Microsoft: All operating systems should use Vista's UAC

Microsoft Australia has defended the company's User Account Control (UAC) system as being "misunderstood" and said it should be the type of technology that all operating systems aspire towards.

"There has been a lot of misunderstanding in the market around User Account Control (UAC). If you look at it from an architectural direction User Account Control is a great idea and strategically a direction that all operating systems and all technologies should be heading down," Peter Watson, Microsoft Australia's chief security advisor said.

UAC is a security feature introduced with Microsoft's Windows Vista operating system. The aim is to provide increased security when using Windows as a standard user by informing them when possible security breaches could be undertaken. The technology has been a source of irritation for Vista users, with Apple going as far as to make fun of UAC in a recent commercial.

As Vista and the latest edition of Office were developed with Microsoft's Secure Development Lifecycle (SDL), "the number of exploits has been extremely low", he added.

News source: Builder AU

Report a problem with article
Previous Story

UK government 'loses' $1.7 billion in data transfer fiasco

Next Story

SanDisk: Price cut to persist & ramp up 56nm mass production

83 Comments

Commenting is disabled on this article.

Disabling UAC was the first thing I did when I got Vista.
Few days later, I uninstalled Vista and installed XP again :P

Pinch me when SP1 has arrived

NT security model is just fine - its the application devs that aren't writing software that can be run as standard user. Once that happens UAC will be made entirely redundant.

WTF, *nix operating systems already had proper account protections from the start, and you're *already* asked for credentials if necessary very much like in UAC, and otherwise denied access. And OS X builds on FreeBSD so same goes there. Sometimes, I seriously don't get what Microsoft is smoking. Vista only has UAC because their security model with default adminship was braindead. Please keep that patchwork for yourselves, Microsoft.

Oh man it makes me so happy to see this topic got roasted like it deserved, everyone sees the obvious :

NO OTHER OPERATING SYSTEM _NEEDS_ UAC!

UAC is just a nasty kludge to fix the inherent design flaws of the Windows NT security model!
And it's TOTALLY ANNOYING!!!

I don't care how secure it makes me it's WORSE than a virus with how many time I gotta click 'OK' to do everything.

Silly Microsoft, tricks are for kids!

hapbt said,
Oh man it makes me so happy to see this topic got roasted like it deserved, everyone sees the obvious :

NO OTHER OPERATING SYSTEM _NEEDS_ UAC!

UAC is just a nasty kludge to fix the inherent design flaws of the Windows NT security model!
And it's TOTALLY ANNOYING!!!

I don't care how secure it makes me it's WORSE than a virus with how many time I gotta click 'OK' to do everything.

Silly Microsoft, tricks are for kids!

Is it that the NT security model is really that inherently poor, or that *nix and Macs look better because fewer virii and spyware authors go after those OS's? Were their market shares reversed with Microsoft, I suspect that *nix and Macs might have just as many security issues as Windows does now, but why go after a "target-empty" environment if you're out to cause problems? Any OS can be attacked. Any security system designed by a person can be broken by another person given time and effort.

The whole claim of Microsoft using strong arm tactics to push their OS on the world was and is ********!

Back in the dawn of time, there were many other OS's and systems people could and did use. The early Macs, Amiga's, OS/2, etc. It was the public and the public alone who chose Microsoft.

Are they the best? No. Not by any means...

But they did read the public's mood and develop a superior ease-of-use/user friendly OS (versus say, Linux which has only recently approached the same ease of use) on a less expensive (versus Macs) more open-architecture based, and hence easier to upgrade and fiddle with (versus most Apples since the IIe) platform.

They tend not to do any one thing exceptionally well, but do manage to do many things reasonably well enough to capture the public's interest.

Were that not the case, Linux and Macs would have a far greater market share as opposed to what they actually have, which is perhaps 10%.

UAC as it stands is admittedly pretty annoying, but I'm forced to wonder if Linux and Macs were targetted for virii and spyware to anywhere close to the extent of Windows PC's if their more hands-off, less intrusive approach wouldn't be seen by everyone as woefully lax on security. It could be said that Microsoft's approach is anal retentive, but because they're the ones in the bad guys' crosshairs all the time, perhaps it NEEDS to be to keep users safe.

UAC on Vista is a good idea inspired by similar security features on Mac and Linux/UNIX
based systems. The problem is that it's been poorly implemented on Vista, causing
undue annoyance every time it pops up, and dimming out the rest of the UI.

The way I beleive it should have been done, is to display a password prompt dialog to
the user, for tasks that could make potentially unsafe changes, but still allowing the
rest of the UI to be accessible while the password prompt dialog is open.

At the moment, UAC is an irritant that most Vista users will turn off as soon as they
find out how to, thus making their Vista installations no more secure than XP was.
Especially since turning off UAC also turns off Protected Mode in IE7, making the
system as vulnerable to "drive by" malware installs as was the case with IE6.

They could have allowed UAC to be turned of but still sandbox the the critical parts. I see no point in adding system protections that can be completely disabled. Sure, allow it to be turned off but still protect the critical areas.

MrCobra said,
They could have allowed UAC to be turned of but still sandbox the the critical parts. I see no point in adding system protections that can be completely disabled. Sure, allow it to be turned off but still protect the critical areas.

What about if the PC in question is unconnected to the outside world, and stays that way?

If there's no way for it to be attacked, what need is there for protection like UAC?

And that's ignoring the expert user who simply wants to look after the security himself as opposed to letting UAC do things for him.

the UAC is horrible, the way that mac does it is so much better and easier to use.... im not saying i dont like visa I do but the UAC on vista is just so bad im sorry... i dont understand the people saying its good it just comes up with yes and no someone can easily just click yes or ok :S therefore bad and it pops up every 5 seconds aswell

From Information Week: UAC seems to have confused "authentication" with "approval." ... You get what is essentially an "OK/Cancel" dialog that most users will hit "OK" for without thinking, you may or may not get useful information as to what is going on, and you get locked out of your system until you deal with this.

it's the microsoft's version of "the boy who cried wolf;" nobody pays attention to it after a week so it might as well not be there

This is sad. I agree, everyone had this before Microsoft put it in Windows Vista, and it can (from what I've heard) be quite irritating. Microsoft tried, they succeeded in one way and failed in another. Give them some credit and wait fro SP1. RTM isn't worth evaluating IMO, but I think they'll fix something in SP1, maybe UAC related.

Like I said, it's sad that there can't be a post about Linux, Mac OS X, or Windows without a stupid flamewar. I'm an OS X user and I'm standing up for Microsoft, that has to be a sign that something is wrong with you people.

I don't care what anyone else says, I feel a hell of a lot better knowing UAC is stopping my parents from screwing up their PC.

See those dudes defending Microsoft? Yup. Thats the WinCrack babies right there, addicted and locked in to the core. What a world we live in.

UAC would only be worthwhile if it could be disabled for a set number of minutes/hours. The way it is now, it's annoying. It's the first thing I have disabled and will disable on my Vista installations both now and in the future. Microsoft was stupid not to put in a manual override for a set number of minutes/hours.

Other than this, I'm still enjoying the "Windows ME retake" (whoever said that hasn't used Vista RTM).

"Microsoft: All operating systems should use Vista's UAC"

What a blatantly misleading title. It firstly suggests this is some MS specific thing, and also implies they're saying that their implementation is what everyone should use - both untrue.

Linux has something like UAC (where it asks you for your password to get into REALLY system sensitive stuff), but no operation system should bug you as much as Vista does with UAC. I mean it asks you if it is ok for YOU to move YOUR own files to some place. Its crazy.

I keep hearing people say that UAC is good for beginners, but I believe that it is the other way around. Beginners will just mindlessly click OK on every message that comes up. For experts, it is handy to be able to see when a process is requesting administrator rights.

So the problem with UAC is that the beginners just mindlessly click OK, and many of the "experts" turn it off.

...wtf? All other operating systems (Unix-based, at least) HAVE this already. Its called "root". MS tried to use the same idea only the messed it up and made it a PITA.

I fall somewhere in the middle - I think that UAC can be implemented wonderfully if they add information and details on why the program in question is suspicious, and if you can educate UAC, and add levels of moderation. That would make it work smarter, yet make it "dumbed down" if you want, for beginner users.

However, UAC should be disabled if you feel you know the system well - for administrators or advanced users. The choice is entirely up to you.

Just my two cents.

I think it could be better even if they computed secure hashes for programs and then you could aprove those programs to always be allowed to run.

The problem is that it gets triggered for things that shouldn't need it and too much for those that do. I find it funny that they finally start doing "security" work in the OS but have the option to disable it.

MrCobra said,
The problem is that it gets triggered for things that shouldn't need it and too much for those that do. I find it funny that they finally start doing "security" work in the OS but have the option to disable it.

Why is that funny?

Users should have the option to disable it.

It's called "Choice".

Microsoft believes in it. Show me another OS developed that gives you as much of a say in how things are run.

Morpheus Phreak said,
Why is that funny?

Because the OS is insecure by design and disabling it makes it just insecure like any other version of Windows before it. It should mandatory for admin rights to (un)install something or to make other system wide changes. Disabling the annoyance of the dialogs that popup should not defeat the underlying protections of the OS itself.

Users should have the option to disable it.

Nope. Users should not have to be bothered with useless prompts and warnings when doing mundane tasks.

It's called "Choice".

Microsoft believes in it.

Microsoft believes in choice huh? Then tell my why they've been sued over and over again for the strong arm tactics they use/used to push the Windows OS on the world.

Show me another OS developed that gives you as much of a say in how things are run.

*nix. It has protection akin to UAC and I can still do anything on it that I want to.

MrCobra said,
The problem is that it gets triggered for things that shouldn't need it and too much for those that do.

I've seen some Installation programs launch a UAC confirmation.

I know Mac OS X does this on some major installations that require more than a simple drag and drop - but requiring administrative rights to install a program is ridiculous.

kizzaaa said,

I've seen some Installation programs launch a UAC confirmation.

I know Mac OS X does this on some major installations that require more than a simple drag and drop - but requiring administrative rights to install a program is ridiculous.


I think OS changes and installs (could change the OS) should have admin access to do those things. If something is trying to install whether it's intentional or not should be alerted to and give a choice. Other routine stuff like creating/deleting folders, so long as it's not being done in system space, should not require it. Opening control panel applets should not require it. You want to just look at the time properties for some reason then you need to aprove it. It should only have to be aproved if you change the settings.

With software that is probably written, one will not encounter a UAC prompt dialog box very often. The problem is that a lot of software is not well writeen (most anti virus software, iTunes to name a few, lots of Microsoft's own software). Second, UAC is not really designed for a beginner. It is not really smart to disable it. If you want to that is your choice, however.

A proper install of Vista should not be running as an administrator with UAC enabled. It should be running as a regular user with UAC enabled. The real benefit to Vista has to a reworking of the user profiles in order to allow individuals users to essentially not have to run their system as root (administrator level) in order to use their computer. It is kind of like the Run-As command, except that it now actually works, and is safer (since you don't have to admin to run).

It wasn't microsoft's idea in the first place. Windows is like the last OS to have something like this... not only did they implement this late, but they also did it wrong. UAC is fine for like half of its prompts. When you get your screen blackened several times when you attempt to create a folder in a "reserved" directory (like program files) then we have a problem!

- UAC is good for beginners.. so it's better to be On..

- While for Pro. Users, yeah it's a headache.. Simply, just disable it..

- Is it Microsoft's fault to make its OS better and safer..?


+ 1

UAC is fine. Those who dislike it turn it off and problem solved. I am not a novice user and still I dont plan on turning UAC off anytime soon.


- UAC is good for beginners.. so it's better to be On..

- While for Pro. Users, yeah it's a headache.. Simply, just disable it..

- Is it Microsoft's fault to make its OS better and safer..?

sudowin :P long time other OS uses sudo ... it's simple and efficient! Why Vista won't implement sudo? ...

Secondary Logon(Run As) is efficient too why UAC?

The 3D effects there are seen in other OS long time ... XGL, Beryl ...

I like very much Win2k3 for enterprise users winXP SP2 ... Vista maybe with SP1 :P

Vista in troubleshooting have more cool stufs, counter logs, eventvwr, processes(Disk, memory...) maybe sysinternals hand.

... but personaly the only OS that worked cool in native 64b was gentoo ... i have all things working, 3D, Beryl, wireless WPA ...

Windows is great at enterprise level... Domain Controler's, Group Policys, Replication ... things that are not so well planned in Unix or Linux Systems...

UAC is a nhack!

Run As better then UAC ...

XP sp2 is an incredibly dated and ugly looking operating system (yes, even with styles and Window Blinds). The Win2k3 kernel is very stable (but it leaves much to be desired as a workstation level operating system, though it is possible...it can be a little expensive assuming that you actually paid for it).

GNU/Linux is fine. It works, is stable. The biggest problem that I have encountered is that it lacks good power management (mostly because mobo are not well documented). This, however, is slowly changing. What Linux really needs is more drivers (though in a lot of situations, I am not sure how this is possible).

What Linux really needs is...

A) to run all Windows software (including games) as well as (or better than) Windows XP
B) to hide its 1970's command line, shareware OS legacy from 21st century end users ( re: if the phrase "recompile the kernel" ever appears before an end user, goodbye Linux )

Until these two MAJOR things happen, Linux will continue to be relegated to the kind of marginal fanboy desktop and IT backroom/server market share it currently "enjoys".

excalpius said,
What Linux really needs is...

A) to run all Windows software (including games) as well as (or better than) Windows XP
B) to hide its 1970's command line, shareware OS legacy from 21st century end users ( re: if the phrase "recompile the kernel" ever appears before an end user, goodbye Linux )

Until these two MAJOR things happen, Linux will continue to be relegated to the kind of marginal fanboy desktop and IT backroom/server market share it currently "enjoys".


A) Are you kidding me? It's not up to 'Linux' to run Windows software. It's up to software developers to develop cross-platform software.
B) It's getting there. As a regular user, you don't need to run the command line, except for maybe a few exceptions.
Oh, and there's nothing wrong with that '1970's command line, OS legacy'

bluarash said,
XP sp2 is an incredibly dated and ugly looking operating system (yes, even with styles and Window Blinds). The Win2k3 kernel is very stable (but it leaves much to be desired as a workstation level operating system, though it is possible...it can be a little expensive assuming that you actually paid for it).

GNU/Linux is fine. It works, is stable. The biggest problem that I have encountered is that it lacks good power management (mostly because mobo are not well documented). This, however, is slowly changing. What Linux really needs is more drivers (though in a lot of situations, I am not sure how this is possible).

Kernel 2.6.21 is a step in the right direction for power management, in case you didnt read the article . Whats great about linux is that the more people use it, the more people ultimately write software for it. I have a feeling its going to be an exponential growth function and its going to skyrocket eventually (compare it to 3 years ago *shudders*)

Mathiasdm said,

A) Are you kidding me? It's not up to 'Linux' to run Windows software. It's up to software developers to develop cross-platform software.
B) It's getting there. As a regular user, you don't need to run the command line, except for maybe a few exceptions.
Oh, and there's nothing wrong with that '1970's command line, OS legacy' ;)

A. It is if Linux ever wants to be used by the mainstream user.

I don't get why people are sore about UAC. The only time i see it is in random software installs.. Not really a hassle.

TenebraruM said,
Nah thanks Microsoft. I'll take Unix permissions and the NSA's SELinux patchset over UAC.

I think Redmond needs to fix their photocopier. It always makes malformed replicas.

That's not really the issue, is it? SELinux is a great idea, but how transportable is it really to Windows? UAC is probably the *best close approach* to the SELinux framework (what nobody seems to realize is that the NSA had a major part in the development of both). However, SELinux is, when fully embedded, even harsher on applications than UAC by default (and unlike UAC, you can't kill it once it's in place; you have to make a decision at install-time whether or not to include it). The idea behind SELinux and UAC is the same: protecting the typical user from his own stupidity as much as possible. However, unlike in the Linux niche, the great mass of *Windows* users mostly refuse to put themselves into the *learning* category, and think of htemselves automatically as power users. It is because of this rampant hubris that something like UAC is necessary. For the most part, SELinux and UAC pretty much perform the same functions. So why is it, from an OS-neutral standpoint, that SELinux is any better?

PGHammer said,
That's not really the issue, is it? SELinux is a great idea, but how transportable is it really to Windows?

It isn't at all, hopefully. That wasn't my point. Microsoft is saying that all operating systems should use UAC, I'm saying I prefer SELinux + Unix permissions (+ PaX + stack smashing protection ... ad naseum).

Edit: Word arrangement.

TenebraruM said,

It isn't at all, hopefully. That wasn't my point. Microsoft is saying that all operating systems should use UAC, I'm saying I prefer SELinux + Unix permissions (+ PaX + stack smashing protection ... ad naseum).

Edit: Word arrangement.

In other words, clamp down even *harder* than UAC.

Suppose MS were to do that (or even offer it as an option): think of the firestorm that would erupt then! Over half the UAC-inspired criticism directed at Microsoft is because UAC clamps down too *hard*; yours seems to be that it doesn't clamp down hard *enough*.

PGHammer said,

In other words, clamp down even *harder* than UAC.

Suppose MS were to do that (or even offer it as an option): think of the firestorm that would erupt then! Over half the UAC-inspired criticism directed at Microsoft is because UAC clamps down too *hard*; yours seems to be that it doesn't clamp down hard *enough*.


I'm a security nut :P I haven't criticised Microsoft for clamping down too hard ... But from what I've experienced of UAC, policies can't be set as they can be with SELinux (i.e. every time one does an administrative task one has to confirm it, rather than, say, using the sudo tool and not having to confirm).

Edit: Plus there's the whole not having a CLI by default thing. Doing administrative tasks (or any "real" task, really) without a command line must be really, really horrible.

excalpius said,
The command line died in the 1970's...move on and joint the new century, mate.

You've never been an admin/programmer/encoding nut, have you?

I bet I could do most tasks in the order of 5x as fast as you using bash or emacs.

I don't even know of a GUI that'll substitute in for
#make. Is there one?

Editing configs:
I don't know of an easy way to open an X text editor with admin privileges. Opening emacs is easy, I just have to type emacs. Opening, say, gedit, I'd have to log out, and log in as root (erm, no thanks). Besides, emacs GUIs suck.

General operations:
How do you use regular expressions with a gui?

Encoding:
kzip -b256 file.zip

cd ../../dir && ffmpeg -i file.ext -acodec copy -vcodec x264 -qp0 -moreoptions file2.ext

How do you do that in 5 seconds using a gui?

What other OS runs all apps under Admin accounts with "User" permission by default, only elevating the "Admin" when explicity told to, all the while keeping the same profile?

I usually end up formatting my hard drive and installing Windows again many times a year so it really doesn't help me in any way...

Considering that Microsoft basically took the idea of UAC from Linux/Unix's way of asking a password when performing system critical tasks and made a mockery of it that is UAC, I think they need to get off their high-horse and actually learn to admit their mistakes every once in a while.

Oh well, that's why I bought a MacBook Pro last week. I got tired of this BS.

I hope that was not the reason that you bought an apple system because they say lots of BS as well ... actually much more BS than Microsoft does.

I've gotten just as many if not more UAC-type prompts on my MacBook than Vista AND I have to type in a password on the Mac instead of just hitting Accept. There also doesn't seem to be a way to turn off all the prompting in OSX, whereas you can turn UAC completely off . . .

XP-RTM said,
I hope that was not the reason that you bought an apple system because they say lots of BS as well ... actually much more BS than Microsoft does.

No, only one reason of a very long list. Battery life on my MacBook Pro made the decision for me. No Windows laptop with MBP specs lasts nearly as long.

My 17" Macbook Pro (company gift) runs Vista a hell of a lot better than it runs OS X, hehe.

I've kept OS X on it just in case I ever need or want to try an iLife application, but otherwise it's just wasted drive space on that very nicely designed (if quite overpriced) bit of hardware.

Linux/Unix doesn't do what Vista does.

Under Vista, Applications being run under your profile have two modes of access, one, User level, which is default, and two Admin. Under both, they're run under your profile.

In unix, to elevate a process, you'd run it as root, which is a different user. Your account's profile isn't in use with that program. In Vista, you'd just start the process as 'elevated'. I personally like the Vista way better.

I like the idea of UAC. However, the current implementation is a bit lacking. The secure desktop prompt takes too long to appear and the mouse can become unresponsive for a second or two. Creating a new folder in a restricted areas results in FOUR prompts (one to confirm action, one to continue, one to confirm the name you enter and another to continue) - it shouldn't assume that the folder will be called "New Folder" but should assume you will type in a name (hence not requiring the two extra prompts). Also, because the prompts are relatively common users don't pay much attention to them and will instinctively just click continue. I'm sure we'll see some improvements for SP1. Personally I don't find UAC that annoying but I have also seen little benefit to it yet - hopefully it will prove itself useful as more people attempt to develop exploits for it.

NEway, don't most other operating systems (Linux/OSX) already employ similar systems? This seems like a shallow PR move rather than a useful suggestion/comment.

And that is why you are flipping burgers instead of being a software developer.

I'm a paid software developer and at least I have a brain enough to realize UAC is a patchwork to solve a broken security model with default adminships that *nix operating systems and OS X had got right before Vista was even conceived. MS can stuff that statement up their asses while they try to figure out what's idiotic about their argument.

Jugalator said,

I'm a paid software developer and at least I have a brain enough to realize UAC is a patchwork to solve a broken security model with default adminships that *nix operating systems and OS X had got right before Vista was even conceived. MS can stuff that statement up their asses while they try to figure out what's idiotic about their argument.

windows was screwed up, but mostly it is/was the 3rd party devs who botched making their apps non-admin friendly.

with vista there is NO excuse for running admin fulltime, think of admin vista as *nix root.
it's not default userlevel, it's just what idiots choose.

Fubar said,
what the hell ? thr UAC is the worst part of the entire OS jesus

ONLY because you may be good with computers... for regular users it can be helpful, or annoying to teenages who aren't as good with PC's.

But for professional users who know what they are doing, it is infact a headache, that is why i disabled it myself.
It''s good for beginning users, bad for advanced.

UAC is great for newer PC users. It teaches them how to Google a problem and disable it themselves instead of crying to someone else.