Windows 7 / Security and Privacy

UAC Virtualization

By default, UAC virtualizes requests for protected resources to provide compatibility with applications not developed for UAC. This is important because many applications written for Windows XP and earlier operating systems assume that the user has administrative privileges and attempt to write to protected resources such as the Program Files or System folders.

UAC virtualization redirects requests for the following resources to safer, user-specific locations:

  • %Program Files%
  • %WinDir%
  • %WinDir%\System32
  • HKEY_LOCAL_MACHINE\Software

When a user process attempts to add a file to a protected folder, UAC redirects the request to the \AppData\Local\VirtualStore\ folder in the user's profile. For example, if a user named MyUser runs an application that stores a log file at C:\Program Files\MyApps\Logs\Log.txt, the file write attempt will succeed. However, UAC will actually store the file at C:\Users\MyUser \AppData\Local\VirtualStore\Program Files\MyApps\Logs\Log.txt. The application will be able to access the file at C:\Program Files\MyApps\Logs\Log.txt, but the user will need to browse to her profile to access the file directly, because virtualization affects only the application process itself. In other words, if the user browses to open the log file from within the application, it will appear to be under %Program Files%. If the user browses to open the log file using a Windows Explorer window, it will be under her profile.

The first time an application makes a change to a virtualized resource, Windows copies the folder or registry key to the location within the user's profile. Then, the change is made to the user's copy of that resource.

UAC virtualization is designed to allow already-installed applications to run successfully with standard user privileges, even if they store temporary files or logs in a protected folder. UAC virtualization does not allow users to install applications that make changes to these resources; users will still need to provide administrator credentials to do the installation.

When an executable has a requested execution level manifest, Windows automatically disables UAC virtualization. Therefore, virtualization should never be a factor for applications designed for Windows Vista or Windows 7. Native 64-bit applications are required to be UAC aware and to write data into the correct locations and thus are not affected. Virtualization also does not affect applications that administrators run with elevated privileges.

If you plan to run applications that would support virtualization, and you specifically want to prevent UAC from virtualizing requests from the application, you can disable virtualization by using the ACT to mark the application. Setting the NoVirtualization marking makes applications easier to debug (because you don't have to worry about file and registry requests being redirected), and it reduces the attack surface by making it more difficult for malware to infect an application (because that application's files would not be moved into the relatively unprotected user profile).

[Previous] [Contents] [Next]