Vista is famous for asking unqualified users to make far too many judgment calls about security. Can Windows 7 teach the hated User Account Control to make its own decisions?
by Neil J. Rubenking.

Some people just love Vista; others hate it with a passion. Most of the haters fall into two main groups. The first group upgraded to Vista from XP, possibly without running the Windows Vista Upgrade Advisor to make sure their hardware and software would be compatible. They spent hours trying to get printers to print, accounts receivable programs to account, fax modems to fax, and so on, and they heartily blame Vista for their woes. Many of those in the second group think Vista is the cat's pajamas...except for those blasted User Account Control pop-ups.

The Problem

Vista was designed to be significantly more secure than XP, and UAC is a cornerstone of its security scheme. The point of UAC is to make sure no system-level changes occur without your knowledge and without an Administrator's permission. Even if you're an Administrator user, all of your day-to-day activity happens at the low-privilege Standard level. Before a nasty virus (or a useful application) can do something scary, like write to the Windows folder, it has to get permission.
UAC popups in Vista can be especially shocking because of what's called "secure desktop mode." The screen blanks out briefly, then everything except the UAC pop-up goes dim. Vista's UAC holds all your other interactions hostage until you respond to the pop-up. The purpose of this measure is to prevent sneaky programs from spoofing or manipulating the UAC prompt, but it's jarring and unpleasant.
Less frightening but equally annoying is the "I just TOLD you!" scenario. You launch a program and UAC immediately asks if you want to run this program. D'oh! Of course you do! Users can really get steamed about this, even Administrator users who merely have to click Yes. Imagine the frustration of a Standard user who must type an Administrator password or (more likely) go track down a supervisor who's available to enter the password. One time in a thousand this precaution might prevent a malicious program from launching, assuming (and it's a big assumption) that the user was alert enough to say No. The other 999 times it's just a pain. (full story Link)

This entry was posted on Nov 21, 2008 at 1:14 PM and is filed under , , , , , , , . You can follow any responses to this entry through the comments feed .


Post a Comment - Blog Search