NEWS
...the changes to UAC are ill-advised.
John Moyer, CEO of BeyondTrust, said: "You are trading some security for the benefit of fewer prompts." Moyer, whose firm creates software to allow businesses deeper control over which applications get elevated privileges, has been a longstanding critic of the degree to which the UAC feature can mitigate security risks.
Chris Wysopal, chief technology officer at security provider Veracode, said while the changes Microsoft made in ratcheting down the security feature don't constitute a vulnerability in the true sense of the word, they do create a risk for end users.
"Microsoft has chosen by design to include a setting in the UAC, which really renders UAC off, since at medium setting malware could turn it off. It's not clear that they thought through all the implications of the medium setting," he said. "The confusion stems from the fact that this is the medium setting, not off, but its behaviour can lead to it being turned off by malware. If the user thinks they are getting some protection with this setting but they are not, it is a problem."
But, others acknowledge that the issue of how and when to prompt users is a thorny one.
A McAfee spokesman said: "Security and usability are often a trade off, unfortunately. If you get heavier locks and security on your house, it often takes you a bit more time to get in and out. If it is too much work every day, you may end up removing some of the locks, or leaving them unlocked, for convenience."
Nitesh Dhanjani, a security expert and senior manager at Ernst & Young, said even if its goals were laudable, there is probably more work that Microsoft can and should do.
"Even though the Windows 7 team has made good choices in reducing the number of UAC prompts, I feel there are further improvements they can make, such as mapping hardware events to software events to further reduce user interaction," Dhanjani said. "I can see how this may be a more complex solution than what it immediately appears to be."
Some have suggested that Microsoft should change the default setting so that, at a minimum, changes to the UAC settings, would always require user approval.
Microsoft's DeVaan said the company is still evaluating whether it will make changes to either the UAC settings or to the default option before the operating system is shipped in final form.
"We're taking every piece of feedback seriously and carefully considering it," he said.
CNET News' Elinor Mills contributed to this report.
Comments
There are 3 comments. Join the discussion
1. Anthony Hunt
Paves the way for malware? That's a reach.
Vista's UAC is so prohibitive, anyone that knows how, turns it off.
So having one that is "less secure" is still MORE SECURE than having one you feel obliged to unplug in order to use the OS.
2. Darrin Salt
Damned if they do, damned if they don't.
For once, I do have sympathy with the Redmond machine.
Whilst UAC in Vista was so annoying that I would estimate 50% of people turned it off (therefore rendering it useless) at least MS have produced something which tries to protect in a less intrusive way. Sure - it may not yet or ever be perfect, but that's the whole point of a beta - to get this type of feedback.
Even without UAC, Vista and 7 are much more secure than previous versions of Windows, but the biggest threat is not lack of UAC - it's the insistance of some software producers that their products HAVE TO BE RUN with full admin rights. Software publishers: This just isn't good enough these days. Fix the software, or fix the installer! Running your PC logged on as an admin (or your account having admin rights) is just asking for trouble.
3. Chris Anderson
The first thing any user who knows how will do on a Vista is turn off UAC therefore it is useless! also the idea that you should run without administrator rights effectively make the pc a brick as if you do the "Security" system won't let you at your own files!