[sumtechguy]

The default user being administrator did not help. I would get most of that effect by just adding a second standard user to peoples machines. "use this user for everything but installing things". That cut down on the calls a lot. UAC just put a spot in place for the user to go 'oh im doing something adminy' which helped so much.

[xattt]

Back then, a ton of software would complain or not work if it wasn’t running under an account with admin privileges.

UAC forced developers to make the software work no matter what.

[sumtechguy]

Surprisingly a lot of it was usually just a misplaced registry entry or one with the wrong ACL on it.

[larsonnn]

The first we did with UAC was disabling it. Because nobody did care.

So you can throw the best security at users for free. Some dud will disable it because his powershell script is not working anymore.

[sumtechguy]

People that were technical sometimes did that, or re-enabled administrator, or both. Because it 'got in the way'. But for the vast majority of people UAC worked as it should.

[noyoudumbdolt]

Almost all the bad things you’re worried about don’t require an elevated token. I’m much more worried about someone stealing my data, installing a trojan, etc. (none of which require elevation) than installing a device driver (which does).

This obsession with not running as root/using UAC is just cargo cult security for single user systems.

[sumtechguy]

Having seen the horror shows that some people did to their computers. It is much better. Least priv is a decent thing to strive for. You want to reduce the attack surface. By giving people root you basically make the attack surface your entire computer. I am not going to make the trojan writers job easier.

Also as I have gotten older I also realized that I make mistakes too. Running as least privs reduces the fallout to 'i have to restore a few files' from 'i get to reinstall the whole computer again'. UAC/notroot are tools to help you. You can discard them. That is fine. Not going to judge. I am saying most people it helps them. Not that it matters much anymore anyway. Most of the people who did these silly things to their own computers have moved onto tablets.

[noyoudumbdolt]

>I am not going to make the trojan writers job easier.

The Trojan writer now targets systems with UAC, since it’s the default and the vast majority of systems, so you’re not gaining anything. And he never needed an elevated token in the first place.

[noyoudumbdolt]

UAC offers almost no additional security for single user systems. You’re trying to protect your data and passwords and stuff, not the ability to install device drivers.