Only last January, before Beta 2 arrived and nearly a year before it'll finally be released, I started spending a serious amount of time with Microsoft's upcoming desktop OS, Windows Vista 2007. I don't usually make predictions about the final look of an OS so early in the beta process, as doing so is typically a fool's errand, but back then I'd have said that I could state one thing for certain about the final version of Vista: "That irritating User Account Control \[UAC\] thing has got to go."
As I said, I'd have been a fool to write the UAC comment, because I now see it as a useful tool. But not everyone--ahem--sees my point of view. So this month, let me take up the cause of what may well be Vista's most-hated feature. UAC, formerly called Limited User Access and then User Account Protection by Microsoft--and called a whole lot of things that we can't print by others--is an intrinsic piece of Vista intended to, among other tasks, reduce users' chances of inadvertently installing malware on their systems. I'm simplifying here, but basically UAC attacks malware by preventing malware's most common means of installation: deceiving a user into approving the malware installation. As anyone who's helped spyware victims knows, many users don't realize that running seemingly innocuous programs or clicking on hyperlinks might do more than let them play some fun game or see pictures of naked people; instead, the program or hyperlink is probably trying to fool those folks into lending that program or hyperlink their administrative permissions and privileges so that the malware
But how does UAC prevent users from installing malware? Again I'm simplifying, but basically anytime you do something that would require administrative powers, from installing a piece of software to changing your system time, UAC opens a dialog box that essentially says, "Hey, you seem to want to do something that's reserved for administrators; did you mean to do that?" That's why many Vista beta testers hate UAC. It's irritating. When I first saw the UAC prompts, I thought, "I'm sitting at MY computer, doing things that I want to do, and this blasted thing is raising my blood pressure by insulting me by questioning my intelligence. Off with its head!" So I shut it off, and told anyone who'd listen that they should do it, too. But then I had a revelation back in early June, when I was helping what seemed like the millionth person to remove 10 different pieces of spyware from her computer. Here's an intelligent person. Someone who works in a technical field other than computers, and yet she'd not only opened Pandora's box, she'd put an addition on the house to make the box's former occupants feel right at home.
Here's why we need UAC: Lots of computer users don't understand which actions can endanger their privacy and property, not to mention which actions might turn their systems into worm farms that slow the Internet to a crawl. Ignorance is a serious problem, and it needs serious medicine. I would guess that nearly everyone reading this has at least one spyware-removal story. The state of malware nowadays is easy to summarize: We're at war, and we're losing. Yes, UAC has annoyed me, although I got used to it. But heck, I find seat belts irritating--probably because I've been fortunate to not need them; had a seatbelt allowed me to walk away from a should-have-been-fatal crash, I suspect I'd feel differently. In the same way, I don't THINK I could be duped into installing malware on my system, but I could be wrong. UAC tapping me on the shoulder now and then to remind me that I'm doing something potentially dangerous might be as welcome one day.
Let me close with a few suggestions to the UAC haters among the Vista beta testers out there. First, I highly recommend that you give it a try; it really does become innocuous after a while. Second, remember that by beta testing software, you get a chance to influence the software's final look, so do that. Watch how UAC works and offer suggestions as to how it could look and perform better. I've run all of the betas and interim builds since the beginning of the year and have noticed significant decrease in UAC's intrusiveness. Offer Microsoft feedback on UAC now; after Vista ships, 90 percent of the Vista programmers will become Server 2007 programmers, and almost no one will be around to listen to what people don't like about UAC. Third, leaven any suggestions about how UAC could be better with your knowledge of how malware works: Malware is darned smart these days, and creating a UAC that catches only 80 percent of the common types of malware would be the worst of all things-- something that annoys us but that does not protect us. (Remember, only the airport security people get to do that kind of security and get paid for it.) And finally, remember if you truly can't live with UAC, you can always turn it off, either from the GUI or via Group Policy. But by making UAC the default behavior, Microsoft might save one of your friends or family members a heap of trouble!
