Professionally, I've run as a standard user for a decade, and had mastered all the little tips and tricks to administering an enterprise using nothing but runas. Now in trots UAC, and while it makes some situations easier... For the most part all this thing does it get in my way.
I'm an Administrator, Outlook is the only process running on my pc that doesn't need elevated credentials! Yet I spend all day not only accepting prompts, but entering my password 200+ times a day. I believe in the REAL security UAC provides my environment, but the password over and over... it's maddening.
My question is this, with UAC forcing us to run a standard user is it safe? Can we go back to the NT days. Would you trust UAC enough to just log in with your admin account? Does UAC do enough to protect your Domain credentials?
Update: Put another way do we place UAC on the same level as sudo? Yes there will be bugs, but can we start to reorganize how we do business around this feature, or is this to protect my mom(not ready for primetime)?
NO.
Check this out: http://www.istartedsomething.com/20090131/microsoft-dismisses-windows-7-uac-security-flaw-insists-by-design/
And this: http://www.withinwindows.com/2009/02/04/windows-7-auto-elevation-mistake-lets-malware-elevate-freely-easily/
EDIT
I think I might be out of date, I am not sure the current status of UAC now. According to this: http://blogs.msdn.com/e7/archive/2009/02/05/uac-feedback-and-follow-up.aspx they fixed the first issue.
A qualified yes, UAC allows windows to treat an administrator as a limited administrator. You have all the rights of an admin but have to do a UAC event each time. Why does this matter? The UAC dialog box is no ordinary MsgBox() it is actually in a separate user space and separate desktop instance. With an image of what you where seeing before it popped up in the background. You can't (at least I haven't been able to) call any user interface manipulation APIs to interact with the UAC from your user session. So this does (it appears) grant some level of security. If your logged in as admin and some application that you didn't expect (or don't remember invoking) pops up a UAC it can't go on with what it was doing without your intervention.
No. UAC is not a security boundary, as stated by Microsoft themselves. Even at home, I run as a limited user.
No. But my take is that UAC makes it a lot easier to run as a regular user, and elevate (or switch user) explicitly when needed. Once your computer is setup properly, you probably won't need to elevate very often.
Some have pointed out that because a limited user's elevation requires a username and password to be typed, this makes the user more vulnerable to a spoofing attack where a fake UAC prompt is displayed, and used to capture your password. I think you're fine if you are aware of, and vigilant for, such things.
I've personally never been super fond of the 'limited admin' mode of UAC, for what I guess you could call philosophical reasons. I think the person between keyboard and chair is always going to be a crucial part of the security loop. So he should be fully aware of when elevations happen. Typing a username and password to continue an action does force awareness; clicking a dialog, too often, does not. 7's new auto-elevate logic goes further against this principle, imho.
YMMV. Luckily it's a configurable thing, so we can all tune to our own comfort levels!