No, in XP you were essentially logged in as root 24/7 (assuming it was your machine), and any program -- including your browser -- was running as root too. I remember watching a talk about how stupidly easy it was to write rootkits for XP. "Drive-by viruses" were a thing, where a website could literally install a rootkit on your machine just by visiting it (usually taking advantage of some exploit in flash, java, or adobe reader). Vista flipped it, by disabling the admin account, so that in order to do something as admin you needed to "sudo" first. That alone put a stop to tons of viruses.
I used to work in the security team at a financial institution that was still running XP until around 2017.
We got to a point around 2015 where drive-by exploit kit developers just weren't targeting XP and IE8 anymore. Phishing landing pages would roll through all the payloads they had and silently exit.
> It is more of a warning than an actual security mechanism though. Similar to Mark of the Web.
It's both a warning and an actual security mechanism.
Obviously its most visible form is triggered when an application tries to write to system-level settings or important parts of the filesystem, and also when various heuristics decide that the application is likely to want to do so (IIRC "setup.exe" and "install.exe" at the root of a removable disk are assumed to need elevation).
Because Microsoft knew that a lot of older software wrote to system areas just because it predated Windows being a multi-user system UAC also provided a partial sandboxing mechanism where writes to these areas could be redirected to user-specific folders.
The warning was also a tool in itself, because the fact that it annoyed users finally provided the right kick in the ass to lazy software developers who had no need to be writing to privileged areas of the system and could easily run under a limited user but hadn't bothered to because most non-corporate NT users were owners and thus admins and most corporate environments would just accept "make users local admin". A portion of the reason we saw UAC prompts a lot less in later versions of Windows is because Microsoft tweaked some things to make certain settings per-user and to reorganize certain dialogs so unprivileged settings could be accessed without escalation, but a lot of it is because applications that had been doing it wrong for as long as NT had existed finally got around to changing their default paths.
No, in XP you were essentially logged in as root 24/7 (assuming it was your machine), and any program -- including your browser -- was running as root too. I remember watching a talk about how stupidly easy it was to write rootkits for XP. "Drive-by viruses" were a thing, where a website could literally install a rootkit on your machine just by visiting it (usually taking advantage of some exploit in flash, java, or adobe reader). Vista flipped it, by disabling the admin account, so that in order to do something as admin you needed to "sudo" first. That alone put a stop to tons of viruses.
I used to work in the security team at a financial institution that was still running XP until around 2017.
We got to a point around 2015 where drive-by exploit kit developers just weren't targeting XP and IE8 anymore. Phishing landing pages would roll through all the payloads they had and silently exit.
> It is more of a warning than an actual security mechanism though. Similar to Mark of the Web.
It's both a warning and an actual security mechanism.
Obviously its most visible form is triggered when an application tries to write to system-level settings or important parts of the filesystem, and also when various heuristics decide that the application is likely to want to do so (IIRC "setup.exe" and "install.exe" at the root of a removable disk are assumed to need elevation).
Because Microsoft knew that a lot of older software wrote to system areas just because it predated Windows being a multi-user system UAC also provided a partial sandboxing mechanism where writes to these areas could be redirected to user-specific folders.
The warning was also a tool in itself, because the fact that it annoyed users finally provided the right kick in the ass to lazy software developers who had no need to be writing to privileged areas of the system and could easily run under a limited user but hadn't bothered to because most non-corporate NT users were owners and thus admins and most corporate environments would just accept "make users local admin". A portion of the reason we saw UAC prompts a lot less in later versions of Windows is because Microsoft tweaked some things to make certain settings per-user and to reorganize certain dialogs so unprivileged settings could be accessed without escalation, but a lot of it is because applications that had been doing it wrong for as long as NT had existed finally got around to changing their default paths.
It got old people to call their grandsons when an image or .doc file asked for permissions though, which at the time was a huge help