Today I had my first experience with why Vista's User Account Control (UAC) feature is a good thing to leave on, even if you do get the occasional (and I do mean occasional) false alarm with it.
When I sat down today to get to work, I noticed that a UAC prompt wanted my attention so that it could deal with a program called exec.exe. Since I associated that name with a trojan that I obviously didn't want running, I hit Cancel. Then it came up again, and again, and I decided I was dealing with something fairly serious.
The program was trying to run from my user profile's temp folder -- even in Vista it's still a dumping ground of digital clutter; be sure to clean it out -- where I could find no evidence of the file. I started thinking horrors like "rootkit" and "bleeding-edge zero-day Vista attack" until I did a little more search to see if anyone else running Vista had run into this issue. Someone else had, and as it turned out, it seemed to be related to AOL Instant Messenger.
Then I remembered something else: Whenever you install AOL, you also get an annoying freebie added on with it, the Viewpoint Media Player. This thing has caused me enough trouble in the past, so every time I've added AIM to a system I've been sure to uninstall it. However, it had slipped my mind this time -- it was still running. I snapped open Programs and Features (the new Add/Remove Programs window in Control Panel); there it was. Thankfully it's not something that takes a lot of work to uninstall.
I haven't been pestered with another UAC warning about exec.exe since this happened.
This, then, is probably why I want to leave UAC turned on: it's an early-warning system that can give you a fair amount of information that you can use before something bad happens, not after it's already struck. If that means putting up with having to OK a prompt before I can run RegEdit, frankly, I'll live with it. (It's also a sign that AOL may need to rethink how they implement AIM in Vista to keep UAC from freaking out.)
