Microsoft Exec: UAC Designed To Annoy Users
section: microsoft, for your questions: KezNews forum, 11.4.2008
The User Account Control in Windows Vista improves security by reducing application privileges from administrative to standard levels, but UAC has been widely criticized for the nagging alerts it generates.
According to one Microsoft (NSDQ:MSFT) executive, the annoyance factor was actually part of the plan.
In a Thursday presentation at RSA 2008 in San Francisco, David Cross, a product unit manager at Microsoft who was part of the team that developed UAC, admitted that Microsoft's strategy with UAC was to irritate users and ISVs in order to get them to change their behavior.
"The reason we put UAC into the platform was to annoy users. I'm serious," said Cross.
Microsoft not only wanted to get users to stop running as administrators, which exacerbates the effects of attacks, but also wanted to convince ISVs to stop building applications that require administrative privileges to install and run, Cross explained.
"We needed to change the ecosystem, and we needed a heavy hammer to do it," Cross said.
Keith Meisner, senior systems engineer at AppTech, a Tacoma, Wash.-based solution provider, says UAC has helped Microsoft improve end users' overall security posture.
"Many of the situations we deal with have to do with users being uninformed about threats on the Internet," said Meisner. "Are there some annoyances with UAC? Yes, but advanced users know how to get around them."
But while UAC is good for overall security, it does present logistical issues, said Steve Snider, president of Cadre Information Security, a Cincinnati-based solution provider. "For people working in an office, close to IT, it's not a problem, but when you have a very mobile workforce, and you have to load and update applications, that's when it becomes more of an issue," he said.
As a result of UAC, software vendors have changed their approach to developing software, to the point where fewer applications and tasks are triggering alerts, said Cross. "Most users, on a daily basis, actually have zero UAC prompts," he said.
Cross also disputed the popular notion that many frustrated users have decided to shut off UAC alerts entirely. He cited internal Microsoft research that shows 88 percent of all Vista users operate with UAC turned on, and 66 percent of sessions have no prompts, and number he says will continue to grow over time.
"UAC is not a perfect security boundary, but it [has helped us] move from 'zero click' exploits to 'one click' defense," said Cross.
source:
crn.com
Send link 2 friend | Permalink
MORE RELATED ARTICLES:
Microsoft Exec Rages Against Vista Upgrade Hack || Getting Rid of UAC in Vista.. || Fixing Windows Vista: Taming UAC || Disabling UAC Slows Vista's Bootup Time? || Microsoft to push Office 2003 SP3 to users in February
Comments(11)
uac was the first thing i turned off after installing vista, but it's a pity that a lot
of people who know very little about vista think it can't be turned off. some are so lazy
that they can't be bothered to spend 20 seconds out of their busy lives to turn it off
once and for all.
not a good first impression now, is it, microsoft?
turned it off as soon as i installed vista......
uac is still turned on here, i see no reason to switch it off..
those who turn
it off have no idea whats there for.
very first thing to go to hell after installing system. and iq, what's this post for
anyway? lol
pathetic microsoft.. ohhhh god and how pathetic....
uac is good feature but vista still install first user as a admin user.
uac is
useless when computer is used as administrator user for basic tasks like internet browsing
or email.
the first user is the admin user, but if if you run programs, it doesn't run as full
admin...
to run it with full administration control, you should right click then
"run as administrator"...
the two is different from each other.
(prompt of uac
and run as administrator)
uac is not useless...
you are not a keen
observer...
you should explore what's the use of each feature.
uac still is a pain even though u know the good about it, gosh it can get badly nagging
depends on what you do often . ..vlite came in real handy !
luckily, most of us who have turned it off are running a handful of much more trustworthy
security apps which are far less intrusive.
speaking of trustworthy apps, the
other things that gotta go are windows defender and windows firewall. for the sake of
performance, windows indexer is redundant as well.
i have a good word for you but this forum wont let me post it. obviously your nick name
shows your insecurities with yourself. normal people dont need to premote themselves as
you are trying to do. you dont have a clue about uac or what it does. you are too worried
about your intelligence to be smart.
uac was a complete nag when you use vista for teh first time, since you just arent used
to it. now i've been using vista for a long time, i barely notice it, and its only does
it when i mess with system files etc... the exact point its there for... to prevent
breaches from unhindered malicious code and websites installing shite when you dont want
it to...im all for uac!
Add a Comment
one small stupid feature has put millions of people off vista
By yoyoma on 12.04.2008 - 02:04