Microsoft Pledges To Fix UAC in Windows 7

The User Account Control feature in Windows Vista has been responsible for generating a significant amount of anti-Vista vitriol, mainly because of the large number of alerts is has been known to generate. However, Microsoft says it's aware of the problems users have had with UAC and will fix these issues in Windows 7.

In a blog post earlier this month, Ben Fathi, vice president for core OS development at Microsoft, acknowledged that excessive alerts, and configuration difficulties have frustrated Vista users.

"We've heard loud and clear that you are frustrated. You find the prompts too frequent, annoying, and confusing," Fathi wrote.

With Windows 7, which is slated for release sometime in late 2009, Microsoft will give users more control over UAC alerts and will also include more detailed information in the UAC alerts themselves, according to Fathi.

Users can expect fewer UAC alerts in Windows 7 than they were subjected to in Vista, he added. "We still want to provide you control over what changes can happen to your system, but we want to provide you a better overall experience," Fathi wrote.

Fathi's statements are somewhat surprising in light of Microsoft's longstanding insistence that excessive UAC alerts stemmed as much from third party software vendors' applications as from Windows itself. In May. Microsoft published a document which suggested that UAC had been unfairly maligned, and suggested that UAC had received 'a bad rap."

Matt Scherocman, vice president of consulting services at PCMS IT Advisor, a Cincinnati-based solution provider and Microsoft Gold partner, believes that giving users more control over UAC settings could enable the technology to deliver its intended security benefits.

"I have seen that many companies turn off UAC in an effort to reduce annoyances to the end user," said Scherocman. "If these settings can get more granular with Windows 7, then I think that would be a win for the IT department -- more control and security, and a win for the user simultaneously."

Travis Fisher, executive vice president at Inacom Information Systems, a Salisbury, Md.-based solution provider, hasn't experienced issues with UAC and believes that, despite the negative perceptions, UAC is an important and necessary security mechanism.

"UAC is a lot more convenient in offering the end user a small alert rather than requiring them to pull up a command line to run executables using Sudo, " said Fisher. "Hopefully the improved dialogue box will offer better information to comfort the average computer user when UAC kicks in."

However, some solution providers think it's time for Microsoft to recognize that UAC may never realize its promise, for reasons that have more to do with end user behavior than technology.

Andrew Plato, president at Anitian Enterprise Security, a security specialist in Beaverton, Ore., is one solution provider who says the time has come for UAC to be laid to rest.

"UAC is an example of a security technology that, in theory, makes perfect sense, but in reality is very impractical," said Plato. "When you require end-users to make decisions about the security of their system, they are almost always going to err on the side of convenience and functionality."

Daniel Duffy, CEO of Valley Network Solutions, a Microsoft Gold partner in Fresno, Calif., says the concept behind UAC is sound, but Microsoft's execution simply missed the mark.

"UAC is a great idea that Microsoft executed very poorly, apparently without any focus group testing with real world users," said Duffy." These aren't the sort of mistakes that a company with as many resources as Microsoft should be making."