Has Windows Vista's UAC feature failed Microsoft?

Experts agree that Microsoft's Windows Vista is relatively well-protected, but its security features — such as User Account Control (UAC) — have been highlighted by security experts as one reason why the operating system is far less popular than its predecessor, Windows XP.

According to Scott Charney, vice president of Microsoft's Trustworthy Computing Group, UAC was designed to give users more control over the applications they run and help them make better security decisions by providing them with more information. However, the main problem with Vista's UAC, according to Charney, is that it prompts the user far too often.

"Clearly there has to be work done on UAC user prompts, where users get prompts at times they don't necessarily expect it — and it's not intuitive. The challenge is — as with many of these things when we try to give users control — if you give people too many prompts in too many situations, they view it as an impediment," Charney told ZDNet.com.au yesterday at the AusCERT security conference on the Gold Coast.

View: Full Article @ ZDNet Australia

Report a problem with article
Previous Story

Microsoft Halts XP SP3 Update to HP PCs Running AMD CPU's

Next Story

3G iPhone To Launch June 9

120 Comments

Commenting is disabled on this article.

For me the problem with UAC is how it crashes some programs that are running (not programs that have anything to do with the UAC coming up).

It has to do with the screen darkening when the UAC box pops up. It corrupts the video drivers for some programs and they crash. There's no reason they should have to make the screen go dark like that.

UAC didn't fail Microsoft; it failed us, the users. It's simply a poor, faulty implementation of a good idea. Microsoft really needs to take a step back and think about the future of Windows. Mac and Linux keep looking better by the day. Frankly, I have little to no faith in Microsoft at this point; especially with that stupid monkey Ballmer in charge.

whats it gonna be like in the future ?

if this is a step of many in a transition in security then what is it gonna be like
in 3 or 4 OS versions down the road ?

i can ivision a lot of people turning against MS after a while if they continue what they are doing
and how quickly the fanboys will forget their rhetoric once they have switched sides lol

i see lack of concern for teh big picture and the advanced power users that want a good OS
instead they will slopp together pieces of random code in an effort to please every one
and wind up pleasing no one fully all the while conmtinue what they have done all along
which is make an ever increasingly Bloated OS..

just imagine how many terabytes of ram your gonna need for .net framework 9 or whatever lol

im sure ill have perm switched to linux long before that

i also enjoyed the dozen + comments about Vista leading market sales figures lol
that wouldnt have anything to do with lack of availabilty of XP now would it ?

my parents bought a lap top a while ago and wanted xp and were mad they were forced to get Vista
they tried it and after many months they still say it sucks baaaaaad and they wish they could wipe it out
and install XP but were concerned that it would void the warranty on their brand new laptop.

Im not the only one that thinks Vista is a disapointment..

The only problem I have with UAC is not its architecture or anything, I just hate its un-smoothness and the "light-box" effect.
Its really annoying when UAC prompts, my screen flashes and then a light box shows up about a couple seconds later. A few seconds may not seem much, but If it happends a lot, its quite annoying. Also you cannot do anything else when the lightbox is on. I would MUCH rather if there is just a prompt window instead of a lightbox. If its REALLY nessasary, make the light-box run smoother, and faster. Cut that screen-blink, 3 sec delay crap, I want to see a smooth fade in, quickly fade out lightbox!

(noPCtoday said @ #24)
The only problem I have with UAC is not its architecture or anything, I just hate its un-smoothness and the "light-box" effect.
Its really annoying when UAC prompts, my screen flashes and then a light box shows up about a couple seconds later. A few seconds may not seem much, but If it happends a lot, its quite annoying. Also you cannot do anything else when the lightbox is on. I would MUCH rather if there is just a prompt window instead of a lightbox. If its REALLY nessasary, make the light-box run smoother, and faster. Cut that screen-blink, 3 sec delay crap, I want to see a smooth fade in, quickly fade out lightbox!
You can disable the secure desktop screen (the blanking out of the desktop). The purpose of that is to make it difficult for malicious programs to cover up part of the UAC window with a window of their own, thus tricking the user into confirming a prompt they should deny.

(waruikoohii said @ #24.1)
You can disable the secure desktop screen (the blanking out of the desktop). The purpose of that is to make it difficult for malicious programs to cover up part of the UAC window with a window of their own, thus tricking the user into confirming a prompt they should deny.


Actually, it has two purposes: Prevent keylogging of the UAC prompt, and to prevent any application from falsifying input on the UAC dialog.

But since the default configuration has it on, and it's such a tiny minority of users who turn it off (Myself included. Stupid mobility modded drivers and that flicker...) I don't think it's a security problem. It'll never be targetted.

(MioTheGreat said @ #24.2)
But since the default configuration has it on, and it's such a tiny minority of users who turn it off (Myself included. Stupid mobility modded drivers and that flicker...) I don't think it's a security problem. It'll never be targetted.

I have yet to come across a Vista PC with updated graphic drivers that don't do hard flickers. There's no flicker with DWM disabled, but with it on....

....but as you said, only a minority cares about or knows about disabling UAC or Secure Desktop.

Ok, Here's something I'd be interested in hearing peoples opinions on.

So, If we have applications that repeatedly need a UAC Prompt it can be somewhat annoying, so:
Having a "always trust this application" may not be the best of options, but what about a UAC equivalent of gpedit.msc where you can set all the fine details of what UAC allows, doesn't allow and what it does and doesn't check for?

I know you can silence UAC, but as far as I know, there isn't really any fine control over it so if there is one particular part of it that's a problem, you can't easily work around it.

Would you say this solves the above problem? Would you say it satisfies the "power users"?

My thought process behind this is, it should (in theory) prevent normal people from touching stuff they really shouldn't but still allow fine control.

Just a thought. Don't kill me

but what about a UAC equivalent of gpedit.msc where you can set all the fine details of what UAC allows, doesn't allow and what it does and doesn't check for?


Uh. That's called editting the ACLs on whatever you want to tune. If, for instance, you want to allow any program write access to a directory in Program Files that it would not normally have access to, you just give Users write permission, and you're done.

That's it. That's how UAC works. It just prevents running apps from doing stuff that they'd need to rely on an "Administrator" permission entry for.

(MioTheGreat said @ #23.1)

Uh. That's called editting the ACLs on whatever you want to tune. If, for instance, you want to allow any program write access to a directory in Program Files that it would not normally have access to, you just give Users write permission, and you're done.

That's it. That's how UAC works. It just prevents running apps from doing stuff that they'd need to rely on an "Administrator" permission entry for.

True, however, to me it just seemed tedious, although unless your installing new applications everyday, it's probably not going to be that much of a hassle. Shame these machines can't just read our minds. Would make life alot easier

Linux and OSX already have a good "UAC" system in place before Vista. The "UAC" systems in Linux and OSX are very similar. It helps secure the system and users are happy with it. So then here comes Vista wanting to develop a UAC system of their own. Now why didn't they just copy the "UAC" system in Linux and OSX which has already been proven to work? Instead they went down a bad path, doing everything wrong with UAC. When I open the Control Panel in Vista, there shouldn't be a UAC prompt. If I open something else in the control panel that is more critical to system security such as Programs and Features (Add/Remove), then yes, prompt for an admin password. It's a good thing you can turn UAC off if you know what you are doing on Vista and don't need UAC to secure your system.

It's like this, if I were to roll out a media service like iTunes, I would look at iTunes and use it as a starting point and improve on it, not go blindly to create another bad design.

+1. Why does Microsoft always feel that they have to reinvent the wheel? Instead of trying to be different, they should stick to what has been tried and tested. However, it can't be entirely blamed on Microsoft. A lot of crappy third party software vendors need to update their software to run as administrative services. For example, I constantly get UAC asking me to validate update programs. If the programs were configured correctly, this should never happen. Microsoft has never forced software developers to fully change their applications to accommodate Vista's security features. One such example that I have talked frequently about is the virtual registry included with Vista. If an application doesn't have rights to access some system keys (most noticeably HKLM), it is permitted to create virtual keys under the user's branch, HKCU. THIS IS DUMB, and clearly doesn't force software developers to change their bad habits. Microsoft tried too hard to appease third-party developers, and left the user to deal with software making administrative level requests from a user level application.

Because the other OS's aren't as wildly used and abused as Windows. Sure, UAC can have a little tune up here and there, but for average users, it plainly works. For power users, you can always turn it off.

About the iTunes mention i don't want to sound like an apple basher but if you meant the itunes store, you are right. If you meant the program itself (in windows or macs) you are somewhat wrong, there have been two or three applications for windows that innovated library management (J. river media jukebox being one of them) and itunes copied from them, but they didn't copied all the good things. iTunes is just a "decent" program, not a great one when it comes to libraries because it lacks so much in this regard.

(mayamaniac said @ #22)
Linux and OSX already have a good "UAC" system in place before Vista. The "UAC" systems in Linux and OSX are very similar. It helps secure the system and users are happy with it. So then here comes Vista wanting to develop a UAC system of their own. Now why didn't they just copy the "UAC" system in Linux and OSX which has already been proven to work? Instead they went down a bad path, doing everything wrong with UAC. When I open the Control Panel in Vista, there shouldn't be a UAC prompt. If I open something else in the control panel that is more critical to system security such as Programs and Features (Add/Remove), then yes, prompt for an admin password. It's a good thing you can turn UAC off if you know what you are doing on Vista and don't need UAC to secure your system.

It's like this, if I were to roll out a media service like iTunes, I would look at iTunes and use it as a starting point and improve on it, not go blindly to create another bad design.

You have a problem with your computer if you are getting UAC prompts when you open Control Panel. Mine doesn't do that, and it's not supposed to.

(mayamaniac said @ #22)
Linux and OSX already have a good "UAC" system in place before Vista. The "UAC" systems in Linux and OSX are very similar. It helps secure the system and users are happy with it. So then here comes Vista wanting to develop a UAC system of their own. Now why didn't they just copy the "UAC" system in Linux and OSX which has already been proven to work? Instead they went down a bad path, doing everything wrong with UAC. When I open the Control Panel in Vista, there shouldn't be a UAC prompt. If I open something else in the control panel that is more critical to system security such as Programs and Features (Add/Remove), then yes, prompt for an admin password. It's a good thing you can turn UAC off if you know what you are doing on Vista and don't need UAC to secure your system.

It's like this, if I were to roll out a media service like iTunes, I would look at iTunes and use it as a starting point and improve on it, not go blindly to create another bad design.

+1. IIRC vista doesn't ask for a password in those UAC prompts when you're logged in as an admin user, while sudo on Linux and Mac OS X does. If UAC is to help prevent security breaches due to user fault, then a box with a simple "continue" button is not very much help. I mean, honestly, how many people can say that they read every dialog box that pops up on their screen? or the EULAs? I know I tend to just click OK or next and get on with what i'm doing. having to enter a password makes you have to stop and think.

(ergosteur said @ #22.4)
+1. IIRC vista doesn't ask for a password in those UAC prompts when you're logged in as an admin user, while sudo on Linux and Mac OS X does. If UAC is to help prevent security breaches due to user fault, then a box with a simple "continue" button is not very much help. I mean, honestly, how many people can say that they read every dialog box that pops up on their screen? or the EULAs? I know I tend to just click OK or next and get on with what i'm doing. having to enter a password makes you have to stop and think.


But it's not.

UAC's primary goal is to prevent automatic privilege escalation and to keep software at the least privilege level needed to complete its task. It's not to prevent your mistakes.

"However, the main problem with Vista's UAC, according to Charney, is that it prompts the user far too often."

exactly!, which is why i just flat out turn it off as it's more of a hassle than anything else.

I did a clean Vista install 3 days ago, reinstalled all my software...3 days ago. Got my last UAC prompt...3 days ago, with the exception of running CCleaner every once in awhile.


I can't imagine what the hell you are doing that frequently that gets you this deluge of UAC prompts. My guess is that you either aren't and are blowing the situation out of proportion, or simply don't know what you're doing.

I'm with you 39 Thieves. The best way of determining whether UAC really affects people is to watch someone who isn't a technical wizard use Vista. I know someone with a Vista laptop who uses it for the internet and for Word. The UAC prompt doesn't come up ONCE, unless an external app wants to install some IE add-on (like Flash or whatever) and even then this is once in a blue moon.

So therefore if someone is seeing so many prompts, they should really use their sense and work out why they are seeing so many prompts. It's probably their ****ty 5-year old app that writes willy-nilly anywhere it likes that's doing it. Time to stop being a cheapskate and upgrade to the latest Vista version.

Another day, another negative spin on Vista. People whine and cry about not having enough security but when Microsoft delivers why whine and cry even more.

Some people whine and cry no matter what Microsoft does. The rest of us figure out what UAC is and how to properly implement it and then have nothing to complain about.

Vista was a fine first attempt at getting things right. And that exactly what it was a first attempt.

The problem with the UAC is that it handled applications that were *not* made for Vista poorly.

Take for instance Visual Studio 2005... you had to run it with admin rights... even though you were an admin didn't mean you had admin rights because you were saving or creating files outside your *private* domain or lets say your documents.

Some apps that were wrote and not updated before or shortly thereafter the UAC came into existance never threw an error if certain things were denied... granted thats the paricular apps fault but it sure is nice to develop an item and then blame everyone else for not being up to par. Extremely short-sighted would be another anecdote for the UAC.

In my opinion the UAC did its job... just poorly. Look at all the coporate programs that they keep in-house that is designed for them and them only and see if the UAC lives long in that environment... willing to make a bet?

And did Microsoft figure this is going to be different for small businesses?

I have moved back to XP Pro.

(WindSailor said @ #17)
Vista was a fine first attempt at getting things right. And that exactly what it was a first attempt.

The problem with the UAC is that it handled applications that were *not* made for Vista poorly.

Take for instance Visual Studio 2005... you had to run it with admin rights... even though you were an admin didn't mean you had admin rights because you were saving or creating files outside your *private* domain or lets say your documents.

Some apps that were wrote and not updated before or shortly thereafter the UAC came into existance never threw an error if certain things were denied... granted thats the paricular apps fault but it sure is nice to develop an item and then blame everyone else for not being up to par. Extremely short-sighted would be another anecdote for the UAC.

In my opinion the UAC did its job... just poorly. Look at all the coporate programs that they keep in-house that is designed for them and them only and see if the UAC lives long in that environment... willing to make a bet?

And did Microsoft figure this is going to be different for small businesses?

I have moved back to XP Pro.

So in other words, you're blaming UAC because third party developers always assumed the user had admin privledges.

UAC is a blunt force way of getting the development community back on the right track. It was a bit painful last year, but I don't even have any applications installed right now that need admin access to just run.

Yet another UAC discussion. If people don't get it by now they never will.

I guess this post fills the quota of at least one anti-Vista newspost a day this place seems to have adopted.

Yes.

It's not that the idea behind is bad, but the implementation is all wrong.
If MS wouldn't added an option, to allow you to run an app always (that you trust), at an elevated level, I think most of the UAC complains would disappear.

As it stands, everytime I turn on my desktop, I get prompts about me allowing RivaTuner and Boinc, and Defender won't allow me to make an exception for them at startup. Annoying, annoying, annoying.

Outside of that, I understand the need and use of UAC (and how about adding a 'sudo' like command too).

(1759 said @ #15)
Yes.

It's not that the idea behind is bad, but the implementation is all wrong.
If MS wouldn't added an option, to allow you to run an app always (that you trust), at an elevated level, I think most of the UAC complains would disappear.

As it stands, everytime I turn on my desktop, I get prompts about me allowing RivaTuner and Boinc, and Defender won't allow me to make an exception for them at startup. Annoying, annoying, annoying.

Outside of that, I understand the need and use of UAC (and how about adding a 'sudo' like command too).

lol yes, please trust my 3rd party malware infested application that I dont know where I got it from, but it gives me that nifty "anti-spyware" toolbar in IE.... I think that would completely defeat the purpose of UAC

And honestly, most people download, malware infested "anti-spyware" toolbars for IE thinking they will fix everything and nothing will go wrong, and would say yes to something like that, if anything to stop them from being nagged.

What MS should have done is promote it more, as a security feature saying something like "Know when an app is doing something its not supposed to be doing" All this BS hype has made it out to be an annoying feature that never should have been implemented. I think UAC was the greatest thing ever for security (even though I turn it off)

Just curious, am I the only person who was running Windows XP in non-admin mode?

This was actually more annoying in XP, because all the stupid software that assumes it's got admin privileges would simply not run, or break. Now, when I attempt to launch a program requiring admin privileges in Vista instead of the UAC prompt I automatically get like a combination UAC & user/password prompt to launch the program with an admin user, so in that respect Vista's UAC setup actually works much better than how XP handled it.

In the grand scheme of things, having to launch something requiring UAC or admin privileges doesn't occur that often, besides that first week when you're installing all your software.

(lars77 said @ #14)
In the grand scheme of things, having to launch something requiring UAC or admin privileges doesn't occur that often, besides that first week when you're installing all your software.

Thats true, but this is a good example of why first impressions are so important.

(lars77 said @ #14)
Just curious, am I the only person who was running Windows XP in non-admin mode?

This was actually more annoying in XP, because all the stupid software that assumes it's got admin privileges would simply not run, or break. Now, when I attempt to launch a program requiring admin privileges in Vista instead of the UAC prompt I automatically get like a combination UAC & user/password prompt to launch the program with an admin user, so in that respect Vista's UAC setup actually works much better than how XP handled it.

In the grand scheme of things, having to launch something requiring UAC or admin privileges doesn't occur that often, besides that first week when you're installing all your software.

The main trouble is, even if you run with a limited account, viruses, spywares and many other "nasty-wares" runs on a high-level, even beyond admin rights. In linux happens the oposite, where a "backdoor" can runs without right (without account) and still be a headache.


Damned if you do, damned if you don't! People complained about the security modekl behind previous versions of Windows. So Microsoft changed it, and they are now criticised for this new model.

Maybe it's just me, but UAC seems 100% logical to me. It comes up when I'm doing something that could change my computer. It stays quiet the 99% of the other time, when I'm working.

Ah, but there are those times when I run an app, literally just open a simple 3rd party app - and UAC asks me? GASP! I have to click a button! And this is Microsoft's fault? Are they the ones that wrote the aps that assume you need admin priviledges, the app that wants to write to your protected areas?

Sheesh!

All this is, is taking what was once a tecchie issue (local computer security) and allowing it to be part of a consumer OS. The two models still don't totally align 100% perfectly yet, so Microsoft have created a system that will accommodate both models as well as possible.

People don't want to admit it, but they get prompted all the time because they're installing porn all the time.

I can't believe we're still reading about crap like this. It's exasperating to see how senseless and mentally handicapped people can be. UAC is not the problem. The problem is, and always has been, the users. Can Microsoft or any other company effectively account for user stupidity and make those same users happy? This is truly a case where people need to be protected from themselves.

a little brash, don't ya think? No company should ever blame customers as a reason for failure of their product. They should instead look at new ways to innovate and in Microsoft's case "simplify" their product since their user base is anywhere from handicapped, young, old, etc. Microsoft has the ideal user base: everyone. UAC is not the negative feature in Vista preventing me from switching over, it's actually bad driver compatibility.

It amazes me how some can't step back and down from their high horse and understand that almost no one is as knowledgeable about computers as people in this comments area. To most people UAC is completely out of left field and they don't get whats happening at first. It is unbelievably intrusive and utterly annoying to most in a work environment especially. No one was ready for it. Im so friggin sick of this UberGeek arrogance.

By the way I love Vista, but I totally understand why UAC is absolutely hated by the normal folk... and by normal I mean the majority of users who are not elitist meganerds.

(solardog said @ #11.5)
By the way I love Vista, but I totally understand why UAC is absolutely hated by the normal folk... and by normal I mean the majority of users who are not elitist meganerds.

I don't think it's hated by the 'normal' folk.

It's hated by the self-described power users who don't actually know what they're doing.

Brandon once pointed out in the forums that Microsoft's CEIP data shows that the vast majority of user sessions go by without a single UAC prompt.

(solardog said @ #11.5)
It amazes me how some can't step back and down from their high horse and understand that almost no one is as knowledgeable about computers as people in this comments area. To most people UAC is completely out of left field and they don't get whats happening at first. It is unbelievably intrusive and utterly annoying to most in a work environment especially. No one was ready for it. Im so friggin sick of this UberGeek arrogance.

By the way I love Vista, but I totally understand why UAC is absolutely hated by the normal folk... and by normal I mean the majority of users who are not elitist meganerds.

You are very right, but I still don't retract any portion of my comment. I wish Microsoft had trumpeted UAC as a fantastic new "friendly" feature mass-media commercials. The people who need it most don't understand it, and don't realize that it's their friend, and in the grand scheme of things, it's infrequent and not annoying. If it doesn't bother someone cranky like me, I don't see why it would bother anyone else so.

(MioTheGreat said @ #11.6)

I don't think it's hated by the 'normal' folk.

It's hated by the self-described power users who don't actually know what they're doing.

Brandon once pointed out in the forums that Microsoft's CEIP data shows that the vast majority of user sessions go by without a single UAC prompt.

Single-handedly summing up the whole situation. Congrats!

(MioTheGreat said @ #11.6)

I don't think it's hated by the 'normal' folk.

It's hated by the self-described power users who don't actually know what they're doing.

Brandon once pointed out in the forums that Microsoft's CEIP data shows that the vast majority of user sessions go by without a single UAC prompt.

THANK YOU sensible post! Backed up with, omg facts?!

(MioTheGreat said @ #11.6)
Brandon once pointed out in the forums that Microsoft's CEIP data shows that the vast majority of user sessions go by without a single UAC prompt.

That is assuming most users who use Vista agree to CEIP when it's advertised to them.

(rm20010 said @ #11.10)

That is assuming most users who use Vista agree to CEIP when it's advertised to them.

Why would it? I'm sure it's a fair enough sample of users.

(Captain555 said @ #10)
Seem like also you shoudn't try to make a PVR using a PC running Vista:

http://www.windowsdailynews.com/2008/05/19...t-flag/#more-22


Except that report doesn't specify the app so for all we know it could be doing the same on XP, 2000 and whatever OS it can be installed on. In other words, it could very easily be the app itself that's the one honouring the "broadcast flag"!

Yep, the source is rubbish as it's devoid of details, so non-news really.

No need for a 3rd party app in Vista, you can use Media Center that is included in Home Premium and Ultimate. I know it's now specified. Chance are pretty good that it is.

It a very well known fact that Vista is full of DRMs that Microsoft put in there at the pressure of the big media cartels.

(testman said @ #10.1)

Except that report doesn't specify the app so for all we know it could be doing the same on XP, 2000 and whatever OS it can be installed on. In other words, it could very easily be the app itself that's the one honouring the "broadcast flag"!

Yep, the source is rubbish as it's devoid of details, so non-news really.

It's obviously Windows Media Center from the screenshot. We've heard about this flag for a while now, so this shouldn't come as a surprise. In addition to the relationships MS has to keep with its customers, it has relationships to maintain with partners and other industries- like entertainment. You can bet that no one at Microsoft wanted to do this. If you're not satisfied with what Microsoft provides with Vista, then try a Media Center alternative.
And, if you really want to record American Gladiators... Read a fsckin' book!

(Skwerl said @ #10.5)

It's obviously Windows Media Center from the screenshot. We've heard about this flag for a while now, so this shouldn't come as a surprise. In addition to the relationships MS has to keep with its customers, it has relationships to maintain with partners and other industries- like entertainment. You can bet that no one at Microsoft wanted to do this. If you're not satisfied with what Microsoft provides with Vista, then try a Media Center alternative.
And, if you really want to record American Gladiators... Read a fsckin' book!


Ah I didn't see that, assumed it was an ad so skimmed over it (trust me speed-reading through it!). In any case does this mean no PVR app will work on Vista? It doesn't say so I can reasonably assume that the headline is slightly inaccurate (Vista isn't stopping you from recording, WMC is).

(Captain555 said @ #10.6)

Same vein. Vista is a marketing failure.


For it to be a marketing failure, it would've failed to sell. Considering the usual reputable business analysts have put sales of Vista above XP at the same point in time, I don't think Vista can be considered a marketing failure.

(testman said @ #10.9)
For it to be a marketing failure, it would've failed to sell. Considering the usual reputable business analysts have put sales of Vista above XP at the same point in time, I don't think Vista can be considered a marketing failure.

Sales ? You got to be kidding me.

Sales have nothing to do with that, Vista is a marketing failure because most people don't like Vista. It's a marketing failure because most business (like GM) have not adopted it.

(Captain555 said @ #10.10)

Sales ? You got to be kidding me.

Sales have nothing to do with that, Vista is a marketing failure because most people don't like Vista. It's a marketing failure because most business (like GM) have not adopted it.


Most people? You're speaking for the majority of users now? That's the first part of your comment exposed, cos you didn't do your research. Most businesses? Again, you been to most businesses and seen what OS they are using? You surveyed most businesses to find out if they are adopting Vista in the future? When did businesses ever rush to a new OS as soon as it came out? Just because GM won't move to Vista doesn't make it "most businesses". I think you'll find that businesses (who have thousands of PCs to consider) won't move to a new OS until it's time to upgrade their systems. GM simply stated that Vista at the moment doesn't fit into their timeframe for upgrades.

Most people? Most businesses You got to be kidding me. Please... try again with at least some sort of proper citation and research.

Sorry, but you must be living somewhere under a rock or you're choosing to read only stuff that validate your belief. I don't have the time or the inclination to do your education, so you will have to do the reseach yourself.

This has nothing to do with Vista, and everything to do with Media Center. Media Center honors this flag, not Vista, so it would also effect Windows XP Media Center Edition as well...

(Captain555 said @ #10.10)

Sales ? You got to be kidding me.

Sales have nothing to do with that, Vista is a marketing failure because most people don't like Vista. It's a marketing failure because most business (like GM) have not adopted it.

Yeh right, because GM is a perfect example of how corporations work in today's world.

So if your beloved GM were using 98, according to your logic 2000, XP, Vista, were all failures yeh?

---

Corporations find it A LOT HARDER to upgrade software, because of the money needed. Also, as many corporations tend to buy the cheapest computers they can find, like ones that lag on xp, you can't blame it on Vista.

How dare people question Vista in any way. Its as perfect as Microsoft is.....

This is what happens when a minority believes that they're better than the majority. To the majority of users Vista is highly flawed. That is a fact. It is only a very small minority that have had little to no problems with it. Change has nothing to do with it either. That is as lame as blaming the users' equipment as well.

what? most people as in normal computer users probably don't noticed a lot of difference between xp and vista past the fact that vista has transparency effects.

and as much as you call it lame, most people who have problems with vista are the people who call it slow. yeah vista doesn't run that well on 1GB of ram. you NEED to have a good pc to run vista. of course this is only an issue for people that do anything complex, again for normal people 1GB is enough because it's fast enough for them.

(Foub said @ #1)
How dare people question Vista in any way. Its as perfect as Microsoft is.....

This is what happens when a minority believes that they're better than the majority. To the majority of users Vista is highly flawed. That is a fact. It is only a very small minority that have had little to no problems with it. Change has nothing to do with it either. That is as lame as blaming the users' equipment as well.


:rolleyes:
A fact is it? Somehow I don't think so. If you can pull out cited reputable sources that show clearly that most people of the hundred millions-odd that have already bought Vista have clearly stated that it's flawed, then and only then is it fact.

Simply put, you are the minority! Isn't it amazing that the minority believes that they're better than the majority (as you said)?

Maybe you need to think about your statements before trying to pass opinion as fact.

(testman said @ #9.2)
If you can pull out cited reputable sources that show clearly that most people of the hundred millions-odd that have already bought Vista have clearly stated that it's flawed, then and only then is it fact.

Simply put, you are the minority! Isn't it amazing that the minority believes that they're better than the majority (as you said)?

"I'm Sparticus!"... I bought a high spec. laptop, and had no choice but to buy it with Vista. I wiped it and installed XP.

(boho said @ #9.4)

"I'm Sparticus!"... I bought a high spec. laptop, and had no choice but to buy it with Vista. I wiped it and installed XP.

Would you like a medal?

(testman said @ #9.2)

:rolleyes:
A fact is it? Somehow I don't think so. If you can pull out cited reputable sources that show clearly that most people of the hundred millions-odd that have already bought Vista have clearly stated that it's flawed, then and only then is it fact.

Simply put, you are the minority! Isn't it amazing that the minority believes that they're better than the majority (as you said)?

Maybe you need to think about your statements before trying to pass opinion as fact.

Yes you can keep pulling "reputable" sources out of your ass, all your so called reputable sources are just FUD. If you want real user experiences on Vista go to the Neowin forums.

Almost every article I've read on "reputable" sites about Vista have no idea what the technologies in Vista were designed for. UAC was DESIGNED to prevent privalege escalation, and when your a standard user it asks you to type in an admin password. Yet you go on sites and reviewers are like whats the point of UAC when it doesn't ask for admin passwords.

Simple fact is that since Vista has launched, people have needed to be less sloppy when coding their apps; so files get stored in the correct locations, system files that shouldn't be messed with don't get messed with, etc. It's much better now than it was, because changes have started to be made by developers everywhere, and this will only get better as the OS matures.

MS needed to put UAC into Windows. But that's not the problem, the problem is that people generally are afraid of change, so when the average user moves from their older OS to Vista, they see prompts they didn't before, and take a dislike to it straight away (regardless of the reason behind those prompts).

Computers are complex things that most of the population don't have a clue how to use correctly (or to their full potential). How many people on here have had to look at a problem for their parents/siblings/other halves/friends etc because essentially, they don't actually know what they're doing? UAC was a good step towards undoing the mess that Windows had become by the time XP rolled around. One of the biggest mistakes MS made was failing to encourage the use of restricted accounts sooner (both to users, but developers too) than they did. Yes, it's there in XP but that's not the point, there was no incentive for them to be used, most people didn't (I said most, don't flame me with the "I did" comments).

The concept of restricted user accounts is great - when you setup an admin user, why on earth would you run your daily desktop as that user? How many people use root as their main user on Unix/Linux? It's just the implmentation - MS should have forced it home to lazy developers that apps need to work in x way, or else they wouldn't work when distributed. When you get the "setup your admin password now" prompt the first time you start your PC after a windows install, how difficult would it have been to insist upon a new user/pass being created following that step? Or to prevent that user from logging in ever unless the PC was booted into safe mode?

Instead, lazy developers were able to get though from Win 95 to Win XP without needing to really worry - almost everyone was a computer admin who was logged into their desktop (primarily I mean home users here, not people sat at work with an IT team watching over them, although they aren't off the hook entirely - I come across loads of issues everyday at my workplace that are essentially poor IT implementations, but that's their issue). All these admins, with no restrictions on what they could (or couldn't) do lead us to where we are now - Windows is a haven for malware. The article states that Windows is known as the "easy to use" OS but this same ease of use now means people don't like the odd prompt here and there - prompts that are there for their benefit.

UAC is great, I'm all for it. I don't think its inclusion in Vista has been a failure for MS. Maybe there are a few issues - like the time it took me nine prompts to delete a single file - but these will be worked out. In the long run, each person gets a more secure (and controllable) computing experience, which can only be a good thing.

MS need to somehow overcome the issue that word-of-mouth has led many people to believing that Vista is a waste of time and effort.

UAC need lots of works. At the point where we are today in term of technologies, they could have done a much better job, i.e. lot less prompt.

So yes, the inclusion of UAC in Vista is not a failure, but if you read between the lines of the article, what it is saying is that Vista with UAC is a marketing failure.

(Captain555 said @ #8.1)
UAC need lots of works. At the point where we are today in term of technologies, they could have done a much better job, i.e. lot less prompt.

So yes, the inclusion of UAC in Vista is not a failure, but if you read between the lines of the article, what it is saying is that Vista with UAC is a marketing failure.

You dont udnerstand how uac works. UAC prompts you when a system area needs to be written to, something that needs admin rights, or if it effects the whole computer. IF programs where programmed correctly this wouldnt need to happen.

Example a third party notepad app should not need to write anything to a system area to be installed .

A lot of programs a programmed wrong and thus all the uac prompts.

Oh, I understand very well how UAC works and you can blame the programmers if you want but that doesn't change the experience of most users. Most users don't understand why they get prompted anyway.

Again we are talking, marketing failure.

(Captain555 said @ #8.3)
Oh, I understand very well how UAC works and you can blame the programmers if you want but that doesn't change the experience of most users. Most users don't understand why they get prompted anyway.

Again we are talking, marketing failure.

How can you say "most people?" How many people area you? This is clearly a Foxism, not a factual statement.

(Captain555 said @ #8.5)
Yeap, that's right, MOST PEOPLE.

If you haven't got that yet, it must be because you're playing the ostrich.

HAHA most people. Cos you've surveyed most people in the world on Vista, have you? Oh wait...

(Captain555 said @ #8.5)
Yeap, that's right, MOST PEOPLE.

If you haven't got that yet, it must be because you're playing the ostrich.

Please point me to where this data "most people" is. I'd love to read it. If you interviewed the world, you forgot our house.

I bet "most people" can understand a dialog box that says "Windows needs your permission to continue. If you started this action, continue." with an icon and the description of the program.

I agree with the majority of your post. However, this statement: "When you get the "setup your admin password now" prompt the first time you start your PC after a windows install, how difficult would it have been to insist upon a new user/pass being created following that step?" is incorrect. Microsoft set up the Out-of-box experience with the requirment to create a new user... however, the new user is put into the Administrators group by default. It should have been put into the "Power Users" group by default.

(Captain555 said @ #8.8)
Gave me a break. You've been around here long enough. You know.

So you're problem with UAC is the wording for why it was prompted... the reason it was prompted to begin with... or the fact that Microsoft doesn't point out the fact the MOST programs designed for earlier versions of Windows are designed with the assumption that you have administrative rights to EVERYTHING and as such UAC will ask for permission?

(parithon said @ #8.9)
I agree with the majority of your post. However, this statement: "When you get the "setup your admin password now" prompt the first time you start your PC after a windows install, how difficult would it have been to insist upon a new user/pass being created following that step?" is incorrect. Microsoft set up the Out-of-box experience with the requirment to create a new user... however, the new user is put into the Administrators group by default. It should have been put into the "Power Users" group by default.

Then you would have no administrator account, would you?

And if something goes wrong with your system and your a standard user, oh wait....

Understand now?

XP used to do this, with having a nice little account called Administrator. How many people made an administrator password, and how many security settings could be bypassed just by logging into safe mode and administrator...

Its not Vista, but the apps that were literally designed to work in XP that prompts up (In XP every application is assumed by default that it is being executed by a power user!!!! :disappointed: )

(x-byte said @ #2)
Correct. If a program is written properly, UAC will not prompt for elevated access.

Agreed. Microsoft has publicly stated that the role of the UAC was not only implemented to help protect the user, but also to help change the way developers write applications to be more smarter. Unfortunately this means that legacy applications will trigger the UAC more than it should. In time, as applications are updated, this 'supposeded' problem with the UAC will be a non-issue.

This type of article/issue keeps being regurgitated by technology critics. There has to be better issues to worry about?....

As far as I know, I only get 2 to 3 UAC prompts in a day and thats because I switch between networks. Really want to find out how people get more prompts,what apps they use etc.,

My problem with Vista's UAC is the fact that it seems to prompt you every time you try to delete a shortcut from the start menu. Now that is annoying - surely that is taking the idea too far!

(tombailey said @ #5)
My problem with Vista's UAC is the fact that it seems to prompt you every time you try to delete a shortcut from the start menu. Now that is annoying - surely that is taking the idea too far! :angry:

It prompts you when you delete a shortcut that's in the "All Users" start menu folder because it affects the entire computer. If it's a shortcut that's only visible to your account, no prompt.

Except that's it's not a SECURITY issue to delete (mistakenly or otherwise) a shortcut, no matter where it is or why it was put there. UAC does seem to stray a bit towards a Mommy model (now, honey, you sure you want to delete a shortcut?) rather than a purely Security Guard application.

(excalpius said @ #5.3)
Except that's it's not a SECURITY issue to delete (mistakenly or otherwise) a shortcut, no matter where it is or why it was put there. UAC does seem to stray a bit towards a Mommy model (now, honey, you sure you want to delete a shortcut?) rather than a purely Security Guard application.

It's not? What about installing a piece of software you don't want your boss to know about then deleting the icon from the start menu so people can't see it?

Change your user permissions. This is being implemented in the start menu for programs that installs shortcuts. If some "malicious" application puts itself on the startup menu for all users, what would be the point of not having UAC prompt you about it?

As I recall, none of the beta versions had UAC implemented, not even RC.

I've learned myself to live with UAC from the beginning. I don't have a problem with it. And it rarely appears. For normal users, I don't think UAC is a big problem. Having said that, UAC still need som tweaking of course.

(x-byte said @ #4.1)
As I recall, none of the beta versions had UAC implemented, not even RC.

I've learned myself to live with UAC from the beginning. I don't have a problem with it. And it rarely appears. For normal users, I don't think UAC is a big problem. Having said that, UAC still need som tweaking of course.


Yes, they did.

And it was much more annoying during the betas.

(x-byte said @ #4.1)
As I recall, none of the beta versions had UAC implemented, not even RC.

What. Yeah, because they just threw it in at the last minute, didn't they?

(JamesWeb said @ #4.3)

What. Yeah, because they just threw it in at the last minute, didn't they?


Then which beta versions did you guys have? I can't remember having UAC in any of those I tried.

(x-byte said @ #4.4)
Then which beta versions did you guys have? I can't remember having UAC in any of those I tried.

I dunno, build all of them? :P

Sorry, trying not to be overly sarcastic, but seriously UAC's a major feature that was in most all of the betas, definitely all of the public ones.

and the same discussion over and over again, the only time i see an uac prompt is when i develop activex components, install a program or copy something into the program files/windows directory

Let's say 2-3 times a day, and i'm a programmer so I expect to see them a lot more than normal users

Too many prompts, yeh because like 1 prompt a day is now too hard.

If it's so much of a bother get Tweak UAC and activate quiet mode.

The thing that i don't understand is that linux does the same thing right ? I havent used linux that much but I have seen the prompts that ubuntu throws up when trying to do things and also having to do sudo to do things.

So why is it that microsoft does it know and they get bashed but everybody defends linux for it?

In vista as long as you dont do something that needs admin access then the prompts dont come up.

(majortom1981 said @ #1)
The thing that i don't understand is that linux does the same thing right ? I havent used linux that much but I have seen the prompts that ubuntu throws up when trying to do things and also having to do sudo to do things.

So why is it that microsoft does it know and they get bashed but everybody defends linux for it?

In vista as long as you dont do something that needs admin access then the prompts dont come up.

I agree. You dont get it every second like people seem to think. On a day-to-day basis I rarely get it. When I install something I get it like I SHOULD

People just complain about anything these days. I find linux's much worse

(majortom1981 said @ #1)
The thing that i don't understand is that linux does the same thing right ? I havent used linux that much but I have seen the prompts that ubuntu throws up when trying to do things and also having to do sudo to do things.

So why is it that microsoft does it know and they get bashed but everybody defends linux for it?

In vista as long as you dont do something that needs admin access then the prompts dont come up.

It differs in that if you authorize the action in Linux, you don't get prompted 10 seconds later because you've accidentally closed the window. You are authorized for 5 or 10 minutes. UAC asks you every single time, so there is a big enough difference to not complain at all.

(Mathachew said @ #1.2)
It differs in that if you authorize the action in Linux, you don't get prompted 10 seconds later because you've accidentally closed the window. You are authorized for 5 or 10 minutes. UAC asks you every single time, so there is a big enough difference to not complain at all.

No one has ever been able to give me a good answer to this:

What's to prevent something from hijacking the sudo grace period? Because I'm sure if Microsoft implemented it, with their market share, you'd have malware attacking it within seconds of its release.

(majortom1981 said @ #1)
The thing that i don't understand is that linux does the same thing right ?

You only need it to do certain things such as install software for everyone. You can still download and run software without requiring elevated privileges, but you have to give it permission to execute which doesn't require a password, it's just a button click on a popup or an attribute change (right-click, Properties, Permissions, allow execution) if you want it to be permanent. You need to provide a password to write in system areas, and change global settings such as which system services are running and their configurations. You don't need it to open, move, copy files, delete shortcuts, run programs, empty trash, etc.

(HalcyonX12 said @ #1.4)

You only need it to do certain things such as install software for everyone. You can still download and run software without requiring elevated privileges, but you have to give it permission to execute which doesn't require a password, it's just a button click on a popup or an attribute change (right-click, Properties, Permissions, allow execution) if you want it to be permanent. You need to provide a password to write in system areas, and change global settings such as which system services are running and their configurations. You don't need it to open, move, copy files, delete shortcuts, run programs, empty trash, etc.


Vista does the same thing. Try installing Google Talk.

(Mathachew said @ #1.2)
It differs in that if you authorize the action in Linux, you are authorized for 5 or 10 minutes.


Linux has a flaw, because in that way a malicious user or malware can compromise your system during that period of time.

(Mathachew said @ #1.2)
It differs in that if you authorize the action in Linux, you don't get prompted 10 seconds later because you've accidentally closed the window. You are authorized for 5 or 10 minutes. UAC asks you every single time, so there is a big enough difference to not complain at all.
That is Ubuntu's implementation of 'sudo'. It is not the "Linux way".

In Fedora, for example, you would open a terminal, become root with su and then everything you do inside that terminal will be done as root, no questions asked, until you close/exit your single terminal you opened. Everything else in that login session is still regular user.

Ubuntu dispenses with root login, and uses 'sudo' instead. They have it set for a 10 minute or whatever timeout. That time is terminated immediately if the user, as above, closes the terminal session. It doesn't stay authorized forever.

In that case, it is much like running Vista with the equivalent permissions (where you are just prompted "OK/Cancel") and walk away. Not sure what franzons point was? Linux and Vista are equally subject to a local exploit with a dumb admin?

Vista's UAC is process based, so when you get prompted you are giving the process that invoked UAC admin rights until it is closed. This is the safest way because it doesn't affect anything else running, just that one process. It is very similar to typing SU in UNIX before launching a program, the biggest difference is that with Vista you can promote a process while it is running, you don't have to close and reopen (my UNIX skill are dated so perhaps this has been addressed in that world by now).

The biggest problem with UAC is the fact that too many applications are written is such a way that they require admin rights to run. I have a PC game designed for Windows XP. Every time I insert the CD I get a UAC prompt. That’s right; the silly little autorun splash screen app requires admin rights!? It is stupid things like that where UAC looks bad, but it is really the app's fault, no UAC.

(HalcyonX12 said @ #1.4)
You don't need it to open, move, copy files, delete shortcuts, run programs, empty trash, etc.
What was the point of typing all that out? You don't need admin access to do those things on Vista, either.

(Dakkaroth said @ #1.9)
Times like this I really enjoy Neowin. Very enlightening discussion people. Thanks! :)

I'm with you. This is really the point to come to Neowin, not just to scroll through endless posts of whining or ranting (for whatever reason, not just microsoft)

I must say that maybe, maybe, UAC is playing a major factor in the low infection rate that Vista has compared with XP. We need to say reports on this, though.

I have disable it because i install/uninstall software everyday and as a software developer, i enjoy not being prompted.

I also agree that software developers are the ones to fault when simple applications that don't requiere admin privileges aren't wrote properly and cause the UAC prompts.

(MioTheGreat said @ #1.3)
What's to prevent something from hijacking the sudo grace period? Because I'm sure if Microsoft implemented it, with their market share, you'd have malware attacking it within seconds of its release.

That I've always wanted to know. Mind you, I like Ubuntu's implementation better. Also if that 'sticky UAC' seen in a test Windows 7 build makes it, it could solve headaches for people first configuring their fresh installs of Windows.

(rm20010 said @ #1.12)

That I've always wanted to know. Mind you, I like Ubuntu's implementation better. Also if that 'sticky UAC' seen in a test Windows 7 build makes it, it could solve headaches for people first configuring their fresh installs of Windows.

Well, if I open a terminal and "sudo" any task, only other tasks manually initiated from that same terminal window with 'sudo' will be auto-authorized. Any other app started by webbrowser, email, or other terminal windows will not be authorized under the timeout.

I can understand launching tasks using sudo from a command prompt. What I'm questioning is this, for instance in Ubuntu:

Say I launch Update Manager and install an update. Ubuntu prompts me for my password, then installs an update and closes the window. A timeout exists for the next ten minutes, even without the presence of a terminal window with sudo (or if there is, it's hidden from the user). Is Ubuntu able to distinguish user-initiated tasks and autoelevate, such as running Synaptic, within that time period? Without being able to do so a background task could theoretically wait until such a timeout exists, then proceed to wreck havoc.

I'm guessing the former is true. Don't think the Ubuntu devs are that dumb enough to let something like this slip through.

Not sure... I would need to try it at home and see. That is handled by gksudo, I think. Not sure if it shares timeout values with sudo, or if it authorizes the whole user X session for a time period.

As i understand it the issues with Windows UAC come from the fact that 99.9% of windows software is deigned to run on WIN98/2K/XP which everyone basically run as an Administrator. Programs were designed badly -- by 3rd parties and MS -- that write settings files to the program directory (or C:/), and mess with other settings they shouldn't, because chances are the program will be running under an Administrator account.

Now Vista is trying to put the genie back in the bottle and all the poorly coded applications are being highlighted because of the increase in restrictions on a default user account.

Any Unix/Linux user know that you don't run as root unless you have to, and all applications are designed with this in mind. Unix got it right from the start, Vista now trying to fix the problem and running into all the problems.

UAC is working as it should, the Windows programs from the last 10 years are not.