Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Vista security annoying by design

Designed that way. But is UAC working?

Article comments

If you're running Windows Vista, you're familiar with User Access Control (UAC). It's the security subsystem that pops up those irritating dialogue boxes asking whether you really want to install software, or modify system files, or write to the Registry.

UAC may be Vista's most-hated feature, but as it turns out, it may also be its best-designed. As reported by Ars Technica, UAC was created with a very specific purpose in mind: to annoy you.

Ars picked up this tidbit at the recent RSA 2008 security conference in San Francisco, where David Cross, Microsoft's product unit manager for Windows security, discussed the company's security directions post-Vista. "The reason we put UAC into the platform was to annoy users. I'm serious," Cross is quoted as saying.

More cynical observers will note that this is a long-standing Microsoft business strategy. But in this case, believe it or not, it actually makes some sense.

Before Vista, most Windows users did their day-to-day computing with full Administrator access to their PCs. This gave them - and by extension, the software they used - total control over the system, including the ability to modify critical system files.

That degree of freedom grants a lot of power, but it leads to unpleasant side effects. Most importantly, when you're logged in as an Administrator, any Trojan horses, viruses, or other malware you unwittingly download will have free reign to attack your system with impunity.

Vista attempts to correct this legacy of bad behaviour by only granting Administrator privileges to applications in situations where it's absolutely necessary. Unfortunately, developers have been spoiled by the old-style security model. Too often, they write their software in such a way that it actually requires Administrator privileges, even if there might be another (albeit more complicated) way to do the same work.

That's where UAC comes in. When a program tries to gain Administrator privilege, UAC pops up a dialogue box, forcing the user to click a button. As Cross pointed out, that's annoying, and intentionally so. The idea is that users will shy away from programs that cause too many UAC dialogues to pop up, out of sheer irritation. If developers don't want to scare users away from their software, they're forced to rewrite it so that it plays nice under the new security rules.

Microsoft is onto a whole new paradigm here: modifying user behaviour via reverse psychology. By making users click "OK" in a bunch of security dialogues, Microsoft is actually discouraging them from continuing.

Of course, so far this strategy has only met with limited success. Many users have preferred to disable UAC, rather than participate in Microsoft's social-engineering experiment. But isn't it nice to know that the good folks in Redmond are thinking outside the box?


More from Techworld

More relevant IT news


Julio said: How come the OEM Vista setup process for a new PC seems to trigger so many of the things OK so the OEM vendor has presumably configured things for all their crpware but presumably Microsoft will have provided some advice I cant help thinking this is MS justifying their UAC-based workaround for their latest OS having a poor security model

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *