Has Windows Vista's UAC feature failed Microsoft?

Experts agree that Microsoft's Windows Vista is relatively well-protected, but its security features — such as User Account Control (UAC) — have been highlighted by security experts as one reason why the operating system is far less popular than its predecessor, Windows XP.

According to Scott Charney, vice president of Microsoft's Trustworthy Computing Group, UAC was designed to give users more control over the applications they run and help them make better security decisions by providing them with more information. However, the main problem with Vista's UAC, according to Charney, is that it prompts the user far too often.

"Clearly there has to be work done on UAC user prompts, where users get prompts at times they don't necessarily expect it — and it's not intuitive. The challenge is — as with many of these things when we try to give users control — if you give people too many prompts in too many situations, they view it as an impediment," Charney told ZDNet.com.au yesterday at the AusCERT security conference on the Gold Coast.

View: Full Article @ ZDNet Australia

Report a problem with article
Previous Story

Microsoft Halts XP SP3 Update to HP PCs Running AMD CPU's

Next Story

3G iPhone To Launch June 9

120 Comments

View more comments

(Airlink said @ #19)
The display properties and a whole lot of Control Panel stuff did not need to be split up and flung around the user interface, but that's what they did. No wonder people hate vista: They can't find anything! Nothing is where they're used to finding it.

As for UAC, it behaves like an autonag system and I hate it. It's like they resurrected Clippy, gave him Admin poweres, and then put him on crack.

"It looks like you're trying to open Internet Explorer. Would you like me to nag you about that?"

So you have a PC running Vista, eh? Exactly what applications are you running that are triggering UAC prompts? Because IE doesn't do it.

(GreyWolfSC said @ #19.1)

So you have a PC running Vista, eh? Exactly what applications are you running that are triggering UAC prompts? Because IE doesn't do it.

IE is actually the complete opposite. It runs with privledges lower than your user account.

If IE asks for admin access, and you approve it, you deserve to be removed from the Internet. Running a web browser as an Administrator is the same thing as giving the Internet administrative access to your machine.

"However, the main problem with Vista's UAC, according to Charney, is that it prompts the user far too often."

exactly!, which is why i just flat out turn it off as it's more of a hassle than anything else.

I did a clean Vista install 3 days ago, reinstalled all my software...3 days ago. Got my last UAC prompt...3 days ago, with the exception of running CCleaner every once in awhile.


I can't imagine what the hell you are doing that frequently that gets you this deluge of UAC prompts. My guess is that you either aren't and are blowing the situation out of proportion, or simply don't know what you're doing.

I'm with you 39 Thieves. The best way of determining whether UAC really affects people is to watch someone who isn't a technical wizard use Vista. I know someone with a Vista laptop who uses it for the internet and for Word. The UAC prompt doesn't come up ONCE, unless an external app wants to install some IE add-on (like Flash or whatever) and even then this is once in a blue moon.

So therefore if someone is seeing so many prompts, they should really use their sense and work out why they are seeing so many prompts. It's probably their ****ty 5-year old app that writes willy-nilly anywhere it likes that's doing it. Time to stop being a cheapskate and upgrade to the latest Vista version.

Linux and OSX already have a good "UAC" system in place before Vista. The "UAC" systems in Linux and OSX are very similar. It helps secure the system and users are happy with it. So then here comes Vista wanting to develop a UAC system of their own. Now why didn't they just copy the "UAC" system in Linux and OSX which has already been proven to work? Instead they went down a bad path, doing everything wrong with UAC. When I open the Control Panel in Vista, there shouldn't be a UAC prompt. If I open something else in the control panel that is more critical to system security such as Programs and Features (Add/Remove), then yes, prompt for an admin password. It's a good thing you can turn UAC off if you know what you are doing on Vista and don't need UAC to secure your system.

It's like this, if I were to roll out a media service like iTunes, I would look at iTunes and use it as a starting point and improve on it, not go blindly to create another bad design.

+1. Why does Microsoft always feel that they have to reinvent the wheel? Instead of trying to be different, they should stick to what has been tried and tested. However, it can't be entirely blamed on Microsoft. A lot of crappy third party software vendors need to update their software to run as administrative services. For example, I constantly get UAC asking me to validate update programs. If the programs were configured correctly, this should never happen. Microsoft has never forced software developers to fully change their applications to accommodate Vista's security features. One such example that I have talked frequently about is the virtual registry included with Vista. If an application doesn't have rights to access some system keys (most noticeably HKLM), it is permitted to create virtual keys under the user's branch, HKCU. THIS IS DUMB, and clearly doesn't force software developers to change their bad habits. Microsoft tried too hard to appease third-party developers, and left the user to deal with software making administrative level requests from a user level application.

Because the other OS's aren't as wildly used and abused as Windows. Sure, UAC can have a little tune up here and there, but for average users, it plainly works. For power users, you can always turn it off.

About the iTunes mention i don't want to sound like an apple basher but if you meant the itunes store, you are right. If you meant the program itself (in windows or macs) you are somewhat wrong, there have been two or three applications for windows that innovated library management (J. river media jukebox being one of them) and itunes copied from them, but they didn't copied all the good things. iTunes is just a "decent" program, not a great one when it comes to libraries because it lacks so much in this regard.

(mayamaniac said @ #22)
Linux and OSX already have a good "UAC" system in place before Vista. The "UAC" systems in Linux and OSX are very similar. It helps secure the system and users are happy with it. So then here comes Vista wanting to develop a UAC system of their own. Now why didn't they just copy the "UAC" system in Linux and OSX which has already been proven to work? Instead they went down a bad path, doing everything wrong with UAC. When I open the Control Panel in Vista, there shouldn't be a UAC prompt. If I open something else in the control panel that is more critical to system security such as Programs and Features (Add/Remove), then yes, prompt for an admin password. It's a good thing you can turn UAC off if you know what you are doing on Vista and don't need UAC to secure your system.

It's like this, if I were to roll out a media service like iTunes, I would look at iTunes and use it as a starting point and improve on it, not go blindly to create another bad design.

You have a problem with your computer if you are getting UAC prompts when you open Control Panel. Mine doesn't do that, and it's not supposed to.

(mayamaniac said @ #22)
Linux and OSX already have a good "UAC" system in place before Vista. The "UAC" systems in Linux and OSX are very similar. It helps secure the system and users are happy with it. So then here comes Vista wanting to develop a UAC system of their own. Now why didn't they just copy the "UAC" system in Linux and OSX which has already been proven to work? Instead they went down a bad path, doing everything wrong with UAC. When I open the Control Panel in Vista, there shouldn't be a UAC prompt. If I open something else in the control panel that is more critical to system security such as Programs and Features (Add/Remove), then yes, prompt for an admin password. It's a good thing you can turn UAC off if you know what you are doing on Vista and don't need UAC to secure your system.

It's like this, if I were to roll out a media service like iTunes, I would look at iTunes and use it as a starting point and improve on it, not go blindly to create another bad design.

+1. IIRC vista doesn't ask for a password in those UAC prompts when you're logged in as an admin user, while sudo on Linux and Mac OS X does. If UAC is to help prevent security breaches due to user fault, then a box with a simple "continue" button is not very much help. I mean, honestly, how many people can say that they read every dialog box that pops up on their screen? or the EULAs? I know I tend to just click OK or next and get on with what i'm doing. having to enter a password makes you have to stop and think.

(ergosteur said @ #22.4)
+1. IIRC vista doesn't ask for a password in those UAC prompts when you're logged in as an admin user, while sudo on Linux and Mac OS X does. If UAC is to help prevent security breaches due to user fault, then a box with a simple "continue" button is not very much help. I mean, honestly, how many people can say that they read every dialog box that pops up on their screen? or the EULAs? I know I tend to just click OK or next and get on with what i'm doing. having to enter a password makes you have to stop and think.


But it's not.

UAC's primary goal is to prevent automatic privilege escalation and to keep software at the least privilege level needed to complete its task. It's not to prevent your mistakes.

Ok, Here's something I'd be interested in hearing peoples opinions on.

So, If we have applications that repeatedly need a UAC Prompt it can be somewhat annoying, so:
Having a "always trust this application" may not be the best of options, but what about a UAC equivalent of gpedit.msc where you can set all the fine details of what UAC allows, doesn't allow and what it does and doesn't check for?

I know you can silence UAC, but as far as I know, there isn't really any fine control over it so if there is one particular part of it that's a problem, you can't easily work around it.

Would you say this solves the above problem? Would you say it satisfies the "power users"?

My thought process behind this is, it should (in theory) prevent normal people from touching stuff they really shouldn't but still allow fine control.

Just a thought. Don't kill me

but what about a UAC equivalent of gpedit.msc where you can set all the fine details of what UAC allows, doesn't allow and what it does and doesn't check for?


Uh. That's called editting the ACLs on whatever you want to tune. If, for instance, you want to allow any program write access to a directory in Program Files that it would not normally have access to, you just give Users write permission, and you're done.

That's it. That's how UAC works. It just prevents running apps from doing stuff that they'd need to rely on an "Administrator" permission entry for.

(MioTheGreat said @ #23.1)

Uh. That's called editting the ACLs on whatever you want to tune. If, for instance, you want to allow any program write access to a directory in Program Files that it would not normally have access to, you just give Users write permission, and you're done.

That's it. That's how UAC works. It just prevents running apps from doing stuff that they'd need to rely on an "Administrator" permission entry for.

True, however, to me it just seemed tedious, although unless your installing new applications everyday, it's probably not going to be that much of a hassle. Shame these machines can't just read our minds. Would make life alot easier

The only problem I have with UAC is not its architecture or anything, I just hate its un-smoothness and the "light-box" effect.
Its really annoying when UAC prompts, my screen flashes and then a light box shows up about a couple seconds later. A few seconds may not seem much, but If it happends a lot, its quite annoying. Also you cannot do anything else when the lightbox is on. I would MUCH rather if there is just a prompt window instead of a lightbox. If its REALLY nessasary, make the light-box run smoother, and faster. Cut that screen-blink, 3 sec delay crap, I want to see a smooth fade in, quickly fade out lightbox!

(noPCtoday said @ #24)
The only problem I have with UAC is not its architecture or anything, I just hate its un-smoothness and the "light-box" effect.
Its really annoying when UAC prompts, my screen flashes and then a light box shows up about a couple seconds later. A few seconds may not seem much, but If it happends a lot, its quite annoying. Also you cannot do anything else when the lightbox is on. I would MUCH rather if there is just a prompt window instead of a lightbox. If its REALLY nessasary, make the light-box run smoother, and faster. Cut that screen-blink, 3 sec delay crap, I want to see a smooth fade in, quickly fade out lightbox!
You can disable the secure desktop screen (the blanking out of the desktop). The purpose of that is to make it difficult for malicious programs to cover up part of the UAC window with a window of their own, thus tricking the user into confirming a prompt they should deny.

(waruikoohii said @ #24.1)
You can disable the secure desktop screen (the blanking out of the desktop). The purpose of that is to make it difficult for malicious programs to cover up part of the UAC window with a window of their own, thus tricking the user into confirming a prompt they should deny.


Actually, it has two purposes: Prevent keylogging of the UAC prompt, and to prevent any application from falsifying input on the UAC dialog.

But since the default configuration has it on, and it's such a tiny minority of users who turn it off (Myself included. Stupid mobility modded drivers and that flicker...) I don't think it's a security problem. It'll never be targetted.

(MioTheGreat said @ #24.2)
But since the default configuration has it on, and it's such a tiny minority of users who turn it off (Myself included. Stupid mobility modded drivers and that flicker...) I don't think it's a security problem. It'll never be targetted.

I have yet to come across a Vista PC with updated graphic drivers that don't do hard flickers. There's no flicker with DWM disabled, but with it on....

....but as you said, only a minority cares about or knows about disabling UAC or Secure Desktop.

whats it gonna be like in the future ?

if this is a step of many in a transition in security then what is it gonna be like
in 3 or 4 OS versions down the road ?

i can ivision a lot of people turning against MS after a while if they continue what they are doing
and how quickly the fanboys will forget their rhetoric once they have switched sides lol

i see lack of concern for teh big picture and the advanced power users that want a good OS
instead they will slopp together pieces of random code in an effort to please every one
and wind up pleasing no one fully all the while conmtinue what they have done all along
which is make an ever increasingly Bloated OS..

just imagine how many terabytes of ram your gonna need for .net framework 9 or whatever lol

im sure ill have perm switched to linux long before that

i also enjoyed the dozen + comments about Vista leading market sales figures lol
that wouldnt have anything to do with lack of availabilty of XP now would it ?

my parents bought a lap top a while ago and wanted xp and were mad they were forced to get Vista
they tried it and after many months they still say it sucks baaaaaad and they wish they could wipe it out
and install XP but were concerned that it would void the warranty on their brand new laptop.

Im not the only one that thinks Vista is a disapointment..

UAC didn't fail Microsoft; it failed us, the users. It's simply a poor, faulty implementation of a good idea. Microsoft really needs to take a step back and think about the future of Windows. Mac and Linux keep looking better by the day. Frankly, I have little to no faith in Microsoft at this point; especially with that stupid monkey Ballmer in charge.

For me the problem with UAC is how it crashes some programs that are running (not programs that have anything to do with the UAC coming up).

It has to do with the screen darkening when the UAC box pops up. It corrupts the video drivers for some programs and they crash. There's no reason they should have to make the screen go dark like that.

Commenting is disabled on this article.