Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov

04 February 2010

Abstract: Non-administrator user accounts and the user account control (UAC) approach of Windows Vista are two practical solutions to limit the damage of malware infection. UAC in Windows Vista supports usage of lower privilege accounts; a UAC prompt allows users to raise their privileges when required. We conducted a user study and contextual interviews to understand the motives and challenges participants face when using different user accounts and the UAC approach. Most participants were not aware of or motivated to employ low-privileged accounts. Moreover, most did not understand or carefully consider the prompts.

Keyword(s): Usable security, Least privilege, User account control, UACP

Published in: Sara Motiee, Kirstie Hawkey and Konstantin Beznosov. Investigating User Account Control Practices. In Proceedings of the 28th international Conference Extended Abstracts on Human Factors in Computing Systems (Atlanta, GA, USA, April 10 - 15, 2010). ACM, New York, NY, 6 pages.: