An Unblinking Look at User Access Control

By  |  Wednesday, October 8, 2008 at 10:51 pm

I’ve just delved into a pretty exhaustive detailing of all that’s unsatisfactory about Windows Vista’s User Account Control (UAC), the security measure that’s famous for asking you if you want to perform the task you just said you wanted to perform. And the funny thing is, I did so at Engineering Windows 7, Microsoft’s official blog about the next version of its operating system.

The post is by Microsoft’s Ben Fathi, and while it’s understandably somewhat defensive about UAC–it says that it’s less obtrusive today than when Vista debuted, for instance–it also acknowledges that UAC is annoying and confusing, and that the tendency of many folks to click to allow actions without thinking about it impacts its ability to protect users against unauthorized actions.

The good news is that Fathi says that Windows 7 will have a kinder, gentler UAC:

We still want to provide you control over what changes can happen to your system, but we want to provide you a better overall experience. We believe this can be achieved by focusing on two key principles. 1) Broaden the control you have over the UAC notifications. We will continue to give you control over the changes made to your system, but in Windows 7, we will also provide options such that when you use the system as an administrator you can determine the range of notifications that you receive. 2) Provide additional and more relevant information in the user interface. We will improve the dialog UI so that you can better understand and make more informed choices.

It’s easier to identify problems than to fix them. But you can’t fix them unless you’ve not only identified them but admitted that they are, indeed, problems. So it’s encouraging to see someone from the Windows 7 lay out the case against UAC in its present form so clearly–and kind of impressive to see him doing it in public.

If you were to list all the things that contributed to Windows Vista’s lackluster reputation, I’m not sure if UAC would be in the top four or five. But it would be on the list, and it is kind of emblematic of the burdens of being a Windows user. (When I use Windows, I sometimes feel like a New York City apartment dweller who spends a lot of time futzing with multiple locks on my front door…and sometimes just gives up and leaves some of them unlocked because it’s too much hassle to make them work properly.)

Fathi makes a good case that it’s possible to build a better UAC. I look forward to getting the chance to see it for myself in Windows 7–and hope that Microsoft will continue to tweak Vista’s version, too, wherever it can…

1 Comment

Read more: , ,

0 Comments For This Post

1 Trackbacks For This Post

  1. Norton User Account Control for Vista | lab209 Says:

    […] An Unblinking Look at User Access Control […]