Vista Feature to Deliberately Annoy users

Microsoft: Vista feature designed to "annoy users"​

By Tom Espiner, ZDNet UK
Apr 15, 2008

SAN FRANCISCO--A Microsoft manager has said that one of the security features in Vista was deliberately designed to "annoy users", to put pressure on third-party software makers to make their applications more secure.

David Cross, a product unit manager at Microsoft, was the group program manager in charge of designing User Account Control (UAC). When activated, this requires people to run Vista in standard user mode rather than having administrator privileges, and offers a prompt if they try to install a program.

"The reason we put UAC into the (Vista) platform was to annoy users--I'm serious," said Cross, speaking at the RSA Conference. "Most users had administrator privileges on previous Windows systems and most applications needed administrator privileges to install or run."

Cross claimed that annoying users had been part of a Microsoft strategy to force independent software vendors (ISVs) to make their code more secure, as insecure code will trigger a prompt, discouraging users from executing the code.

"We needed to change the ecosystem," said Cross. "UAC is changing the ISV ecosystem; applications are getting more secure. This was our target--to change the ecosystem. The fact is there are fewer applications causing prompts. 80 percent of the prompts were caused by 10 apps, some from ISVs and some from Microsoft. 66 percent of sessions now have no prompts," said Cross.

Cross claimed it is a myth that users just turn UAC off, saying that Microsoft had collected opt-in information from users showed that 88 percent were running UAC. Cross said it was also a myth that users blindly accept prompts without reading them.

"It's a myth that users click "yes, yes, yes, yes"," said Cross. "7 percent of all prompts are canceled. Users are not just saying 'yes'."

Security company Kaspersky has severely criticized UAC, claiming in March last year that it would make Vista less secure than Windows XP.

At this year's RSA Conference, however, the security specialist seemed to have changed its tune. With Windows, "there is a large attack surface with a number of entry points", said Jeff Aliber, Kaspersky's US senior director of Product Marketing. "Anyone trying to shrink that attack surface and promote secure apps development has to be a good thing."

Prior to the launch of Vista, Kaspersky issued a report in January 2007 that said UAC would be ineffectual. The company claimed that many applications perform harmless actions which, in a security context, can appear to be malicious. As UAC flashes up a warning everytime such an action is performed, Kaspersky said users will be forced to either blindly ignore the warning and allow the action to be performed or disable the feature to stop themselves from going "crazy".

Source: http://asia.cnet.com/reviews/pcperipherals/0,39051168,62040207,00.htm


Do u guys even use it?

I think its the most useless feature for an Experienced user or a Geek.

its only made for Average users who have no idea they are being hacked.

 

Now people understand one reason I don't like Vista.

Thanks MS, but I think I know how to manage my computer better than you do.

 

thats pretty handy. heck i dont mind i can turn it off anyway. but isnt that neat? more security that people have been complaining about in XP is being solved through UAC

 

this is just monopoly nothing else..

they are not listening to users & releasing anything they feel is right

and they are forcing shut down of XP

this is just monopoly.

Now i am not saying we shud take legal action but MS should bloody listen to the people...

they are behaving like the VIKI in I Robot movie... behaving as if they have some super AI.

 

I don't know about the rest of you, but I fell kinda bad for nocturnal - having had a gun put to his head and being forced to use Windows...

Dude, if you don't like the feature, turn it off. Alternatively, install Linux or go Apple. In a World where there are three alternatives to this, you have no room to complain.

Also, lets think about what this thread would be if UAC hadn't been implemented - "Vista is so unsecure". MS did this to help with the security of all programs, and their claim is that its working. If you feel you can do better than MS, do so, but don't complain about it.

 

It does serve a purpose. A rouge program can install itself and without the UAC you won't know it until it's too late. I don't mind the minor inconvenience. It has saved me a couple of headaches!

 

No, it has nothing to do with monopoly. I find it interesting that article conveniently leaves out some important details of the entire conversation, like the fact that it's meant to annoy developers while they are writing their code:
http://news.digitaltrends.com/news/story/16358/windows_vista_uac_meant_to_annoy_users
and also to prompt users to complain to developers about it.

If that's the type of journalism that cnet engages in, I recommend you stop reading them and find another news source (arstechnica is excellent). They clearly aren't telling the whole story, just to make the headlines.

 

If you are an experienced geek, why don't you use a computer without any security software installed? More than average users still have no clue when an activeX control from a malicious web site is installed under an administrator account with no pops from the browser.

 

No, you missed the point. The goal with UAC is not security. It is, quite literally, to nag users so that developers in turn start making their applications play nice without requiring admin privileges.

That is all.
(and while I agree with the goal, I really don't like the way they're achieving it)

But it is not "secure".
Security would be like other OS'es do, to ask you for your password. Not just ask you to click 'ok'.

It is a nag screen, and nothing more. As such, yes, it is useless. Utterly, completely useless. It does not keep you secure, and it does not prevent unauthorized software from getting installed. (apart from everything else, 95% of all users just click 'ok' when it pops up no matter what)

But it serves its goal, which is to make developers try to avoid causing UAC prompts.

But no, UAC does not solve a single one of XP's security issues as you said. Not one. It indirectly prepares the way for solving them, but UAC in itself does nothing other than nag users.

 

From a guy with 15+ years in the IT field...
and 20+ years of enthusiastic computer hobbyist.
(Who cut his silicon teeth on a VIC20 by putting in a hardware sys64802 button...)

UAC is quite possibly the very best security tool EVER put in windows period.
Not that it would surprise me that it wasn't the original purpose.

UAC forces people to think about two of the largest holes in windows
1) users running everyday things in Admin mode
2) auto-code-execution

People who are "too smart" to use UAC should "play" stupid and learn to deal with it... the truth is a few seconds to type in an Admin password to execute something can save them hours and possibly days of work.

Let's try another explanation... do you know what a zero-day exploit is?
one of the things it could mean is that windows can't help you and will auto execute the code sent it from another computer.
-It will bypass firewalls as it looks like normal traffic
-it will bypass antivirus as the antivirus does not see it as a threat yet.
-No-script browsers do not help as it is not executing through a browser. (it is using a windows network hole)
-Once executed it kills your defenses (if antivirus doesn't detect it before it runs, the antivirus is pointless)

Note most of these attacks bypass larger defenses (corporate firewalls) by fooling less-experienced individuals... every network has its newbie... and mispelling a site can lead to their doom.
(home networks that's the wife/roommate/etc)

In this case, if one newbies clicks on micros0ft.com, and you are connected to the same physical network, and if you are running as an admin and not using something that stops program execution you are running the latest trojan... grats on joining the zombie army despite how "smart" you thought you were.

Guess what UAC does?
-Controls user permissions levels (even if you are an admin)
-Stops program auto-execution

Note UAC is not the only way to protect yourself properly... but it does a surprisingly good job and with SP1 it isn't even that hard to get used to...

My computer runs is low-permissions at all times (at home and in the office, both logins do NOT have admin on anything) and I type in the proper info every time... With SP1 I don't get asked often even while gaming. Could it be that the reason you are being peppered with "do you want to run" questions is because you ARE running a bunch of processes that shouldn't be?

You SHOULD know every single process that runs on your computer by name.
You SHOULD know what every single one of them does at least basically.
You SHOULD NOT care that it takes a split-second to read the name, know what it is or not and answer yes or no.

If this process is too difficult for you then you are NOT smart enough to disable UAC, and if you are smart enough, then isn't a big enough bother to do so.

Every network's biggest weakness is the user who thinks he is too smart to be hacked.

 

Lol, this guy is funny

 

This is false... if you are properly logged in as a normal user, it asks for an admin login/password. If you are an admin, it lists the name of the program and asks if you are sure if you want to execute it.

If you are in XP, it just does it without asking you.
I'd say thats CONSIDERABLY better than XP.

UAC is one step towards actual security... the problem is it forces the user to be responsible.

 

How efficient is the Firefox script blocking plugin Noscript when it comes to clicking on a bad site?

 

Exactly. Just change your user type to "standard" and you'll be prompted for a password at every UAC prompt.

Alternatively (or additionally), in Vista Biz or Ultimate you can change the setting for admin users from "prompt for consent" (click OK) to "prompt for credentials" (enter a password). Unfortunately, in the Home editions you need to edit the registry for that or use a tweak app. But even with the home editions, you can change your user type to "standard".

Considering how much whining there is about even having to click "OK", I can certainly see why that's not the default.

 

This is partly right and partly wrong.

UAC does try to annoy users when privilege escalation is required, and it does so in order to prod developers to fix their software so that privilege escalation is required much less frequently, if at all. Jalf is correct about that.

However, it's not true that UAC does nothing for security. In the UAC environment, you are running most of the time in a lower-privilege mode, so if there is an exploit (buffer overflow, etc.) in a data file or web page, the malicious code doesn't automatically get full control over your system including the ability to mess with OS integrity (install rootkits, etc.).

Also, Vista makes it much more practical to switch your user type to "standard" (instead of admin) and run most programs as the standard user by offering UAC as a relatively quick and easy way to escalate privileges when necessary. Vista's registry virtualization also helps run programs that weren't designed to be run as a standard user.

But yes, the other part of the goal of UAC is to encourage developers to avoid prompts by not requiring privileges in the first place, and that's what the speaker in the article was talking about.

 

So why doesn't it *always* ask for a password? Most people still run admin accounts, and they just have to click OK. Also, quite often you don't really get any useful information (such as the name of the program), which makes it hard to make an informed decision.

But that has nothing to do with UAC. That is what happens when you're not running as Admin, and that has been possible since (I believe) Win95.
UAC just nags people a bit more about it, but the clean separation between low-privilege mode (for regular user accounts) and admin accounts has been there forever.

The only *addition* UAC specifically makes is the nag screen (and, in the rare cases where people are running non-admin accounts, a password prompt, which should always happen)

 

It does tell you the name of the program!
http://www.winsupersite.com/images/showcase/winvista_ff_uac_05.jpg
(To see the full pathname rather than just the filename, click "Details".)

Yes, but what I was saying is that UAC makes it easier and more practical to run in such a low-privilege mode because you can more quickly and easily switch to a higher-privilege mode to run a particular program. Also, even when logged on as an admin, you are still running in a lower-privileged mode except for programs where you approve a UAC prompt.

Again, that is not the only addition UAC makes.
UAC also adds:
- lower-privileged mode for admin accounts to do non-admin stuff, protecting system integrity in the case of an exploit.
- easier privilege escalation for standard accounts

There are also other things like registry virtualization which make it easier to run programs in lower-privilege mode. I don't know if you consider that part of UAC or not, but Microsoft seems to consider it part of UAC, since the settings to turn it on or off are listed under "User Account Control" (in secpol.msc), and they require UAC to be on for it to work.

 

Personally I have UAC set to quiet mode as I had problems when I did a fresh install and disabled it, tons of errors? So I did another fresh install and keep it in quiet mode with Tweak UAC.

What I do not like about the way MS is going about this is your average user does not even know WTF to do about a Flash plug-in, never mind some malicious piece of code with some kind of spoof name to make you think it's a normal process.

Average computer users are just that computer USERS, not enthusiasts, power users, geeks, or developers. The majority of the people out there can barely change their desktop picture or know what to do if they can't open a PDF. If MS wants to put pressure on devs making apps more secure and plugging holes in Windows, they are asking the wrong people to do their work for them IMO.

 

Always?
I thought I'd seen cases where it just showed a guid like this one:
{a53e98e4-0197-4513-be6d-49836e406aaa}
Am I mistaken? (I don't use Vista on a daily basis, so I might be wrong)

In any case, my point is simply that if the goal was security, it would always require a password, rather than just an "ok". It would also do more to make it clear *which* program is requesting it, and at least as importantly, *what* it's trying to do.

As it is, those security concerns are obviously secondary. The main thing is to force developers to develop well-behaved software, that doesn't require admin privileges. Everything else is just decoration.

As I said, I agree with the goal, but letting the users suffer because Microsoft has failed to enforce proper security standards for the last two decades is a bit sad.

 

I'll keep this in mind this summer when I install Vista...

 

How often do these nag screens pop up?

 

All the time.

When you install a program, when a program needs admin privileges, when you access certain parts of the control panel (security/device manager), when you change certain system settings, and probably more that I can't think of off the top of my head.

 

Its so often that I can't remember the last time I had to click ok to one of those boxes, and I am on my Vista laptop everyday hours a day. Some things can be annoying about it, but for 90% of what you do, you won't have it pop up.

 

But when you give permission to an installed program it won't ask for UAC afterwards. Some critical system access it will pop up. At least Vista is attempting to preserve itself by reminding the user that they're going into something a regular user won't know what to do with. For more experienced people this is no problem, just click "OK" to bypass this reminder.

 

I don't know if there are any such cases, but if so, what are they?
In my testing in the last 2 minutes, if it's part of Windows (or perhaps the rule is if it's a signed executable with a description) it shows a description ("File Operation", "Device Properties", or "Advanced Indexing Options" for example). If it's an executable, it shows the filename. I haven't managed to get it to show any guids.

Well, that would make it more of an annoyance, and more people would turn it off. People whine about it enough even without requiring a password. But as I mentioned, you can set it up to do that if you want to. (That's what I do.) But I think the default behavior is a good balance between security and convenience, and it makes it much more secure than the default in XP, which is to run everything with full privileges all the time.

That's an interesting idea. (I'm assuming you mean which program is trying to launch the program being launched.) But I can see that it could be a problem because if malware is able to get control of a trusted program (via an exploit), it would look like a program the user trusts needs the privilege escalation.

And in most cases, it should be Explorer that's requesting escalation, or maybe your web browser if you're trying to run something from your browser. But I can see how it might be useful if they offered a way to find out this information, maybe by clicking Details or something like that.

That would be a big security problem, because once Windows allows privilege escalation, it can't really control what the program does. So programs could just lie about what they're trying to do. The best Windows can really do is identify what program is being run with escalated privileges, and let the user decide whether to trust that program or not.

Um, no. Everything else is not just decoration.

Why bother forcing developers to develop well-behaved software if you can't run that software in a lower-privileged mode in a way where it's reasonably convenient and practical to do so?

You can claim, if you want to, that one of the purposes is "the main thing" and the others are "obviously secondary"... but it's not provable either way, so I won't bother arguing about it. But I certainly don't believe that.

I consider the privilege sandbox UAC creates in admin mode and the ease of escalating privilege for certain programs to be just as important as the annoyance designed to prod developers to fix their software.

It isn't really annoying, as long as you use programs that have been fixed so as to not require escalated privileges in everyday use. And by now, most mainstream programs work correctly in this regard. I'm sure there are still a bunch of legacy programs which don't... but... well, I personally don't need any of them.

You get UAC prompts a lot when first setting up your system... installing software and changing control panel settings. But once you get your system set up the way you like it, you don't get the prompts much anymore unless you're changing settings or installing and uninstalling programs every day. Or if you have to run programs that require system-level privileges in ordinary use... which most stuff doesn't by now.

No, it doesn't remember any permissions. This is on purpose; it's an attempt to get developers to fix their programs so they don't need admin privileges for ordinary use. However, generally you'll get a UAC prompt when running an installer, but not when running the application after it's installed. So maybe it can seem like it's remembering.

 

lithus + jalf = pwned. jk lol. i agree w/ swarmer 100%. i always thought it was really bothersome to have to log out then log in as admin under xp.

 

I agree. UAC isn't that bad and unfortunately, some people actually need it. If it bothers you, then disable it. I mean, if it's bothering developers and people in that field, I'm pretty sure they're smart enough that they can find their way to the control panel and disable it.

 

Won't the people that "need it" just click "Continue" every time?

 

Who knows. If I've learned anything as a tech, it's that all computer problems (security or not) is 10% computer, 90% user.

Want a secure computer? Replace the user.

 

That is a viable argument... if they "need" uac then they more than likely won't know what is asking permission. And those kids will always click on yes.

I have it "on" and don't really need it. But then you never need any type of security until you "need" it. About the same with insurance or anything else. Smart computer users know you run everything you can in order to stop the bad buys... little uac popups are not a pain... you hardly ever see them.

 

MS needs to answer why UAC comes on every time you run defrag or cleandisk.

 

I'll reiterate what I said before. UAC is not there for users, it's there for developers. Developers are supposed to notice when it comes up, and change their software so it doesn't. It's enabled for users so they will theoretically complain to the developers to make them fix their software.

It seems silly that this is exposed to users, and one might initially think that Microsoft should enable it only for developers. Unfortunately, that's how we got into the mess in the first place. There are too many developers who write Windows apps that don't know what they are doing, but know enough to make something "work". Windows is full of security that no one uses because MS decided to ask nicely instead of enforce it (yes, another problem). They finally said enough was enough, and had to start forcing it on everyone.

 

Soudns great for you. But to your average Joe, heck even educated Joe's, this is nothing but annoying.

This day and age people want simplicity. They want things to just run. Computers back in the 1980's required a geek to run it. Computers today are for everyone. Try to explain to my dad what each process means, if even what a process IS.

Ideally, an OS operation should be transparent to the end-user. Users should be able to do what they want, when they want, how they want without having to understand what a process is. Vista takes a step backwards IMHO.

If you ever had to deal with average users on a day to day basis as I do, Vista is nothing more than a complete headache. People get pissed at me because Vista won't do what they want it to, and I'm helping them out for FREE! (Victim of being a known PC geek).

 

Couldn't agree more. But no "official" channels are saying that everyone needs to know every process, to it's a bit off base to say that Vista is a step backward because of that. It's a bit like knowing what everything in your car engine does -- it certainly helps when there's a problem, but it's not necessary.

PS. Stop helping people for free. People who want things for free expect more things for free. They don't realize that your time is valuable (maybe you don't either), and the more you give the more they take. I've been there. Start tracking the time you spend helping people and give them a bill, even if the total due is $0. If you don't like that idea, demand something like having dinner with the person or going to a movie or something. They need to know that it will cost them something.

 

my biggest issue i had with the nag screen, was i remeber something about when vista 64 first came out i had to have the proper authorization files to install stuff. I could be wrong but i remeber it was a hassle to get my wireless card working.

 

I personally disagree with how UAC was implemented. I do agree with the concept though. Certain privileges should only be accessed by a process if it was initiated by a user action.

In other words, an actual person clicked this button and not a process that hijacked the program.

It is an annoyance in that SO MANY legit actions set it off. If my firewall or antivirus gave me THAT many prompts, I'd promptly wipe that joker off this planet and find something else.

I, however, am not a software engineer and provide no viable alternative. My solution here at my office? I tuned of UAC for my vista users and stuck to my militarized Group policies. I pretty much hold all the keys until my confidence in a user's computer knowledge grows.

They aren't allowed anything til they go threw my notorious slideshow (known here as "The Brainwashing" and my personal training session). It's like loaning out the company car. You don't get to drive it if I know you will abuse its privileges.

 

I get as many if not more prompts from Trend Micro than I do from Vista for UAC (and its not many at all). Seriously, I haven't had a UAC in almost a week and I am on my computer hours a day.

 

Its just a Waste of Time..

its like Putting a Traffic signal at every 5-10 yard around your Street & then saying 'oooh i want you to be Safe sir'
Lol..

If u have Norton 2008 .. then u dont need UAC..

Sadly, i dont have Norton..

but i use COMODO + Comodo BOclean + Webroot + NOD32 as Security for my comp

 

I tried Comodo and found it more annoying than UAC. It came on constantly whenever I installed something. I also found it caused problems with the installation routine probably because it came on so much. I took it off.

 

keep it on Training mode rather than training with Safe mode.

and turn OFF Defense+

 

Then you must never go into the control panel... That's my biggest peeve.