Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Jesper apparently stirred up things a bit with his latest post, Please don't disable security features, at least while we are testing them, asking folks to recognize that a Beta is not a final product and that you should wait to see the final before making hasty decisions like disabling a security feature. The UAC development team endorse what Jesper says as well.
I've been running Windows Vista Beta2, so I've experienced the same user experience as all those who've made comments about UAC pop-ups. Next week, I plan to upgrade to later builds and see how things are changing based upon all of the Beta feedback that the team has received. So, given that, and the current topical interest in UAC, I think it is interesing to lay out what my ideal product requirements are so I can compare them with the final product when it ships.
Scenario 1: My daughter's account. I'm a bit like Jesper in this area. I want to be able to set up accounts for my kids that are completely unprivileged. When they try to install a program into a system directory - DENIED. When they try to plug some new hardware into the USB port and need to install a driver - DENIED. If they plug in a USB memory stick - ALLOWED. I certainly don't want the system prompting her for credentials, because she is definitely not going to have those credentials. On the other hand, after I've initially connected my daughter's camera to the computer the first time, she should be able to plug it into the USB port the next time and transfer over her pictures. That's about it. What would be nice is to be able to customize the DENY message to say something like "Daddy has to install this for you."
Scenario 2: Jeff_Admin. I like to separate my own roles, so I want a protected admin account that behaves a lot like Vista Beta2, where it pops up (once!) and has me confirm when credentials are needed. I'll use this to administer the system, install new hardware drivers and install new programs (including games and learning software for the kids).
Scenario 3: Jeff-User. This account should be just like my daughter's account, with only a few exceptions.
I think the key is to make the setting configurable. I want to run as a user and clearly shift to an administrator role when doing administrator things. I like a few conveniences, but in general, I really want app developers to create better installers that don't secretly install stuff in my startup and remap file extensions without telling me.
A little convenience can be good, but I just imagine my daughter getting lots of prompts for credentials she's not supposed to have...
I can't wait to see what the final implementation looks like. It probably won't quite match my ideal, but I'm optimistic that it's going to be a huge step forward in security and usability.
If you can think of other roles/behavior you'd like to see, or items that would be configurable, I'd be interested in hearing your ideas.
Interesting related links:
The UAC team blog: http://blogs.msdn.com/uac
The non-Admin blog: http://blogs.msdn.com/aaron_margosis