By Jin Nan Goto

I wasn’t planning on writing another post about the Engineering Windows 7 blog since I already mentioned it last week. But this latest post from the E7 blog is about User Account Control and I couldn’t resist.  Bottom line is UAC is coming to Windows 7.  This is probably disappointing news for many who considered UAC to be too obtrusive and obnoxious (although I don’t think anyone thought UAC wasn’t coming back).  Still, the Windows 7 people are working to improve it and lower its annoyingness.

Now that we have the data and feedback, we can look ahead at how UAC will evolve—we continue to feel the goal we have for UAC is a good one and so it is our job to find a solution that does not abandon this goal. UAC was created with the intention of putting you in control of your system, reducing cost of ownership over time, and improving the software ecosystem. What we’ve learned is that we only got part of the way there in Vista and some folks think we accomplished the opposite.

Based on what we’ve learned from our data and feedback we need to address several key issues in Windows 7:

• Reduce unnecessary or duplicated prompts in Windows and the ecosystem, such that critical prompts can be more easily identified.
• Enable our customers to be more confident that they are in control of their systems.
• Make prompts informative such that people can make more confident choices.
• Provide better and more obvious control over the mechanism.

Excerpt from Engineering Windows 7 Blog

Designed out of a desire to make Vista the “most secure version of Windows ever” UAC has done a lot to change a very destructive aspect of Windows, which is that everyone ran Windows as an Administrator.  UAC has not only helped by warning users when installing software(or malware), it has also helped developers create better software that was more conducive to allowing users to run as a limited user and improve security. Malware is generally not able to install itself without permission when running as a limited user.

The older versions of Windows (Win95, Win98, WinMe) were all single user operating systems. This is where the user had full control over modifying the system.  The newer versions of windows (Windows 2000 and later) were multiuser capable, This allowed the for limited user accounts as well as administrator accounts. The data from Microsoft’s Windows Feedback Program showed that around 75% of computers have only one user account Which defaults to the Administrator account.   In the past many software developers made assumptions that the computer would have full access to be able to modify the system.  The E7 blog admits that even some developers at Microsoft made those assumptions as well.  This really made running Windows XP as a limited user incredibly difficult.

With Vista and UAC, developers had to take a hard look at the programs that required Administrator rights and whether they could (or should) change them to not require elevation.  If they did require elevated privileges the secure desktop popped up and the user had to explicitly allow it.

We also found that there were many cases in previous versions of Windows where we had lumped things together when instead only part of the task really should have required the user to be an administrator.  For example, in Windows XP you had to be an administrator in order to change the time or the time zone of the system. The reason that time functions are usually restricted is that you can do some pretty sneaky things if you can change the system time — like trick system logs or backdate emails.  But as it turns out, changing the time zone of the machine so that a business traveler based on the West Coast goes to their meetings at the right time when they are visiting New York really doesn’t need to be protected — so in Windows Vista, we split that out and now allow a standard user to change the time zone.

Excerpt from Windows Vista Blog

Vista has been incredibly effective in reducing the number of programs that require full administrator privileges, and this is only improving as time passes.

However the implementation of UAC in Vista is far from perfect.  While you want to warn users against doing things that are dangerous (installing un-trusted software or messing with the registry/or device manager) the frequency of prompts runs the risk of the user ignoring them and always approving.  The darkened screen of the secure desktop is somewhat alarming and unfriendly to users.  Also, in Vista even an administrator is not “really” an administrator.  They run as a standard user unless they need to approve an action.  This upsets experienced users who know what they are doing and want full control over their computer.  Still an improved version of UAC is a really important addition to the future Windows 7.

External Links:

Engineering Windows 7 Blog
http://blogs.msdn.com/e7/archive/2008/10/08/user-account-control.aspx

Windows Vista Blog
http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/23/security-features-vs-convenience.aspx

Related Posts

• 3 Reasons why your next computer should run Vista
• Disabling Startup Programs In Windows Vista Using Windows Defender
• Things to consider before you choose a password
• Windows 7 Pricing Revealed
• Be Prepared: Windows 7 Beta Will End on July 1, 2009
• May 2009 Windows 7 Release Candidate?
• Microsoft to Pull Plug on Windows Live OneCare in 2009, Will Offer Free Version
• 5 Great New Features in Windows 7
• Windows 7 Blog Shares Windows Feedback Data
• Adding A Second Language with Windows Vista