UAC in Windows 7: The “Final” Decision
Jon and Steven released another blog post on UAC and explained their decision how to change things:
They start with the risk of blogging:
When we started the “E7” blog we were both excited and also a bit uneasy. The excitement is obvious. The unease is because at some point we knew we would mess up. We weren’t sure if we would mess up because we were blogging about a poorly designed feature or mess up because we were blogging poorly about a well-designed feature. To some it appears as though with the topic of UAC we’ve managed to do both.
And then they showed the change they decided to make:
With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.
Now, this is what you were asking for and – as I told you – we are definitely listening to your feedback. However, let’s be clear here. If you have the UAC settings like the screen below:
![2009,02,03%20-%20UAC%201[1]](https://www.halbheer.info/security/Lists/Photos/2009,02,03%20-%20UAC%201.png/blogfiles/rhalbheer/WindowsLiveWriter/UACinWindows7TheFinalDecision_77D2/2009,02,03%20-%20UAC%201%5B1%5D_2.png "2009,02,03%20-%20UAC%201[1]")
you will not be notified whenever something changes at the Windows settings. So, you will be prompted in the future when changes happens on UAC but there are still a lot of other areas where malware could change settings. So, if you are very security conscious, move the slide to “Always notify”, otherwise make sure that your Anti-Malware solution does, what it is supposed to do
Roger