Microsoft: Users confused by Vista UAC prompts

Summary:Head of trustworthy computing Scott Charney admits User Account Control prompts are not intuitive and use language that is confusing

Scott Charney, head of trustworthy computing at Microsoft, admitted this week that Windows Vista's User Account Control prompts are not intuitive and confuse users.

In a video interview with at the AusCERT2008 conference this week, Charney said Microsoft needs to make improvements around User Account Control (UAC).

"Clearly there is work that has to be done around the UAC prompts — in part because of user feedback that they get the prompts at times they don't necessarily expect them and it is not intuitive," said Charney.

"If you give people too many prompts in too many situations, they view it as an impediment to getting their work done and they just start clicking 'OK' on everything," Charney added.

He said that the language used in prompts is also confusing.

"We give them dialogues and prompts that don't help them make the right decision as often as we would like. You can be surfing the web and get a warning that this site is out of another site's control, or you may be passing data to another site. What is a user supposed to do with that information?," said Charney.

"You can click 'cancel' and not do what you were trying to do, or you can accept the risk. We need to figure out better ways to mitigate that risk but let the user achieve their objective," he added.

Charney's comments echo those of Ivan Krstić, the former director of security architecture for the One Laptop per Child project, who opened last year's AusCERT conference by claiming that desktop security was completely broken.

In an interview with at last year's conference, Krstić said: "If you go to a website whose security certificate is, for any reason, not checking out, you get a dialogue box that you [require] strong internet security [skills] to decipher," he said. "For anyone else, they get to do a random guess between 'yes', 'no' and 'cancel'. That's no way to protect anyone," he added.

Krstić said software vendors were "weaselling off responsibility for security to users" in order to "legally protect themselves".

Topics: Enterprise Software


Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio


Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.