Microsoft admits Vista UAC prompts 'need work'

Summary:Scott Charney, head of Microsoft's Trustworthy Computing division, admitted this week that Windows Vista's User Account Control (UAC) prompts are not intuitive and confuse users.

Scott Charney, head of Microsoft's Trustworthy Computing division, admitted this week that Windows Vista's User Account Control (UAC) prompts are not intuitive and confuse users.

In a video interview with ZDNet.com.au at the AusCERT 2008 conference this week, Charney said Microsoft needs to make improvements around UAC.

"Clearly there is work that has to be done around the UAC prompts — in part because of user feedback that they get the prompts at times they don't necessarily expect them and it is not intuitive.

"If you give people too many prompts in too many situations, they view it as an impediment to getting their work done and they just start clicking ok on everything," said Charney.

He said that the language used in prompts is also confusing.

"We give them dialogues and prompts that don't help them make the right decision as often as we would like. You can be surfing the Web and get a warning that this site is out of another site's control, or you may be passing data to another site. What is a user supposed to do with that information?

"You can click cancel and not do what you were trying to do, or you can accept the risk — we need to figure out better ways to mitigate that risk but let the user achieve their objective," he added.

Charney's comments echo those of Ivan Krstić, the former director of security architecture for the One Laptop Per Child project, who opened last year's AusCERT conference by claiming that desktop security was completely broken.

In an interview with ZDNet.com.au at last year's conference, Krstić said: "If you go to a Web site whose security certificate is for any reason not checking out, you get a dialogue box that you [require] strong Internet security [skills] to decipher," he said. "For anyone else, they get to do a random guess between yes, no and cancel. That's no way to protect anyone," he added.

Krstić said software vendors were "weaselling off responsibility for security to users" in order to "legally protect themselves".

Topics: Security, Microsoft, Windows

About

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.