wastingtimewithforums said:
Charles said:
*snip*

"Yes. See answer number 1.)"

----

Yes, and that proves your point.. how exactly? An exploited acrobat reader couldn't get root access (without UAC prompt) now it can. That fact ISN'T in your favour, guys.

[EDIT: I was wrong about Flash/PDF within protected-mode IE. See reply on 8th page.]

It's also worth noting that both Flash and Adobe Reader run within medium-IL proxy processes even when used with low-IL Internet Explorer. We all wish they didn't, and wish more things supported low-IL, but we still live in a reality where that isn't the case. Low-IL is the exception, not the rule. There are still plenty of "innocent" actions, like visiting a webpage in an up-to-date low-IL browser or double-clicking what you think is a static image or document file, which can result in malicious code being run.

It doesn't have to be a "dodgy" webpage or file, either. There have been several cases this year alone where non-malicious sites and advertising networks have been hijacked by bad people to deliver malicious content to unsuspecting users.

UAC isn't only about malicious code, obviously, but it's pretty useful at slowing it down and/or limiting how deeply it can embed itself in the system itself. I'd say that's the primary benefit of the prompts for admin accounts. (Even though UAC isn't a security boundary, it is still a security feature.)

If you remove that benefit then what's left? Just the idea of making apps which show too many prompts annoy admin users with the misguided idea that it'll be more likely to make people push for those apps to be redesigned than for those people to simply turn off UAC if it bothers them... A pretty rich idea, too, considering Microsoft's apps (when their private backdoor is taken away) were and still are the worst offenders when it comes to this.