Vista: Permission Granted

Among early adopters of Microsoft’s freshly minted Windows Vista operating system, the strongest reactions so far seem not to revolve around the system’s fancy new looks or its handy search facilities, but rather around Vista’s knack for asking permission to carry out operations that require administrative privileges. Summing up the annoyance felt by many Vista users so far, my colleague, Microsoft Watch’s Joe Wilcox, recently suggested that if Vista were a car, flicking your turn signal would prompt a pop-up to look both ways before turning out into traffic. In some cases, Vista could certainly keep its concerns to itself. For example, if I trust an application enough to install it, it stands to reason that I trust the application enough to allow it to talk over the ports it’s designed to use. So Vista’s firewall needn’t bug me about cracking a hole in my local firewall. I believe that Joe’s automobile turn signal analogy says more about the unrealistic expectations of Windows users than it does about any nannyish-ness on Vista’s part. Flicking on your turn signal is a well-defined use for your car–in the same way that flipping through your applications menu, changing your desktop wallpaper or firing off an e-mail with the Windows Mail client are well-defined uses of your Windows machine. These sorts of operations won’t trigger a security prompt in Vista, even though they can possibly get you into trouble. For all its rumored overprotectiveness, Vista won’t intervene to prevent you from sending a drunken, angry e-mail to your boss, for instance. However, when it comes to the sorts of actions for which Vista will ask permission–such as installing some application or plug-in you’ve found on the Internet, bringing down your firewall or disabling those pesky UAC (User Account Control) prompts altogether–it’s appropriate that Vista applies the brakes. The operations Vista asks about fundamentally modify your machine and can lead toward your PC behaving in ways that you didn’t intend. To use the car analogy again, they’re more like undertaking a do-it-yourself windshield replacement or popping in a fuel injection system you bought on eBay than they are like using your turn signal. You wouldn’t expect to fundamentally modify your car without knowing what you’re doing–or allow someone you don’t trust to do the same–and expect that everything would work just fine. So why should users expect the same from their operating systems? In defense of Windows users who are beginning to chafe under the yoke of appropriate rights management, Microsoft has pretty much trained us to behave in this way by doing way too little to enable and encourage sane management practices for its operating systems. With Vista, Microsoft has begun to change its ways, and now Windows users must learn to change their ways, too. For starters, if you don’t want Windows bugging you about the potentially destabilizing effects of what you (or your end users) are doing, start getting used to the idea that willy-nilly software installation and system modifications aren’t every user’s computing birthright. As annoying as it may sound, these sorts of activities must be undertaken with much more care than most of us are accustomed to according them. Microsoft can make things easier for its users by taking a page out of the software management playbooks of Linux distributions, which typically offer a framework of network-accessible repositories of cryptographically signed packages. These packages can be self-hosted, hosted by the Linux provider or hosted by trusted vendors, yet they are accessible with the same set of software management tools. In OpenSUSE, for example, it’s possible to grant a regular user the right to install packages from preset repositories, which can help strike a balance between self-service and IT department vetting. I’d like to see Microsoft work with software vendors to extend Windows Update to offer similar functionality. IT departments could bless trusted repositories from which regular users could install applications and updates without sacrificing safety or requiring elevated rights. I can imagine third-party certification bodies emerging to offer companies and individuals a much larger catalog of checked-out software than they could manage to vet themselves. Such a service might be a good value-add for OEMs to extend to their customers, as well. None of this will save you from sending that ill-advised e-mail–or from blindly changing lanes, for that matter–but we should at least be able to expect that our machines act as we intend them to.