Benefits of Vista's User Access Control?

Abtin Forouzandeh asks: "Having used Vista for a few months, something keeps nagging me about the user account control. For the UAC to be useful, the user needs to have a fair amount of knowledge about: what the UAC is; what application it is blocking; the consequences of blocking the action; and an alternate approach if the blocked action did something useful. Anyone who has ever worked with end-users can tell you that they are generally disinterested in learning anything about computer usage beyond how to use word and make a spreadsheet. Frankly, even as a highly technical user, I nearly always approve the UAC dialog, even if I don't know the consequences. Since users lack knowledge, and Vista keeps asking esoteric/ambiguous questions, then users will always approve UAC dialogs. Since the UAC so clearly fails in its goal of making computing more secure, and substantially increases complexity, why is it common wisdom that turning off UAC is 'not recommended'? For 99% of users, is there any true downside? Has the community come up with ways to make UAC useful?"

Re:Serves it's purpose

[linds.r]

I tend to agree - they can still quote increased security, with UAC on of course, who would turn it off, you want less security? while the great majority of users turn off the misimplemented annoyance factory.

I found it to be useless

[Nichotin]

I have been helping a Norwegian magazine write a 100 page Vista Special, one of my articles was about UAC. In the beginning I was very excited about this feature, thinking that it would provide some safety. Then, after a while, two things happened:
1) I got tired of the constant nagging and the need to enable admin mode by default on several apps by default to avoid compatibility issues, and
2) I realized that I clicked 'Allow' on anything anyway, the only exception would be a UAC dialog popping up from nowhere. This approach would make me wide open for attacks by supposedly trusted installers anyway.

So I turned it off! I still havent had any malware or viruses (Symantec Corporate kills most of that anyway). My life got all jolly and happy again. I can only imagine that the same "always allow" mentality will be the same for less savvy users. You want to do your work, right?

Re:Easy answer!

[Bios_Hakr]

The BSoD went away and was replaced with the "automatic reboot". I think there is an option or something to show the BSoD vice rebooting. For most people, the info in the BSoD is useless anyway.

Re:useless but still the right thing

[FJGreer]

I use a separate user/admin account in windows for the same reason I do not use root as my user account in Linux: I don't want random programs running amok! And most programs (except video games and window's 95/98 era apps) work fine in a limited account once they have been installed. I rather like knowing that the most the bug riddled piece of software I just wrote can only mess up my account (saves restore time from my backup DVD).

I haven't used Vista yet, but as long as it has at least WinXP grade access controls (properly configured ACL's can do wonders for limiting a virus's ability to sow chaos) I don't see the need for the Allow/Deny box to begin with--especially with a decent firewall/AV software--especially when that software already does useful things like say "We have stopped this program from running because it is infected with the DestroyYourHarddriveVirus/EvilTrojan, do you want to delete it?" (product plug: F-Prot AV makes Symantec look like trash IMHO).

Anyway, if I know most computer users, anything that asks them a question that will allow whatever they're doing to continue, they are going to hit yes with about 0% by volume thought

Re:useless but still the right thing

[cornjones]

Mod the parent up
in the long run applications will have to avoid causing UAC prompts and eventually it will be possible to secure the "windows ecosystem" without breaking common programs.

That is the important point here. There is no reason for many of these programs to be asking for 'administrative' access to do any of this shit. MS can't just cut it off b/c it will break most of it's install base. This is a way to guide software companies into writing programs with a thought to security, rather than just doing it the 'easy way'.

Re:What the hell is the point?

[chabotc]

"Oh, and all of my hardware works. On both of my desktops and my notebook."

Oh then please tell me why Vista degraded my nice SB FX DSP diving my 7.1 system into a software rendered piece of crap which is barely able to keep up with a 0.10$ intergrated sound chip

All the DRM made direct access to the DSP 'illegal', so it can't be used anymore in vista, nor will it likely ever be

Creative is advising every game creator to use OpenAL, to bypass this piece of crap situation DRM has brought us, so much for 'vista the ultimate gaming platform' :-)

No password asked...

[descubes]

One big difference between UAC and "sudo" or the MacOSX security dialog is that UAC does not ask for a password. Minor convenience (well, probably serious convenience given how frequently UAC pops up today), but major risk. I can leave my Mac or Linux box to someone that does not know the password, without instantly making him / her an administrator on my machine. The same is not true with Vista + UAC.

It's a deeper difference than that...

[argent]

An OS X "Administrator" account is not like a Windows "Administrator" account. Under OS X, when you provide an administrator account and password to this kind of dialog what it is actually doing is granting you the permissions, at the OS level, to perform the action. Without going through this dialog even an "administrator" doesn't actually have the rights to perform it.

That is, in OS X this dialog is authorizing you to perform the action. If you are already authorized (that is if you were careless enough to run as root - the only real "administrator" account in the Windows sense) you shouldn't be presented with a dialog at all, because it's not asking you to *approve* an action you're already authorized to perform.

The difference between authorization and approval dialogs is obscured by dialogs like the UAC one that are sometimes authorization and sometimes approval dialogs.

But it's an important one. Approval dialogs are never necessary, technically, they're just there to try and give the user a "last chance" to keep a program from doing something that's possibly dangerous and may be irreversible. Whenever they exist, they should be a red flag, and an indication that the program may need to be restructured so the dangerous or irreversible operation doesn't happen.

For example, instead of deleting a file, move it to a location to be deleted later. Give the user the opportunity to look in that location and restore the files.

AND WHEN YOU HAVE DONE THAT, REMOVE THE APPROVAL DIALOG YOU DON'T NEED ANY MORE.

Sorry for shouting, but I still can't believe that someone thinks it's a good idea for Windows to ask you if you want to move a file to the trash.