Microsoft Ships Vista Beta 2 Preview to Testers

"Regarding changing system settings, maybe Microsoft could add an option to temporarily disable UAP for a specified period of time, like 5 min., 30 min, etc. Any other ideas?"

Only programs signed by Microsoft should be allowed to call the "disable" UAP API, if they do one. Otherwise you might end up with malware that calls the API over and over until the user gives i.

"I was talking about older programs that require admin. priviledges to run."

It can't be based on how old the program is, or whether or not the program has been used before. Whether to prompt needs to be based on what the program could allow you to do: if it does something administrative it needs to prompt. If it doesn't prompt every time, then the malware you get tomorrow could execute it and cause damage without warning.

Essentially the UAC prompts prevent elevation of privilege: on Vista, admins run as "standard users", and any elevation needs to be explicitly permitted by the user, otherwise it is a huge security hole.

(All administrative EXEs that come with Vista will have the necessary manifests; older programs will probably need to be elevated manually.)

"With an email virus, wouldn't UAP prompt you to run the virus?"

If the virus had an embedded manifest that says "run me as admin", then the virus itself would cause a prompt. (Manifests were introduced in XP; this feature is new for Vista.) Otherwise, the virust would be allowed to run under the standard user context. When it would try to do something administrative it would either:
1. If it tried to do something directly via Windows API calls it would get "access denied" errors from the APIs (just like running as standard user today)
2. If it tried to execute another process, then UAC would kick in if that process's manifest says to elevate.

"The problem with the current version of UAP, especially if a program requires admin priviledges, clicking "allow" becomes second nature, and when an attack comes, the user will tend to click "allow" out of habit."

I agree. It's a tough problem to solve.

"The problem with the current version of UAP, especially if a program requires admin priviledges, clicking "allow" becomes second nature, and when an attack comes, the user will tend to click "allow" out of habit. It may get to the point where the user just looks for the "continue" or "allow" button without determining if the program is legit or not."

Not only that, people will simply turn off UAP. I don't think the UAP prompt should come up when one deletes a shortcut from the shared desktop. Also, the rest of the screen shouldn't go black - that's irritating. I like the time interval option too. I think MS should do something on those lines.

I was talking about older programs that require admin. priviledges to run. If Windows detected that the program changed, i.e. it was updated, then UAP would prompt you again.

With an email virus, wouldn't UAP prompt you to run the virus?

The problem with the current version of UAP, especially if a program requires admin priviledges, clicking "allow" becomes second nature, and when an attack comes, the user will tend to click "allow" out of habit. It may get to the point where the user just looks for the "continue" or "allow" button without determining if the program is legit or not.

NateB2 - You couldn't just mark programs as "safe", because then what would stop malware from executing that program and wreaking havoc?

With UAP, if some email virus or exploited buffer overflow tries to start that program, the UAP prompt would appear and (ideally) the user would say, "hmm, I didn't tell it to ____" and click Cancel.

A time interval is an interesting option, for scenarios where you know you're going to be doing a lot of administrative stuff (e.g. new PC setup).