Microsoft: Vista feature designed to 'annoy users'

By Tom Espiner
Special to CNET News.com Published: April 11, 2008 11:38 AM PDT

Tools

Related Stories: RSA 2008: Blanketing security
April 11, 2008
Related Blogs: Get your hands on Vista SP1
The Daily Download
March 18, 2008; Is Vista prettier in pink?
Beyond Binary
March 28, 2008; Nvidia to blame for many early Vista crashes
Beyond Binary
March 28, 2008

SAN FRANCISCO--A Microsoft manager has said that one of the security features in Vista was deliberately designed to "annoy users" to put pressure on third-party software makers to make their applications more secure.

David Cross, a product unit manager at Microsoft, was the group program manager in charge of designing User Account Control (UAC), which, when activated, requires people to run Vista in standard user mode rather than having administrator privileges, and offers a prompt if they try to install a program.

"The reason we put UAC into the (Vista) platform was to annoy users--I'm serious," said Cross, speaking at the RSA Conference here Thursday. "Most users had administrator privileges on previous Windows systems and most applications needed administrator privileges to install or run."

Cross claimed that annoying users had been part of a Microsoft strategy to force independent software vendors (ISVs) to make their code more secure, as insecure code would trigger a prompt, discouraging users from executing the code.

"We needed to change the ecosystem," said Cross. "UAC is changing the ISV ecosystem; applications are getting more secure. This was our target--to change the ecosystem. The fact is that there are fewer applications causing prompts. Eighty percent of the prompts were caused by 10 apps, some from ISVs and some from Microsoft. Sixty-six percent of sessions now have no prompts," said Cross.

Cross claimed it is a myth that users just turn UAC off, saying that Microsoft had collected opt-in information from users that showed that 88 percent were running UAC. Cross said it was also a myth that users blindly accept prompts without reading them.

"It's a myth that users click 'yes,' 'yes,' 'yes,' 'yes,'" said Cross. "Seven percent of all prompts are canceled. Users are not just saying 'yes.'"

Security company Kaspersky has severely criticized UAC, claiming in March last year that it would make Vista less secure than Windows XP.

At this year's RSA Conference, however, the security specialist seemed to have changed its tune. With Windows, "there is a large attack surface with a number of entry points," said Jeff Aliber, Kaspersky's U.S. senior director of product marketing. "Anyone trying to shrink that attack surface and promote secure apps development has to be a good thing."

Prior to the launch of Vista, Kaspersky issued a report in January 2007 that said UAC would be ineffectual. The company claimed that many applications perform harmless actions that, in a security context, can appear to be malicious. As UAC flashes up a warning every time such an action is performed, Kaspersky said that users would be forced to either blindly ignore the warning and allow the action to be performed or disable the feature to stop themselves from going "crazy."

Tom Espiner of ZDNet UK reported from San Francisco.

Click here for more stories on RSA 2008.

More from News.com on this story's topics: RSA Conference
RSS feed; Security
Create an email alert | RSS feed; Windows Vista
Create an email alert | RSS feed; Microsoft
Create an email alert | RSS feed

See more CNET content tagged:
prompt, ISV, secure, myth, ecosystem

81 comments (Page 1 of 4)

It works!
by robbtuck April 11, 2008 12:22 PM PDT: The first thing I do is turn off UAC! I think people blame Microsoft for the inconvenience, not ISV's - all they know is that Vista is bugging them. Over time, I'm sure most people just start clicking Yes without thinking - have you ever watched users? The "seven percent" comment doesn't make sense to me - doesn't that mean 93% of people just click Yes?; Reply to this comment View all 3 replies
Processing

Users are the pawns
by rmva April 11, 2008 12:27 PM PDT: Talk about unintended consequences! The only way Microsoft can get software vendors to stop writing apps that have to 'run as administrator' is to put pressure on users. The EU told ISVs they could effectively ignore anything coming from Redmond. Nellie made Joe User the pawn in Microsoft's effort to tighten its OS security. Gotta love that lady! Next time you see her, give her a big juicy kiss for me.; Reply to this comment

Turning off UAC is like Turning off a good Firewall
by Tergon April 11, 2008 12:35 PM PDT: Turning off UAC is like Turning off a good Firewall because its prompts are stopping you from watching Porn with a dangerous Codec. Look UAC (for the most part) is a slight annoyance. Personally I rather having to approve code, I want to run, to run than to have what ever code wants to do what ever it wants to whenever it wants to because I'm running my XP laptop as a Domain Administrator. Sure I hear that little ding the screen goes black and nothing happens until I alt-tab around to find the UAC Prompt. Sure the Prompt looks different depending on what kind of operation the Prog wants to do. But if I want stop "johnny's new Trojan Horse" from running regedit in the background by being told "Hey 1d10t!!! Johnny Beuatiful Pony is trying to turn you into a zombie." than a quick click on a randomly placed (so as not to be easliy clicked through or even, heaven forbid auto clicked by the Trojan) Prompt I ain't got no problem with it. It goes without saying but this post is IMHOO; Reply to this comment View reply
Processing

Spinning Wheel
by ppgreat April 11, 2008 1:30 PM PDT: So, it's OK to "annoy" your customers to get your way?? I'm all for added security, don't get me wrong, but putting the onus on users to facilitate change? Why not just use the 800 lb. gorilla tactic and tell the ISVs that you won't run their software in Vista until they get their act together, security-wise? Again, it's nice to be the monopoly. How much more abuse are Windows users supposed to take????; Reply to this comment View reply
Processing

Microsoft spying???
by wango2007 April 11, 2008 1:58 PM PDT: "Seven percent of all prompts are canceled. Users are not just saying 'yes.'" How do they know this? Who gave them permission to spy on people like this?; Reply to this comment View all 2 replies
Processing

Bunch of tools and frocking dropouts...
by colamix April 11, 2008 4:03 PM PDT: Here's an idea, let's annoy the heck out of our customers so they, in turn, will complain to our ISVs. Meanwhile Vista has taken the Millennium route due to lost productivity and more MS haters than ever before. Steve, you're my hero; Reply to this comment

Stories like this make me glad I bought a Mac...
by dillholio April 11, 2008 8:08 PM PDT: Early grumblings about UAC & across the board user dissatisfaction with Vista's incompatibility with various hardware & software was the reason I switched to Mac after years of being a PC user. I don't think I will ever spend any serious money on a PC ever again. If I do, I'll load Ubuntu on it. So a big thanks goes out to Microsoft -- I had been on the fence about switching over for several years, but without the threat of a Vista machine upgrade, I never would have taken the plunge. It's worth putting up with a bunch of snooty Mac fanboys just to not have to deal with this kind of garbage.; Reply to this comment View reply
Processing

ShippingSeven
by Mugunth April 12, 2008 2:44 AM PDT: Is this blog from ShippingSeven, the mysterious Windows 7 developer corroborates this??? http://shippingseven.blogspot.com/2008/04/okso.html; Reply to this comment

How is it a myth?
by balkce April 12, 2008 4:17 AM PDT: "It's a myth that users click 'yes,' 'yes,' 'yes,' 'yes,'" said Cross. "Seven percent of all prompts are canceled. Users are not just saying 'yes.'" Doesn't that mean that 93% of the prompts are being accepted... meaning saying 'yes'? How is it a myth then?; Reply to this comment

I payed big bucks to be annoyed!
by Ted Miller April 12, 2008 5:19 AM PDT: And annoyed I am! I sure got my annoyence dollars worth here. I am a Microsoft user and something of an IT guy here at my job. I use XP at work and Vista at home. The company has already decided to use Linux on their ITX computers that are embedded into machines for the bio research industry (Yup they used to use Microsoft), and are recoding all software from C++ to Java (Yup, we are having great success with Java for running machines). Why did I say this? Well this means a beginning of business lost from Microsoft for letting us down. It was not because Linux and Java are free, Its because Microsft is letting us down BIG time! I liked Microsoft, I really did, but boy did you let me down in a god awful way with your "strong arm bulling ways". And now the truth come out that you RIPPED me off, and I am nolonger just annoyed I am very angry. If big business can find the backbone to take the lead towards Linux I will soon follow. I will with out fail DeMicrosoft all my computers. By the way, the "zipping and unzipping" of files in Vista taking such a long time, was that ment to annoy me also? As a matter of fact the GUIless (Well partial GUI)defragmentation not showing details, was that supposed to annoy me also? Oh wait a minute, just one more thing all those applications like OCR programs that worked excellant in XP, but not Vista, was that supposed to annoy me also? Oh for crying out load, Just one more thing, All that money I spent to get the 2.3 rated Vista computer to a 5.9 rating, was that supposed to annoy me also? Oh man, I am trying to finish this and just relized one more annoying thing, and that is, in the end, are you going to leave me hanging, like you hung all the Windows ME users (Me as one of them)by rushing out Windows 7 next year? You fooled me twice and shame on me for being a devoted fan of yours, and for being stupid enough to be still one. Boy do I really suck.; Reply to this comment View reply
Processing

1 | 2 | 3 | 4 | Next 10 Comments >>

RSS Feeds: Add headlines from CNET News.com to your homepage or feedreader.; Google; Yahoo; MSN; More feeds available in our RSS feed index.

Today's Top Stories: Microsoft fixes holes in Windows, Word, Publisher; HP to acquire EDS for $13.9 billion; Online satirist becomes test case for paid content; In a crowded market, Wetpaint's colors look solid; Yahoo shareholder bows out of proxy battle

Most Popular Stories: Nintendo launches WiiWare with six games; Welcome to the social mess?; XP update throws some for a loop; HP in talks to buy EDS; Photos: Top 10 reviews of the week

Resource center from News.com sponsors

Aligning CIO & CEO visions

What CIOs need to know

It's a simple truth. The closer you and your CEO see things, the greater your chance for success. Our exclusive report can help you get there—and help your business grow. Get the report featuring the views of 765 CEOs on innovation. learn more

What CEOs think: Innovation Insights for CIOs

Learn How CIOs can deliver strategic success for their enterprises

The New CIO: Beyond Technology

Learn how CIOs become heroes

"Change Catalyst: How Technology Innovations Transformed the Entertainment Business."

Learn about the impact of technology in strategy execution

The future of the Enterprise

Microsoft: Vista feature designed to 'annoy users'

RSA Conference

Security

Windows Vista

Microsoft

Report offensive content:

E-mail this comment to a friend.