Should Stardock fix Microsoft's UAC?

User Account Control on Vista discussion

Wednesday, February 21, 2007 by Frogboy | Discussion: WinCustomize News

In a new Macintosh advertisement, the PC has what looks like a body guard who keeps interupting the conversation with the Mac in the name of  "security".  The feature Apple is making fun of is called the User Account Control.

The idea behind UAC is to protect users from malicious software and other content that could affect the stability and integrity of the user's computer.  But many users have expressed utter disdain for it. As a result, UAC ends up being disabled by users much to the chagrin of Microsoft.

But what if there was a different solution? What if third-parties were able to modify how UAC worked?

For example, imagine the UAC remembering what users had given it permission to previously? Right now, every time I open up Stardock Central, I'm prompted by UAC. Very annoying.  What if after I selected "continue" it saved Stardock Central and its checksum such that it wouldn't come up again for that program as long as it was unchanged?

Another example would be after I select continue on the UAC, the account remains in an elevated state for say 5 minutes (or some user-defined time) so that anything else that needs UAC would automatically be passed.

I think just these two changes would significantly improve the usability of UAC to the point where most of the complaints would go away.

And I think these kinds of changes are absolutely necessary because, right now, users are just turning it off completely which is definitely not a good thing. You should definitely not turn off UAC but it is very understandable how annoying its current implementation can tend to be.

Microsoft has stated that any attempt to alter the functionality of UAC would be considered a security violation that would be dealt with accordingly. It's scary sounding stuff.  But if the alternative is that millions simply turn off this functionality or the bad reputation of UAC slows migration to Windows Vista then what's the best path? 

Which brings us back, should third-parties like Stardock step in and fix UAC on their own?  Or should the user base wait and hope that Microsoft enhances the UAC experience?

 

First Previous Page 5 of 5 Next Last
arteekay
Reply #81 Friday, February 23, 2007 10:28 PM

What you are saying is make the UAC like Windows Firewall right? I think it is the dumbest thing ever invented.

People don't need UAC if the firewall and Windows spyware/malware tool is not good enough then screw it. UAC is total useless. Suppose to stop viruses but it really just pissed off people.

Microsoft UAC is just another thing to tick off users like downloading a WGA update every time you need to download software from Microsoft isn't enough!


No, UAC is nothing like Windows Firewall, it's not an antivirus tool and it's got nothing to do with anti-piracy efforts.

You need to do a little more research before commenting publicly.
TheBlackWatch
Reply #82 Saturday, February 24, 2007 1:09 AM


By inserting user responsibility for potentially damaging actions into the equation MS can be removed from total/sole culpability if/when something goes belly-up.

Think response...."You idiot...you disabled the inherent protection/advice?"

It's intended to REMIND the casual user that what he says 'yes' to is potentially damaging....and to self-educate.



So why do you need to fix it ??

I see it like this ..

frogboy dislikes the UAC alarm when opening SD Central , AHH !! we'll fix UAC so our program doesn't raise the alarm .
Maybe your programming needs to be looked and not the UAC

Nice One
Frogboy
Reply #83 Saturday, February 24, 2007 11:33 PM

What I don't like is constantly having to hit Continue when doing things on my computer.

If the bloody thing just remembered programs (store a checksum to be safe) that the user had already said "continue" I'd be happy.

But there are plenty of utilities and applications I run that keep seeming to bring it up.

frogboy dislikes the UAC alarm when opening SD Central , AHH !! we'll fix UAC so our program doesn't raise the alarm .
Maybe your programming needs to be looked and not the UAC

Right. Yes. It's us and half the other programs I'm running. It can't be that Microsoft's implementation of UAC is at fault.

Here's a reality check to the people who want to just pretend that everything is fine: People are turning it off. Look around. Look at the posts. People are turning it off. And the casual users who aren't? They're just learning to click continue without even thinking about it.

In short, UAC is worthless right now.

I'd prefer Microsoft to fix it, but if they don't fix it soon, someone else will OR people will just learn to turn it off.

Fuzzy Logic
Reply #84 Sunday, February 25, 2007 3:13 AM

People need to get their heads out of the sand. UAC is useless. It does work - of course it works, but it works in such a way as to make even normal daily functions almost impossible.

Unless or until Microsoft (or someone else) makes UAC useable mine will be staying permanently off.

Jan71
Reply #85 Sunday, February 25, 2007 8:54 AM
Again and again and again.

Please define normal daily functions ?
For me that means : surfing the web, do some office work, play a game, chat, ... .
Modding Windows is not part of my list "normal daily functions".
Installing programs is not part if this list neither, as it can be dangerous (virusses, trojan horses, ...).

Stardock Central is designed to change programs and settings on my hard drive. Windows by no means can know who initiated those requests (it can even be someone who should not have acces to your computer, for example your youngest sister ).
Each and every time UAC comes up on my screen, it is expected, what means I am changing something outside my personal space.

If you are the only one that has acces to your pc, and you have proper firewall and antivirus, and you feel you are bugged by UAC, by all means, turn it off.
(But I wished I could turn it on on my fathers XP machine . Every family visit I end up cleaning out the mess he made).

I DO agree that this means developers need to change their habits and need to re-educate themselves, and that this is a big burden on them.
So Brad should take a closer look for why each time we try to use Stardock Central, it wakes up UAC, and change it. It is not Microsofts task. Microsoft however should give better information what rules to follow to 3rd party developers like Stardock ... .
Before Vista, EVERY program (including viruses) and every user had full administrative rights on the PC. This has changed. And as with any change, people are not happy.
But this is nothing new, Unix systems are doing it for years.

Microsoft could refine it, for example explain a little bit more in detail what the program in question is trying to do, for example a box telling :
this program is trying to install itself,
or
this program is trying to adjust your modem dial out number,
that is a change that would be helpful and make it more acceptable for most.
kwyjibo
Reply #86 Sunday, February 25, 2007 9:31 AM
TweakUI is not by Stardock...
AndreasV
Reply #87 Sunday, February 25, 2007 11:38 AM
If your app doesn't work under a normal user account (not one with admin rights!), UAC will nag you if launch it under a UAC'd admin account. Make your apps work under normal user accounts and your set to go.
JcRabbit
Reply #88 Sunday, February 25, 2007 2:09 PM
Frogboy:
If the bloody thing just remembered programs (store a checksum to be safe) that the user had already said "continue" I'd be happy.


Microsoft's reasoning for not doing this is that if this was possible (and lets call it 'blessing an application') and the user blessed, say, the Command Prompt, then a malware application could in theory launch the Command Prompt (which would then run with admin privileges WITHOUT displaying a UAC prompt) and use it to lauch a copy of itself. Because privilege is inherited, the malware launched by the 'blessed' Command Prompt would in turn run with admin privileges and have full access to the whole system.

Even if I do understand the reasoning behind this, there are two things I would like to point out: first, how would the malware know which applications have been 'blessed' and which not, so it knows which ones to 'abuse'? Second, it's still the user's responsability to reply Yes or No to an UAC prompt. Why trust the user for this and not for 'blessing' applications, then?! Doesn't make sense to me.

Here's a reality check to the people who want to just pretend that everything is fine: People are turning it off. Look around. Look at the posts. People are turning it off.


Unfortunately we, software developers, still have to change our applications so they work with the minority(?) that doesn't turn the UAC off. No less burden there for us.

Jan71:
Please define normal daily functions ? For me that means : surfing the web, do some office work, play a game, chat, ...


How about drag & dropping stuff from one window to another? Would you not think of this as 'normal daily function'? It so happens that, as I previously stated, a by-product of the UAC is that you are NOT able to do this if the target application is running with higher privileges than the source application. And I could give you a hundred different examples of little things that are not working properly, or at all, because of the current UAC implementation.

Also, you are here because you like to play with customization software. Customization software is NOT a 'spreadsheet' or 'word processor' type of application. For customization software to work properly, it needs to do things that normal applications do not. So, how would you like if, in the name of security, suddenly all you would be able to run were 'word processing' type of applications?

Microsoft however should give better information what rules to follow to 3rd party developers like Stardock


Agreed 100%. The current lack of information on the part of Microsoft on how to get around these limitations is appalling!

Microsoft could refine it, for example explain a little bit more in detail what the program in question is trying to do, for example a box telling : this program is trying to install itself, or this program is trying to adjust your modem dial out number, that is a change that would be helpful and make it more acceptable for most.


Altough apparently a good idea, because it is up to the application itself to request an elevation of privilege (unless it has 'setup', 'install', etc..., in the filename, in which case Windows will automatically assume it needs admin privileges to install *something*), Windows has no way of knowing what an application requiring admin privileges wants them for. If an application does not explicitily request an elevation of privilege via its manifest, then no UAC prompt will be displayed, the application will run with normal privileges and any function it calls that requires admin privileges will fail. It would thus be up to the applications themselves to give Windows the reason WHY they need to be elevated, not to the OS itself.
brieaux
Reply #89 Sunday, February 25, 2007 8:52 PM
For those of us who are power users & have no one else using our systems.....we really don't need it turned on. I would turn mine on if Stardock stepped in and fixed it. Now can someone do something about the security alert telling me I've turned it off without me turning off my security alerts all together lol. Also the Mac commercial is pretty funny.
UniversalCynic
Reply #90 Monday, February 26, 2007 11:32 PM
Maybe Microsoft can copy the way ZoneAlarm did with their OS Firewall function in ZoneAlarm Internet Security Suite. It remembers your choice. Furthermore, if some software really require bypass, you can set it to ignore that particular application - kind of give it a superuser privilige. If you are not sure, then it can also check with some kind of online database for some default options. Really cool. I allow all those that need privilege and still get informed when some malicious stuff try to write to the OS.
I think it's just better if MS buys off ZoneAlarm, and integrate the whole stuff: you get good firewall, good 'UAC' like implementation, plus spyware defence and some basic antivirus. If you can't integrate the code, at least integrate the design.
I turned off UAC and now wait for maybe ZoneAlarm to update for Vista.
UniversalCynic
Reply #91 Monday, February 26, 2007 11:33 PM
The things is.. this UAC actually copies the way Ubuntu implements it... or maybe Ubuntu copied the idea.. I'm not sure. But it does reminds me of my Ubuntu desktop..
Frogboy
Reply #92 Friday, March 2, 2007 1:10 AM

If your app doesn't work under a normal user account (not one with admin rights!), UAC will nag you if launch it under a UAC'd admin account. Make your apps work under normal user accounts and your set to go.

Not if Microsoft has hard-coded into the UAC that SDCentral.exe is an installer and should be flagged. There's nothing we can do on our end to make UAC not come up.  Is that intelligent behavior on Microsoft's part?

Please login to comment and/or vote for this skin.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

  • Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
  • Access to a great community, with a massive database of many, many areas of interest.
  • Access to contests & subscription offers like exclusive emails.
  • It's simple, and FREE!



web-wc01