Microsoft: Please Don't Disable UAC
At Windows Vista lab in Redmond before the release of Beta 2, Microsoft developers showed off the new OS to a room full of MVPs and enthusiasts. But even the company's most loyal fan base turned ugly when User Account Control took the stage. Now, Microsoft is begging users not to disable the controversial feature.
User Account Control, or UAC, is a fundamental security change coming in Windows Vista and one of the most important additions to protect users from threats, Microsoft says. But the company is struggling to find a balance between security and usability.
UAC designed to limit the damage malicious software can do to a machine by requiring that all users run in standard user mode and restricting administrator privileges to authorized processes. If a user wishes to install new software or change systems settings, they will need to enter credentials and verify the process.
However, the result has been less than smooth in Windows Vista builds released thus far. Users have encountered a seemingly endless stream of verification prompts when performing tasks as simple as deleting a shortcut. Vista Beta 2 also added a "Secure Desktop" mode which prevents any system interaction until the UAC prompt has been answered, adding to customer frustration.
In turn, new Vista users are left with a bad first impression of the operating system and experts simply disable the feature altogether using "msconfig." At the Windows Vista Beta 2 lab in May, almost the entire room said the first thing they do after installing Vista is turn off UAC.
"Yeah, security sucks, it gets in the way of doing things, some bad, some good, but that's a fact of life," says Jesper Johansson, Senior Security Strategist in the Security Technology Unit at Microsoft in a blog posting. Johannsson said the problem is that many applications require running as an admin, which means most users do so, and why Windows XP creates an administrator account upon install.
"We can try to plead with the app vendors to fix their stuff, and you know how well that has worked in the past. We can stop buying these defective apps, and you know how well that has worked in the past. And, we can build a technology that allows most people to do most of the things they need to do to run the computer on a daily basis as a non-administrator," he explained. "That technology is called User Account Control."
Johansson said Microsoft is working hard to improve the feature to the best of its ability, a claim also made to BetaNews at TechEd 2006 in Boston earlier this month. Microsoft senior product manager for Windows Vista security Russell Humphries promised UAC would be "refined" in future releases. Recent interim beta build 5456 makes some progress in that area, testers say.
"Going out with statements like "this is the worst feature ever and I already disabled it and will never re-enable it" based on unfinished beta code is simply silly," retorted Johansson. "Why not instead realize that allowing people to run as a non-admin is one of the most important things that can be done when it comes to protecting your system, and that it won't happen if the only people trying to get it done are a few program managers at Microsoft."
"Work with us on this one and help us build a great, usable, and useful UAC. If you find prompts that are absolutely egregious and need to go, send us feedback on that. We need to know," he added.
One change, however, will not be a "sticky" verification process. Apple's Mac OS X operating system only asks users to enter their password once and it is remembered for the rest of the time they are logged on. Humphries said this could open the door to security attacks, even if the possibility is minimal.
Microsoft says it is doing its best to mitigate any UAC-related problems by the time Windows Vista ships early next year. The company is working closely with developers to add custom "shims" that will ensure their programs are compatible with User Account Control.
"Once the OS is released, if you absolutely can't stand a security feature that is designed to protect you, by all means, turn it off," said Johansson. "For now though, realize that this is beta code. It is not quite done yet, and it won't be quite right unless we get help from the people entrusted with pre-release copies of the operating system."