. SEC411 - User Account Control Internals and Impact on Malware Friday, June 8 10:45 AM - 12:00 PM, N320 A Speaker(s): Mark Russinovich According to Mark, "UAC's goal is not to annoy you". The purpose of UAC is to encourage users to run with standard user's privileges whenever possible:

• in Vista some actions that used to require admin privileges now don't (for instance looking at the system clock or changing the time zone can now be done by standard users.)
• admins behave most of the time as standard users and become admins only when clicking Yes in the elevation dialog.
• ISVs will be encouraged to avoid coding actions that require admin privs.

He explained what virtualization was (nothing to do with VMWare by the way) and how to figure out if an app runs with virtualization enabled or not. Virtualization is a backward compatibility mechanism that automatically redirects a legacy app trying to write to a system folder when running as standard user. I have a feeling this will confuse programmers for years to come or at least until all legacy apps disappear...