Much of the spyware scourge that Windows users have been struggling with during the past several years can be attributed to the difficulty of running Windows in limited-rights modein fact, so many activities and applications require administrative rights to operate that running with elevated rights is the norm. When users are logged in as admins, all the processes they run share these same privileges, which is how pesky adware applications manage to burrow in too deeply to remove.Our experience with this feature in Vista, which Microsoft calls UAP (User Account Protection), was mixed. When we installed applications as our limited-rights user, the elevated-rights box worked as advertised. However, when we then browsed to the administrative tools folder in our Start menu and launched the services configuration tool, we received no rights prompt, and our attempt to restart a running service was denied. Confusingly, when we were logged in as users with administrative rights, the same visit to the services configuration tool did prompt a request for credentials. One place where Vista Beta 1s UAP feature is implemented well is in the dialog box for changing the systems time and date. The relevant dialog box includes an unlock button; pressing the button brings up the admin password prompt, in much the same way that the settings dialogs in OS X and KDE (K Desktop Environment)work. Whatever style it chooses, we hope to see Microsoft standardize on one interface metaphor throughout Vista and to do so in time for the product launch. For now, the UAP credentials pop-up can be switched offwhich is good news because we found that Vistas SafeDocs application wouldnt launch at all with the UAP mechanism enabled. Next Page: Bits for the Administrator.
In Windows Vista, Microsoft is working to address this issue, in part by making it easier for users to escalate their privileges only when needed by entering administrator credentials in a pop-up box that appears when launching applications that require these rights (the same way Linux and Mac OS X handle the issue).