Should Apple be making fun of Vista UAC?

Summary:Windows Vista UAC (User Account Control) has an additional security feature called Secure Desktop that hardens the UAC privilege escalation prompt, but some people seem to be upset with this feature because they say it's annoying. Apple has even gone as far as making a new TV commercial out of it with "PC" being bossed around by a scary looking man in a black suit nagging him on each word.

Windows Vista UAC (User Account Control) has an additional security feature called Secure Desktop that hardens the UAC privilege escalation prompt, but some people seem to be upset with this feature because they say it's annoying. Apple has even gone as far as making a new TV commercial out of it with "PC" being bossed around by a scary looking man in a black suit nagging him on each word. But is this really an accurate assessment?

I don't really care how many times people say, "Oh, but UAC bothers you for no reason," because it's simply not true. Anyone who says that hasn't used Vista, and they don't really know what they're talking about. Vista and Mac OS X (as well as any version of UNIX) will ALL prompt for privilege escalation any time you try to install software, and that's how desktop operating systems should work. Windows XP and prior didn't have graceful mechanisms for handling privilege escalation and they forced you to log out and back in if you wanted to run without administrator mode, so not very many people implemented it. Vista's late to the game but that's moot since it's here now, and we need to evaluate UAC for what it is. Let's compare Vista UAC privilege escalation to Mac OS X privilege escalation with the following two videos.  

Here's Windows Vista UAC at work when I try to install software. *

Here's Mac OS X privilege escalation when you try to update software.

* Note that I had to temporarily shut off the Secure Desktop feature to capture the screen movie because Secure Desktop actually locks up the entire desktop, which prevents any application from interacting or seeing the UAC prompt. Vista UAC Secure Desktop is an added security measure that prevents malicious software from interacting or masking the UAC prompt in a way that might social-engineer users into clicking Allow. This doesn't actually change the user interaction or the keystrokes required, other than the fact that you no longer see the background dim, so it doesn't change the comparison in anyway. The Mac video was shot by our own Jason Hiner with a camcorder, which is why you see the moiré patterns over the video. I'll need to ask you to pretend you see the Vista desktop dim and pretend you don't see any moiré patterns on the Mac desktop.

As you can see, Mac OS X actually requires you to do MORE work by having you type in the administrator password, whereas Vista (for the primary user running as a limited admin) only prompts you to click Allow. So if we really wanted to make the Apple commercial accurate, there should be a second security guard that makes "Mac" recite a series of letters before he gives the OK to proceed. What we have is another case of deceptive advertising. Vista UAC really isn't that bad. This is something that Mac OS X and Linux users have been living with for years, and it's something that Windows Users need to get use to for their own protection.

If Vista UAC really bothers you that much, you can turn it off and simply accept the risk of running with full administrative privileges.  I'm not going to link to any tutorials on disabling UAC because anyone who can't figure out how to turn off UAC probably shouldn't be turning it off in the first place. I'm sorry if that sounds blunt, but I don't want to give any advice that endangers anyone's PC.

Topics: Windows

About

George Ou, a former ZDNet blogger, is an IT consultant specializing in Servers, Microsoft, Cisco, Switches, Routers, Firewalls, IDS, VPN, Wireless LAN, Security, and IT infrastructure and architecture.

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.