How Microsoft can fix UAC

Alex Eckelberry wrote a good post today reacting to a Microsoft white paper on misunderstood features in Windows Vista. I especially liked his comments on UAC:

UAC could certainly have been handled better. It does something the security industry has been well aware of for a long time — it creates the “cry wolf” problem of popup fatigue (people turn off or ignore the popups after awhile). Vista is more secure than XP, despite what others might say, but it still gets infected. Since over 80% of all infections are based on social engineering, the popups should focus on that weak point. If UAC targeted the key areas where people run into trouble (as opposed to harrasing the user on inane actions), it would be far more helpful and potentially make a really significant impact on infection rates.

Exactly right. A little over two years ago, when Vista was still in beta testing, I had some suggestions for Microsoft on how to improve the UAC experience. I’ve updated those thoughts in my latest post over at ZDNet:

Dear Microsoft: Please get UAC right this time

For what it’s worth, I didn’t see a single UAC prompt in Julie Larson-Green’s demo at D6 earlier this week (overshadowed somewhat by Ballmer and Gates) of multi-touch technology running on Windows 7.

One thought on “How Microsoft can fix UAC

  1. “didn’t see a single UAC prompt”
    Sounds good to me! hopefully they didn’t disable it in order to make a nicer presentation

Comments are closed.