Win7 team swallows UAC pride

Summary:I was waiting for the UAC-based security problems to occur after Windows 7's release but alas that was not to be, for problems have occurred in the beta version of Windows 7.

One of the vaunted features of Windows 7 is the updated User Account Control settings. The change being the addition of a slider and UAC grades — one grade at the Vista level of annoyance and three grades of off (off a little, off a lot, and #*%!@ OFF!!).

The UAC dialog that caused all the trouble

Who'd have thought such a little dialog could do so much harm? Not Microsoft.
Credit: ZDNet.com.au

Microsoft would call this something like "notification grades", but really its just a test of one's patience and security-mindedness.

I was waiting for the security problems to occur after Windows 7's release and for users to lower their slider too far — or the default grade (which is not the highest security possible, but one lower) was not secure enough.

Alas that was not to be, for problems have occurred in the beta version of Windows 7. The default security level treated a change of the UAC slider as permitted, therefore if you wrote a program that changes the UAC, then Windows 7 is your playground and you could do whatever you wanted.

Microsoft originally defended their UAC design, but it smelt more of hurt geek pride. Theoretically and technically, the design is possibly fine; in practice its implementation is absolutely flawed.

After much wailing and gnashing of teeth to Microsoft's respose (here's but one example), the decision has been made to secure the UAC prompt. Come Windows 7 RC1, UAC settings will now run in a "high integrity" process which will require elevation, and changing the UAC settings will produce a confirmation prompt. Better to take the hit now then have the UAC-lowering programs flooding the internet.

Kudos to the Windows 7 team to have the gumption to admit a mistake and swallow some pride. I'll leave to them the last thought, which summed up their position nicely:

When we started the "E7" blog we were both excited and also a bit uneasy. The excitement is obvious. The unease is because at some point we knew we would mess up. We weren't sure if we would mess up because we were blogging about a poorly designed feature or mess up because we were blogging poorly about a well-designed feature. To some it appears as though with the topic of UAC we've managed to do both.

Topics: Security, Windows

About

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.