Should Stardock fix Microsoft's UAC?

User Account Control on Vista discussion

Wednesday, February 21, 2007 by Frogboy | Discussion: WinCustomize News

In a new Macintosh advertisement, the PC has what looks like a body guard who keeps interupting the conversation with the Mac in the name of  "security".  The feature Apple is making fun of is called the User Account Control.

The idea behind UAC is to protect users from malicious software and other content that could affect the stability and integrity of the user's computer.  But many users have expressed utter disdain for it. As a result, UAC ends up being disabled by users much to the chagrin of Microsoft.

But what if there was a different solution? What if third-parties were able to modify how UAC worked?

For example, imagine the UAC remembering what users had given it permission to previously? Right now, every time I open up Stardock Central, I'm prompted by UAC. Very annoying.  What if after I selected "continue" it saved Stardock Central and its checksum such that it wouldn't come up again for that program as long as it was unchanged?

Another example would be after I select continue on the UAC, the account remains in an elevated state for say 5 minutes (or some user-defined time) so that anything else that needs UAC would automatically be passed.

I think just these two changes would significantly improve the usability of UAC to the point where most of the complaints would go away.

And I think these kinds of changes are absolutely necessary because, right now, users are just turning it off completely which is definitely not a good thing. You should definitely not turn off UAC but it is very understandable how annoying its current implementation can tend to be.

Microsoft has stated that any attempt to alter the functionality of UAC would be considered a security violation that would be dealt with accordingly. It's scary sounding stuff.  But if the alternative is that millions simply turn off this functionality or the bad reputation of UAC slows migration to Windows Vista then what's the best path? 

Which brings us back, should third-parties like Stardock step in and fix UAC on their own?  Or should the user base wait and hope that Microsoft enhances the UAC experience?

 

First Previous Page 1 of 5 Next Last
markdotnet
Reply #1 Wednesday, February 21, 2007 3:16 PM
I personally don't mind the UAC so much, but it would be nice to leave the system in an elevated state for some period of time.

For all the whining people did about how unsecure Windows is, now that Microsoft has done something about it, they aren't happy with it. You can't please all the people all the time but there will always be a squeaky wheel.

Is the UAC open enough to be configurable or modifiable? I love what Stardock does and would like to see their take on a new implementation.

Xan
Reply #2 Wednesday, February 21, 2007 3:24 PM
Another problem with the current implementation of UAC is that they come up regularly enough that users start to ignore the prompt and automatically click "continue". That sort of thing completely undoes the theoretical benefit of UAC.

Ideally, Microsoft will update UAC to be more intelligent like remember programs that have been given permission and timed elevated states.

But if MS doesn't do it, then somebody else should fix it, preferably a company people trust like Stardock.
Keikonium
Reply #3 Wednesday, February 21, 2007 3:31 PM
I hope that Microsoft makes it more user friendly, and less annoying, but if not Stardock should step in for sure.

Besides, even if Microsoft "enhances" the current UAC, companies like stardock can always add better features, and things that Microsoft would never add.
dilmonen
Reply #4 Wednesday, February 21, 2007 3:41 PM
I would like it if there was an option to have UAC remember applications & used a checksum to match them.

I keep getting prompted by UAC for things like Process Explorer, Computer Management, or Neverwinter Nights 2, as examples.
NightTrainthedark
Reply #5 Wednesday, February 21, 2007 3:47 PM
Being a Microsoft partner, I would assume you can find out if they are planning on any changes. If not then why not make it better and make some money.
cavalierex
Reply #6 Wednesday, February 21, 2007 3:49 PM
Brad,

I think your TweakVista app should allow users to modify the functioning of UAC. For example, specify EXACTLY what to allow or disallow. Allow the system to learn from past actions. And get rid of multiple dialogs (e.g., if UAC prompts you that you need to 'allow' the deletion of a file, then don't ALSO show the deletion confirmation dialog. It's redundant. One or the other.). Remembering applications is a must.

Please, please, please make TweakVista as great as TweakUI was for XP!!
Vista's a good OS, but we all know that it needs Stardock's touch to make it great.
sirbabyface
Reply #7 Wednesday, February 21, 2007 3:56 PM
I'm not quite sure if Stardock should fixe the UAC.

I think that there are so many complains and solutions to fix UAC, that Microsoft should fix it quickly.
rabidrobot
Reply #8 Wednesday, February 21, 2007 4:08 PM
I turned off UAC. I really don't see much of a point in it. Is there really malicious software out there that wants to change my font size or screen resolution? What is UAC protecting me from on my personal home computer? If I have anti-virus (for whatever that's worth with Vista) and anti-spyware utilities and practice safe browsing and email habits, why do I need UAC interrupting me at all?

Like Xan said above, these alerts pop-up (and I use that term intentionally) so often that users will simply learn the quickest way to close them without taking the time to read them, or, as is the topic, turn UAC off entirely.

UAC cries "Wolf!" far too often for it to be any use when something truly malicious does come along.

If I could turn off UAC for the rest of my session without rebooting, and have it turned back on automatically with the next reboot, I might consider that. Then, if I wanted to make a lot of changes or perform actions that I know are going to trigger UAC I could turn it off just during that period. But since a reboot is required to turn it on or off, it stays off full time.

A whitelist of allowed applications would also be nice. Just like my firewall, I could be alerted only if the application has changed since permission was granted.

While I like the idea of Stardock improving upon UAC, if it is possible to alter UAC wouldn't that mean it isn't worth much as a security precaution anyway?

GhoS
Reply #9 Wednesday, February 21, 2007 4:08 PM
MS has known about UAC not being well-received for awhile and yet have refused to add those two mentioned adjustments. Stardock may be prevented though from helping if it is indeed something MS would sue over. Though to be sure if MS doesn't fix it and Stardock can't, someone out there will and people will find it.
jjjansen
Reply #10 Wednesday, February 21, 2007 4:13 PM
I've gotten by without UAC for 20 years without a computer meltdown and I can get by another 20 years without it!
jelvis
Reply #11 Wednesday, February 21, 2007 4:24 PM
I kind of like the approach of keeping the status elevated for a defined time. Has worked great for me in Ubuntu.
LarlaDog
Reply #12 Wednesday, February 21, 2007 4:28 PM
Nice idea and it really shouldn't take too much to implement it. Once I have approved the running of a certain version of a certain program, I shouldn't have to OK it again. However, there should be an edit capability such that if I accidently approve a program, I can go back and remove it from the auto-approved list.

It would also be nice to have access to a list of the actions that required approval and but that approval wasn't given. It would allow us to see if attacks were being made.
arteekay
Reply #13 Wednesday, February 21, 2007 4:32 PM
With all respect, I'd place my security more safely with the system engineers over the graphics guys, any day.

I'd advise against stardock playing with UAC, if nothing else, to distance yourself.

Think about it. You alter UAC, the machine gets infected, who's fault is it? MS or Stardock?
tersiocity
Reply #14 Wednesday, February 21, 2007 4:38 PM
Here is what they need to do:
1. I do something for the first time, ask my permission and start counting
2. After five times of running the exact same thing with the same file size, date and checksum, add a "remember choice" button
2. After fifteen times, never show the question again until the file date, size or checksum changes. Then, notify me what changed and present the choices again and keep counting.

This needs to work with startup programs, installs, device manager, etc.
Kirkburn
Reply #15 Wednesday, February 21, 2007 4:42 PM
I feel I should note that everyone should make sure they know exactly what UAC does and doesn't do before making pronouncements about its use.
Istari
Reply #16 Wednesday, February 21, 2007 4:44 PM

With all respect, I'd place my security more safely with the system engineers over the graphics guys, any day.

I'd advise against stardock playing with UAC, if nothing else, to distance yourself.

Think about it. You alter UAC, the machine gets infected, who's fault is it? MS or Stardock?

Stardock IS a software company (System engineers). How do you think Stardock is able to do things like WindowBlinds, Multiplicity, KeepSafe, etc.?

As for fault, it's the user's fault if their machine gets infected most of the time.  When people clicked on "I love you" attachments in XP was that Microsoft's fault?

Somebody needs to make UAC usable or else it will be either turned off or just ignored. I would prefer Microsoft do it but they have largely ignored feedback on this. So if not them, I'd rather Stardock do it.  Otherwise, you'll end up with a Symantec-bastardized solution.

Littleboy
Reply #17 Wednesday, February 21, 2007 4:47 PM
I don't see MS adding any sort of customization, like remembering which process to allow/deny witch CRC checksum to track modification. They would have to add an UI to access that and that sound way to complicated for the average user and a support nigthmare.

IMO companies with firewall products will probably add that possibility in the future. They already have most of the work done. Most of them are going into that direction anyway, adding virus & malware protection.

Brad: Your ideas sound like something for SecureProcess Plus it would make it useful for people outside of it's current target population.
arteekay
Reply #18 Wednesday, February 21, 2007 4:54 PM
safe lists and performing checksums on every executable is not the answer.

UAC is not going be an option in the future, this is just stage one. Best that developers and users alike get accustomed to a restricted user account now.
RegMaan
Reply #19 Wednesday, February 21, 2007 5:05 PM
I think your idea ia really good for all who are already agitated with UAC and for those who may want to make the switch to Vista. My current firewall does exactly what you are suggesting and I love it.
arteekay
Reply #20 Wednesday, February 21, 2007 5:10 PM
Ummm, no firewall can cause your programs to run with limited privileges...

An app that hasn't be elevated can't write to the majority of drive and registry, such as the windows directory. How exactly would a firewall accomplish this?

Please login to comment and/or vote for this skin.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

  • Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
  • Access to a great community, with a massive database of many, many areas of interest.
  • Access to contests & subscription offers like exclusive emails.
  • It's simple, and FREE!



web-wc01