Skip the navigation

Visual Tour: 20 Things You Won't Like About Windows Vista

June 1, 2006 12:00 PM ET

18. User Account Controls $#^%!~\!!!.
Vista's new User Account Controls functionality is grounded in a very good idea. For more than 15 years, millions of Windows users have been operating their computers with the doors and windows wide open. Early versions of Windows had no log-in limitation; Windows NT, 2000 and XP have always had log-in-based system privileges, but they're cumbersome. The trouble has been that using anything other than the default "Administrator" account (or an account with computer-administrator privileges) prevented application installation and many other common activities. While it was possible to configure accounts that had some more advanced privileges, the real-world task of living in such environments was inconvenient at best, and downright annoying and time-consuming at worst.

Microsoft set out to change that in Vista with what it calls User Account Controls (UAC). Given that both Linux and the Mac require users to authenticate their administrator privileges (or, in Linux's case, to log in as root, which requires authentication), this shouldn't be an impossible problem for Microsoft. But somewhere along the way, Microsoft decided to raise the bar even higher.

The User Account Controls confirmation box. -(Click image to see larger view)

Vista requires you to create an administrator-class account name as part of installation or first boot, eliminating a major vulnerability. That means, by default, no one is running with the Administrator log-in.

Microsoft went a step further in at least three areas. First, accounts with computer-administrator privileges are no longer equal to the Administrator log-in. When you open something that Vista deems needs protection, you will be prompted with a Continue/Cancel or Allow/Cancel prompt. The only point of this is to prevent malware or hackers from accessing things unchecked. In other words, you become the last line of defense in an endless dress rehearsal for the worst-case scenario. Ugh.

If you're using the Standard log-in, which has fewer privileges, you'll be prompted with a box that requires both your assent and your Administrator password. The Standard log-in is ideal for children or when multiple inexperienced people are sharing a PC. This Standard log-in behavior is just fine, by the way. (Even if I don't adopt Vista myself, my kids will definitely be using it.)

Microsoft's second additional authentication protection in Vista was to go through every process to gauge whether to assign it User Account Controls. This protected list is extremely long in Vista Beta 2, including Control Panels for Windows Firewall, Scanners and Cameras, Parental Controls, iSCSI Initiator, Device Manager, BitLocker drive encryption and Add Hardware. Numerous functions accessed in the System Control Panel (and many others) also cause the User Account Control confirmation dialogs. So many things are, in fact, protected by requiring your OK that it'll drive you batty. And there's no way to say "never ask me this again about this item." If you disliked Windows XP Service Pack 2's version of Internet Explorer 6 because of its many security nag screens, you would absolutely hate Windows Vista Beta 2.

The third added step is more protection for the System Registry and Program Files folders to prevent applications from writing without permission to the Registry or writing settings data into Program Files folders. This is also a good thing, but it creates problems for many applications, which may not successfully install or operate because they expect to be able to write where they are not "supposed" to. And to be fair, Microsoft has asked software makers for years not to write settings data to the Program Files area and to cut way back on writing to the System Registry, which should probably only ever occur during installation. Many ISVs have chosen to ignore those strong guidelines. And it's their applications that might get hung up by Vista's new protections.

User Account Controls' installer warning.
-(Click image to see larger view)

To solve that problem, Microsoft is delivering custom "shims" designed to fool installing applications into thinking they're writing to the places where they expect to write, when in fact Microsoft is rerouting that data to a safer location. By working this way, Microsoft adds a significant level of protection from malware that seeks to pass itself off as other programs, or that infests the System Registry, or both. But while this is an excellent work-around, how many shims can Microsoft write for specific applications? It will probably only take care of the most visible, most popular business and entertainment apps. So it's possible that hundreds or even thousands of Windows programs will not work properly with Vista when it ships.

Besides the fact that User Account Controls will almost certainly improve Windows security dramatically, there's another bright spot over the horizon. Those of us who've been complaining to Microsoft that the UAC user experience isn't satisfactory have apparently made some sort of impression. At the Microsoft Windows Vista reviewer's workshop on May 23, Austin Wilson, director for the Windows client, promised that Microsoft will be refining UAC protections to eliminate the number of pop-up boxes Vista will, ah, throw up. He promised that the Release Candidate 1 version of Vista would show improvement in this area.

Update: Several hours after this story went live, Steve Hiskey, Microsoft's Lead Program Manager for User Account Control, writing in the Microsoft Developer Network's UACBlog, detailed revisions to UAC that Microsoft is planning for the Release Candidate 1 (RC1) late beta release of Vista. A June 7, 2006, Computerworld news story (Microsoft to Tweak Key Vista Security Feature) reports that Microsoft's internal target date for RC1, "originally set for mid-July, is now slated for Aug. 25."

Our Commenting Policies