By Tom Espiner, 14 April 2008 09:00
NEWS
A Microsoft manager has said one of the security features in Vista was deliberately designed to "annoy users" in order to put pressure on third-party software makers to make their applications more secure.
David Cross, a product unit manager at Microsoft, was the group program manager in charge of designing User Account Control (UAC), which, when activated, requires people to run Vista in standard user mode rather than having administrator privileges, and offers a prompt if they try to install a program.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Cross, speaking at the RSA Conference in San Francisco last week, said: "The reason we put UAC into the [Vista] platform was to annoy users - I'm serious. Most users had administrator privileges on previous Windows systems and most applications needed administrator privileges to install or run."
Cross claimed that annoying users had been part of a Microsoft strategy to force independent software vendors (ISVs) to make their code more secure, as insecure code would trigger a prompt, discouraging users from executing the code.
Cross said: "We needed to change the ecosystem. UAC is changing the ISV ecosystem; applications are getting more secure. This was our target - to change the ecosystem. The fact is that there are fewer applications causing prompts. Eighty per cent of the prompts were caused by 10 apps, some from ISVs and some from Microsoft. Sixty-six percent of sessions now have no prompts."
Cross claimed it is a myth that users just turn UAC off, saying that Microsoft had collected opt-in information from users which showed that 88 per cent were running UAC. Cross said it was also a myth that users blindly accept prompts without reading them. Cross said: "It's a myth that users click 'yes', 'yes', 'yes', 'yes'. Seven per cent of all prompts are cancelled. Users are not just saying 'yes'."
Security company Kaspersky has in the past severely criticised UAC, claiming in March last year that it would make Vista less secure than XP.
At this year's RSA Conference however, the security specialist seemed to have changed its tune. Jeff Aliber, Kaspersky's US senior director of product marketing, said: "[With Windows], there is a large attack surface with a number of entry points. Anyone trying to shrink that attack surface and promote secure apps development has to be a good thing."
Prior to the launch of Vista, Kaspersky issued a report in January 2007 which said UAC would be ineffectual. The company claimed many applications perform harmless actions that, in a security context, can appear to be malicious. As UAC flashes up a warning every time such an action is performed, Kaspersky said users would be forced to either blindly ignore the warning and allow the action to be performed or disable the feature to stop themselves going "crazy".
Kaspersky said: "If the user were to be notified about every one of these actions with a request for confirmation or a request to enter a password, the user will either go crazy or disable the security feature."
Comments
There are 7 comments. Join the discussion
1. Roy Lambert
88% of users leave UAC enabled. Strange that 100% of the Vista users I know have it turned off.
2. Keith Mawdsley
Annoy users? Microsoft? no change there then!!
3. anonymous
I've just switched UAC off. I wasn't at all happy about doing it, but even elevating myself to a proper administrator account, and then setting UAC to automatically elevate prompts to administrator level, didn't stop the blinking thing saying"are you sure" all the time. Microsoft are in la-la land (but this we knew!) if they think we don't just ignore their prompts. I don't trust Microsoft to flag something as a true security issue, I assume it's all just part of their mission to take control of my machine!
4. Stuart Downs
Why don't they clean up their own act first. I use Vista Ultimate on a Rock Laptop and everytime I use my mail and try to attach a file to send it crashes on me. Several reports have been sent to Microsoft and even after SP1 it still crashes! XP is fine so it seems to originate from Vista. I'll be more cautious next time they release a new OS. Once bitten twice shy!
5. Nick Cole
Another even better reason NOT to go to absolutely pointless Vista!
6. Joe Whitehead
"Seven per cent of all prompts are cancelled. Users are not just saying 'yes'."
Wait, so those 7% are spread evenly among all users? Right..... It's not like 80% don't just click through. Or maybe 20% click through 35% of the time. Which do YOU the reader, think is a more reasonable answer?
7. M Sperrin
While annoying users to achieve your goal is probably not the way to go, the point is valid.
I once while running under a standard user account tried to launch one of the BF series of games only to be told that I had to run it was administrator.
This just seems like lazy design to me. There is no way I should have to elevate privilege just to play a game!