Opinion – There has been quite some controversy about the User Account Control (UAC) in Windows 7 Beta, which expands from the UAC that has annoyed Windows Vista users pretty much from the beginning of the release of the operating system. In a new reply addressed to end users, Microsoft explains that there is more depth to UAC than critics may understand and that there isn’t anything broken and there is no need for a fix. The question, of course, is: Is something broken when Microsoft thinks it is broken or when its customers think it is broken?
See the bottom of this article for an update.

One of the first real life lessons journalists learn is that readers are always right. That may sound a bit strange at first, but this phrase has a real meaning behind it. I for myself believe that if there is just one reader who has doubts about facts I presented in an article, even if I checked and double-checked them, it is worth the time checking them again and see if there is anything wrong with it. You may find similar behavioral patterns in many professions that value customers and the contact to customers.

With that thought in mind, I was stunned by a blog post by Microsoft, the third about the ongoing UAC controversy, which, depending on your view may sound just a bit too smart and perhaps slightly arrogant, leaving out the thought that Microsoft’s efforts surrounding UAC, even if it involved thousands of man-hours and clever people, may not be as great as Microsoft thinks it is. Simply because users have concerns.

I left the blog post scratching my head and felt that the company may have been trying to explain its intentions with UAC, explaining what it is and what it is not; but given the public discussion of the topic, it would have been nice to read a bit more what is being done to address certain concerns. In the end, it is no secret that UAC and its current concept has been one of the big annoyances in Windows Vista anyway.

Windows 7 adds more flexibility to UAC, with four instead of two options to enable users to get control over posted notifications when an application intends to make changes to files. We are now told that all the negative UAC feedback “concerns the behavior of UAC once malware has found its way onto the PC and is running.” As a result, “Microsoft’s position that the reports about UAC do not constitute a vulnerability is because the reports have not shown a way for malware to get onto the machine in the first place without express consent.”   
 
And while Microsoft says that it takes “all of the feedback [it receives] seriously”, we essentially learn that the company believes that UAC isn’t broken and that there is no need to fix it. Instead, Microsoft seems to believe that some users simply don’t understand what UAC really is. This is, of course, my personal interpretation of the post, but may I ask whether Microsoft understand s that the UAC concept was broken from the very beginning? Why would Windows even ask users if modifications should be allowed or not? Could it be that these messages are very confusing and essentially useless to all those new and inexperienced users Vista tried to reach?

If Vista is really so advanced, why isn’t it able to make that decision by itself in a default mode for those who are inexperienced and give greater granularity to those who want it? As far as I am concerned, this whole UAC thing is way too complex for the average user and should be shelved right away.
 
Microsoft itself focuses on the word “vulnerability” and the improvements in Windows 7 when it described the whole UAC misunderstanding. “Much of the recent feedback has failed to take into account the ways that Windows 7 is better than Windows Vista at preventing malware from reaching the PC in the first place. In Windows 7 we have continued to focus on improving the ability to stop malware before it is installed or running on a PC.” Ok, I get this one. Let’s read on.

“One important thing to know is that UAC is not a security boundary. UAC helps people be more secure, but it is not a cure all. UAC helps most by being the prompt before software is installed. This part of UAC is in full force when the “Notify me only when…” setting is used. UAC also prompts for other system wide changes that require administrator privileges which, considered in the abstract, would seem to be an effective counter-measure to malware after it is running, but the practical experience is that its effect is limited. For example, clever malware will avoid operations that require elevation.”

That should be rather simple: Microsoft says that UAC is conceived as an added security feature before malware is being installed. We got that. And we got that with Windows Vista.

The problem is that malware authors have become smarter and malware can get on the PC without prompting these notifications. And that simple fact exposes the flawed concept of UAC. It makes everyday life with a PC much more difficult than it needs to be. When Windows Vista was released, it was pitched (once again) as the operating system that is as easy and reliable to use as a TV and as the software everyone can use. Back then, I wrote that Windows has grown up from the Windows 95 11 years earlier that required complex driver installations and countless tweaks to run as you expected to run. Windows Vista is not Windows 95. Within the past decade, the operating system has become a commodity that should just work and enable you to run the applications you want to run. It should not be a software that makes your life more difficult.

This applies even more to Windows 7. UAC is broken. It needs to go. Now.


Wolfgang Gruener is the founder of TG Daily. The opinions expressed in this column are solely those of the writer.

UPDATED: February 7, 2009 - 9:52am CST
Microsoft posted a blog late Thursday indicating they will now include a prompt for any UAC state change (see Microsoft's Engineering Windows 7 blog). The prompt will appear regardless of whether the change is made by the user or through a software program issuing false SendKeys keystrokes. In addition, future Windows 7 releases will elevate the UAC control panel to "a high integrity process," which is done internally for the specific purpose of addressing the security needs of the UAC. Microsoft was already planning to introduce this elevation change prior to the recent UAC discussions.

Microsoft's recent actions are in response to concerns and feedback that a malware application could defeat UAC's authority without the user physically being prompted for any verification, subsequently leaving their system open to additional unnoticed compromise.