It’s because they are different, plain and simple. UAC could have been implemented like sudo
, but it was not.
You can think of it as an analogy with network protection.
sudo
is like when a program requests network access and your firewall prompts you to grant it or not. You can say yes and the program will open the socket, or you can say no and it will complain about a lack of connection and do whatever it can do without network access (some poorly designed programs actually crash). For example:
function1();
input();
function2();
secure_operation(); //requests access
function3(); //may depend on results of previous operation; error-checking important
UAC is more like the warning that you get when trying to open a file that was downloaded to an NTFS volume. Windows warns you about potential badness and asks if you want to run it (at all) or not. It’s an all or nothing operation; you can’t choose to trust only part of the program and not others. For example:
if (requires_high_priv(program)) {
if (request_priv(program))
program();
}
else {
program();
}
You have to remember that unlike Linux which is geared more towards advanced users and applications, Windows is designed to be user-friendly to as wide a variety of users as possible, so simplifying security is paramount. Moreover, because of its large exposure surface, it is a frequent target for malware, so it makes more sense to either completely trust a program or not at all.
4Actually, it is the same as sudo. Running "sudo su" doesn't add root privileges to your current shell, it starts a new shell in a separate process. If you exit that shell, you're back to the first one. – Wyzard – 2012-09-23T23:13:41.090
1The difference between Windows and Unix is that Unix programmers are used to doing stuff in subprocesses, so it's reasonably natural to start a more privileged subprocess for the particular part of the task that needs the privileges. In Windows, it is more usual to do everything in a single process, and separating the job into distinct privileged and non-privileged parts (running in separate processes) looks way too much like hard work. (Of course, in many cases it's better to find out that you don't have the necessary privilege right away rather than half-way through the job!) – Harry Johnston – 2012-09-24T00:56:25.277