SAN FRANCISCO — A Microsoft manager has said that one of the security features in Vista was deliberately designed to “annoy users” to put pressure on third-party software makers to make their applications more secure.
David Cross, a product unit manager at Microsoft, was the group program manager in charge of designing User Account Control (UAC), which, when activated, requires people to run Vista in standard user mode rather than having administrator privileges, and offers a prompt if they try to install a program.
“The reason we put UAC into the (Vista) platform was to annoy users — I’m serious,” said Cross, speaking at the RSA Conference here Thursday. “Most users had administrator privileges on previous Windows systems and most applications needed administrator privileges to install or run.”
Cross claimed that annoying users had been part of a Microsoft strategy to force independent software vendors (ISVs) to make their code more secure, as insecure code would trigger a prompt, discouraging users from executing the code.
“We needed to change the ecosystem,” said Cross. “UAC is changing the ISV ecosystem; applications are getting more secure. This was our target — to change the ecosystem. The fact is that there are fewer applications causing prompts. Eighty percent of the prompts were caused by 10 apps, some from ISVs and some from Microsoft. Sixty-six percent of sessions now have no prompts,” said Cross.
Cross claimed it is a myth that users just turn UAC off, saying that Microsoft had collected opt-in information from users that showed that 88 percent were running UAC. Cross said it was also a myth that users blindly accept prompts without reading them.
“It’s a myth that users click ‘yes,’ ‘yes,’ ‘yes,’ ‘yes,'” said Cross. “Seven percent of all prompts are canceled. Users are not just saying ‘yes.'”
Security company Kaspersky has severely criticized UAC, claiming in March last year that it would make Vista less secure than Windows XP.
At this year’s RSA Conference, however, the security specialist seemed to have changed its tune. With Windows, “there is a large attack surface with a number of entry points,” said Jeff Aliber, Kaspersky‘s U.S. senior director of product marketing. “Anyone trying to shrink that attack surface and promote secure apps development has to be a good thing.”
Prior to the launch of Vista, Kaspersky issued a report in January 2007 that said UAC would be ineffectual. The company claimed that many applications perform harmless actions that, in a security context, can appear to be malicious. As UAC flashes up a warning every time such an action is performed, Kaspersky said that users would be forced to either blindly ignore the warning and allow the action to be performed or disable the feature to stop themselves from going “crazy.”
Tom Espiner of ZDNet UK reported from San Francisco.