To be honest, it actually does sound like a reasonable and security focused change. It basically looks to take a more zero trust kind of approach in regards to admin elevation.
UAC is a bandaid for a lack of proper local user account management. I never see it in Enterprise, nor on my home machines, as users have appropriate permissions, with admin being tightly controlled. (To be honest, I just turn it off on my home machines, run as a user, and if I need admin I switch accounts).
This really only affects home users who like to run as admin all the time (about 98% of us, I’ve been guilty of it most of my career).
I get it, I just don’t see it really being a significant risk (this is related to a hack published perhaps a week ago where an attacker, could, potentially, maybe, gain admin by timing the attack perfectly during an install, but only on specific machines).
I’d take your word on it, OS level security is not my forte. The main thing I was calling out is that the change seems to be looking to actually fix an issue and not limit control, as the original commenter seemed to imply.
To be honest, it actually does sound like a reasonable and security focused change. It basically looks to take a more zero trust kind of approach in regards to admin elevation.
UAC is a bandaid for a lack of proper local user account management. I never see it in Enterprise, nor on my home machines, as users have appropriate permissions, with admin being tightly controlled. (To be honest, I just turn it off on my home machines, run as a user, and if I need admin I switch accounts).
This really only affects home users who like to run as admin all the time (about 98% of us, I’ve been guilty of it most of my career).
I get it, I just don’t see it really being a significant risk (this is related to a hack published perhaps a week ago where an attacker, could, potentially, maybe, gain admin by timing the attack perfectly during an install, but only on specific machines).
I’d take your word on it, OS level security is not my forte. The main thing I was calling out is that the change seems to be looking to actually fix an issue and not limit control, as the original commenter seemed to imply.