From the start I thought User Account Control was a big step forward for Vista I tended to brush off any complaints about UAC, for 3 reasons
Nonetheless one of the persistent gripes about Vista was UAC. So in Window 7 we changed things
It’s no just on or off, but we now have “Notify me when Programs install software or make changes to my computer or I make changes to Windows settings” , “Notify me when Programs install software or make changes to my computer” “Notify me when Programs install software or make changes to my computer but don’t dim my desktop” and “Lay out the welcome mat for all kinds of Malware”.
The middle ones are interesting because parts of the OS are signed as being trustworthy. The Management console is, regedit is not. Net result: no practical reduction in security, but a reduction in the number of prompts… at least that was the theory. I mentioned that Long Zheng picked up that setting UAC levels was a trusted operation. If you can get the user to run something which (say) sent keystrokes to it, you could turn UAC off and then let rip with any kind of nasty you fancy. We have now explained how this is going to change , and a good thing too. It appears it was planned to change before the beta, and the change moved back to Release Candidate. What has surprised me in all of this that I have not read a single comment which says “Oh for pity’s sake Microsoft just get rid of UAC it’s too much of a pain”. Every comment has been that UAC should be there, should be enabled, and should be robust.
It amused me to see a comment to the write up on computer world
“About the only time I see the prompt [for elevation] is:Installing softwareChanging a system settingStarting Wireshark (promiscious mode requires [it]”
The amusing part was the writer could be describing Vista, but he was actually talking about the prompt for root access on Linux, and he asks “Why do MS insist on making UAC so difficult to use ?”