Posted by: Stephen Wildstrom on November 3, 2008
One of the most annoying futures of Vista is the User Account Control window that, unless you have disabled the feature, pops up when you do any of a huge number of things, from installing software to changing minor Windows settings. It’s a bit early to tell, but it looks like Microsoft may have fixed UAC in Windows 7.
UAC was a needed innovation in Vista, but the implementation was awful. Windows XP was extremely promiscuous about allowing access to the system. The bad gu ys took advantage of this, especially in designing drive-by downloads that exploited browser vulnerabilities to install malware without any intervention by the user.
The problem is that UAC went way too far, pestering users for permission for even the most minor system changes. Often windows would throw up a UAC window seeking permission for a Windows process to run. And if a user lacked administrative rights, an administrator's password was need to give permission, effectively defeating the whole idea of gicving users least-privileged accounts. And control of UAW was only on or off, and far too many people defeated what should have been a useful feature by turning it off.
In Win 7, the UAC level is set by a four-position slider. The two extreme positions are similar to the Vista choices, off and very restrictive. The two middle positions are much more interesting. The most useful is the default, in which you are notified when a program attempts to change settings or install other programs but does not seek approval for changes you initiate yourself. This is so logical that you can only wonder why we had to wait three years for it.
One remaining problem is that, at least int he pre-beta version of Win 7, the feature isn't particularly easy to discover. It's part of the User Accounts control panel and to get to it, you must click a the link "Turn User Account Control on or off." The is the same language used in Vista, and there's no indication that it gives better control than the previous version.