Who should fix Microsoft's UAC?

One of the most discussed features of Windows Vista is the User Account Control (UAC) feature. The UAC pops up whenever something is attempting to make use of something that is in the domain of the administrator.

Many users have complained that the UAC is the "dialog that cries wolf" in that it comes up so often that users end up either ignoring it or turning it off -- both of which nullify the purpose of the UAC.

ZDNet's Mary Jo Foley argues that UAC needs an overhaul and talks about some of the discussions that are on the way.

Will Microsoft extend UAC to be more flexible and usable by users? Should it be left to a Symantec to solve or should Stardock (whom I work for) extend it to support more options?

What's your view on the Windows Vista UAC?

View: Vista's UAC needs an overhaul

Report a problem with article
Previous Story

Cisco: 77 Routers Vulnerable to New Drive-By Pharming Attack

Next Story

Ageia PhysX Coming to Mobile Apps – Chief Executive

62 Comments

Commenting is disabled on this article.

UAC is a good idea, sure, but I think it needs to be more specifically targetted.

For example, the O.S. should know that you intentionally run a setup app, or something like that, and so it shouldn't ask if you really want to do that. It should be watching for programs not run by the user.

Of course, then there's the old hacker trickery problem, convincing users to run applications they really shouldn't, but maybe the O.S. should be able to detect something like this?

Just a thought or two.

If you want to avoid UAC, don't solve it by disabling it. Solve it by not running as admin.

You don't need admin to do everyday things like browsing, playing media, office work, etc.

UAC is MS's way of trying to put the blame on the consumer instead of their OS. That is it's one single and only purpose, to blame the user for clicking the wrong box. The end effect will be that people will become so immune to clicking OK, because they are literally prompted every couple of minutes, they will just click OK on everything. I hate this, this isn't security, this is just politics, and it's seriously costing time and money to everyone involved, customers and developers alike. It's just like firewalls, etc, they prompt the user everytime a program legit or not makes any connections to the internet, I can't tell you how many machines I've seen where there are multiple malware/spyware programs installed on a machine which have all been allowed by ZoneAlarm, etc, because the user wanted the program they downloaded to work, and the only way to make it work was to allow everything, so when they go to install some malware, not knowing it's malware, they still say OK to everything and it works.

If you read up on UAC you will see its there for your own benefit.

Just like those firewall prompts you hate so much. Just turn off the prompts or your firewall if you hate it that much but don't blame the software for doing what its supposed to be doing.

"the only way to make it work was to allow everything" is the whole point behind UAC. It allows you to run "everything" without havng to use an administrative account.

You can choose to have your firewall/UAC/whatever turned on for your protection and face those dreaded prompts or you can turn them all off and not have the prompts. It's up to you. But blaming the software for doing its job just demonstrates your limited understanding.

UAC is as overkill, this is a case of something that is so annoying allot of consumers would rather turn it off then have to deal with it.
(P.s. Love the Mac commercial where the PC Guy is asked by man in black (UAC) to confirm every action and thought he has. I LOL.)

UAC doesn't bug me THAT much. When it comes to running some applications or changing certain features, I don't care UAC is there. But when I move/rename/delete files in certain folders, it can be the most annoying thing in the world.

I didn't realize you could turn it off until I read this article. Its off now, and I'm glad. Its dang annoying, and just makes it a hassle running Vista having to click prompts all the time. There is too much clicking as it is in Vista.

UAC is awful. It should NOT pop up when you are changing a desktop wallpaper or moving a file from one directory to another. If it only popped up when you went to install a program or make an actual system change, not the freaking wallpaper, it would be ok.

"Those who do not understand Unix will reinvent it, poorly." <--has never been more appropriate.

j79zlr said,
UAC is awful. It should NOT pop up when you are changing a desktop wallpaper or moving a file from one directory to another. If it only popped up when you went to install a program or make an actual system change, not the freaking wallpaper, it would be ok.

"Those who do not understand Unix will reinvent it, poorly." <--has never been more appropriate.

Try using something later than Beta2.

"Those who do not understand Unix will reinvent it, poorly." <--has never been less applicable in a conversation.

C_Guy said,
"Those who do not understand Unix will reinvent it, poorly." <--has never been less applicable in a conversation.

Are you suggesting MS isn't trying to get closer to the UNIX model with Vista?

I for one don't see what's wrong in UAC. I run as a Standard User and it comes out nicely when I need to do some Administrator task. Earlier in XP I had to do it manually by Run As but now it is better. What's the deal?

if you leave your applications open more often, instead of always closing them, you will see less of these UAC promts. it's not that bad.

It's the usual story of third party vendors attacking a security feature just for their own benefit.

The smart thing is to ignore the third party vendors and customizers, not UAC.

and why in the hell stardock wants to extend UAC...... That's really stupid .... Why not give Symantec access to it, so they can trash it.

You guys whine way too much. If your XP application constantly demands UAC, its far more likely that the developers can redeploy a vista-friendly version.

Is it really time to overhaul an already compromised security solution because your favorite old app hickups on it? Really?

Note also that turning UAC on and off causes it's own problems...which it really shouldn't.

For example, Quake 3 Arena's punkbuster implementation MUST have admin access to check the validity of drivers, possible hacks, etc. I tried to run as admin from the shortcut and it wouldn't work.

I turned off UAC and it worked fine...for a while.

The other day, Punkbuster started generating OS exception errors, even though nothing had changed with them, Quake, or on the system. I went to turn off Run as Admin, just in case, but it was ghosted/grayed out - after all, I'm supposed to be running EVERYTHING as admin with UAC off under an administrator account, right? Apparently not.

So I had to turn UAC on and set the run as admin flag in the program icon. Now it all worked great.

EXCEPT another program I had, ObjectDock Plus from Stardock. All of a sudden, with UAC on, the sysstats docklets can't read the system stats like network transfer speed and CPU usage and one of the autohiding docks won't unhide anymore, hehe.

Soooooooooooo, I turned UAC back off, and now ObjectDock Plus works fine, as does Quake 3 - though now the Run as Admin checkbox is checked AND grayed out (instead of unchecked and grayed out) - haha.

So when is running as an Administrator NOT running as an Administrator? Under Vista.

The implementation is flawed in some ways that are going to frustrate end users to, well, no end.

Um, no it's not, that's a good example of POOR PROGRAM DESIGN. Go and try doing the same stuff in XP with a LUA, I bet it all fails. Targeting software to run as administrators is lazy and poor programming. This has nothing to do with Microsoft, as their design documentation always said right back from Windows 2000 not to expect administrative permissions and to design it to work without them. The fact most users were administrators in Windows XP didn't help matters, but the developer still has the responsibility to fix their software to be compliant.

UAC for administrators gives them the same permission set as limited users. The difference seems to be they don't need a password then allowing system wide changes like limited users do.

I would never let Symantec touch ANYTHING so close to the integrity of my system such as UAC (I try to keep Symantec off my systems AT ALL). I'd rather completely disable it than let Symantec even get NEAR it...

My issues with UAC are many and varied. But I'll give you a good example of why UAC's implementation is a little borked here.

I have several programs (graphical designs packages) that as part of their routines goes out and checks to see if any updates and/or patches are available. Now, under Windows XP this is not a problem, it goes out, checks the server, if there's an update the program asks if I want to install, downloads and installs without an issue. Under Windows Vista, however, the behavior is a mess. It still asks if you want to download, it will download the update, but then it will just stop trying to update at all. The reason is that Vista *requires* you to run as Administrator in order to install software, if you have the UAC active.

You can do some things, you can turn off UAC but that defeats the purpose of UAC. You can right click on the icon and Run as Administrator each time, but that is annoying. Or you can go to the icon properties and click 'Always run as Administrator' but that opens a potential hole to allow something nasty into the system. Nowhere in here was an option provided that allows a user to load and run programs and allow the programs to behave as they were designed while providing a measure of security for the user. Gamers in particular will be seeing this when updates to their MMORPG programs begin failing to install, and the reason why is that Vista won't allow you to install the software in that fashion any longer.

The idea behind UAC may have been well intentioned. It's the implementation of it that has raised hackles far and wide.

Tal Greywolf said,
My issues with UAC are many and varied. But I'll give you a good example of why UAC's implementation is a little borked here.

I have several programs (graphical designs packages) that as part of their routines goes out and checks to see if any updates and/or patches are available. Now, under Windows XP this is not a problem, it goes out, checks the server, if there's an update the program asks if I want to install, downloads and installs without an issue. Under Windows Vista, however, the behavior is a mess. It still asks if you want to download, it will download the update, but then it will just stop trying to update at all. The reason is that Vista *requires* you to run as Administrator in order to install software, if you have the UAC active.

You can do some things, you can turn off UAC but that defeats the purpose of UAC. You can right click on the icon and Run as Administrator each time, but that is annoying. Or you can go to the icon properties and click 'Always run as Administrator' but that opens a potential hole to allow something nasty into the system. Nowhere in here was an option provided that allows a user to load and run programs and allow the programs to behave as they were designed while providing a measure of security for the user. Gamers in particular will be seeing this when updates to their MMORPG programs begin failing to install, and the reason why is that Vista won't allow you to install the software in that fashion any longer.

The idea behind UAC may have been well intentioned. It's the implementation of it that has raised hackles far and wide.

I concur with the statement. I've got to "allow" Neverwinter Nights 2 permission to check for updates every time I launch the update function.

Another application I have asks for a serial number to be entered. Since it stores the serial number in the registry, I get an error when attempting to register the application if it isn't launch "as an administrator". UAC doesn't even pop up in that case. The app just throws an error.

The idea is a good one, but the implementation is a bit... overzealous in its behavior.

And all those examples are the fault of the program developers who uses system files and system directoires in their routines.

or the fact that you installed said programs/games in non default folders, and you haven't given yourself ownership/full permission to those folders. If you for example have games or apps folders on other disks, you will need fullpermissions to these, or UAC will ask about everything you do there.

>>And all those examples are the fault of the program developers who uses system files and system directoires in their routines.<<

Is it the fault of the programmers? Or the fault of Microsoft who required those programmers to use those system directories and files for their applications? Remember that many of the requirements for where programs needed to be installed were dictated by Microsoft and the fact that DLLs had to be placed in certain folders in order to work correctly.

>> or the fact that you installed said programs/games in non default folders, and you haven't given yourself ownership/full permission to those folders. If you for example have games or apps folders on other disks, you will need fullpermissions to these, or UAC will ask about everything you do there. <<

No, these programs are being installed in the default directories, which again was more of a Microsoft-directed requirement. Despite the fact that they are installed in Program Files, you still don't have full access over them because of the way that Microsoft has implemented the security model in Vista. It's more of a 'yes, we know you're an admin, but we're not going to let you install unless you're ADMIN' sort of function, and that's what makes it difficult, if not impossible to deal with. The concept that programs need to have access to networks and pull down updates is extremely restrictive under Vista, except for Microsoft products (which are installed in the same directories and do not display the same restrictions as third-party applications.)

it isn't that UAC is a problem rather that we have got to change our PC habits.

I read that from eweek magazine editorial. it true we need to change our habits. :suspicious:

UAC's fine, MS and everyone else need to start re-educating people to think more linux like as permissions were originally intended, STOP RUNNING AS AN ADMIN FOR DAY TO DAY TASKS/GAMING THAT DOESn'T REQUIRE IT.

Foub said,
There's a good reason why Linux is not ready for prime time yet. Its not as user friendly as it could be.

No OS is as user friendly as it could be


Linux might not be Foub-friendly, but it's definitely ichi-friendly, and as you can surely understand that's all I care about.

You have never spent much time in Linux and OSX have you? OSX does it right and it should mirror the things in Linux you have to sudo to do.

betasp said,
You have never spent much time in Linux and OSX have you? OSX does it right and it should mirror the things in Linux you have to sudo to do.

You have never spent much time in Vista have you? Vista's UAC is actually easier - admin accounts can elevate without having to type a username or password (as you would with "sudo" in Linux, or on the Mac).

The operations that require elevation are 99% the same between these OSes... basically anything that can affect other user accounts on the system.

Brandon Live said,

You have never spent much time in Vista have you? Vista's UAC is actually easier - admin accounts can elevate without having to type a username or password (as you would with "sudo" in Linux, or on the Mac).

The operations that require elevation are 99% the same between these OSes... basically anything that can affect other user accounts on the system.

Now that's funny

Admin accounts don't have to sudo on linux to perform admin tasks, that's the whole point of being admin.

I just turn the piece of nonsense off. Its just another case of M$ saying that we're all too stupid to use our own computers. The same as when they said that we were too stupid to tell the difference between Windows Commander and Windows Explorer.

Foub said,
I just turn the piece of nonsense off. Its just another case of M$ saying that we're all too stupid to use our own computers. The same as when they said that we were too stupid to tell the difference between Windows Commander and Windows Explorer.

The problem is, most users are too stupid to use their own computers. There's a trade off here between security and usability, but it had to be done in my opinion. Besides, now you can install software on a limited account with the admin password - a much easier feature for administrating computers at home.

Foub said,
I just turn the piece of nonsense off. Its just another case of M$ saying that we're all too stupid to use our own computers. The same as when they said that we were too stupid to tell the difference between Windows Commander and Windows Explorer.

UAC has nothing to do with not trusting users. UAC will have the greatest benefit for smarter users (who understand what it's actually doing).

UAC is about not trusting applications like Outlook or Firefox to be 100% secure, which no application is. That's why UAC lets you isolate them, limiting the damage they can do if they're compromised by an attacker.

ImWatchingYou said,
The problem is, most users are too stupid to use their own computers. There's a trade off here between security and usability, but it had to be done in my opinion. Besides, now you can install software on a limited account with the admin password - a much easier feature for administrating computers at home.

I bet that you're into S&M as well. (Just kidding) I've actually used UAC and I found it to be nothing more than an annoyance with no real benefits to the end user at all. Its still M$ saying that it knows better than you do what you should be doing with your own computer. I've run into many other such things under Windows where it appears to give you a choice, but does what it wants anyways.

I agree that no one but MS should be allowed to alter UAC. With that said, they do need to alter it. It's an utter annoyance at this point and, from discussions with Linux users, is much more intrusive than it's open source counterpart. The fact that it takes 6 clicks of the mouse to delete a shortcut from the start menu and clear it from the recycle bin is a bit much.

Why does a user need permision to change things in the start menu? I mean, one would think menu settings would be stored somewhere in Documents and Settings, or whatever is Vista's /home implementation, and as such they should be treated as all the other user's documents.

I thought the UAC annoyances where pretty much just about stuff like exe installers, ie inherited problems, not design issues.

Only shortcuts belonging to all users will activate UAC.

The linux counterpart isn't really less intrusive, it's just that pretty much every linux app only installs for one user, and it allways instalsl in your folders sicne you won't even be able to install to system folders unless you dop a sudo on the install.

The only problem with UAC is 3Rd party developers who have never developed windows apps that doesn't put files in non user dirs, thishas been entirely possibly with pretty much all apps since XP and 2k. UAC is here partly for two reasons, one being to make content developers start to develop windows apps properly.

ichi said,
Why does a user need permision to change things in the start menu? I mean, one would think menu settings would be stored somewhere in Documents and Settings, or whatever is Vista's /home implementation, and as such they should be treated as all the other user's documents.

They are, unless they're in the "Common Start Menu" which is shared by all user accounts. Those are the ones you have to elevate to delete (although it's very easy to change that). Interestingly, the Common Desktop was changed in the RTM version to have delete permissions for all admin accounts without elevating.

ichi said,
Why does a user need permision to change things in the start menu? I mean, one would think menu settings would be stored somewhere in Documents and Settings, or whatever is Vista's /home implementation, and as such they should be treated as all the other user's documents.

I thought the UAC annoyances where pretty much just about stuff like exe installers, ie inherited problems, not design issues.


Why does UAC pop up a box when you're running as admin and have clicked on a program that requires admin privileges? I already know it needs admin privileges, that's why I'm using the admin account dammit to save myself typing in passwords all the time. Now I just waste time having to confirm what I already did (just like having to click on an embedded object in IE to interact with it. Oh, but now I get to click it AGAIN to do what I wanted because of "the user has to activate it" crap. Either that, or the developer has to jump through hoops and use JavaScript in an external file so it "auto-activates" for one crap browser.)

Brandon Live said,

They are, unless they're in the "Common Start Menu" which is shared by all user accounts. Those are the ones you have to elevate to delete (although it's very easy to change that). Interestingly, the Common Desktop was changed in the RTM version to have delete permissions for all admin accounts without elevating.

But what's the point of that kind of stuff being common in a multiuser environment?

Having used Ubuntu which has the same type of control, I found it to be helpful in the fact that it held my hand as a Linux newbie. It was a much appreciated feature.

I think the main problem with UAC is that after so many years of not having that function in the earlier Windows versions, most people have learned by the school of hard knocks so to speak. I learned the hard way several times when I would install something that wasn't safe unknowingly. It was a hard lesson, but I learned by experience what was good and what isn't as well as what is done on the system by the end user. Now, I simply know what to do and not and thus far my system has been safe.

For the inexperienced user of Windows, it is a great tool to help prevent your system from being hijacked. However, in my wife's case, it would totally throw her off and eventually make her mad each and every time it would come up. She is your average PC user which is unaware of the malicious technologies out there which can harm the pc. In my support calls I do for my business and have done in the past, it is usually the user who gets in trouble with malware unintentionally which makes things run terrible on their system.

I support Microsoft's strategy for using that feature in Vista and their decision to give the user the option to turn it off.

Allowing 3rd parties to "hook into" UAC exposes additional attack vectors.

No 3rd parties should be allowed to touch UAC. What do a bunch of skinning engine developers know about PC security anyway?

UAC is not broken as the title misleadingly states.

1st people are turning it off. that's a fact. Call them stupid or whatever you like but that doesn't change reality.

Second, if you read the article that zdnet linked to over on wc, you would see that what Stardock suggested would be for uac to remember programs that had been given permission. who better to to implement something as straight forward as that as the people who extend the OS already. You should try out Stardock's other programs before dismissing them as a bunch of "skinning engine developers".

Mascrin said,
1st people are turning it off. that's a fact. Call them stupid or whatever you like but that doesn't change reality.

Second, if you read the article that zdnet linked to over on wc, you would see that what Stardock suggested would be for uac to remember programs that had been given permission. who better to to implement something as straight forward as that as the people who extend the OS already. You should try out Stardock's other programs before dismissing them as a bunch of "skinning engine developers".

It takes about 5 seconds to find a giant hole with the "stardock" solution. If you "permit" application x to always run after consenting to it, then when some malware down the line tries to run application x and exploit it, you just lost control of your computer and didn't have a way to know about it.

UAC is designed to alert you that something is requesting permissions that permit an attacker to compromise your system. If you weren't expecting anything to require escallated privleges, you can head it off at the pass, so to speak. Software, unfortunately, isn't "smart" enough to determine the intent of code so it has to depend on something that is (ie: the user) to make an intelligent decision.

I know what I'm doing and I still have it enabled, because I don't think its annoying or pointless especially since i've been saved from spyware by it.

NinjaGinger said,
Ive just turned it off. If you know what your doing, its useless and annoying.

Well that's just stupid. It's those who know what they're doing who gain the most benefit from UAC. It's ignorant fools who turn it off.

Brandon Live said,

Well that's just stupid. It's those who know what they're doing who gain the most benefit from UAC. It's ignorant fools who turn it off.


I was about to say the same thing...

Never used a anti-virus on the last 4 years.
Never got a virus in my machine for more than an hour in the last 4 years.
On the last 4 years all i had was 3 of them.

UAC is annoying for anyone who develops hardware-based systems.

Ignorance is needing an idiot window asking for authorization everytime i need to make a sys change.
I work fixing machines, i do know what i am doing, i don't want windows to spend my time with dozens of windows everytime i try to compile and test something i am developing that changes the sys.

Ignorant fool is who needs a machine to think for him.

cardg said,
Never used a anti-virus on the last 4 years.
Never got a virus in my machine for more than an hour in the last 4 years.
On the last 4 years all i had was 3 of them.

UAC is annoying for anyone who develops hardware-based systems.

Ignorance is needing an idiot window asking for authorization everytime i need to make a sys change.
I work fixing machines, i do know what i am doing, i don't want windows to spend my time with dozens of windows everytime i try to compile and test something i am developing that changes the sys.


None of that makes any sense. I'm a developer, and UAC hasn't bothered me in the slightest. I very rarely see UAC prompts, and I love the added control it gives me over my applications.

You clearly don't understand UAC or privilege isolation, which is unfortunate because you're needlessly putting yourself at greater risk.

Ignorant fool is who needs a machine to think for him.

That sentence means absolutely nothing. I'd love to hear you try and explain what you meant by it, though.

cardg said,
Never used a anti-virus on the last 4 years.
Never got a virus in my machine for more than an hour in the last 4 years.
On the last 4 years all i had was 3 of them.

If you've never used an anti-virus, how come you know that you've "had three of them" and they lased "less than an hour"?

FluidDruid said,

If you've never used an anti-virus, how come you know that you've "had three of them" and they lased "less than an hour"?

He doesn't know, he just wants to look cool and geeky. People who usually answer like "I fix machines" "I never use AV and haven't been hit by a virus" do it because they think it makes them look more knowledgeable than they really are.

Me too I "thought" I knew what I was doing until last month I got a keylogger on my XP machine. UAC is very very annoying, but better have this than getting all sorts of malware.