Vista: Annoying by Design (It’s Official)
April 14, 2008
As reported by ChannelWeb here:
The User Account Control in Windows Vista improves security by reducing application privileges from administrative to standard levels, but UAC has been widely criticized for the nagging alerts it generates. According to one Microsoft executive, the annoyance factor was actually part of the plan.
In a Thursday presentation at RSA 2008 in San Francisco, David Cross, a product unit manager at Microsoft who was part of the team that developed UAC, admitted that Microsoft’s strategy with UAC was to irritate users and ISVs in order to get them to change their behavior.
“The reason we put UAC into the platform was to annoy users. I’m serious,” said Cross.
Microsoft not only wanted to get users to stop running as administrators, which exacerbates the effects of attacks, but also wanted to convince ISVs to stop building applications that require administrative privileges to install and run, Cross explained.
“We needed to change the ecosystem, and we needed a heavy hammer to do it,” Cross said.
In other words, Windows users and their bad habits are the source of all the security risks. The lot of them need teaching a lesson how to behave and programmers are no better.
How about building an inherently more secure operating system? Or designing an OS with a well designed interface that encourages good behaviour without punishing users?
