Vista’s UAC: Is The Cure As Bad As the Disease?

Much as been made of Vista’s User Account Control (UAC) as a new security feature. Given how vulnerable we all are to malware, Microsoft really didn’t have much of a choice but to make a major improvement in security features and follow the path that Apple and Linux take by keeping users away from the core of the OS.  And by all accounts it looks to do the job, perhaps too well. That said, In my short time of testing Vista I’m thinking that a lot of folks are going to become very frustrated with the constant interruptions as designed in the UAC and simply do what I have done, which is turn it off.

By having the user make a choice before proceeding with even the most minor of administrative tasks I think Microsoft has created a very unfriendly atmosphere for the user. You could almost say that the acronym UI stands for Unwanted Interruptions. Yes, the pop-ups are annoying. As an example, should I really need to see a pop-up that tells me Vista has accepted IE7 as safe? If you are going to create a white list of software that is acceptable you don’t need to shoot off fireworks every time the OS allows an item on the White list.

Even more annoying is the fact that the screen grays and waits for you to press the continue key when performing a number of administrative tasks. On at least two instances, I have had software installs fail for what I am sure is the amount of time it took me to click on continue. When deleting certain files, (exe files in my experience) you get the same “protection.” And in some instances you will get a multiple query before proceeding which drives the annoyance factor up a notch or two.

So, here’s the point. If users are going to become annoyed to such a degree that they head to msconfig to turn off the UAC, (there are actually several ways to do this) then has security and protection really been increased? Or if a user is too cautious to turn off the UAC will they become so immune to the pop-ups that they’ll just keep clicking “Continue” or “Allow,” and miss some threat that they should have paid attention to? Or has a system been put in place that basically just avoids culpability?

There has to be a better way. I have no suggestions to solve this. Perhaps you do.