Comments on: Thoughts about User Account Control’s (UAC) primary design goal

By: Jason Sandys

Jason Sandys — Thu, 18 Jun 2009 21:44:00 +0000

Michael, Then I completely agree with you.

Phil, The average use can barely turn on a PC. If you stop to actually read the prompts, they have always clearly stated that the action you are attempting to perform is privileged. If you drive a car, you learn to put gas in it, check the tires, change the oil, don’t drive over 80 in the snow, etc. Why is it so much to ask for users to actually read the message?

Why are some actions privileged? This is more of a legitimate gripe and Microsoft has been working hard to reduce the privileges on many actions that shouldn’t require elevation.

The fundamental problem is not with UAC, its with application developers who have failed to adhere to Microsoft standards that have been published since NT 3.51. If you run *nix or OS X, normal users have never run as root. Windows was designed the same way, its just the mass of developers out there never cared to learn the proper way of doing things.

By: Michael Pietroforte

Michael Pietroforte — Thu, 18 Jun 2009 21:13:08 +0000

Jason, I am not interpreting, I am just concluding. The point is that Microsoft had bigger plans, and these plans failed. All that is left is not a security feature, but an educational feature. My main point in this article is not that the UAC prompts are disturbing. It is just that their purpose is a different one than many believe. They are not supposed to warn you about malware, they are supposed to tell you that the developer of this program has to be educated.

Phil, I agree. UAC messages should be more explicit. What about this one: “Inform the developer of this program that you don’t like this prompt!”

By: Phil

Phil — Thu, 18 Jun 2009 20:37:47 +0000

It still ignores the fundamental problem with UAC – the average user doesn’t have a clue whether to say yes or no in response to a UAC prompt. It’s not that obvious to more seasoned users, either.

By: Jason Sandys

Jason Sandys — Thu, 18 Jun 2009 19:36:31 +0000

“So UAC was originally planned as a real security feature and ended as an “educational feature” because the project failed.”

You’re mis-interpreting Mark’s statement. UAC was one part of a set of tools whose end goal was raising the security posture of Windows. The tools providing the real barrier were integrity levels and UIPI. UIPI ad integrity levels were deemed too disruptive and thus removed and the security barrier with them. UAC was a complementary tool that furthered the goal. And if you re-read the statement, he doesn;t even mention UAC, even though the context of the statment is within a UAC discussion, the specifics do not include UAC.

Also note that UIPI and and integrity levels are actually still in the product, they are just not utilizied.

The question I always have for folks who find UAC so annoying is what are you doing to get the prompt all the time? I’ve run Vista since early betas at home and work and rarely see a prompt unless I’m expecting it. The great thing is that I haven’t run using an admin account since before XP so UAC prompts me for credntials without having to remember to use Run As – which btw doesn’t work the same in Vista anyway so doesn’t work at all if you disable UAC.