Reader Comments

Soundsa that they are on the right time for Vista. I also wanna know when the Windows Media Player 11 beta for Xp will come (May 22?)

Thanks, just noticed my link waiting for me on connect. :) Downloading now at a mier 100kbs. Looks like the only server up is USA atm and its getting hammered.

want download vista

Very much looking forward to getting my hands on this. I've used a couple of the previous releases, and have liked what I've seen. Now looking forward to playing with this in anger, running some proper applications and leisure time stuff on it, and seeing how it really performs.

been looking forward to that beta. I've used the feb CTP for too long and want something fresh. I expect this beta to be the first that lets you use it as a full time OS.

Paul has criticized UAP in Windows Vista and feels it's "not a good user experience." He also alleges that UAP is done right in OS X and Linux. There have been several other criticisms of the way UAP has been implemented in vista (some are mentioned here: http://blogs.zdnet.com/Ou/index.php?p=209). While I don't disagree with any of them, I'd rather that instead of ridiculing it, they'd come up with suggestions to make it better. It makes me wonder if these people really have any idea of how it could have been done differently and in a less irritating manner. If they do and if they want users to have a good experience with Vista, they should let MS know ASAP, instead of waiting for the final release.

I will be the first to say that UAP is annoying. About ideas for fixing it... One idea is to be able to mark programs as "safe." Regarding changing system settings, maybe Microsoft could add an option to temporarily disable UAP for a specified period of time, like 5 min., 30 min, etc. Any other ideas?

I wonder if it would make sense to create shortcuts to configure each application to a "Configuration Center" icon in the Control Panel - similar to Security Center. Then if a user wanted to configure anything, it would be a one-stop-shop. I found that the Feb CTP to be slower than the previous Beta.

NateB2 - You couldn't just mark programs as "safe", because then what would stop malware from executing that program and wreaking havoc? With UAP, if some email virus or exploited buffer overflow tries to start that program, the UAP prompt would appear and (ideally) the user would say, "hmm, I didn't tell it to ____" and click Cancel. A time interval is an interesting option, for scenarios where you know you're going to be doing a lot of administrative stuff (e.g. new PC setup).

I was talking about older programs that require admin. priviledges to run. If Windows detected that the program changed, i.e. it was updated, then UAP would prompt you again. With an email virus, wouldn't UAP prompt you to run the virus? The problem with the current version of UAP, especially if a program requires admin priviledges, clicking "allow" becomes second nature, and when an attack comes, the user will tend to click "allow" out of habit. It may get to the point where the user just looks for the "continue" or "allow" button without determining if the program is legit or not.

"The problem with the current version of UAP, especially if a program requires admin priviledges, clicking "allow" becomes second nature, and when an attack comes, the user will tend to click "allow" out of habit. It may get to the point where the user just looks for the "continue" or "allow" button without determining if the program is legit or not." Not only that, people will simply turn off UAP. I don't think the UAP prompt should come up when one deletes a shortcut from the shared desktop. Also, the rest of the screen shouldn't go black - that's irritating. I like the time interval option too. I think MS should do something on those lines.

"I was talking about older programs that require admin. priviledges to run." It can't be based on how old the program is, or whether or not the program has been used before. Whether to prompt needs to be based on what the program could allow you to do: if it does something administrative it needs to prompt. If it doesn't prompt every time, then the malware you get tomorrow could execute it and cause damage without warning. Essentially the UAC prompts prevent elevation of privilege: on Vista, admins run as "standard users", and any elevation needs to be explicitly permitted by the user, otherwise it is a huge security hole. (All administrative EXEs that come with Vista will have the necessary manifests; older programs will probably need to be elevated manually.) "With an email virus, wouldn't UAP prompt you to run the virus?" If the virus had an embedded manifest that says "run me as admin", then the virus itself would cause a prompt. (Manifests were introduced in XP; this feature is new for Vista.) Otherwise, the virust would be allowed to run under the standard user context. When it would try to do something administrative it would either: 1. If it tried to do something directly via Windows API calls it would get "access denied" errors from the APIs (just like running as standard user today) 2. If it tried to execute another process, then UAC would kick in if that process's manifest says to elevate. "The problem with the current version of UAP, especially if a program requires admin priviledges, clicking "allow" becomes second nature, and when an attack comes, the user will tend to click "allow" out of habit." I agree. It's a tough problem to solve.

"Regarding changing system settings, maybe Microsoft could add an option to temporarily disable UAP for a specified period of time, like 5 min., 30 min, etc. Any other ideas?" Only programs signed by Microsoft should be allowed to call the "disable" UAP API, if they do one. Otherwise you might end up with malware that calls the API over and over until the user gives i.