Win7 reviewer clueless about User Account Control

Fri, 01/09/2009 - 15:43 — pilotbob

As I have been considering moving my XP machine to Windows 7 I have been reading various reviews. I came across this one from PC World written by Robert Strohmeyer.

As you may or may not know User Account Control (UAC) in Vista is a feature that allows the logged in user to elevate to administrator to perform various operations which might require it. The author of the review was discussing the additional option added to the Win7 UAC control. However, he disparages UAC with the following comment:

"I won't win many allies by saying this, but the setting I was hoping to see added to this list is an option to require a password when programs try to make changes, which would add a level of actual security to UAC: Any fool with access to your computer can click Continue, but requiring an admin password would add a meaningful level of security. This missing feature is standard on more-secure operating systems such as Linux, and it would be a worthwhile..."

What this reviewer apparently doesn't know is that if you are already running with the admistrator account The UAC does not prompt for the administrator password. This is because you are already running as administrator, something you should not do in your day to day use of Vista.

However, if you use a regular user account the elevation does require the administartor password be entered. This is basically the same way those "other" operating systems work. You don't see most Linux or OS x people running as "root".

OS X actually does prompt you for the admin account password even if you are running as admin. However, you never see this prompt except in some rare cases when you are adding an application that needs to hook into the system in some way. Usually most apps are installed in user level folders.

I do agree that prompting for admin password even when running as admin as an option would be nice, but I doubt most people would enable it.

So, I will take this own reviewers words and say, they shouldn't let any fool write a review. Or maybe he isn't a fool and just expressed himself incorrectly. I guess I'll give him some benefit of the doubt. But, when I see these types of mistakes in a review it makes me want to discount the entire content. Just as I don't take much stock in the non sensational articles in the Enquirer due to the Alien Baby type pieces.

Add new comment

Comments

Fri, 01/09/2009 - 16:40 — Greg Hughes (not verified)

UAC on Windows 7

I like the UAC improvements in the Windows 7 beta. I'd like to see the default behavior be (at least as an option) to challenge even the administrative user for an interactive software installation. You can apply permissions to allow an account to perform actions without interruption via group or local policy, as I recall, so there's simple ways to override. But you are correct that if one runs as an admin, one won't see the behavior described. I just hope that it can be made more granular and a little tighter, especially since there are so many users that already run as admin and probably will in the future until the IT world wakes up and cares more about real security controls, and until the changes can be made without expensive side effects on apps and environments. Unfortunately that's where we are, so a little more control in that common scenario would be appropriate.

Tue, 12/29/2009 - 12:08 — dido (not verified)

Very good post, thanks a

Very good post, thanks a lot.

No Long Days