I’ve had a bit more time to see exactly what UAC does in Windows 7, and I’ve decided that Microsoft still isn’t getting this right. UAC, and the "Run As…" command, are a good idea, but I think they are making it needlessly complicated and confusing.
First, a quick-and-dirty summary of how things work: in Windows, you can either have an account with full Administrator privileges that allow you to do anything to the computer, such as change settings and install programs, or you can have a limited account that allow you to do neither. Although this is a gross simplification, it works well enough. Ideally, you will do things as a limited user except when you need to be an Administrator and explicitly ask for a privilege elevation. That way, if you accidentally download a virus or something else that is nasty, it won’t be able to do any damage since you are running without Administrator privileges.
Windows has long had a "Run As…" command, and starting with Vista, it has UAC. Both attempt to improve the Windows security situation, but both fall short. As I learned with Windows 7, when you get the UAC prompt on an installation, for example, or if you explicitly do a "Run As…", the installer runs as if the Admin account is calling it, not my limited user account. For some installers, this means that program shortcuts end up in the Admin user’s Start Menu or desktop, or that program settings are in that user’s profile path, not my path. I was wondering why some programs I installed under my account weren’t showing up or starting correctly, and I determined last night that this was why. They were all being installed to my Admin account.
This problem exists because the installer is running as the Admin user, not as my account with elevated privileges (hence, the "Run As…"). That’s not what I want. What I want is to elevate my account temporarily to run the install program as me, so it is configured correctly for my account. Instead of a "Run As…" command, we need a "Run With…" Administrator privileges. This is exactly what Sudo for Windows, which I was using in XP, does. I thought that Windows 7 and it’s new, improved UAC would eliminate the need for something like Sudowin, but I am wrong.
So, Microsoft, tell me this: why doesn’t Windows have an integrated "sudo" command by now? If it did, I think it would make things a lot easier than the current confusion with "Run As…" and UAC. What users really need is a prompt that essentially says, "Okay, you are installing a program and making changes to Windows. Are you doing this on purpose? Do you really want to do this?" That would drastically reduce malware infections, while making it easy for users who are installing something to be able to do that with minimal fuss.
Of course, there are lots of security problems with Windows, and this is just one of them. But I think this would be a fairly easy solution that would pay dividends.