Among early adopters of Microsofts freshly minted Windows Vista operating system, the strongest reactions so far seem not to revolve around the systems fancy new looks or its handy search facilities, but rather around Vistas knack for asking permission to carry out operations that require administrative privileges.
Summing up the annoyance felt by many Vista users so far, my colleague, Microsoft Watchs Joe Wilcox, recently suggested that if Vista were a car, flicking your turn signal would prompt a pop-up to look both ways before turning out into traffic.
In some cases, Vista could certainly keep its concerns to itself. For example, if I trust an application enough to install it, it stands to reason that I trust the application enough to allow it to talk over the ports its designed to use. So Vistas firewall neednt bug me about cracking a hole in my local firewall.
I believe that Joes automobile turn signal analogy says more about the unrealistic expectations of Windows users than it does about any nannyish-ness on Vistas part.
Flicking on your turn signal is a well-defined use for your car—in the same way that flipping through your applications menu, changing your desktop wallpaper or firing off an e-mail with the Windows Mail client are well-defined uses of your Windows machine. These sorts of operations wont trigger a security prompt in Vista, even though they can possibly get you into trouble. For all its rumored overprotectiveness, Vista wont intervene to prevent you from sending a drunken, angry e-mail to your boss, for instance.
However, when it comes to the sorts of actions for which Vista will ask permission—such as installing some application or plug-in youve found on the Internet, bringing down your firewall or disabling those pesky UAC (User Account Control) prompts altogether—its appropriate that Vista applies the brakes.
The operations Vista asks about fundamentally modify your machine and can lead toward your PC behaving in ways that you didnt intend. To use the car analogy again, theyre more like undertaking a do-it-yourself windshield replacement or popping in a fuel injection system you bought on eBay than they are like using your turn signal. You wouldnt expect to fundamentally modify your car without knowing what youre doing—or allow someone you dont trust to do the same—and expect that everything would work just fine. So why should users expect the same from their operating systems?
In defense of Windows users who are beginning to chafe under the yoke of appropriate rights management, Microsoft has pretty much trained us to behave in this way by doing way too little to enable and encourage sane management practices for its operating systems.
With Vista, Microsoft has begun to change its ways, and now Windows users must learn to change their ways, too. For starters, if you dont want Windows bugging you about the potentially destabilizing effects of what you (or your end users) are doing, start getting used to the idea that willy-nilly software installation and system modifications arent every users computing birthright. As annoying as it may sound, these sorts of activities must be undertaken with much more care than most of us are accustomed to according them.
Microsoft can make things easier for its users by taking a page out of the software management playbooks of Linux distributions, which typically offer a framework of network-accessible repositories of cryptographically signed packages. These packages can be self-hosted, hosted by the Linux provider or hosted by trusted vendors, yet they are accessible with the same set of software management tools. In OpenSUSE, for example, its possible to grant a regular user the right to install packages from preset repositories, which can help strike a balance between self-service and IT department vetting.
Id like to see Microsoft work with software vendors to extend Windows Update to offer similar functionality. IT departments could bless trusted repositories from which regular users could install applications and updates without sacrificing safety or requiring elevated rights. I can imagine third-party certification bodies emerging to offer companies and individuals a much larger catalog of checked-out software than they could manage to vet themselves. Such a service might be a good value-add for OEMs to extend to their customers, as well.
None of this will save you from sending that ill-advised e-mail—or from blindly changing lanes, for that matter—but we should at least be able to expect that our machines act as we intend them to.
Advanced Technologies Analyst Jason Brooks can be reached at firstname.lastname@example.org.