If we speak about Windows security, many people will tell you that Windows is unsecure operating system. I don’t agree – since XP SP2 it is VERY secure OS. However Microsoft is like a train - when decision is made about next main focus, the whole company is really focused. You can see examples in IE, you can see examples in Live (MSN), but most obvious is definitely security.
There is one problem with this - sometimes the company is too focused that they ignore another aspects. Specially talking about security I mean usability. For long time I was talking about limited users account as a needed next step. I personally run as limited user on my computer and all of my users are REAL users. I am using tools like FileMon/RegMon failure detection, file/registry redirection, runas, cpau, security templates or EPAL to achieve this - it is not really comfortable, but it is working, my users stopped complaining after some time period and now they are quite happy, because all of their applications are running correctly.
With Vista Microsoft announced support for LUA concept (ehm, LUA a.k.a. F.L.E.X. a.k.a. UAP a.k.a. UAC). This is really great and important decision.
But first let return back few years - when Microsoft released WFW (Windows Firewall), I was very HAPPY that they decided that it will be only inbound. I think if it would be also outbound, majority of people (99% probably) would just disable it, because will annoy them. So 1% of people were unhappy about WFW, but majority of users used it and didn’t disable firewall. Which is more important - to achieve secure system with Windows is not problem, but you must know what to do.
What I am trying to say is that it is not always important to introduce new security features - more important is to either force people to use it OR enable it by default and make it enough user friendly that people wont disable that feature.
And this is something you cannot see with current implementation of UAC. It IS too boring – people are complaining, MVPs are complaining, “power” users are disabling it first (and “power” users are most dangerous from security view).
Ok, I know that Steve Hiskey (lead program manager for UAC) promised they will reduce the number of security elevation prompts (read UAC blog). Ok, but these are promises – but HOW are they going to do this? What I can see is right now just changed marketing words – but I would like to know how TECHNICALLY it is going to be implemented, because I am not end user or power user.
There is one thing I really don’t like – complaining about something and just complaining and nothing else. But I also like to think about possible ways (you know it, “I see solutions where other people don’t even see problems” ;)).
1.) I use mmc console a lot – but mostly (90%?) just for retrieving information from device manager, AD or anything like this. Why do I need to elevate something when I would like just read-only access? If you remember, one of the biggest issues running as limited users was not ability to use system clock as calendar – if you are limited user, you are not able to even run it. So in Vista they changed it – but we can see exactly the same problem in the rest of OS? It is not just about mmc, it also about regedit and so on… If I will need to confirm elevation in that 10%, I don’t have a problem – if I need to confirm it every time, then YES, it is problem.
2.) Don’t prompt me again – this is feature everyone request and I can understand why. The official response is that now it is more secure – which is true, but in real life it will mean that most people will disable it, so it will generally decrease the overall level of security. What I want to see is by default enabled prompt, however with ability to mark binaries to silently elevate.
And there are many changes I would like to see – for example visual differentiation of elevated programs and so on… Don’t get me wrong – I love UAC. I am just afraid it wont be generally accepted and in future releases Microsoft will remove this (or disable it by default) just to satisfy customers. Hope so this wont happen. If you really think about, UAC is similar to InBound/OutBound Firewall that wont allow you to specify more general rules and wont allow you to remember settings for specified program - you will end up with clicking on confirmation boxes every few minutes. WFW was great success - it IS firewall and most people dont even know about it. Why cant we see the same logic with UAC?