Comments: Is UAC really broken in Windows 7? More importantly, does it make us less secure?

I hear you but I'm still groaning and sighing.

It's still a step back.

In addition to the switch user feature, one can also use the new PCSafeguard which is SteadyState built into Windows 7 gui:
http://www.istartedsomething.com/20081104/sandbox-users-with-windows-7-pc-safeguard/

This will build a kiosk-frozen user account that will drop all settings and data from a session. It's a cool feature that consumers can use in a home setting if they need to.

Posted by Susan at January 31, 2009 02:45 PM

Unfortunately you missed the point.

UAC's point was to annoy users into yelling a app developers into fixing their broken apps.

What's easier, fixing an app or adding a few lines of code to have an app elevate itself silently on startup all without annoying the majority of users (most of whom will never change any option from the default)

Posted by The Dave at January 31, 2009 05:51 PM

Let me see if I understand you correctly Dave. You want Windows to just elevate automatically without users knowing? Doesn't that defeat the purpose of UAC?

In Windows 7, Microsoft is giving you the opportunity to elevate without prompt for trusted applications which has been signed with Microsoft's certificate. This gives you the behaviour you want, while still asking for consent for 3rd party apps which you may or may not trust.

How would you expect the behaviour to work if you feel the current behaviour is incorrect?

Posted by Dana Epp at February 1, 2009 11:24 AM

The problem with pushing back on application vendors like Microsoft tried to do with UAC is that the application vendors generally have a better trust relationship with the end user than Microsoft do. Hence a lot of application vendor help desk staff say "disable UAC" to close the case in record time and add another point for the vendor's help desk KPIs.

The Windows 7 change in my mind simply highlights this harsh reality.

Posted by Chris Knight at February 3, 2009 04:10 AM

I agree with Dana here. Allowing poorly coded applications and low quality application developers to define the security of your network is a recipe for disaster. App vendors *may* well have a better trust relationship with the end user, but in no way does this make reducing the security on your network a valid option.

Posted by Hilton Travis at February 3, 2009 11:49 AM