Visual Tour: 20 Reasons Why Windows Vista Will Be Your Next OS

1 2 3 4 5 6 7 8 9 10 Page 2
Page 2 of 10

UAC and you

If Vista Beta 2 were the final version of Vista, the answer to that first question -- has Microsoft gone too far -- would be yes. Happily, Microsoft still has another six months to perfect User Account Control (UAC). I'm on record as saying that numerous, repetitive user prompts are the wrong tactic to employ in the security war. If they occur infrequently the way they do on a Macintosh, that would be acceptable.

In recent years, some in the security community have publicly asserted that repetitive pop-up warning dialogs desensitize users to possible threats, especially when they don't understand the threats. So it's not just that numerous confirmation prompts are annoying. It's that as it exists today, UAC would train millions of Windows users to click OK without thinking about it. And that is definitely not the desired effect.


User Account Control confirmation for deleting a desktop icon

(Click image to see larger view)

We should learn a lot more about this with the next pre-release version of Vista, Release Candidate 1, which will likely arrive in the near future. (At press time, Microsoft was not offering any information about RC1's expected release date, but the July to August time frame is a good guess.)

Although I asked Microsoft to brief me about planned changes to UAC several weeks in advance of this story, the company has not gotten back to me on that subject. As a result, my projection continues to be that Microsoft may well sacrifice user experience in the name of security. It's clear that Microsoft has heard the general outcry about UAC that appeared around the release of Vista Beta 2, and that changes will be made in the right direction. It's just not clear how far Microsoft will pull back or refine UAC.

The state of the protection mechanism in Vista Beta 2 is, in my opinion, unusable. Though the current beta fixed some UAC bugs that were in the February CTP (beta) release of Vista, the appearance of UAC dialogs increased in Beta 2, not diminished, as some other reports claim. If, for example, you attempt to delete a desktop shortcut icon for a program that was installed to all users on a Vista PC, when you attempt to drop that icon in the Recycle Bin, UAC will prompt you to confirm the deletion. And when you get done with that? Recycle Bin's default delete-confirmation setting will ask you to confirm it all over again.

There are many other such examples of Microsoft's UAC overkill in Vista Beta 2. The thinking is so over the top that not only most users, but many companies, would be forced to customize or turn off UAC, were Vista to ship this way. There would also be a vast increase in support calls for companies that backed into Vista without giving UAC a good deal of thought. UAC may sound like security nirvana to many IT pros, and it still might be a good thing, if implemented properly. But as it stands in Beta 2, UAC proves the old saw about getting too much of a good thing.

Thankfully, Microsoft makes it possible to customize User Account Control in the Local Security Policy module of the Administrative Tools (the same eight settings are also in the Group Policy Editor). In Vista Beta 2, the configuration options don't really offer a great way to soften UAC gracefully without defanging it too thoroughly. In a nutshell, Microsoft should define elevation prompts for different types of threats. It should also extend the option to only have to confirm an activity once per definable number of minutes or something like that to cut down on repetitive prompts. It's also possible to turn off UAC entirely in the User Accounts Control Panel, although that's not a good idea. In Vista Beta 2, UAC is configured by default to drive-you-crazy, full-tilt safety.

I'd like to see what the future and final versions of Vista bring before I form a final opinion about UAC.

Is there ever enough?

It's just too early to tell whether Microsoft has built enough security into Windows Vista to truly make it safe. However, there can be no doubt that Microsoft has significantly raised the security bar in scores of ways; Windows Vista is vastly more secure than any other version of Windows. The wild card is this: Next to Windows XP Service Pack 2, Vista is the only significant shot Microsoft is firing at the rapidly expanding multiple-million-dollar spyware/Trojan/phishing "business." With Windows users around the world edging toward the one billion mark, the universe of targets for these scams is huge. Bottom line: There's going to be money spent to fight Microsoft's protections. Microsoft knows that. It's trying to lay the foundation for other protections yet to come.

The one thing I'm confident about is that Microsoft is fully engaged on the problem. And this is one company that once it sinks its teeth into something like this, it doesn't give up.

Next page: Power & Performance 


1 2 3 4 5 6 7 8 9 10 Page 2
Page 2 of 10
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon