Microsoft: Vista UAC designed to 'annoy users'

A Microsoft manager has said one of the security features in Vista was deliberately designed to "annoy users" in order to put pressure on third-party software makers to make their applications more secure.

David Cross, a product unit manager at Microsoft, was the group program manager in charge of designing User Account Control (UAC), which, when activated, requires people to run Vista in standard user mode rather than having administrator privileges, and offers a prompt if they try to install a program.

"The reason we put UAC into the [Vista] platform was to annoy users — I'm serious," said Cross, speaking at the RSA Conference in San Francisco on Thursday. "Most users had administrator privileges on previous Windows systems and most applications needed administrator privileges to install or run."

Cross claimed that annoying users had been part of a Microsoft strategy to force independent software vendors (ISVs) to make their code more secure, as insecure code would trigger a prompt, discouraging users from executing the code.

"We needed to change the ecosystem," said Cross. "UAC is changing the ISV ecosystem; applications are getting more secure. This was our target — to change the ecosystem. The fact is that there are fewer applications causing prompts. Eighty percent of the prompts were caused by 10 apps, some from ISVs and some from Microsoft. Sixty-six percent of sessions now have no prompts," said Cross.

Cross claimed it is a myth that users just turn UAC off, saying that Microsoft had collected opt-in information from users which showed that 88 percent were running UAC. Cross said it was also a myth that users blindly accept prompts without reading them.

"It's a myth that users click 'yes', 'yes', 'yes', 'yes'," said Cross. "Seven percent of all prompts are cancelled. Users are not just saying 'yes'."

Security company Kaspersky has in the past severely criticised UAC, claiming in March last year that it would make Vista less secure than XP.

At this year's RSA Conference, however, the security specialist seemed to have changed its tune. Jeff Aliber, Kaspersky's US senior director of product marketing, said: "[With Windows], there is a large attack surface with a number of entry points," said Aliber. "Anyone trying to shrink that attack surface and promote secure apps development has to be a good thing."

Prior to the launch of Vista, Kaspersky issued a report in January 2007 which said UAC would be ineffectual. The company claimed that many applications perform harmless actions that, in a security context, can appear to be malicious. As UAC flashes up a warning every time such an action is performed, Kaspersky said that users would be forced to either blindly ignore the warning and allow the action to be performed or disable the feature to stop themselves going "crazy".

"If the user were to be notified about every one of these actions with a request for confirmation or a request to enter a password, the user will either go crazy or disable the security feature," said Kaspersky.

• Related stories

• Alerts

Add your opinion

1. UAC Is Almost Forced on you Anonymous -- 14/04/08

   I had UAC running till i realised what that pop up was every 10seconds, it it was painful and annoying, so i turned it off. Now its off i have an icon in the task bar saying my computer isnt safe...
   It was SAFE without it in XP and its SAFE now i dont want it SO STOP ASKING ME TO TURN IT ON!!!

   • Reply to comment
   • Reply to story
   • Report offensive content

   1. Turning off little red warning Anonymous -- 16/04/08

      Anon,
      
      If you go to Security in Control panel you can choose an option on the left that says, "Choose how windows tells me about security warnings." or something similar to that. Then you can turn off the warning. Happy computing!

      • Reply to comment
      • Report offensive content

2. It's not very effective, then Craig Ringer -- 14/04/08

   The big benefit of UAC in my opinion is that it makes using the restricted user account practical. I wish MS had chosen to make this the default account type, though I understand why they didn' t.
   
   On a clean vista install (don't even TALK about upgrade installs, they're horrible) UAC shouldn't be much of an issue. I have UAC enabled and only encounter prompts when installing software, messing with network settings, and other things I'd LIKE to be warned about in case something's trying to do it behind my back. If I can handle having it enabled as a network admin and software developer, then it REALLY shouldn't be triggering for most users at all.
   
   Certain incredibly braindead apps might cause problems, but you can always tweak the permissions on the problem files/directories to permit access by the app without a UAC prompt. Ditto registry permissions, though that should never really be an issue.
   
   As for being "safe" without UAC in XP ... no, you're not really. XP is never safe when used as configured by default, you're running as admin all the time and any app can do whatever it wants to your system. As a UNIX user this fills me with horror. Unfortunately using XP as a restricted user tended to be rather painful. The right answer (on both XP and Vista) is not to run untrusted code - but most users are not capable of doing that, and for them UAC is another useful layer of security.
   
   Because of how UAC-as-an-admin-user works, you're actually running a shell at reduced privileges and have automatic "sudo"-style rights to elevate processes with a prompt. That's not too bad, really, and it' s not actually that different from how OSes like Mac OS X and many UNIX desktop GUIs do things.
   
   I don't get what all the fuss is about.

   • Reply to comment
   • Reply to story
   • Report offensive content

3. tried to use UAC; tried to use Vista Thomas W -- 04/05/08

   Gave UAC a decent trial, several days too.. before turning it off.
   
   Conclusion of the experiment, was that I wasted most of three weeks, before downgrading new workstation to XP.
   
   (System was my new high-end workstation; Intel CoreDuo 2, dual hdd, 2 GB ram etc.)
   
   Once downgraded my user experience was vastly improved, computer ran faster, much faster -- and I could finally get some productive work done.
   
   Now if MS would just refund the $6000 of time I wasted, before firing that David Cross guy -- then they might be on the right track.

   • Reply to comment
   • Reply to story
   • Report offensive content

• Just In

• Most Popular

• Most Discussed

Hot Spot - What's Important

Driving Business Growth Through Enterprise IT Management
Dig deeper by clicking here »

Achieve continuous availability with high performance NonStop blade technology

Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.

When chief information officers and other technology managers talk about their priorities, security is always high on the list.

Principles for a successful business

Reader Services

Popular Topics

Essentials