h1

Vista: Confusion, alarm and annoyance all rolled into one

May 14, 2007

Vista busy cursor Returning from a three week holiday in the Far East I discovered Vista had acquired a new annoying behaviour. On a reboot, a message appeared to the effect that some start up programs had been blocked and an associated icon appeared in the notification area of the taskbar, by its very presence demanding I take some action. My first thought was that my PC had been infected with a virus or some spyware. Maybe the kids had been visiting unsafe websites while I was away? Surely not.

Clicking the icon brought up a window titled to suggest it was related to Windows Defender, Vista’s built-in anti-spyware application, reinforcing the notion that some spyware had been detected. There was an option to run blocked programs, the only one so listed being Adobe Update Manager of all things.

I was not aware of any new Adobe programs having been installed – the Acrobat Reader came pre-installed and I had added Photoshop and Premiere weeks before my holiday. Why was this message only appearing now? An impostor program masquerading as an Adobe application?

I was starting to get quite worried.

The answer has everything to do with our old friend User Account Control (UAC), and nothing to do with Windows Defender at all.

As I’ve already covered, UAC is there to provide a challenge to applications which ask to run with administrator privileges. If you know you started up a known safe application then you can give permission for it to run when confronted with the UAC dialog box. If the dialog was unexpected then it suggests a rogue program or virus is trying to run.

But what about programs that are set up to run at reboot time, that need administrative access? They may be perfectly innocent, but as they run automatically all you would see is the UAC dialog popping up randomly during the startup process, not in response to any explicit action on your part. You might be tempted to suspect a virus or spyware had got into your system.

To help you avoid jumping to this wrong conclusion, Vista traps all startup programs that ask for administrator privileges and, at the completion of the reboot, invites you to run them explicitly. If you do then the familiar UAC box pops up, but this time you know this was triggered by your own actions. That is, it allows startup programs to be treated like applications you might launch explicitly, for UAC purposes. To avoid confusion and undue alarm. You see?

Except I don’t see. I was confused and caused undue alarm. At the time, Vista offered no explanation about why programs had been blocked or the underlying rationale. I only came to the conclusions set out here as the result of research off my own bat, having the benefit of being a reasonably well clued up Windows user and experienced Googler. The window titled “Windows Defender” set off alarm bells entirely inappropriately. A blunt message that some start up programs had been blocked, with no explanation of the reasoning or logic, just gave the impression my PC had been infected with a virus. The options box you see when clicking on the notification tray icon does not help at all. You see a list of start-up programs which are “permitted” or not yet classified. You get the option to remove or disable them, but not white-list them if you know they are innocent. So they just keep getting blocked every time you reboot. You get to experience confusion, alarm and annoyance all rolled into one.

Thankfully there are things you can do to effectively white-list a start up program. Some very helpful guidance here. Useful background explanation of UAC here from Microsoft. It shows they can look after the technically minded – shame they didn’t do more to help normal day to day users.

Advertisements

4 comments

  1. Just because it was your action that launched a program does not mean it’s safe. You might have downloaded an image which unbeknown to you contains a virus, double-click to view it and launch a malicious program that starts trying to install spyware, setting off UAC. In that scenario you might be surprised that viewing an image would set off a UAC warning, smell a rat and deny permission to run – thus averting a nasty infection. That’s the idea of it. You can whitelist programs you know are OK, so they won’t set UAC off again, but there is no convenient way to do it. See the first link in the final paragraph of the main post above.


  2. Why haven’t these UAC popups got a :”Don’t ask me again” option?.

    Similar to a firewall asking, you have the option to set it to always be accepted. This annoys me!. (Though I’ve just started with Vista.. maybe you don’t need this turned on.. the user should not be included in possible sources of threat. But then again..?)


  3. I guess many users who know what they’re doing and don’t need UAC anyway will turn it off. In all the time I’ve been using XP I can’t think of a time that anything went wrong where UAC would have made a difference.

    It is in principle a sound practice not to have admin privileges turned on the whole time, and Microsoft is attempting to mimic a similar policy in Mac OS X. I’ve not used OS X but we don’t hear people complaining about Mac’s equivalent of UAC. Maybe the implementation is less of a nuisance.


  4. UAC is a complete disaster because it’s Annoyance Level is high.

    Anyone with a passing familiarity with user interface design knows that if you make something so annoying people will hack it or shut it down outright then you shouldn’t have even made it in the first place.

    My opening Control Panel means I want to screw around with my system settings. I don’t need to grant myself permission to do that.

    I’m sure UAC has its uses in a corporate environment. For a Power home user, it’s a complete joke. What’s annoying, though, is that I would be very happy to have it run in the background to halt things I didn’t launch myself. But as far as I can tell, it’s an all-or-nothing bet. And so she’s off.



Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: