Win7 team swallows UAC pride

Win7 team swallows UAC pride

Summary: I was waiting for the UAC-based security problems to occur after Windows 7's release but alas that was not to be, for problems have occurred in the beta version of Windows 7.

TOPICS: Security, Windows

One of the vaunted features of Windows 7 is the updated User Account Control settings. The change being the addition of a slider and UAC grades — one grade at the Vista level of annoyance and three grades of off (off a little, off a lot, and #*%!@ OFF!!).

The UAC dialog that caused all the trouble

Who'd have thought such a little dialog could do so much harm? Not Microsoft.

Microsoft would call this something like "notification grades", but really its just a test of one's patience and security-mindedness.

I was waiting for the security problems to occur after Windows 7's release and for users to lower their slider too far — or the default grade (which is not the highest security possible, but one lower) was not secure enough.

Alas that was not to be, for problems have occurred in the beta version of Windows 7. The default security level treated a change of the UAC slider as permitted, therefore if you wrote a program that changes the UAC, then Windows 7 is your playground and you could do whatever you wanted.

Microsoft originally defended their UAC design, but it smelt more of hurt geek pride. Theoretically and technically, the design is possibly fine; in practice its implementation is absolutely flawed.

After much wailing and gnashing of teeth to Microsoft's respose (here's but one example), the decision has been made to secure the UAC prompt. Come Windows 7 RC1, UAC settings will now run in a "high integrity" process which will require elevation, and changing the UAC settings will produce a confirmation prompt. Better to take the hit now then have the UAC-lowering programs flooding the internet.

Kudos to the Windows 7 team to have the gumption to admit a mistake and swallow some pride. I'll leave to them the last thought, which summed up their position nicely:

When we started the "E7" blog we were both excited and also a bit uneasy. The excitement is obvious. The unease is because at some point we knew we would mess up. We weren't sure if we would mess up because we were blogging about a poorly designed feature or mess up because we were blogging poorly about a well-designed feature. To some it appears as though with the topic of UAC we've managed to do both.

Topics: Security, Windows


Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • cancel or allow

    Chris, I can't believe you didn't include this!
  • May as well wait for it.

    Any idea when the Release Candidate version is going to be released?
  • Unbelievable!

    I really can't believe that people are still using Windows...
  • Re: Unbelievable!

    I'm with you on this one. Why spend all that money on Windows and other MS software when there are better options out there for free. I haven't been using Windows myself for nearly three years now.
  • SAD

    Microsoft has contributed to make the global personal computer market as well as the development of the internet to make it what it is today. Your "why support MS...better options out there for free" is stupid and typical of a Mac or Linux fanboi

    * Microsoft standardized the operating-system market as well as driving the whole personal computer market forward in the early 90's
    * Microsoft ultimately championed the open standard TCP/IP protocol (without the WWW, blogs, podcasts, your precious iphone would never have been developed)

    I'm sure your proud of using Ubuntu ( not everyone wants to have to learn Terminal or log in as root), or enjoy fiddling with your 'dock' on your Mac but have some respect where respect is due