Well... if you do disable UAC, it does increase your security risk substantially because the system will no longer ask you if a program wants to make changes to critical files.
OTOH... if you have a machine that is disconnected from any network and you only move non-executable data files on and off of it .... your risk is somewhat mitigated.
But "average joe user" should really avoid it turning it off. I've only completely turned it off once on a test machine and attacked it as part of a lab test. In daily practice, I typically just put up with the hassle of UAC as a 'useful evil' (somewhat like requiring "SUDO" on root commands and never running as "root").
Sneaker's idea is a way of sandboxing the risk without turning off UAC.
Quote:
|
Linux also does that. Microsoft copied that feature from them. Don't turn it off, just use an appropriate folder and grant the user group writing rights. Image your mkvtoolnix download would've been trojan affected. Now that trojan would have no way to write into your windows or program files directory, because it is run with user rights.
|