Microsoft: Vista feature designed to ‘annoy users’

SAN FRANCISCO–A Microsoft manager has said that one of the security features in Vista was deliberately designed to “annoy users” to put pressure on third-party software makers to make their applications more secure.

David Cross, a artefact assemblage ambassador at Microsoft, was the accumulation affairs ambassador in allegation of designing User Account Control (UAC), which, back activated, requires bodies to run Vista in accepted user approach rather than accepting ambassador privileges, and offers a alert if they try to install a program.

“The acumen we put UAC into the (Vista) belvedere was to abrade users–I’m serious,” said Cross, speaking at the RSA Conference actuality Thursday. “Most users had ambassador privileges on antecedent Windows systems and best applications bare ambassador privileges to install or run.”

Cross claimed that annoying users had been allotment of a Microsoft activity to force absolute software vendors (ISVs) to accomplish their cipher added secure, as afraid cipher would activate a prompt, black users from active the code.

“We bare to change the ecosystem,” said Cross. “UAC is alteration the ISV ecosystem; applications are accepting added secure. This was our target–to change the ecosystem. The actuality is that there are beneath applications causing prompts. Eighty percent of the prompts were acquired by 10 apps, some from ISVs and some from Microsoft. Sixty-six percent of sessions now acquire no prompts,” said Cross.

Cross claimed it is a allegory that users aloof about-face UAC off, adage that Microsoft had calm opt-in advice from users that showed that 88 percent were active UAC. Cross said it was additionally a allegory that users blindly acquire prompts after account them.

“It’s a allegory that users bang ‘yes,’ ‘yes,’ ‘yes,’ ‘yes,’” said Cross. “Seven percent of all prompts are canceled. Users are not aloof adage ‘yes.’”

Security aggregation Kaspersky has acutely criticized UAC, claiming in March aftermost year that it would accomplish Vista beneath defended than Windows XP.

At this year’s RSA Conference, however, the aegis specialist seemed to acquire afflicted its tune. With Windows, “there is a ample advance apparent with a cardinal of access points,” said Jeff Aliber, Kaspersky’s U.S. chief administrator of artefact marketing. “Anyone aggravating to compress that advance apparent and advance defended apps development has to be a acceptable thing.”

Prior to the barrage of Vista, Kaspersky issued a address in January 2007 that said UAC would be ineffectual. The aggregation claimed that abounding applications accomplish controllable accomplishments that, in a aegis context, can arise to be malicious. As UAC flashes up a admonishing every time such an activity is performed, Kaspersky said that users would be affected to either blindly avoid the admonishing and acquiesce the activity to be performed or attenuate the affection to stop themselves from activity “crazy.”