UAC is not a security boundary. Its only there to prevent the user from accidentally making changes to the system that they didn't intend, but it provides no security except from your own mistakes. Its so much not considered a security boundary that microsoft doesn't even offer a bug bounty for UAC bypasses.
> Its only there to prevent the user from accidentally making changes to the system that they didn't intend, but it provides no security except from your own mistakes
If you somehow bypass UAC and gain the Administrators-level access then you already run with Administrator level privileges in the first place, just with a medium mandatory level.
A rope on the edge of a cliff isn't there to prevent you from falling, it's there to notify you what you should be careful. Rope works. UAC works.
Oh, user separation is not a security boundary? I was not aware! Let’s all work as root then! /s
The fact that this was the norm on single-user Windows workstations until Windows Vista is astonishing, to say the least. How anyone could want that back is beyond me. It enabled malware to compromise the entirety of the computer with ease. No exploits or anything required! Certainly not one of these pesky UAC prompts!
Can you still shoot yourself in the foot with UAC? Yes. You own the PC. You should be able to shoot yourself in the foot, by willingly deciding to. Not accidentally.
>One of the common misconceptions about UAC and Same-desktop Elevation in particular is: it prevents malware from being installed, or from gaining administrative rights. First, malware can be written not to require administrative rights. And malware can be written to write just to areas in the user's profile. More important, Same-desktop Elevation in UAC isn't a security boundary. It can be hijacked by unprivileged software that runs on the same desktop. Same-desktop Elevation should be considered a convenience feature. From a security perspective, Protected Administrator should be considered the equivalent of Administrator. By contrast, using Fast User Switching to sign in to a different session by using an administrator account involves a security boundary between the administrator account and the standard user session.
UAC is not a security boundary, it's not the same thing as sudo on Unix. You only have a security boundary in place if Windows asks you for a password when trying to run as Administrator.
You might be mistaken because what you are quoting specifically talks about Same-desktop Elevation. While on Windows, UAC uses Secure Desktop by default, which is by definition a security boundary.
> You only have a security boundary in place if Windows asks you for a password when trying to run as Administrator.
Per the last sentence of the information that you quoted:
> By contrast, using Fast User Switching to sign in to a different session by using an administrator account involves a security boundary between the administrator account and the standard user session.
Fast User Switching requires the user to enter the administrator credentials in the UAC prompt.
