Home > Blogs > The Security Provision versus the Status Symbol

The Security Provision versus the Status Symbol

When Microsoft first demonstrated User Account Control to me last year, I took it as the first genuine indication that Microsoft treated the complaints of thousands of prominent Windows users, including myself, very seriously.  But judging from how many users appear to be willing to turn off this function, I'm learning there's a social angle to this problem that neither Microsoft or I fully took into account.

When Microsoft first demonstrated User Account Control to me last year, I took it as the first genuine indication that Microsoft treated the complaints of thousands of prominent Windows users, including myself, very seriously.  I was genuinely pleased, after having fully expected that the company wouldn't really have paid serious attention to what we had been saying.

At a pair of COMDEX panels I had chaired in 2000 and 2001 entitled "Security at the Developer Level," developers outside Microsoft - including at Zone Labs, Xtime, CA, and Intel - all came to the conclusion that anything third parties could do out here in the trenches to patch up Windows security on the battlefield, couldn't possibly go very far to the gaping hole in the front gate left by Microsoft.  The essential problem, people on the panel and attendees in the chairs were saying, was that an account could be commandeered by someone or something on the outside, and that account would have privileges it should not have.

People need to be able to use their computer.  But in a networked environment, a person within a computer is represented by an account.  And an entity that requests resources of that computer is also represented by an account, and that in a nutshell is the problem.  Microsoft's default state of affairs, nearly everyone said (those who weren't speaking were either on the phone or playing on their PowerBooks) had been to give everyone (every account) the keys to the kingdom; for security to work, those keys need to be able to fail by default.

So User Account Control made sense to me.  The idea was simply to deny privilege by default - which is what we asked for - but to have the human being do something that only a human being could do (by shutting off everything an automatic process could do), before the human being tries to do something privileged.  That seems a sensible way to proceed.

What it has become, I'm learning from listening to the complaints of users, is a sad symbol of the atrocity of the gaping security hole that used to be there in Windows.  It is a constant reminder, with its "Cancel" or "Continue" or administrator password "over-the-shoulder" prompts, that you the user are not trusted as a regular state of affairs.  And people don't like not being trusted.  They see the prompt as a personal confrontation, an affront to their status.  Both everyday users and admins are turning off UAC in order to avoid the confrontation.  Between being vulnerable and being nagged all the time, the latter would appear to be the greater nuisance.

Being capable of using a computer well is a skill that its best practitioners like to flaunt.  Certification is becoming as socially important as a degree or as a really pretty girlfriend.  For everyday users, the computer alone is a confrontational device.  It is simultaneously a convenience and a nuisance.  Not even the computer or software books published today are as soothing and confidence-inspiring as the first "For Dummies" and "Complete Idiot's Guides" of the '90s.  Being able to master the simple task of uninstalling software so that it stays gone, is a feat worthy of respect.  Not being trusted to set your own background colors, in today's workplace where employees fight for every scrap of respect they can get, is like being told your mother is ugly or that your truck has the wrong size of tires.

User Account Control did little - much less than I realized at first - to address the social ramifications of appearing to distrust the user.  If there is any more dangerous thing than a malicious user who's just appropriated the latest zero-day exploit from a security engineer's Web site, it's ten thousand everyday users being told they can't delete their own Web browser's history caches.  People don't like being "standard users."  And for the next five years, or however long Windows Vista is a part of our lives, Microsoft will have to find a new way to respond to this even greater dilemma.

FOR MORE:  BetaNews: Microsoft Endorses a Product that Turns Off Vista UAC Nags InformIT Windows Server Reference Guide:  User Account Control: The Trend Toward Lockdown

Become an InformIT Member

Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.