Skip navigation

Windows Vista: Biting the Security Bullet

If you're familiar with my reviews on the SuperSite for Windows, you know that they follow a fairly standardized structure: Towards the end of the review, I highlight the issues and problems I feel the product has, and then I wrap it up with availability and licensing information and a conclusion. If the review is long enough to warrant multiple parts, I'll generally handle the "problems" section as the last part of the review. This is what I did recently with my review of the February CTP (Community Technical Preview)/Builds 5308/5342 versions of Windows Vista. Part 5 of that overly-long review was called Where Vista Fails, and it highlighted some problems in those builds as well as some general thoughts about where Microsoft was reneging on promises it had made for the next Windows client.

I didn't think much of it. After all, this was part 5 of a lengthy review, nothing more. But as soon as "When Vista Fails" was published, my life got very complicated. I received emails from a few senior Microsoft executives, from numerous Microsoft employees, and even several requests from the press. Part 5 of the review was linked to and scrutinized all over the Web, presumably because I'm a Windows Guy and here I was criticizing Microsoft. The Mac Web loved it, obviously. On and on it went. I was surprised by this because I didn't feel like I had really deviated from my normal review pattern. If anything, I had left out many valid examples of Vista problems for space reasons and because I figured they'd be more appropriate for future articles. This was, after all, just an interim Vista beta build I was reviewing.

My most pointed concerns were about User Account Control (UAC, previously called User Account Protection, or UAP, and before that known as Limited User Account, or LUA). UAC is a major component of Microsoft's plan to keep users safe from themselves. In previous Windows versions, most non-managed users (that is, Windows users who are not part of a correctly-designed Active Directory infrastructure) run with full administrator privileges and not with safer standard user accounts. This makes things easier: You can delete files and icons, move data from drive to drive, launch and run any application, and perform any other task your system is capable of. It's also more dangerous. If a bit of malicious code is able to infiltrate your system--all too easy in the Windows world--then it, too, runs with administrative privileges.

UAC emulates the security model that Linux and Mac OS X users have known for years. On those systems, admin-level tasks--typically actions that could potentially harm the system or change its configuration--require in-place authentication, usually in the form of a dialog box. You might think of this as a graphical form of SUDO, or "do something as super user," a command line-based way of escalating your privileges so you can perform an admin-level task, even if you normally run as standard user.

In the various Windows Vista interim builds I've seen UAC has been an absolute nightmare. That is, the UAC dialog boxes pop-up early and often. Combined with some related permissions issues, you'll even find yourself getting into endless loop situations where you try to delete a combination of files and desktops icons and find yourself unable to do so, though you're welcome to keep pressing "Try Again" until your blue in the face.

My issue with UAC, naturally, is that this type of thing has been done correctly in the past. On both Mac OS X and most Linux distributions, when users are typically forced to provide authentication for admin-level tasks, it's not annoying. In fact, it even contributes to a feeling of security, if you can believe that.

There are reasons why UAC is so badly implemented, and I'm sure that Microsoft this out before Vista is finalized in late 2006. But I'm hearing that the feature might be improved before then. Apparently, the Beta 2 version of Windows Vista--due next week--already includes a slightly less annoying UAC implementation. Hopefully, they'll find the right balance between security and usability.

UAC isn't the only form of user account improvement in Windows Vista, of course. Though the first user you create on a Vista box is always an admin-level account, subsequent accounts are created as standard users by default. And IE 7, which I discussed last week, runs at an even lower privilege level than a standard user. That says a lot about IE, but it also shows that Microsoft is serious about security. With Windows Vista, most users are going to be forced to bite the security bullet for the first time ever. My only question is whether Windows users are ready for the tradeoffs that occur when you can't easily do the things you could do before.

This article originally appeared in the May 16, 2006 issue of Windows IT Pro UPDATE.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.