Microsoft’s Windows 7 blog has an interesting post about UAC (User Account Control). Ben Fathi, vice president for core OS development, reveals some data from Vista’s Customer Experience Improvement Program about UAC and describes how Microsoft intends to change Windows 7 UAC. This is the essential information Microsoft gathered in one year (May 07 - May 08, Aug 07 - Aug 08):
- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
- The number of applications and tasks generating a prompt has declined from 775,312 to 168,149
- The number of sessions with one or more UAC prompts has declined from 50% to 33% of sessions with Vista SP1
- Windows itself accounts for about 40% of all UAC prompts
- Windows components accounted for 17 of the top 50 UAC prompts in Vista and 29 of the top 50 in Vista SP1
- In one lab study we conducted, only 13% of participants could provide specific details about why they were seeing a UAC dialog in Vista
I think it was expected that the number of UAC prompts would decline for three reasons:
- Many disabled either UAC or just the prompts
- Microsoft improved UAC with Service Pack 1
- Software publishers adopted their applications
Mr. Fathi doesn’t say anything about the number of machines that have the UAC prompts disabled. I think this would be the most interesting data. Another reason why the number of prompts has declined could be that most users have configured their desktops by now. However, I think this argument is not valid, because Vista adoption is still growing fast.
Another number I am missing is the times UAC actually prevented malware from being installed on Vista. I have been using Vista since its beta release on several machines and, thus far, all UAC prompts were only “false positives.” But perhaps I’m not a good example, because malware very seldom manages to reach my computers. At least, my anti-virus software hasn’t triggered an alarm for ages.
I still don’t believe that prompts of any kind really improve security, because most users click them away without really being aware of it. Microsoft’s data confirms this. Also, UAC might lull users into a false sense of security. Not all malware requires admin privileges. Thus, UAC might reduce security in some cases if users believe that everything is okay as long as there is no UAC prompt.
I think Microsoft is quite aware of all this. It is no secret that UAC was mostly introduced to force developers to write secure software. No software publisher wants to annoy users with constant UAC prompts. This approach obviously worked. Hence, we admins should be very thankful to Microsoft. UAC is one of the major reasons why Vista got bashed heavily. It didn’t just annoy many customers with its prompts; it also broke many applications. Microsoft must have known this. But UAC is a long-term project. When more software vendors adopt their applications, it will improve security significantly in the long run. Hence, this was a necessary step Microsoft had to take even though it costs them market share now.
Most interesting certainly is how Microsoft will change UAC in Windows 7. Unfortunately, Ben Fathi isn’t quite specific here:
- Reduce unnecessary or duplicated prompts in Windows and the ecosystem, such that critical prompts can be more easily identified
- Enable our customers to be more confident that they are in control of their systems
- Make prompts informative such that people can make more confident choices
- Provide better and more obvious control over the mechanism
The first point is clear. But it remains to be seen whether there still is much room for improvement after Vista SP1. I don’t understand the second point. I don’t think security prompts will ever increase confidence in anything. More informative prompts might be helpful in some cases, but since most users don’t read UAC prompts anyway, this won’t change much with to regard to the user experience. The last point could be the most interesting one from an administrator’s point of view. I wished Mr. Fathi had revealed a little more here.
Subscribe to 4sysops newsletter!
What I am really missing is a feature that allows me to exclude certain apps and users from UAC. Basically, I want all the features that sudo has under Linux. A su command that allows an admin to turn off UAC temporarily without hassle is also on my wish list. However, I doubt somehow that Microsoft will fulfill my wishes in Windows 7.