Windows 7 chiefs: We messed up
Scratch all the confusion over the past few days regarding whether Microsoft would take user feedback into account and make the User Account Control (UAC) setting in Windows 7 better suited to protecting users.
Late in the day on Thursday, February 5, Microsoft's top Windows brass made a second posting to the Engineering Windows 7 blog that showed they are, in fact, going to make changes to Windows 7 that will make the UAC prompts both more useful and more secure.
A quick refresher for those who haven't been following along with this at home: In Vista, UAC prompts were so onerous that many users turned UAC off. With Windows 7, Microsoft is offering users more levels of granularity. However, the default setting for Windows 7, as it currently stands in the beta, is overly permissive in some testers’ (and some Microsoft employees’) view.
A joint posting by Windows Engineering Chief Steven Sinofsky and Senior Vice President of Microsoft's Core Operating System Jon DeVaan admitted they had goofed in the handling of the messaging around UAC. The pair admitted they knew there were risks to doing the blog they established last year:
"(W)e weren’t sure if we would mess up because we were blogging about a poorly designed feature or mess up because we were blogging poorly about a well-designed feature. To some it appears as though with the topic of UAC we’ve managed to do both. Our dialog is at that point where many do not feel listened to and also many feel various viewpoints are not well-informed. That’s not the dialog we set out to have and we’re going to do our best to improve."
So what is Microsoft going to do? Sinofsky and DeVaan explained in the new post:
"With this (user) feedback and a lot more we are going to deliver two changes to the (Windows 7) Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.... "That sums up where we are heading. The first change was a bug fix and we actually have a couple of others similar to that—this is a beta still, even if many of us are running it full time. The second change is due directly to the feedback we’re seeing. This 'inconsistency' in the model is exactly the path we’re taking. The way we‘re going to think about this that the UAC setting is something like a password, and to change your password you need to enter your old password."
(I take the "we'll all see" in the post to mean the Release Candidate, expected later this spring, will be public.)
Kudos to the Windows brass for showing that the Windows beta process isn't just for show. And kudos to Long Zheng and Rafael Rivera for keeping the pressure on the Windows team to do the right thing.