A fresh look at Vista's User Account Control

A fresh look at Vista's User Account Control

Summary: User Account Control (UAC) is a controversial new security feature slated for inclusion in Windows Vista. Reactions to this feature from beta testers have been downright caustic. In this post, first in a three-part series, I explain how UAC works in the most recent beta release of Vista.

SHARE:
TOPICS: Windows
19

A few months ago, I wrote about User Account Control (UAC), a controversial new feature slated for inclusion in Windows Vista. Here’s what I had to say last December:

The theory behind UAC is sound: When you’re about to do something that requires an administrator’s privileges, you need an administrator’s consent. For a regular user, that means typing in a set of credentials (username/password) that belong to a member of the Administrators group; if you’re already an administrator, you just have to click a Permit button. This option allows you to see when a program or process is trying to do something that can have an impact on your system’s stability, and it’s an effective way to block untrained or naive users from accidentally screwing up their system.

[…]

UAC in the current build of Windows Vista is working, but not well. Some programs fail when they can’t get full system access or when they try to save a file to an area where the current user doesn’t have write privileges. The barrage of dialog boxes is annoying, especially during the initial phases of setting up a system.

Has UAC been improved in recent beta releases? Somewhat. This post, first in a three-part series, looks at how UAC works, based on the behavior in Windows Vista Build 5365.

(more...)

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • Vista UAC= *nix sudo?

    Ed, as I was reading this blog, that thought kept coming up in my mind. The underlying principles and use are the same, so can I say UAC was "inspired" by sudo? Don't get me wrong, I like UAC since it will help users practice least user privileges. Will Vista set up a UAC-enabled account by default, or does the Administrator have to set one up after installation or first boot?
    Tony Agudo
  • See what others have to say about MS's UAP

    Paul Thurrott, a well respected MS commentator had this to say:

    "Here's the good news. In Windows Vista, Microsoft is indeed
    moving to this kind of security model. The feature is called User
    Account Protection (UAP) and, as you might expect, it prevents
    even administrative users from performing potentially
    dangerous tasks without first providing security credentials,
    thus ensuring that the user understands what they're doing
    before making a critical mistake. It sounds like a good system.
    But this is Microsoft, we're talking about here. They completely
    botched UAP.

    The bad news, then, is that [b]UAP is a sad, sad joke. It's the
    most annoying feature that Microsoft has ever added to any
    software product[/b], and yes, that includes that ridiculous
    Clippy character from older Office versions. The problem with
    UAP is that it throws up an unbelievable number of warning
    dialogs for even the simplest of tasks. That these dialogs pop up
    repeatedly for the same action would be comical if it weren't so
    amazingly frustrating. [b]It would be hilarious if it weren't going
    to affect hundreds of millions of people in a few short months. It
    is, in fact, almost criminal in its insidiousness[/b]."

    http://www.winsupersite.com/reviews/winvista_5308_05.asp

    No wonder Ed's blog is titled "A fresh look at Vista's User
    Account Control", he had the benefit of looking through ZDNet's
    rose coloured glasses;-)
    Richard Flude
    • Paul T. didn't even get the name right

      It's User Account Control, not User Account Protection. Sheesh.

      And his "review" was based on a build from several months ago. The behavior in the build I looked at is changed from that build.
      Ed Bott
      • OK lets look at the latest beta review

        "And his "review" was based on a build from several months ago.
        The behavior in the build I looked at is changed from that build.
        "

        Paul writes"Windows Vista Build 5365 Review":

        "In part 5 of my February CTP/Build 5342 review, I eviscerated
        User Account Protection (UAP) because it's annoying and can
        often trigger a seemingly endless series of authorization dialog
        boxes. UAP is, at heart, one of the best things Microsoft could
        possibly add to Windows. [b]In use, however, UAP is horribly
        implemented. It's just a disaster.[/b]

        In build 5365, UAP has changed dramatically.... However, none
        of the changes are related to making this feature less
        annoying...[b] So not only is UAP annoying, but now you can't
        even get something else done until you deal with it [/b]"

        http://www.winsupersite.com/reviews/winvista_5365.asp

        Only getting worst in Paul's opinion:-)
        Richard Flude
        • Why don't you go leave a comment at Paul's site?

          Oh, right. He doesn't allow comments.

          Look, Paul expresses some opinions. I happen to think that reviewing an interim beta release is just silly. It's beta because it's going to change. And believe me, Microsoft is getting an earful from a lot of people, including me, on this feature. The real story is how it evolves. So for now I'll report on the changes rather than trying to do a "review" of an unfinished product.
          Ed Bott
      • re name

        "It's User Account Control, not User Account Protection. Sheesh."

        It is?

        MSDN refers to its as UAP here

        http://msdn.microsoft.com/windowsvista/security/

        and yet here as UAC

        http://www.microsoft.com/technet/windowsvista/security/
        uac.mspx

        More evidence that Vista is a joke, acronyms' haven't even been
        determined. Look the emperor has no clothes.
        Richard Flude
        • Look at the product

          In builds of Windows Vista since the beginning of the year, it's been UAC. The reference you found at MS was from a page written in 2005 and obviously not updated.

          Presumably, anyone reporting on the product as it exists today will actually refer to the terminology as used in the product itself.
          Ed Bott
    • It looks like most *Nixes GUI su/sudo

      Red Hat, Ubuntu, and SuSe have had a simular feature for quite some time. The screenshots look quite a bit like the Fedora implementation.

      All I can say is it's about time MS added something like this. It will annoy some Windows users but this is what is required to keep a machine secure from drive by installs.
      Edward Meyers
      • Not quite

        It looks like the Windows implementation follows the standard MS UI guidelines: Throw as much crap on the screen as possible to convince everyone your program is sophisticated, flexible and powerful.

        How about this MS: Use ONE dialog for everything with a More Info button on it for those who want to learn more about what is happening.

        Of course, I'm not surprised Vista throws this dialog up every time you sneeze, since Vista is still using the same file structure model as WinXP, and is still not at true multi-user system.
        frgough
        • Good Point

          NT
          Edward Meyers
        • Would you care to translate that into English?

          <b>I'm not surprised Vista throws this dialog up every time you sneeze, since Vista is still using the same file structure model as WinXP, and is still not at true multi-user system.</b>

          <p>That sounds fascinating, but what does it mean? What is the "file structure model" and what does it have to do with a "true multi-user system"? Sounds like you're quoting something you read somewhere as opposed to something you actually have experience with.
          Ed Bott
          • I'm interested too

            I'd like to hear his explanation of why Windows is not a "true multi-user system" too.

            If anything, it should be good for laugh.
            toadlife
    • Paul Thurrott

      Richard, Paul Thurrott really doesn't know much about Windows. You should try not to quote him in your arguments. It can only serve to make you look as ill-informed as him.
      toadlife
      • So please justify Paul's experiences

        Installing firefox was a joke, his attempt to remove it's shortcut
        from the desktop is hilarious.

        Not being able to tell focus in a modern OS is bewildering, and
        his complaints about media center are echoed around the web
        (OK not ZDNet;-)).

        Now yet another MS fanboy steps up and dismisses these
        complaints with the he "really doesn't know much about
        Windows" and label him "ill-informed". Paul presents concrete
        examples of Vista behaviour, fanboys return head to sand.
        Richard Flude
        • That was then...

          I find the whol eidea of reviewing beta software hilarious. Once again, Paul was reviewing an interim beta release from a couple months ago. Of course some stuff doesn't work and other features are awkward or unpolished. That's why it's beta.

          I looked at a newer release and see that the behavior of this feature has changed. And of course it will be at least 7-8 months before this product is released to the public, so there's room for still more to change.

          But if you'd like to make your decisions based on someone else's impressions of a build from three months ago, that's your prerogative.
          Ed Bott
        • Looks like you don't get Windows either.

          [i]"Installing firefox was a joke, his attempt to remove it's shortcut from the desktop is hilarious."[/i]

          The firefox icon was installed onto the all users desktop. Deleting it would affects all users of the system. Mr. Thurrott, who is obviously used to running Windows as "root" all his life, didn't understand why he was not allowed to delete the icon without autheticating. Do you, Richard, think it's a good diea for an OS to allow regular users to modify parts of the filesystem that affect every user? No?

          I don't care how much of a "respected MS commentator" he, is - he doesn't know much about WIndows. Judging by his articles (I've read a few) his body of Windows knowdlege consists of knowing how to click around and find the appropriate control panel for what he wants to do. His knowledge of Windows is very superficial.

          [i]"Now yet another MS fanboy steps up and dismisses these complaints with the he "really doesn't know much about Windows" and label him "ill-informed"."[/i]

          Am I a MS fanoby, or are you an anti-MS zealot?
          toadlife
    • ballons we go

      Just another annoyance for all to disable via Console...
      gdude@...
  • Sad, REALLY sad

    There are SO many variables here to make this work properly, that its really not a good idea to release it until all the bugs are worked out. There needs to be a new registry format, there needs to be a new process for installing applications, there needs to be clear documentation on how to customize everything, etc. Those sudo rule files can start looking pretty nasty after a while - I'm sure the same will be witnessed in UAC.

    The next step from this would be a CA eTrust/SeOS solution - where you can restrict access to commands and files. This can be VERY annoying when implemented wrong (which it usually is).

    M$ is giving people Nazi Germany when all they want is Waldon's Pond. I can see an opening here for network appliances/thin clients. Security without the hassle . . .
    Roger Ramjet
  • It looks like

    An overly complex and poorly implimented copy of the Linux "sudo"
    tracy anne