(no title)
actsof | 1 year ago
>One of the common misconceptions about UAC and Same-desktop Elevation in particular is: it prevents malware from being installed, or from gaining administrative rights. First, malware can be written not to require administrative rights. And malware can be written to write just to areas in the user's profile. More important, Same-desktop Elevation in UAC isn't a security boundary. It can be hijacked by unprivileged software that runs on the same desktop. Same-desktop Elevation should be considered a convenience feature. From a security perspective, Protected Administrator should be considered the equivalent of Administrator. By contrast, using Fast User Switching to sign in to a different session by using an administrator account involves a security boundary between the administrator account and the standard user session.
UAC is not a security boundary, it's not the same thing as sudo on Unix. You only have a security boundary in place if Windows asks you for a password when trying to run as Administrator.
nerfnet|1 year ago
You might be mistaken because what you are quoting specifically talks about Same-desktop Elevation. While on Windows, UAC uses Secure Desktop by default, which is by definition a security boundary.
> You only have a security boundary in place if Windows asks you for a password when trying to run as Administrator.
Per the last sentence of the information that you quoted:
> By contrast, using Fast User Switching to sign in to a different session by using an administrator account involves a security boundary between the administrator account and the standard user session.
Fast User Switching requires the user to enter the administrator credentials in the UAC prompt.