Windows 7 to improve upon Vista’s UAC scheme

After years of giving Windows users administrative privileges by default, Microsoft introduced the User Account Control scheme with Windows Vista. In theory, the system brings Windows up to snuff with other operating systems and improves security by requiring users to OK system-level changes. In practice, many users find UAC authorization prompts too numerous and annoying.

All those user complaints haven’t fallen on deaf ears. According to a post by Microsoft’s Ben Fathi on the Engineering Windows 7 blog, the Windows team is working with users to make Windows 7’s UAC implementation more effective and less annoying. Fathi says Microsoft has set two key goals to make that happen:

1) Broaden the control you have over the UAC notifications. We will continue to give you control over the changes made to your system, but in Windows 7, we will also provide options such that when you use the system as an administrator you can determine the range of notifications that you receive. 2) Provide additional and more relevant information in the user interface. We will improve the dialog UI so that you can better understand and make more informed choices. We’ve already run new design concepts based on this principle through our in-house usability testing and we’ve seen very positive results. 83% of participants could provide specific details about why they were seeing the dialog. Participants preferred the new concepts because they are “simple”, “highlight verified publishers,” “provide the file origin,” and “ask a meaningful question.”

The blog post isn’t just about promises, though. Fathi also goes into a surprising amount of detail about UAC’s impacts on both users and third-party software. Interestingly, he says the number of apps and tasks that require administrative privileges dropped by about 78% between August 2007 and August 2008—a move toward better overall software quality and reduced risks, in Microsoft’s view.

As for users, Microsoft’s findings confirm the confusion surrounding UAC prompts. “In one lab study we conducted, only 13% of participants could provide specific details about why they were seeing a UAC dialog in Vista,” Fathi says. (Thanks to TR regular Dillon for the heads-up.)

Comments closed
    • pogsnet
    • 11 years ago
    • PeterD
    • 11 years ago

    Sometimes I wonder. It is as if somebody tells you first: “I’m going to kill you”. And after your expected protest, he says: “All right, I will only cut of one leg.” As he intended from the beginning.

    • opinionated
    • 11 years ago

    I tried to install and use Microsoft Money Plus on Vista Home Premium and was never able to get it to work properly in Restricted User mode. It required I be in Administrator Mode for full functionality. Now for a Microsoft program designed to hold all my financial information and conduct financial transactions to require that I connect to the internet while in Administrator Mode is just plain stupid.

    I recently installed Rhapsody on my Vista laptop. Every time I launch it in Restricted User mode I have to type in my Administrator password.

    I have to sign in as Administrator to receive my updates for Firefox.

    I welcome Microsoft’s new UAC.

    • flip-mode
    • 11 years ago

    Who gives two shats about UAC. I don’t. The most drastic improvement needed is in network transfer speeds. XP transfers 10 times faster than Vista on a LAN. WTF? How in the name of all that is holy can you screw up one of the most essential functions of a PC?

    Or am I doing something wrong?

    I get 70Mb/s on XP average transfer on my LAN.

    I get 5Mb/s on Vista average on the same LAN.

    Can anyone corraborate these observations just so I know it’s not just me.

      • derFunkenstein
      • 11 years ago

      Damage had a blog post not long ago talking about teh same thing. And it’s somethign I’ve seen quite a bit of as well. I really like Vista’s UI but under the hood there are some problems (and I still get to deal with it every day as long as my wife uses Windows – she won’t go back to XP)

        • flip-mode
        • 11 years ago

        Is it me or is this the absolute most pressing problem with Vista? How in the world can Microsoft expect me to roll this out on my network when I get just 1/10th the network performance of XP? How in the world? I can’t do that. I don’t care what great nifty features Vista has, they’re all useless if my LAN performance drops to 1995 era speeds. I just installed gigabit switches for the office not even a year ago. XP uses the hell out of them. I may as well put my 10/100 switches back in and sell the gigabit switches if I roll out Vista. This is the stupidest problem a “modern” OS could possibly have and it is completely beyond understanding that it is even a problem at all.

          • Krogoth
          • 11 years ago

          Most of the network problems with Vista are from immature drivers and older NICs. They are not optimized for new network stack.

          My gigabit transfers between Nforce 2 NIC (XP) and Realtek RTL8169 (Vista 64) have been consistent on what the interface should do. I do suffer performance problems with transfers my laptop’s Broadcom 10/100 (XP). I get around 5Mbps and the drivers for the NIC are from 2005.

          Edit: My bad, my older rig uses a Zyxel Gigabit Ethernet PCI NIC . I am not sure who is the OEM of the chip though. The Nforce 2 NIC (on the same rig) still transfers at 100Mbps without a problem.

            • flip-mode
            • 11 years ago

            Interesting. Any links or any known-good network cards? The Optiplex’s NIC drivers should certainly be up to snuff. I’d be very surprised if it was the driver’s fault in my case. But I should look into that. I’m talking brand new Optiplexes here. Broadcom 57xx Extreme – the same NIC you get in pretty much every single Dell product. Hard to imagine that not being fully supported.

            • Krogoth
            • 11 years ago

            Update: I have played around more with Vista + XP with some file transfers. BTW, I was using a CAT5e patch cable and doing a direct connection. The NICs on both ends support MDI-X or auto-crossover configuration.

            It seems that the whole network throttling problem with multimedia content extends much further. It also effects transfer rates with NICs that do not even share the same connection on the local computer. Third-party internet applications like Firefox also have a significant impact.

            Without FF or anything internet application loaded I get around 150-200Mbps. I suspect that older rig’s PCI bus where the gigabit NIC rides on is the bottleneck here.

            FF or anything internet application loaded I get around 50-60Mbps on the transfer.

            Very interesting indeed. It seems MS’s network engineers fucked up somewhere with Vista. IIRC, 2008 server has the same issues and it is a server-product. 0_o

            • MadManOriginal
            • 11 years ago

            Was FF opened to a blank page and using no network resources itself or is it possible it was pulling data off a page or maybe an RSS feed or something?

            • thecoldanddarkone
            • 11 years ago

            I have some dells and they transfer at full speed. I’ve got a question though, you said you updated to gigabit, who makes switches (just for my knowledge)?

            • Krogoth
            • 11 years ago

            There are Linksys and other customer-grade switches that support gigabit ethernet. It is fortunate these days that they are not much more expensive then their 100Mbps counterparts.

            They are kinda hard to find at B&M stores though.

      • Usacomp2k3
      • 11 years ago

      I noticed it at first, but either due to updates or whatnot, it has ceased being a problem.

      I think a big issue is also the presentation. It calculates the ‘time remaining’ differently.
      I have DU meter which gives what I consider a much more accurate speed measurement than the simple one given in the copy dialog.

        • flip-mode
        • 11 years ago

        Yep, my measurements come from DUMeter.

    • Missile Maker
    • 11 years ago

    TWEAKUAC. Works, Free, ‘Nuff said. §[<http://www.tweak-uac.com/<]§

    • Byte Storm
    • 11 years ago

    Look, I know most everyone finds that feature to be annoying, and usually turns it off because of that, but that doesn’t change the fact that it is necessary. I am a technical support supervisor for a software company, and many of the calls myself and my techs get are so off the wall, that I know fully understand why this was put into Vista in the first place.

    The vast majority of the people, read sheep, out there don’t even attempt to think through their actions while using their computers, which is strange because most people are terrified of breaking them.

    Of course there is the down side of being so annoying, I was helping a customer with her problem remotely, and I watched as she clicked on a mainstream program (can’t remember off the top of my head) in her programs list, and the UAC popped up, but she just clicked through it. I knew something was wrong because that particular program does nothing on the computer that the UAC would be concerned about. So I took over, and clicked on it, reading the UAC message. Apparently some virus replaced the shortcut link with one that not only opens the normal program, but a system level keylogger as well. When I asked her why she would allow this, she said, “I didn’t know what it was, I just wanted that message to stop.” sigh.

    UAC…

    Can it be more user friendly? Yes.
    Can it be more informative? Hell yes.
    Is it necessary for computers today? Unfortunately, (effing sheep) YES!

    • Ashbringer
    • 11 years ago

    UAC will always be annoying, and lots of people will still try to disable it.

    Yes I double fucking clicked that program.

      • Mavrick88
      • 11 years ago

      Mine is off. I couldn’t stand it. It asks you about everything and is annoying. This is probably the most annoying thing complained about why people “hate” Vista. (These people being your average user and not caring about network transfer speeds, ect). Your average user gets scared when they see messages like this, it’s a wonder why Vista never really “took off” in the public’s eyes. UAC off, I love Vista personally.

        • BenBasson
        • 11 years ago

        What software do you have installed in order to be prompted about “everything”? I use Vista at work as a software developer and I have precisely one application from a fairly large range of tools that triggers a UAC prompt, and it’ll get updated sooner or later. The only reason it causes an issue is because it’s writing user data to a directory in Program Files, which is clearly wrong.

        Beyond installations and messing about in directories that probably shouldn’t be messed with anyway, I basically don’t experience UAC annoyance.

    • Pax-UX
    • 11 years ago

    This UAC is mostly down to the application’s software design and not so much Microsoft’s crappy software. In UNIX & Mac applications they know they’re not admin so don’t go trying to update things they shouldn’t. A lot of Windows applications are just lazy and are used to having full access to all resources so do what they like, bang UAC pops. Once application developers stop using admin features it will be fine.

    As for the Microsoft written ones, most time people change lots of admin settings that they wouldn’t at first consider to be admin. I us Vista a lot these days and don’t see the UAC much as I use software that doesn’t trigger it and stay away from the parts of Windows that cause it.

    That’s not to say it’s perfect, I do like the idea of seeing why something is being UAC’ed.

    • herothezero
    • 11 years ago

    q[

    • Umbragen
    • 11 years ago

    “Improve upon” UAC? Since it was designed to be annoying, can it really be made any more so? I guess they could make it pop up 3, 4, or 5 times for every action. Maybe throw in a mandatory timed cool down period, to let you consider if this is something you really want to do.

      • Meadows
      • 11 years ago

      I don’t think you even remotely grasp the purpose of that functionality.

    • MadManOriginal
    • 11 years ago

    UAC needs two things that would cut down on the annoyance to me greatly:

    1) A ‘remember this setting’ type of setup. Not something as simple as a checkbox right on the main dialog, that would be too easy for the clueless. Something in an Advanced menu or even an MMC section for it would be fine…just enough of a pain that it can’t be done with little thought but not buried either.

    2) STOP THE MULTIPLE NOTIFICATIONS! Yeah, all caps because that’s the one that actually irritates me to the point I yell at my PC sometimes. I realize these aren’t all technically standard ‘UAC’ notifications but to get 2 or 3 admin authorizations for one action is rediculous.

    Ultimately a boneheaded user is a boneheaded user and it’s impossible to protect everyone from themselves. UAC does perform a useful function in protecting people from the most obvious problems but it needs to get out of the way more easily.

      • Tamale
      • 11 years ago

      your first idea doesn’t make sense.. each time a system access procedure is encountered, the user SHOULD examine the cause and verify what’s going on is the intended action.

      if you got a virus that acted like a program you regularly used, you’d want to know it was trying to do something to your system so you could block it. if it acted like a program you chose the ‘remember this action’ option for earlier, it’d probably slip by unnoticed and ruin your system

      your second annoyance was addressed in service pack one.. you only get one notification for a string of events instead of several now.

      you know, in linux whenever you want to perform a system action you have to type your password! how would you like that? you know what though? it works.. people actually design software for linux that doesn’t need administrative privileges except at install time.. that’s the way it SHOULD work. with UAC, we’re finally seeing that accurate development model start to.. er.. develop.. so let’s not hate 🙂

        • MadManOriginal
        • 11 years ago

        For #1, I will admit I’m no programmer and don’t know the real nitty-gritty of how UAC works. I don’t know how easy or hard it would be for a program to immitate another well enough to sneak by or truly immitate another program. I’m sure MS could come up with some secure way to do this, since the system files themselves are protected from modification whatever ‘ok list’ there is would just have to be protected in that manner and invoke a protection popup to modify it, once a user has chosen to allow that program once it shouldn’t require verification forever…every…single…time it’s run.

        As for #2, I’ve only ever used Vista SP1 so it obviously is not fixed.

        As far as Linux…whoopdedoo, guess what, I’m not running Linux and could care less that it requires a password. It is good that programmers are learning to write well for Vista though.

        What I do know is that in 7 years of running XP with an always-on connection and leaving the PC on 24/7 most of the time I only ever got a virus i[

        • NeronetFi
        • 11 years ago

        #1 is alot like ZoneAlarm Internet Security (ZA) program control. It has a remember this option when prompted if you wish to allow or block something. And ZA also monitors the components of the app. So if you allow it today and it changes tommorow its going to ask you again if you want to allow it. I have been using ZA for about 3 -4 years now and I love the app b/c I have complete control over what does and doesnt launch or access the internet. So being a ZA user I am familiar with popup notifcations asking if I want to allow something. On my vista box I never really notice the UAC popups b/c I am familiar with the process.

      • derFunkenstein
      • 11 years ago

      multiple notifications have more to do with the installer app and less to do with windows. Often, a compressed .exe starts an installer needs admin access (WHY?!?!?!) and THEN the installer app *also* needs admin access. It’s truly stupid.

      • burntham77
      • 11 years ago

      The multiple notifications are indeed bad. If I run, say EQ2Maps.exe once when I install it, the system should ask if that’s ok. I say yes. The only time it should ask me again would be if the “exe” file changed to a new version. Otherwise, why am I getting asked every time I run the thing?

      I do like Vista a lot, but the UAC thing just seems half-assed.

        • The Dark One
        • 11 years ago

        But that still ignores one of the reason for having UAC. If you give your application of choice permanently escalated privileges, you’re assuming that there aren’t any vulnerabilities that could be exploited without changing the executable.

          • MadManOriginal
          • 11 years ago

          Isn’t that a sort of slippery slope argument? If that’s the thinking then the programs that run which don’t require an Administrator approval each time should in fact require such an approval, there’s no reason why they’re any less prone to shenanigans.

            • Byte Storm
            • 11 years ago

            That doesn’t make any sense. If a program does not need any access to system level resources, ie. administrative type access, why should I be prompted for it in the first place. If it does, then I already know not to let it run, because the program I am trying to add/run didn’t ever need admin rights before. Then I look up the program on the internet to see if there were any updates to the program that required said access to be given. Read my post below, and you’ll understand.

            As far as #2, I have run into that with SP1, but it was a program causing it, not Vista. That program called a separate installer, which required its own access, which I had to authorize. Perhaps if people weren’t so impatient, or think they are all-knowing about every program in existence, then maybe they will realize that the UAC, concept-wise, is a very good thing. I like my system letting me know that something is trying to request admin privileges, I just wish it would give me more detail on the program requesting it, like what it is attempting to change/add.

            • MadManOriginal
            • 11 years ago

            What I mean is a program that’s already installed and working with no UAC prompt (aside from maybe installation) could be prone to the type of ‘program changes’ vulnerabilities that people say are a problem with granting permanent escalation to a program of my choice. Either the already installed and non-UAC prompting programs are equally vulnerable or they aren’t, and therefore the same danger goes for programs I explicitly approve.

            For #2, multiple notifications should never happen unless a new action is performed between the approvals no matter the reason for them. I know part of the reason I get them is because of my disk setup and I get multiple notices for cut-copying, one to grant access and one to perform the cut, and yes that’s ‘my fault’ because of the way my comp is set up but it’s also a stupid oversight in UAC. I also get them for running downloaded programs (mainly monitoring type programs) that are a little older and need admin privileges – one to OK a ‘program from another computer’ and the second to run it. It’s just a serious oversight on MS’s part in terms of annoyance. One approval per action should be all that’s necessary EVER, end of story.

            • Byte Storm
            • 11 years ago

            And how, might I ask, is the UAC supposed to know everything an installer is going to do, without being told in the first place. Consider the fact that, though the prompt is referencing the file that is requesting access, the UAC is designed to ask about the resources being accessed, not the program itself.

            The problem here is not the UAC itself, and not the Program itself, and certainly NOT yours. It is the fact that programs and their installers are still being written “old school”. Let’s take an installer package for instance. During an install, an installer package can call multiple services/libraries to copy/write its components to their locations, you are actually getting notified for those services being “awakened”, separately, at the time of request. What should happen, is the installer package should take a few moments at the beginning of the install, page everything it needs, and then send a mass request for these resources. On the UAC side, it should recognize that mass request, and not ask permission for each individual resource.

            Unfortunately, programs/installers are not written to perform in this manner. They do not ask for resources until the moment they actually need it, therefore the UAC prompts for each activation.

            If one is writing a program, one should consider the environment one is writing for, not the other way around.

            • MadManOriginal
            • 11 years ago

            I wrote it in parentheses but I do not have a problem with an installer asking for permission, that’s an important part of UAC. Even if an installer asks multiple times (which I’ve never experienced) that wouldn’t be terrible because you only install once.

            I will have to poke around to see if I can invoke a multiple authorizations still, I just reorganized my drives for the better, but one instance where multiple authorizations seemed more common was downloaded programs with ‘unknown author.’ These are usually small benchmarking or utility files, HDTune, HDTach, CoreTemp etc that sometimes aren’t ‘installed’ but just unzipped .exe’s. I used to get one prompt for ‘unknown program: cancel – I don’t know where this program came from/allow – I trust this program’ and then right away before doing anything further I (think) I got the other UAC prompt for basic admin approval. Badly written programs? Ok, but they were written before Vista so it’s excusable and MS should have known better than to have multiple sequential authorizations. I feel the same about your install example anyway.

    • StashTheVampede
    • 11 years ago

    The updates to UAC should get pushed into a SP for Vista. UACs first revision isn’t perfect, but if they are tweaking for new users, they should help current ones as well.

      • ludi
      • 11 years ago

      Windows 2000 SP3 quietly got some of the goodies that had been introduced in XP (e.g. “Run as previous version…”), so it wouldn’t be unprecedented.

      • Meadows
      • 11 years ago

      They’re not dropping support for Vista any time soon, so don’t worry about that.

    • FubbHead
    • 11 years ago

    Fix the ambigous stuff and drop the Vista look, or add some other, more clean and professional lookin styles aswell. Then I will consider Windows 7…

      • Meadows
      • 11 years ago

      There’s no ambiguous stuff, in fact, Vista was the most direct and user-friendly operating system I’ve ever known. And if you don’t like the interface, I doubt Microsoft will be weeping over that one lost sale of Windows 7.

        • FubbHead
        • 11 years ago

        User-friendly? Yes, probably, if you know nothing about computers and computing, I guess it’s a great help with all those babysteps to do anything.

        Direct? Ooookeeey… Needless to say, we’re very in disagreement, so no need to take this further…

          • Meadows
          • 11 years ago

          It’s not like you’ve provided even a single argument, so “we haven’t even started” is a better way to put it.

    • Prodeous
    • 11 years ago

    This does pertain to “mmmmmeeee” TR should keep me updated about Windows 7 (not VISTA).

    If it pans out that the updates are indeed well implemented, I will definatly take serious considertation to upgrade to Win7 from WinXP.

    • alex666
    • 11 years ago

    If they would simply make it so that you can approve specific programs, give the administrator that much control, UAC would be fine, at least on my home Vista systems where I’m adminstrator (it wouldn’t solve the problem at work where I’m not administrator). I get tired of the prompt every time I use core temp.

    • mixpix
    • 11 years ago

    Thank you for this update on Windows 7. It’s nice to know changes are being made.

    • ssidbroadcast
    • 11 years ago

    Waaa! This doesn’t pertain to *mmmmmeeee* TR should stop talking about windows Vista all the time!!!

    /troll

      • ludi
      • 11 years ago

      ssidbroadcast is on point.

      /ssidbroadcast

        • tfp
        • 11 years ago

        The guy on point is the first one to be shot.

          • ssidbroadcast
          • 11 years ago

          “You take the point.”

          /CS:S

            • ludi
            • 11 years ago

            “I was about to hand out some /[

            • derFunkenstein
            • 11 years ago

            You’re quoting it wrong:

            I’m about to drop the hammer and dispense some indiscriminate justice!

            • ludi
            • 11 years ago

            “Are you ready for your sponge bath?” /sc:bw

      • adisor19
      • 11 years ago

      LOL

      Your point has been made 😀

      Adi

        • Meadows
        • 11 years ago

        For some reason, goodness knows why, I think you took him (at least half-)seriously.

Pin It on Pinterest

Share This