Windows Vista's User Account Control (UAC)
One of the most significant changes in Windows Vista over any previous version
of Windows is called "User Account Control" (UAC). UAC is an alternative to the
way many people currently use Windows (XP) which is as administrators. Running
your computer as an administrator gives you the right to change settings and
install programs. The problem with that is that it makes Windows XP PCs more
susceptible to undetected installation of spyware and other malicious programs.
In other words, it's easy to "sneak a program" on a computer being run by an
administrator with "administrator privileges".
Windows Vista's User Account Control (UAC) is based on a standard mode designed
to prevent the installation of programs -- including unwanted software -- unless
the user specifically grants permission. And if the user is not logged on as an
adminstrator, he/she will have to enter a password to elevate to administrator
status. Simply put: adminstrator status in Windows XP gives you the right to do
anything you please on your computer, carte blanche. Administrator status on
Windows Vista, does not. Because Vista uses UAC, you have to specifically
authorize each installation via popup window:
Basically what UAC does is temporarily elevate your user status to something
akin to a "super adminstrator" - granting you temporary permission to install
software and/or change settings. The key is that this temporary elevation
of status doesn't require logging out of the PC and back in as a higher-level
administrator. This is exactly why everyone we know runs Windows XP as an
administrator - because if you ran Windows XP as a "standard user" (i.e. not an
administrator) then you would be required to logout and log back in, just
to install programs or make settings changes. And, by the time you did
all that you'd probably forget what the heck you were going to install or change
anyway. So, Windows Vista gets around this by elevating your status from
"ordinary administrator" to "super administrator" (these are our terms for
simplicity - not official terms) which allow you to install programs and change
settings, etc. without logging out and logging back in. And soon as you're done
doing the installation or setting changes, you're demoted back to lower user
status.
Some experts call it one of the most important changes in Windows Vista. Yes,
but we see in our crystal ball that down the road having something pop up in
your face every time you make any changes to your computer or want to install a
program is going to get very annoying. Here's the problem we can foresee with
UAC: After you've seen about 10,000 of these UAC warnings, you're not going to
read them- you're going to grow so use to clicking "Continue" that, in the end,
if you're not careful, you will take the chance of installing something you
don't really want anyway. This would defeat the purpose of UAC.
Right now, in our opinion, there are too many of these UAC dialog boxes popping up. Everything you do,
in Vista, seems to require a temporary elevation in user status. For instance,
one would think that Microsoft would trust Microsoft Windows Update, right?
Wrong. You get a warning that Windows Update is trying to install something on
your computer (DUH! Yes a Windows Update!). You can't even drag a file from the
desktop to a folder without one of these warnings popping up. How many
spyware/adware/malware programs drag files across you desktop. Come on! Security
is nice, but it ought to at least make sense.
Microsoft needs to use better judgment
here. If we cannot trust the company that makes the operating system, who can we
trust? If we cannot drag and drop files without a UAC dialog popping up in our
faces, then something isn't quite right. Microsoft needs to do away with some of
the UAC dialogs or there's going to be so many of them popping up that people
will just start ignoring them - and click "continue" without thinking. And that
is going to defeat the purpose of UAC.
Although the 'standard' user in Windows Vista will have more direct control over
more settings than a 'standard' user in Windows XP, Vista requires
elevated privileges for many setting changes and all software installations and
this means more User Account Control pop-ups. After a few months of testing
Vista, we can tell you this gets totally annoying. And it looks like Microsoft
is finally getting the word that this sort of pop-up overkill might kill
consumer desire to upgrade to Windows Vista (that is if the extremely high
minimum requirements just to run Vista don't kill it first).
Microsoft says it has been responding to feedback from testers to reduce the
number of User Account Control interruptions. "Our goal is that, once the PC is
set up and people are using it on a daily basis, the prompts will be nearly
invisible to them," said Jim Hahn, a product manager in Microsoft's Windows
division. Is that really what they mean? Does Microsoft want these warning to
become as invisible to the user as the current "Download" warnings displayed by
browsers every time you download a file? How many people really pay
attention to them after they've seen these same warnings 50,000 times? I hope
that's not what Microsoft really meant - that they want people to get so used to
these UAC warnings that they become "invisible" to Vista's users.
And, UAC is not the only big change in Windows Vista. Here are some of the others:
Internet Explorer 7 runs in a "protected mode" which is meant to stop Websites
and attackers from using Internet Explorer to install unwanted software or
change settings. Here again, you'll have to also deal with User Account Control
popups as well as IE7 warnings. Warnings, warnings, warnings. How many warnings
will we see before we start ignoring them. That's a big problem Microsoft faces
as it tries to shore-up security. Microsoft has always put convenience ahead of
security until recently. Can you blame them? They were giving people what the
people wanted: a convenient, easy-to-use operating system. Now, Microsoft has no
choice. It has been blasted ad nauseum for Windows inherent lack of security and
its focus on ease-of-use and convenience. We're all going to have to get use to
a different way of doing things - even if we continue to stick with Windows XP.
Sometime in the future, MS will issue Service Pack 3 for Windows XP and when
they do you can bet it will include some of the security features of Windows
Vista.
Vista incorporates anti-spyware protections into Vista (Windows Defender).
That's in addition to the new anti-virus and maintenance services that Microsoft
is selling on a stand-alone basis, competing with existing security vendors such
as Symantec, Zonelabs, Computer Associates, McAfee, Webroot, PC Tools, and
Sunbelt. Personally, I think Windows Defender is desperately lacking. It doesn't
detect much adware and adware can consume system resources faster than Wimpy can
consume a hambuger.
Other changes in Windows Vista are not so visible. Like a new technique to make
it harder to exploit what's known as a buffer overrun -- a common problem caused
by a program trying to write more data than it should to a temporary holding
space in the computer's memory. The new technique loads the system code into
totally random places in memory, making it tougher to find weaknesses to
exploit. This is known as "Address Space Layout Randomization". It's not new and
not unique. It's been around awhile and has been used in various flavors of the
Linux operating system.
Windows Vista is the first version of Windows to be developed completely under
the "Trustworthy Computing Initiative", announced by Bill Gates in early 2002,
then reeling from a series of high-profile security vulnerabilities and
exploits.
And, even with all the changes in Windows Vista, security will be an
ongoing challenge. Hackers and miscreants are not just going to throw their
hands up and say: "Well, we'll have to go out and get real jobs now, Windows
Vista whooped us good." We all know when Windows Vista is final and
becomes "the" current Windows version - as is being installed on almost every
new PC being built, hackers, evil-doers and miscreants will be finding ways
break down its security. This should remind us that no matter what security
programs you have installed; no matter which version of Windows you're using or
will be using; not matter how many anti-badware software programs you have
installed - nothing will ever protect you as well as that gray matter you have
between your ears and good old common sense. Keep that thought in your mind
whenever you're using a computer connected to the Internet and you'll be a lot
safer than those who rely on software alone to protect them.
