• Windows 7 Wallpapers
• Vista Wallpapers
• Windows Wallpapers

"It's one that has plenty of people confused regarding what, exactly, it is," MacDonald said.

In fact, UAC isn't one capability; rather, it's a set of Vista capabilities that collectively help to limit the ability of applications and users to make unsanctioned system changes—whether the user is running as an administrator or as a standard user.

"The idea is that when a piece of software is asking for user credentials … you shouldn't just hand them over," MacDonald said.

UAC's raison d'être is basically to cure the new operating system of a legacy of bad applications that freely granted administrator rights—a tendency that has eased malware writers' jobs. "Malicious code would be far less effective if users ran without administrative privileges," MacDonald said.

Microsoft initially promoted UAC as a signifier of a new, more secure era for Windows. The security function's reputation was tarnished, however, when security researchers pointed out that UAC is vulnerable to social engineering attacks.

Microsoft confirmed that vulnerability, and defended UAC by describing it as a security feature rather than a hard security boundary such as a firewall.

The idea behind UAC is to limit user privileges as much as possible for most of a user's interaction with the desktop. User rights are elevated only when necessary for administrative tasks, at which point a dialog box prompts the user to OK the escalation. Limiting normal permissions is a good thing, given that it limits the operating system surface an attacker can latch onto.