Should Stardock fix Microsoft's UAC?

User Account Control on Vista discussion

Wednesday, February 21, 2007 by Frogboy | Discussion: WinCustomize News

In a new Macintosh advertisement, the PC has what looks like a body guard who keeps interupting the conversation with the Mac in the name of  "security".  The feature Apple is making fun of is called the User Account Control.

The idea behind UAC is to protect users from malicious software and other content that could affect the stability and integrity of the user's computer.  But many users have expressed utter disdain for it. As a result, UAC ends up being disabled by users much to the chagrin of Microsoft.

But what if there was a different solution? What if third-parties were able to modify how UAC worked?

For example, imagine the UAC remembering what users had given it permission to previously? Right now, every time I open up Stardock Central, I'm prompted by UAC. Very annoying.  What if after I selected "continue" it saved Stardock Central and its checksum such that it wouldn't come up again for that program as long as it was unchanged?

Another example would be after I select continue on the UAC, the account remains in an elevated state for say 5 minutes (or some user-defined time) so that anything else that needs UAC would automatically be passed.

I think just these two changes would significantly improve the usability of UAC to the point where most of the complaints would go away.

And I think these kinds of changes are absolutely necessary because, right now, users are just turning it off completely which is definitely not a good thing. You should definitely not turn off UAC but it is very understandable how annoying its current implementation can tend to be.

Microsoft has stated that any attempt to alter the functionality of UAC would be considered a security violation that would be dealt with accordingly. It's scary sounding stuff.  But if the alternative is that millions simply turn off this functionality or the bad reputation of UAC slows migration to Windows Vista then what's the best path? 

Which brings us back, should third-parties like Stardock step in and fix UAC on their own?  Or should the user base wait and hope that Microsoft enhances the UAC experience?

 

First Previous Page 2 of 5 Next Last
qrush
Reply #21 Wednesday, February 21, 2007 6:03 PM
Honestly, I'd prefer a big glowy button to turn UAC off. That works for me!
Tsumana
Reply #22 Wednesday, February 21, 2007 6:15 PM
Heh, this sounds like a question for one of the weekly polls.

I can only judge from the stories I've heard as I don't have Vista yet, but, if it's half as annoying as it sounds then I would probably turn it off too.

As for a 3rd party fixing it, I would probably use that if it helps make me more secure and stops me wanting to throw the computer every time the prompt came up. If Stardock did it and it wasn't some free piece of soft ware then you could probably add it to the Thinkdesk set of apps.
thomassen
Reply #23 Wednesday, February 21, 2007 7:02 PM
I mess around so much with the system that I couldn't bear the UAC eventually. I tried levaing it on for a long time, but eventually I gave up because it slowed me down too much. And the switch to the secure desktop is just brutal. I got along with XP and previous Windows just fine running as an admin, I can't ever recalling being affected by virus or malware.
I only wish that the Security Center wouldn't bug me about it. I disabled the popup do I wouldn't get that popping up everywhere, but I wish the was an option to have Windows not monitor the status of UAC. I quite like the Security Center monitoring my Antivirus and Firewall etc and informing me if they should be turned of. But since I disabled UAC it's now constantly red.

They way I see it about third parties fixing UAC; I wouldn't trust it. If third parties can 'fix' it, then third parties can break it.
Brandon Paddock
Reply #24 Wednesday, February 21, 2007 7:42 PM
Remembering applications would open up a hole in UAC - as malicious code could launch applications on the "allow list" and manipulate them to cause privilege escalation.

Having an "Elevate everything for the next 5 minutes" option is far worse, since malicious code just needs to wait until you switch to that mode and then it can go to town.
Brandon Paddock
Reply #25 Wednesday, February 21, 2007 7:47 PM
I turned off UAC. I really don't see much of a point in it. Is there really malicious software out there that wants to change my font size or screen resolution? What is UAC protecting me from on my personal home computer? If I have anti-virus (for whatever that's worth with Vista) and anti-spyware utilities and practice safe browsing and email habits, why do I need UAC interrupting me at all?


That's not what UAC is for. Anti-Virus and anti-malware apps aren't going to prevent your daily use applications from being attacked by code-injection exploits.

Like Xan said above, these alerts pop-up (and I use that term intentionally) so often that users will simply learn the quickest way to close them without taking the time to read them, or, as is the topic, turn UAC off entirely.

UAC cries "Wolf!" far too often for it to be any use when something truly malicious does come along.


Doesn't matter. UAC is still very useful even if the user clicks "Continue" to every prompt they see.

Excalpius
Reply #26 Wednesday, February 21, 2007 8:12 PM
The fact that UAC doesn't remember anything is indeed the big issue. I don't think Stardock should get involved, but I do appreciate the fact that they are willing to bring this issue out and hopefully embarrass Microsoft into addressing this "UAC Amnesia" issue.

UAC Amnesia, hehehe, I like that.
SIXX21
Reply #27 Wednesday, February 21, 2007 8:17 PM
It seems to me someone at stardock has a pretty big ego to think that they could fix anything for ms. I would bet ms is more than capable of fixing there own problems if there were one, after all they are ms, a multi million doller company and stardock well......is just stardock.  
JayG
Reply #28 Wednesday, February 21, 2007 8:33 PM
It seems to me someone at stardock has a pretty big ego to think that they could fix anything for ms. I would bet ms is more than capable of fixing there own problems if there were one, after all they are ms, a multi million doller company and stardock well......is just stardock.


wow, what ignorance.

i don't claim to be a stardock expert but...

stardock did zip folders before microsoft.

stardock was the first to do gui skinning.

stardock was the ones who did gadgets/widgets as we know them first

stardock did keep safe and multiplicity.

in other words, history seems to show that microsoft has used stardock as its own personal r&d center.
Jeff Gamble
Reply #29 Wednesday, February 21, 2007 8:36 PM
MS might be a multi-billion $$ company, but they have trouble making a Word Doc open the same on 2 different computers! Sometimes bigger isn't always better.

I'v been a faithfull Stardock user/subscriber since 1998, I think Stardock has plenty of experience (not ego) to tackle this.

----

Even if you just added the permission saving function, that would be great!
The only concern I would have is if a program could trick your UAC add-on.

If you can address that, I'm all for it!
warreni
Reply #30 Wednesday, February 21, 2007 8:42 PM

I don't have any personal experience with UAC, but I've read about a lot of folks having issues with it. Frankly, I think the people who have responded to this post by stating that if there is a problem, then Microsoft will fix it themselves, are being a bit naive. Microsoft may choose to fix this and other issues when they issue the first or second service pack for Vista, and then again, they may not. It may be only through the action of several third-party developers like Stardock, Webroot, and others that Microsoft will come to realize that this is such a pain in the butt that something really should be done about it. I think that the more people step up to the plate and say, "Hey, this is an issue and we're willing to put a fix out here to help people," the more Microsoft will be forced to reconsider their rigid position on UAC implementation.

Koasati
Reply #31 Wednesday, February 21, 2007 8:47 PM
Other than the fact that it doesn't remember anything you've already told it, how does this UAC differ from a good software firewall, such as Outpost?

SIXX21
Reply #32 Wednesday, February 21, 2007 8:51 PM
I dont know what I was thinking....I thought stardock was a graphic/toy software website...I didnt know they were up there with the big boys designing operating systems and all. Ms is more then capable of fixing there own os. the problem is everyone wants better security... ms gives it to them and then everyone thinks they can make it better. maybe stardock should try and design a better os but I wont hold my breath for that one. To sum it up...I HAVE A .DREAM......MY VISTA WILL RUN STARDOCK FREE.
Envisaged0ne
Reply #33 Wednesday, February 21, 2007 8:52 PM
The idea of making UAC remember what programs are allowed has been floating around since they've implented UAC in beta (used to be called UAP). And it was, obviously, suggested to Microsoft. They made it less intrusive, but still very annoying. The logic behind not letting it remember your settings, is that you're basically disabling it with most of your programs. Thus, like disabling it, it would be useless if a real virus threat came along and tried to hack the programs you decided to allow automatically.

There is more irritating parts about UAC beyond just the continue or cancel. For instance, lets say you have a .TXT file that you want to open up somewhere on your hard drive. You make some changes and then click on Save. Well UAC WON'T let you save it. Access is denied and it won't allow you to override it. So you have to name the .txt file to something different to be able to save it. Then erase the old one and rename the new one (if you choose). What a pain.

Also, there are many programs that you can try to delete that it won't allow you to. Again, won't even give you the allow or cancel. It will automatically state you are not authorized. Even if you take ownership and full control of the file. And this isn't important system files, these are harmless files you downloaded. For example, I downloaded a ZIP file and placed it in my AOL Downloads directory (dont' worry I don't use AOL anymore, I just got used to saving all my downloads there). After I extracted all the contents of the zip file, I went to delete it and UAC wouldn't let me do it. Automatically just told me that access was denied, with no way around it.

Also, lets say you go to your Program Files and go to your mIRC directory (just for example) and you right click on mIRC.exe and choose "Create Shortcut". UAC won't let you. It will tell you that a shortcut can't be placed there. So you'll have to send the shortcut to somewhere else, like your desktop instead!

So there are quite a few issues with UAC beyond it just being annoying with continue or cancel. I personally disabled it because of the other limitations it puts on me where I can't get around them.
whiterabbit007
Reply #34 Wednesday, February 21, 2007 9:13 PM
First - UAC is retarded. I'm sorry but it just is. This is a perfect example of MS taking their sweet time to do something that should've been done years ago, and when they finally do it they don't think things through and screw it up. If somebody could modify it to actually function in a useful manner, I'd welcome it although it really should be taken care of by MS, which brings my to my second point...

We'll be waiting till the cows come home for MS to change the UAC, and when they (the cows) do, MS will say that cows pose a security risk and leave the UAC as is.

Emily
Reply #35 Wednesday, February 21, 2007 9:15 PM
I dont know what I was thinking....I thought stardock was a graphic/toy software website...I didnt know they were up there with the big boys designing operating systems and all. Ms is more then capable of fixing there own os. the problem is everyone wants better security... ms gives it to them and then everyone thinks they can make it better. maybe stardock should try and design a better os but I wont hold my breath for that one. To sum it up...I HAVE A .DREAM......MY VISTA WILL RUN STARDOCK FREE.


Well no one blames you for being clueless then. After all, it would take several seconds to go to the stardock home page and click on the products button.

Yes, DesktopX enterprise, KeepSafe, Multiplicity Pro.

And I can see how someone of your...intelligence...would have a hard time grasping that the same people who already blend their stuff into the OS might also have a head start on how to make the user account control remember what you've selected.

Would UAC remembering what programs have been given permission previously be an improvement? I say yes. Does Stardock have a history of being able to integrate into the operating system? Yes.

But please, Sixx21, show us how smart you are with your flippant remarks. Ooh. You make me so hot with your clever burns. You're a real hero.

WebGizmos
Reply #36 Wednesday, February 21, 2007 9:33 PM
Brad....if you can develop something that will give people a choice to turn it off, leave it on or modify it to they're liking...I'd say by all means go for it!
ZubaZ
Reply #37 Wednesday, February 21, 2007 9:42 PM
Stardock is one of the few companies I would trust to do it right.  Can you reuse any of the NeverTrust code? 
Sylpheed
Reply #38 Wednesday, February 21, 2007 10:11 PM
When i first installed Vista, and when the first time the UAC thingy pops up.. i was in utter disgust... "what do you mean i don't have permission.. i'm the admin!!"

UAC to me is complete annoyance 10 out of 10, being a home user, i turned it off immediately. I think UAC should be an option for the installer to choose when installing vista. Not left for the user to deactivate it after installing it.

I don't think stardock should be fixing UAC also, it's MS's toy, they should be the ones fixing UAC. Stardock.. just focus on bringing out desktop X 3.5 can't wait for the gadgets to come out.. make the best premium gadgets there are out there. That'll be the best. I'd love to see a fully IM gadget. Something like trillian where it runs MSN , ICQ, Yahoo, AIM but it's a gadget. Now that'll be awesome.
JRSCCivic98
Reply #39 Wednesday, February 21, 2007 10:38 PM
I have a better idea. How about MS treat software installs or program running without UAC much like web browsers tread secure sites with SSL. The PC has a list of Root Certificates that it knows are "proven good". Others will cause a prompt that it's not a "certified certificate". The UAC can act the same way. Software vendors have to deal with MS anyway when it comes to compatability dev tools for each OS... well, those same companies can turn arround and hand MS a checksum of the software once complete. MS turns around and updates those root UAC libraries on "patch Tuesday". Driver manufactures already have to kinda do this in order to get the MS Digital Signature "status". The UAC part of this wouldn't be any different. As a matter of fact, Vista 64bit DOES NOT ALLOW any non MS certified drivers to install.

Yes, it is that simple.
Hapkido
Reply #40 Wednesday, February 21, 2007 10:43 PM
Being a Systems Admin and Consultant I have had the distinct displeasure of having to fix machines which have been totally screwed up due to user error, e.g., no antivirus and/or antispyware apps installed. And the #1 problem is people downloading brain-dead apps via P2P programs, ad nauseam. UAC might have been a good idea to protect such people from themselves, but there are serious issues on both sides of the equation, IMHO. Since the user can simply click "OK" or "Continue" whenever a dialog pops up, the potential protection UAC is supposed to provide is basically circumvented; again by user error. On the other side, if the UAC took full control without any ability to "Continue", then who would decide which action and/or application should be allowed?

I do applaud MS for making an attempt to diminish user error problems, but UAC doesn't appear to be the solution. As long as a human being is involved in the process, there are going to be problems. Personally, after putting up with the UAC for a week, I turned it off. If after all these years of working on and with PC's and having top-shelf antivirus and antispyware installed and consequently have never been infected or hacked, if I get "bit"... it's going to be my own stupidity that does it.

Oh yeh... should Stardock or any 3rd-party company mess with the UAC? I am agin it 100%. If a company can modify it, then the miscreants can also by-pass it. So what would be the advantage in that?

Please login to comment and/or vote for this skin.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

  • Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
  • Access to a great community, with a massive database of many, many areas of interest.
  • Access to contests & subscription offers like exclusive emails.
  • It's simple, and FREE!



web-wc01