InsideMicrosoft

Tone Down UAC, Or Consolidate?

Windows Vista has a feature called User Account Control that is designed to give the user better protection from all the nasty stuff out there.

Ed Bott explains:

The theory behind UAC is sound: When you’re about to do something that requires an administrator’s privileges, you need an administrator’s consent. For a regular user, that means typing in a set of credentials (username/password) that belong to a member of the Administrators group; if you’re already an administrator, you just have to click a Permit button. This option allows you to see when a program or process is trying to do something that can have an impact on your system’s stability, and it’s an effective way to block untrained or naive users from accidentally screwing up their system.

The issue is that UAC notices appear far too often, and appear often in conjunction with warnings from all of your other security software. If you are a user without the priveleges (and password) for UAC approval, you’re better off than someone who has it, even though you’ll be annoyed fifteen times a day.

The reason is that, when a power user is using their own Windows box, they will see all these warnings, and do as I do, and try to close those boxes as quickly as possible, rarely reading or paying attention to them. They get so annoying, and often, that you don’t have time to read them, you just need to get back to work.

Windows Vista Info discusses:

I’m in 100% agreement with Ed over the feeling of being swamped by dialog boxes already and I can’t help but feel that things are going to get so much worse when you add programs like ZoneAlarm and Norton AntiVirus into the mix. There’s psychology at work against the system already - the scheme becomes annoying so that I can see users quickly go into a trance over it and just enter their password whenever it asks for one. Result, no protection.

I really hope that Microsoft improves this feature. I’m quickly coming to the conclusion that the dialog box idea doesn’t work and I’d rather see a message area developed for Windows that handled all messages to the user. That might be a lot better than the random mix of dialog boxes, message windows, balloons and such that Windows has become.

I think that the best option is indeed for Microsoft to consolidate system security messages into a single console, one that maybe becomes part of the Windows Sidebar. Messages, from all security programs, would be clustered together based on what action triggered them.

Messages would remain in the security message console until they are approved (or disapproved), and they prevent the program in question from acting, while allowing the rest of the system to operate just fine (and they certainly do not cover the desktop with windows that are steal focus and can’t be minimized).

Users could base their conclusions of the safety of programs on the sheer number of messages and variety of programs, if they have no experience in guaging such things. And if they approve an action, they can approve a whole cluster with one click. Such a process engages the user, instead of annoying the user, and is more likely to work.

Microsoft should push forward to consolidate these messages. Other vendors, like Norton, should make the Windows Vista versions of their programs use a system API. And if they don’t, Microsoft should do it themselves. Security is too serious an issue in Windows to have an abundance of security programs ruin the effectiveness of your setup.

December 28th, 2005 Posted by Nathan Weinberg | Vista, Windows, Security, General | 3 comments