Vista Security Is Annoying by Design

Latest Neil McAllister Saturday, April 12, 2008 Vista Security Is Annoying by Design
If you're running Windows Vista, you're familiar with User Access Control (UAC). It's the security subsystem that pops up those irritating dialog boxes asking whether you really want to install software, or modify system files, or write to the Registry.
UAC may be Vista's most-hated feature, but as it turns out, it may also be its best-designed [KJHH comment - This is just stupid!]. As reported by Ars Technica, UAC was created with a very specific purpose in mind: to annoy you. [KJHH comment: Should read about POLP or POLA and how security improves useability...]
Ars picked up this tidbit at the recent RSA 2008 security conference in San Francisco, where David Cross, Microsoft's product unit manager for Windows security, discussed the company's security directions post-Vista. "The reason we put UAC into the platform was to annoy users. I'm serious," Cross is quoted as saying.
More cynical observers will note that this is a longstanding Microsoft business strategy. But in this case, believe it or not, it actually makes some sense.
Before Vista, most Windows users did their day-to-day computing with full Administrator access to their PCs. This gave them -- and by extension, the software they used -- total control over the system, including the ability to modify critical system files.
That degree of freedom grants a lot of power, but it leads to unpleasant side effects. Most importantly, when you're logged in as an Administrator, any Trojan horses, viruses, or other malware you unwittingly download will have free reign to attack your system with impunity.
Vista attempts to correct this legacy of bad behavior by only granting Administrator privileges to applications in situations where it's absolutely necessary. Unfortunately, developers have been spoiled by the old-style security model. Too often, they write their software in such a way that it actually requires Administrator privileges, even if there might be another (albeit more complicated) way to do the same work.
That's where UAC comes in. When a program tries to gain Administrator privilege, UAC pops up a dialog box, forcing the user to click a button. As Cross pointed out, that's annoying, and intentionally so. The idea is that users will shy away from programs that cause too many UAC dialogs to pop up, out of sheer irritation. If developers don't want to scare users away from their software, they're forced to rewrite it so that it plays nice under the new security rules.
Microsoft is onto a whole new paradigm here: modifying user behavior via reverse psychology. By making users click "OK" in a bunch of security dialogs, Microsoft is actually discouraging them from continuing.
Of course, so far this strategy has only met with limited success. Many users have preferred to disable UAC, rather than participate in Microsoft's social-engineering experiment. But isn't it nice to know that the good folks in Redmond are thinking outside the box?