This is what Peter Watson, Microsoft’s chief security advisor for Australia said recently:
There has been a lot of misunderstanding in the market around User Account Control (UAC) and how the function actually works. If you look at it from an architectural direction, User Account Control is a great idea and strategically a direction that all operating systems and all technologies should be heading down.
What he does not realize is that UAC is a bad implementation of technology around way before Windows Vista. Way before, like from 1980! What UAC really is Sudo, a program for Linux and Unix-like systems that allows a user to run a program with full security privileges. Sudo was written by Bob Coggeshall and Cliff Spencer in 1980 at the Department of Computer Science at SUNY/Buffalo. Five years before Windows 1.0 was even released. Linux and Mac OS have had this for ages, even graphical prompts similar to the UAC prompt have existed as programs like gksudo on Linux.
That did not stop Microsoft from patenting the idea in 2000.
Not only is UAC not Microsoft’s idea, they couldn’t even do it right. Microsoft requires that even an “administrator” user see UAC prompts even though they have full privileges on the system. In addition, UAC is triggered way to often, in situations that should not require elevated privileges. This is caused by poorly written software doing things it should not. The outcome is irritation, when routine tasks require confirmation this teaches users to ignore the prompt and just click allow. But the worst part is that users will think they are more secure because of UAC, when really they are more at risk.
This is what Microsoft needs to do:
- Have users run with limited security privileges by default.
- Encourage developers to write software that rarely needs elevated privileges.
- Only show UAC prompts to users without the proper privileges to do the task.
- Stop claiming this was their idea!
Once Microsoft gets UAC right, security in Window will improve. The right way is the way Linux, Unix, and Mac OS have been doing it for years.