Search
Homepage
Latest News Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Running Your Business Security Storage Virtualization
All Carousels Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Running Your Business Security Storage Virtualization
3rd Party Maintenance Application Integration Cloud SASE Platform Cloud Storage Cyber Protection Cyber Risk Distribution Driving Partner Success Industry Trends Managed Detection and Response Managed Infrastructure Modern Distributed Workforce MSP Automation Solutions SASE & SD-WAN Secure File Sharing Security Auditing
Broadcom Software EPOS Fortinet Hitachi Vantara Mitel Veeam VMware Vonage Wasabi
BlackBerry Learning Center Channel Chief Showcase Comcast Business Learning Center CRN Showcase Digital Services for Edge Learning Center Edge Computing Learning Center Partner Program Guide Showcase Sophos Cybersecurity Learning Center Trend Micro Learning Center Webroot Learning Center Women of the Channel Showcase
Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Cisco Partner Summit Digital 2020 HPE Zone The Business Continuity Center Enterprise Tech Provider Masergy Zenith Partner Program Newsroom Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom Intel Partner Connect 2021 Avaya Newsroom Experiences That Matter Lenovo GoChannelFirst The IoT Integrator NetApp Data Fabric Intel Tech Provider Zone

Microsoft Exec: UAC Designed To 'Annoy Users'

At RSA, a Microsoft executive revealed that a feature that has annoyed many Windows Vista users was intentionally included in the operating system.

By Kevin McLaughlin April 10, 2008, 04:12 PM EDT

In a Thursday presentation at RSA 2008 in San Francisco, David Cross, a product unit manager at Microsoft who was part of the team that developed UAC, admitted that Microsoft's strategy with UAC was to irritate users and ISVs in order to get them to change their behavior.

"The reason we put UAC into the platform was to annoy users. I'm serious," said Cross.

Microsoft not only wanted to get users to stop running as administrators, which exacerbates the effects of attacks, but also wanted to convince ISVs to stop building applications that require administrative privileges to install and run, Cross explained.

"We needed to change the ecosystem, and we needed a heavy hammer to do it," Cross said.

Keith Meisner, senior systems engineer at AppTech, a Tacoma, Wash.-based solution provider, says UAC has helped Microsoft improve end users' overall security posture.

"Many of the situations we deal with have to do with users being uninformed about threats on the Internet," said Meisner. "Are there some annoyances with UAC? Yes, but advanced users know how to get around them."

But while UAC is good for overall security, it does present logistical issues, said Steve Snider, president of Cadre Information Security, a Cincinnati-based solution provider. "For people working in an office, close to IT, it's not a problem, but when you have a very mobile workforce, and you have to load and update applications, that's when it becomes more of an issue," he said.

As a result of UAC, software vendors have changed their approach to developing software, to the point where fewer applications and tasks are triggering alerts, said Cross. "Most users, on a daily basis, actually have zero UAC prompts," he said.

Cross also disputed the popular notion that many frustrated users have decided to shut off UAC alerts entirely. He cited internal Microsoft research that shows 88 percent of all Vista users operate with UAC turned on, and 66 percent of sessions have no prompts, and number he says will continue to grow over time.

"UAC is not a perfect security boundary, but it [has helped us] move from 'zero click' exploits to 'one click' defense," said Cross.

Related Topics:
Back to Top

Video

     

    trending stories

    sponsored resources