Computerworld - Microsoft Corp. changed the default settings of one of its most important security features for Windows 7 because users balked at clicking more than two prompts a day, a company executive said today.
According to Jon DeVaan, the senior vice president responsible for Windows' architecture and core components, the company changed User Account Control (UAC) in Windows 7 because data showed that users got ticked off when they were asked to deal with more than two UAC prompts in a day.
Responding to mounting criticism of the changes Microsoft has made to UAC for its still-in-development Windows 7, DeVaan said that the company studied how people reacted to the security feature, which debuted in 2007 with Windows Vista.
"In making our choice for the default setting for the Windows 7 beta, we monitored the behavior of two groups of regular people," said DeVaan in a long entry to a company blog. "Half were set to 'Notify me only when ...' and half to 'Always Notify.' We analyzed the results and attitudes of these people to inform our choice."
The pain threshold, it turned out, was just two prompts in a session, which DeVaan defined as the time from turning the PC on to turning it off, or a day, whichever is shorter. "If people see more than two prompts in a session they feel that the prompts are irritating and interfering with their use of the computer," DeVaan said.
That, in turn, led Microsoft to boost the number of UAC settings in Windows 7. In Vista, users could either turn UAC off or leave it on; Windows 7 adds "Notify me only when programs try to make changes to my computer," and uses that as the default.
And therein lies the rub.
Some users and developers have questioned the default setting. Last week, a pair of Windows bloggers, Rafael Rivera and Long Zheng, published a simple proof-of-concept script that demonstrates how hackers can easily disable UAC entirely without the user being the wiser. Their recommendation is to reset Windows 7's UAC to the highest level of warning, "Always notify me when," which is essentially mimics the behavior of the security feature in Vista.
Although DeVaan stopped short of saying Microsoft would not modify the default setting for UAC in Windows, he hinted that it would stick to its guns. "We are very happy with the positive feedback we have received about UAC," he said today.
That confirms what a company spokesman said yesterday, that Microsoft would not roll back UAC to the more persistent prompting found in Vista. "No, Microsoft has not reverted Windows 7 UAC's behavior to mimic Windows Vista," the spokesman said when asked to clarify a fix the company said it has made to another reported problem in UAC.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
