Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Can Microsoft Make Vista Less Annoying?



 By: Ryan Naraine
2006-06-05
Article Rating:starstarstarstarstar / 0


There are 1 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Microsoft plans to tweak the privilege escalation prompts in Windows Vista after beta testers complain that the current implementation is "annoying" and counterproductive.

Microsoft plans to make several significant tweaks to the next beta of Windows Vista to make a key security feature less annoying to users.

In response to widespread criticisms that the implementation of the UAC (User Account Control) feature triggers too many privilege elevation prompt pop-ups, the software maker will make changes in Windows Vista RC1 (Release Candidate 1).

By default, current versions of Windows configure most user accounts as a member of the administrator group, giving users all system privileges and capabilities. This allows users to install and configure applications and make system changes, but it presents a serious security risk because malware writers could take complete control of an exploited system.

With the UAC feature, formerly known as LUA (Limited User Account), Vista separates standard user privileges and activities from those that require administrator access, reducing vulnerability to hacker attacks.

However, in its current form, the feature requires that users click on multiple security prompts before carrying out some basic computer tasks.

"There are simply too many elevations," said Steve Hiskey, lead program manager for User Account Control in Microsofts Windows Security Core group, in a blog entry announcing the plans.

Resource Library:

In Windows Vista RC1, Hiskey said, Microsoft will make changes in the operating system to create safe scenarios for the Standard User account to accomplish tasks that used to require a privilege elevation prompt. It will also apply application compatibility fixes, called "shims," for applications that need help running as Standard User.

Hiskey said Microsoft will also work with ISVs to update the applications that cant be shimmed and to design the future applications so that the next generation of apps run well under Standard User privileges.

Click here to read more about Microsofts rationale for reducing user privileges.

One specific change outlined by Hiskey will allow a Standard User to "go get and install all critical updates" without being prompted to elevate privileges.

"The Admin and the Standard User could install updates and shutdown in Beta 2, but they were not allowed to get them now without an elevation prompt. We didnt open up the Windows Update Service to be generically driven by a Standard User application to do this. For example, there will still be an elevation dialog to remove an update or to take update #1 and #3, but not update #2," Hiskey said.

"We are also going through the OS and modifying functionality to take a non-elevating default. For example, in the case of the Public vs. Private network choice, the default choice will become Public to save an elevation," he said.

"In Windows Vista RC1, Microsoft is going through the operating system point by point on each elevation to make a determination if the elevation is a bad elevation where we think the Standard User can safely accomplish the task. You should see significant improvement in RC1 in the number of elevations that you see," Hiskey said.

Click here to read about the addition of Address Space Layout Randomization in Windows Vista Beta 2.

In the end, Microsoft wants Vista users to "rarely see an elevation prompt," or at least to fully understand why a privilege elevation prompt was triggered, he said, and after the initial setup, home users " should only see OS elevation prompts when they do something that changes the system," Hiskey said.

Based on beta testing feedback, Microsoft also expects to remove the consent prompt for administrators when deleting icons on the public desktop, he said.

The changes follow a scathing report from Yankee Group analyst Andrew Jaquith that the Vista UAC implementation will be "particularly problematic" for users.

"[Early] independent reports and notes from the blogosphere suggest that Microsofts own Money program—as well as the anti-virus packages from Symantec and McAfee—are incompatible with UAC and will need to be rewritten," Jaquith said.

"[My] testing of the December Community Technology Preview (CTP) build of Vista revealed that although the new security system shows promise, it is far too chatty and annoying for everyday use," he added, noting that UAC blocks ordinary users from running the SafeDocs backup program that ships with Vista.

"Even simple tasks such as opening Control Panel applets required administrator credentials or consent," Jaquith said, citing a complaint from a beta tester that UAC was "probably the most annoying thing ever invented…"

In short, Microsofts mission is to use UAC to make user accounts with admin privileges safer by limiting access to sensitive system resources and functions by default, and by prompting for approval when performing admin tasks that require greater privileges. Now, it must get the balance between annoyance and security just right.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Can Microsoft Make Vista Less Annoying?
>>> Post your comment now!
Microsoft Vista
Microsoft could do us all a favor and have a recall on this annoying Vista and throw them all in the recycle bins
Posted At: 07-15-09
By: Hollywood Ice Man
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


xr6(;= xfSo{)ٖؖҌ3JEĘ"$e[ٳ7yĹ _HIH$%lݍF?Hp4ô1%SxTwI}"IͽkC(~0 )_rduBԲL3fcөS7a+,Q  tjOt0]2x7s:&7es'cߨ&``1Zm8lRB'Ajm(EJH.X(:{$c [tT9/yT| wTsǦ;=aR!k4ދʏш(QGOЛ}{/ !X]j4LofiC2hj9TN`UƞfnڭcŠ ~#c w\^jG,gsDƞ4ICKd!˝LJA`:t,#GNX STHfFԴ;kj4[kbc{K 3}($gtj.vߟD(+8Q1̳̋X#vA'lǦ"'e5]~7vmklj%NHEo~cnhބї ;曎E&.5rؗCY֌aF-SԗuHUZ+R^(Տ╇i΃gĩ̙ugNoowQ(Z(/{W? n04h;Lm9ECq9g}rҾ ;A:W@m&1DrT*4DͧĆY^:Ǘ5=(釭~7-R#X@vqna5= 3+i3,ǝqT~6NMN l,aZUU 2Z*]鬙FȏNsuڽ푳 9m霴{ _KtH  Wh:M?NXkoqco!qj{z dP[w8LsZ\GdN'm2dx"˧Syw53Q[h,r$bqrF~DX ,>J~ͼ94g o SNE - ujf{5*z*`K7}SkIs;nZK}0[#RF& \ ДACXذ 1"%ߩҁye ,}PEtAͨO 8{3Bqɽ`g@ы BD4?CzC0"pd/n.r?uKZ񧠻fu՜Ӆ]We wYCLK\zcgVMW.~lzOmxH18,]evr`\\Զ7jǍfvT up[ h2e8l ԰:ACA4i#Ŧh4M_'&h`C:} ;LZ sF|`x:,(AbχoN7k:FAтMtTێ]6=ol29<8L&&z-JCˋF0Px@e^~m¢8>ѵGȁ5hN5҆&RcSBgx??Ȝk) Tt\JI ڂ"D% P h4AǰE|ENA7ד;.Vʥ\.y"m':.3Pr h&,,BV-KPf%i2iń(VFN!l(0Vf) .z:Hp0ѿy6yfy 5Ù*+y'grSIxքcC ֳ6_2}h=u}ӣL)Esr>:w'ѫU?RWO&ZbxhH[1(a]jk-\<?Z![q5kNQֆW(RdsqͰ,Cm6\i^exTRSv7pl=5G&5+?Zs9`"+jZUv *5P6*0箇~ksF$XGj} :ZQa߯y+t m(5# #2>pgrh)j*SyvjϷh#S欭p+,s Jb+ʹV(EcT7ed kC<ϤM`R|=YxN ~7⧚]EnMsE)<sƅ~w"OV[x_yO "BN7xN7 }G TQWTC%`LfaNg1µ u?akF&w5LY6zF\ u<5Ag/&lA}+琩gsC/ɹ%wAR@XW-(7ϙT0pb2^?]x+Y3gGu"M."9&́08h} 2"anϯI60cVg\T`uրDj9z9HÞ1=M{6w5>5['A-a51roLup e>cMLUh-[J_i~~?u^PS*GWMO`@n桨|]͠1p Fn4i=$>JS-b tqi#No[TRXUʅzϢ CE5 veN6qEab;?J3ڝ5^@M|GOTEbq4q#̨yF .Ɠ!skgO=̦:Zk36{]M茻h]1Tmn-`2$D*knIGa GF*͐;YQa'\$X+JJYt>80xX N zW!(pL\'eM<9  qΟݚr`>x4Hn6J@ r;~O+a#riOJڣR> KYdI. {<{JYԹ:mrHG-?~::Om~1= L@IP 4#7?"IkC溏uzڹ$wY?`yBn߽p.[7:WK'݋ ?wD.:Wm)^{-y0Ժ|:dQ:atݺ F>m48 `xѤȂ Bp$`$X)XCu:ӻh} s'u؋n/rm D785C ¯He*%4Д+%qA&O7-xz|-r/HUɉ"^$}+1y*}y:}_exD+ǻBI{p3YTъqvi ^a~:)}AmN9˙~D Í76w jE p!AS9kթ-ݱi'>fax!w,0qЁB;XHaRB'TՔI'28IUF4A2uI@?Mx4HPWhd$lAz׭ jc]e /.\~ڹm|d`L`ql)ZA"| Nr 9i]`e>b%;yPb QWZ4ՒBW!> \Cp0Su` #!9+|)}~XU׫۽NmHs ۰q ;eΫ P|mv ,N͓W>0l{Rѵl j 2M .`Y=w6OE{7mhG(WV#w#h*51sXufʦ jptgcbxZa)zh8Sʹ?r%W>i]7uja~%X@oBKH49zǿ|p낧G {sf/&ƭtG/{fܓ9O_d>Nii[nǡ8-0z^t,4P$yEQjʶV $]Bn/<4L|dM#}ӾJf87k^h̠t4u꾫w} {!. o06xy<7hgpwߵ zK>+-R!ekE7_cUKT7FE'%:mB}޿!bi8V3[Tn '|Ȟ8^j[ci2/[Cؖr"Lpġ`G-ݺܭ)³$`D@7=gig涣A jm JN XW+Oiƿ'&ʫIVܱS,*oO_Oo+N{kE v™)[ꈧ &5S&5!/1 %]Kдg=.0SA}2.mE>zQc%Fc?Z{ϗqG 4˼ǷtYEܵF+Rbg'h]%8 cQ~% 7_P} tRԣ|J-KQ 8رs ,aR${;JuɇN0sىgq g&;^⋐u48>y~4JX=Kӝ@ftOp4 nh?Ψ{64'[x>zc 7wY',dB]I0LavB|}]]=cN^OɽCT_(obKHUg"bn [rccZ(IٛSܑ%3 F.n1QUs,O]0(}%׉ΘNx /`BhOdAWҠ-&SϝזּYMT T gikJRuL-,Caa,V=`alS?gYUl@ _p')},%AYF;2O0K/Iov)Rz? N%; ͂RzH9+cgbKH߿ڄg^$΋%Xh@39x<:S% >Y0k L`G嵙 1\Z ZjדaL8,6o{H-F:}e#6^4f7Uإm$ƟhXf3PJLCT SʎULN]0k,k {|$QGJ4)LkF0€,rl){" =LZ?ܡŠp^RI"H)HB"v7q!Q͕N&3R'Z-b b|G8<)^z")*ysO`ڶLU|Ef̳8m&KբRnBA洐^D@ PBߪz:hݩ|ۻZؖ5K/͚I(-LX:"s< |0${S<ax.6wT${)4pL4g':qB~`~pF18 b qDHݑgh!T|{Srx'U( ͉"a6 3B>qZR[mG[ld5IL0dd aI&P0oݞD$='KW}d02\$zw C,khYTIQƖe7pc9STEV/ }]h^,tIϭI cPM(+9bØ7^! |L\,ah[B 8bcx Qt3ӆav{|*V=̳yGwKJ 2B$) c3LFUyi>-Yݒ'́U-,|Gpw ;<[ýb7,v;@y{T[Wr_wiJ]lM%`eNwha|q󯤁|X7JzZO !-l` $h!h-,cYH S%lɉ/?t<7-.6i4>Px!Fv{Kb+I6w$Qpjkj55AV^ "j-!cZ|D,?tUE/]^|~0. dPBm _R6`;TVPm.͂͢E.V 41\sV ueb?]C-utIkb"]N1xy[?LLδֈ1Bp*B GUٜArj5^RUBIϟZ k>c$cs05̈ Zkaf|DZZk]ڴs3=SI<6߅7cXz9ZtTlh pK#:r/R' Df2Gn&~iXm>H':t]jhX͸Jd m\X#X(+Jh!ygZ"<1%k^6hCvea>Py)ހyJZ 2.RHу%G:}7<%LT:<}Q-Dr1"דQ])0m-^awUpjkI\Kk)qL=A"8ϑ^awᷭB϶92YZtn'4):0ڑ]st7s>н_$3BL0OļT^sn'0+qIZ`3+n{lˊRɶ8.NR)q2.ȹfkep:IoFuSi~RLJ4*]9`VGZ;]ĈVbR>fD9-EKO#UP1XeLW<0Ո0t+PʲjNT\OpY]XC3 C _^ƭbQŶruYc_D|_tKfQZ=t Mp47+ Sp;+*E-'=hpi3l@1"6r?"q:N~^P_Fp;t;$΀!D||z['Au}H>Kl1$.珖+62s!XB8p7,չ WEo*!p樯Mda#w;eMmAYLs8xM{l0W)^>- [z.p٥OvV]?C7L>-,Py- r8Gwz}UP/11s~! 6LF DN"c(41GJ[#!}& MǤۧ145`BXRA9IE>&F$1шby ֭9cS̊p@+,/u&}|v[/ T6CĊ1gKi>'c8h“H`,rX@3 "PV: Gx}/6MF·:esˇ%̔,k,2E<Cep?,GΎwe~5trarp͒wf~6t Q-pV#ߛjwS?Xo/ۺ9PxԢ/ha똸6c#W܄qP B>^sou[?CB7P~^~NmewQO/?3O$ sAOO?wrNzy4fC:CL*Ͻ\^FW(^~/2l׼K2K{AKe}. /?/32?QF2_2ϡYo(h7TMqgQB{Po.@#mdϽG"Mx u e T zw " 9oٚ^^' ΅ K Y)7 5]O︁V!ֈ"VL;B.:N$&`ϖؼ<" =0Hk&X?0 "ØC0ԡ|/lx6-H]1o!ӗ:iq:`wư}¤k*+LÁ$̼cFs\9dОf@L Vvd`kОxAI夭![H-'c@N`Xkt J7B'3Ffrw^f$W"r'37$\ؓJs~lY8=ۚ:t"u]ݸ3AzۨK5 D >b7 ?5=ì{Kad .`|e'0PqDRf=^$ u60j4F%/)sM}Lxi£;Oxr/G㽄& ,6zǞ"j>}l.Y`_CFbЗ+M'Vk*v>w I7,Nd=:vMchpbAw[A<$NSPsXO-:86Zd_59\Aŝ0Dc"«U/=׆"2cP =`?Gcap_Ǯ8U ^xzA߭Ud# BÑz ,+-Ŋ]9rfcw[/FI)H[AֹX.f;Tjv[i>f;BI<!j X戄=$z5|w,C巧eS% %^Π&byvԶe&PL1)Ž)JqiFAG*9K;"E=oPm b;<%_ *`>.X2">m='.}N5˟H' "@2d̴5[Pŗ;wiSF)f'NFp)hNcx 'Lwl;5Tc :۳|?e Lt8/o90kn>ʷa$L=HJ F ϱɮy63@D0k"iژ:DR*,&f , ~93_O(@P 9!u6٠^<:y,E{guݍfezy2 7]#+b 1C>a]R>Ŕ+ ]'[ۧ3й?-{bW/e; />_X ($LwMΠps::h݆GXxЬ;[+ Qy6 9<ЩB~&?c=VQٮ7GL=mȥ+` jz[®":qeٍ1}arW`0MJkAsLeUtCJYEL`2;`+ Nŵt&ж?8هl"~&8ف,{[ЃT~pLK-"FLNDN<<Sf )VSL_Xћ_,P>q"'\%ƕ@Xq٩8\o~^W˛},{՗Z<|Xyp(z'g+FRqOT||:)>^to"ohi/=nT *Z(K ӽ9m'A0,}us)^ ~s Whc< [Wy&Gsf EX;xd_p+:cQEae=JV} v&b(6lS24K_jjbJlTʱi07Nv6Є В'nvbes5Sr(