Windows UAC: It's annoying. It seems pointless. Should I just disable it?
Or in other words - is there actually a real risk of something malicious happening if I do? Is there malware out there that works only if it's disabled?
I appreciate it gives a theoretical security, but is it practical? As long as most people keep it on, am I ok to turn it off?
UAC is, in my opinion, too highly praised. True, it does protect against the more simplistic admin-requiring malware installation scenarios which were more prevalent before its advent, but it created new such scenarios, which are not much better.
In short, all that UAC changed is the following.
Before it came to be, malware authors could make malware that requires admin rights just hoping that their victims will be using an admin account.
After UAC was built into the newer Windows versions, malware authors switched to a better form of social engineering, disguising malware as legitimate software requiring admin rights. This kicked a few uncapable fools from the mal-market (good riddance), but the ones who remained and adapted their viruses to use this new attack scenario got a good chance to attack users who are not logged in as the administrator.
How? Well, UAC in non-admin mode allows you to enter the admin's password to start an app it's warning against. Moreover, it explicitly requires you to do so to start the app. From the point of view of user-psychology, clicking "Yes" and entering the password in a UAC prompt is way easier than choosing to run the program as an administrator in its standard settings.
Yes, you see, whatever the guys from Microsoft say, from the user-psychology point of view, UAC is a complete disaster. Just look at it: for example, most non-tech-savvy users with Java installed are bound to get the perfectly legitimate jucheck.exe screaming for admin rights to just check for updates every single day. Yikes. And that's just the tip of the iceberg. Many regular users get so used to UAC prompts popping up on their screen that they don't care about what the prompts say about the suspicious programs at all.
In short, if UAC annoys you, I'd recommend to disable it. It's just not worth the bother. Just make sure you're not often logged in with an admin account (like most Linux users do). It's basically the same as using UAC, but less annoying.
I see this question as an opinion-based question but here is my opinion:
Unlike Linux MS Windows default behaviour is to grant administrative privileges to the user created during the installation therefore most of MS Windows home users use an administrator account for their daily tasks including browsing the web and installing programs.
UAC warns the user before doing something that might jeopardise his security. I am not into psychology but I think this annoying warning does lots.
It's worth to mention than UAC does way more than that but the asker wanted a practical answer not a theoretical one, UAC is there to help get over the problem of keyloggers, an issue that X Window system is vulnerable for.
