Dear Microsoft: Please get UAC right this time

UAC is stupid the way it is, nuff said read article:


http://blogs.zdnet.com/Bott/?p=461

UAC could certainly have been handled better. It does something the security
industry has been well aware of for a long time - it creates the "cry wolf"
problem of popup fatigue (people turn off or ignore the popups after
awhile). Vista is more secure than XP, despite what others might say, but it
still gets infected. Since over 80% of all infections are based on social
engineering, the popups should focus on that weak point. If UAC targeted the
key areas where people run into trouble (as opposed to harassing the user on
inane actions), it would be far more helpful and potentially make a really
significant impact on infection rates.

Absolutely right. A single request for permission doesn't bother most
people. What gets under the skin is the second UAC prompt, and the third,
and the fourth, and so on. The closer together those dialog boxes arrive,
the more annoying the phenomenon.

I was all prepared to lay out my modest proposal for how Microsoft should
tweak UAC in Windows 7. And then I said, "Hey, wait a minute! I already did
this."

And sure enough, with a little help from Google I was able to reread "How
Microsoft can save User Account Control." which I wrote way back in May
2006, while Vista was still in beta. In that post, I offered four
"suggestions that might ease the pain" of UAC. Two years later, I think
those recommendations are still valid, so I'm reprinting them here, with a
little updated commentary on each one:

Create a special Admin Mode. Power users would appreciate a UAC option that
lets an administrator respond to a single prompt and temporarily open a
session that runs with full administrative permissions. The devil is in the
details, of course. How do you keep people from choosing this option as the
default?

I sure hope someone at Microsoft has been actively working on a way to
implement this type of behavior, which I like to think of as Advance Consent
mode. In Vista as it exists today, I can do this by switching into silent
consent mode (as I describe in Fixing Windows Vista, Part 2: Taming UAC),
but that setting is persistent, in the current session and in future
sessions. If I forget to switch UAC back to its normal behavior, I've made
myself more vulnerable to a variety of attacks. The default settings could
exit Advance Consent mode after a specified time - say, 15 minutes - in
which I take no activity that would have required UAC approval.

Put a time limit on UAC. [E]ach UAC prompt is tied to a single process. When
that process ends, so does the elevated set of permissions. But what if a
UAC consent dialog box elevated your permissions for 10 minutes? Long enough
to install a couple of programs or make a series of system tweaks, but not
so long that you forget and fall victim to a piece of malware.

I think this should be an option in every UAC dialog box. It can be hidden,
just as the Options section of IE7's Close dialog box is hidden by default.
Give me a check box that says "Automatically approve elevation requests for
the next 10 minutes." That way, I get to approve the first UAC dialog box
and then don't have to worry about a flurry of additional, related UAC
prompts.

Provide easy options to open Control Panel and/or Explorer with full Admin
rights. As I indicated earlier, it takes only a right-click and a quick OK
to open either of these windows with full permissions. So why not offer
those options on the Start menu?

This is an especially important change to make for Control Panel. If I open
Control Panel and double-click an icon with the UAC shield, that consent
should transfer to any other action I execute from Control Panel, until I
close the Control Panel window. This feature might work especially well in
tandem with the next suggestion.

Identify applications running in an elevated context. Today, if I open two
Windows Explorer sessions - one as a standard user and another using an
administrator's process token - I have no way to distinguish which is which.
A text label in the title bar, or a blood-red border around the window,
would help prevent this convenient shortcut from becoming a security hole.

For Command Prompt sessions, this was addressed (too subtly, in my opinion)
in Vista RTM. When you run Cmd.exe as an Administrator, the word
"Administrator:" appears in front of the window title in the title bar. I
still like the idea of the blood-red border.

As I noted in that original May 2006 post, "Microsoft has to deal decisively
with the perception that UAC imposes an unacceptable tradeoff between
performance and security. In its current incarnation, too many people are
likely to dismiss it completely, and if that happens, everyone loses."

That plea fell on deaf ears two years ago. Maybe, after more than a year of
user complaints and frustration, someone is finally ready to listen.

Clear Windows;731941 Wrote:
> UAC is stupid the way it is, nuff said read article
>
>
> 'Dear Microsoft: Please get UAC right this time | Ed Bott’
> Microsoft Report | ZDNet.com' (http://blogs.zdnet.com/Bott/?p=461
>
> UAC could certainly have been handled better. It does something th
> securit
> industry has been well aware of for a long time - it creates the "cr
> wolf
> problem of popup fatigue (people turn off or ignore the popups afte
> awhile). Vista is more secure than XP, despite what others might say
> but i
> still gets infected. Since over 80% of all infections are based o
> socia
> engineering, the popups should focus on that weak point. If UA
> targeted th
> key areas where people run into trouble (as opposed to harassing th
> user o
> inane actions), it would be far more helpful and potentially make
> reall
> significant impact on infection rates
>
> Absolutely right. A single request for permission doesn't bother mos
> people. What gets under the skin is the second UAC prompt, and th
> third
> and the fourth, and so on. The closer together those dialog boxe
> arrive
> the more annoying the phenomenon
>
> I was all prepared to lay out my modest proposal for how Microsof
> shoul
> tweak UAC in Windows 7. And then I said, "Hey, wait a minute! I alread
> di
> this.
>
> And sure enough, with a little help from Google I was able to rerea
> "Ho
> Microsoft can save User Account Control." which I wrote way back in Ma
> 2006, while Vista was still in beta. In that post, I offered fou
> "suggestions that might ease the pain" of UAC. Two years later, I thin
> those recommendations are still valid, so I'm reprinting them here
> with
> little updated commentary on each one
>
> Create a special Admin Mode. Power users would appreciate a UAC optio
> tha
> lets an administrator respond to a single prompt and temporarily open
> session that runs with full administrative permissions. The devil is i
> th
> details, of course. How do you keep people from choosing this option a
> th
> default
>
> I sure hope someone at Microsoft has been actively working on a way t
> implement this type of behavior, which I like to think of as Advanc
> Consen
> mode. In Vista as it exists today, I can do this by switching int
> silen
> consent mode (as I describe in Fixing Windows Vista, Part 2: Tamin
> UAC)
> but that setting is persistent, in the current session and in futur
> sessions. If I forget to switch UAC back to its normal behavior, I'v
> mad
> myself more vulnerable to a variety of attacks. The default setting
> coul
> exit Advance Consent mode after a specified time - say, 15 minutes - i
> which I take no activity that would have required UAC approval
>
> Put a time limit on UAC. [E]ach UAC prompt is tied to a single process
> Whe
> that process ends, so does the elevated set of permissions. But what i
>
> UAC consent dialog box elevated your permissions for 10 minutes? Lon
> enoug
> to install a couple of programs or make a series of system tweaks, bu
> no
> so long that you forget and fall victim to a piece of malware
>
> I think this should be an option in every UAC dialog box. It can b
> hidden
> just as the Options section of IE7's Close dialog box is hidden b
> default
> Give me a check box that says "Automatically approve elevation request
> fo
> the next 10 minutes." That way, I get to approve the first UAC dialo
> bo
> and then don't have to worry about a flurry of additional, related UA
> prompts
>
> Provide easy options to open Control Panel and/or Explorer with ful
> Admi
> rights. As I indicated earlier, it takes only a right-click and a quic
> O
> to open either of these windows with full permissions. So why not offe
> those options on the Start menu
>
> This is an especially important change to make for Control Panel. If
> ope
> Control Panel and double-click an icon with the UAC shield, tha
> consen
> should transfer to any other action I execute from Control Panel, unti
>
> close the Control Panel window. This feature might work especially wel
> in
> tandem with the next suggestion.
>
> Identify applications running in an elevated context. Today, if I open
> two
> Windows Explorer sessions - one as a standard user and another using an
> administrator's process token - I have no way to distinguish which is
> which.
> A text label in the title bar, or a blood-red border around the window,
> would help prevent this convenient shortcut from becoming a security
> hole.
>
> For Command Prompt sessions, this was addressed (too subtly, in my
> opinion)
> in Vista RTM. When you run Cmd.exe as an Administrator, the word
> "Administrator:" appears in front of the window title in the title bar.
> I
> still like the idea of the blood-red border.
>
> As I noted in that original May 2006 post, "Microsoft has to deal
> decisively
> with the perception that UAC imposes an unacceptable tradeoff between
> performance and security. In its current incarnation, too many people
> are
> likely to dismiss it completely, and if that happens, everyone loses."
>
> That plea fell on deaf ears two years ago. Maybe, after more than a
> year of
> user complaints and frustration, someone is finally ready to listen.

I think UAC could stand to be improved a little - by locking it down
even more. There are still some vulnerable areas of the system that are
not protected by UAC. Friendlier messages would help.

Other than that, I think UAC is the best thing to happen to Windows in
a long time. The other thing was making NTFS the default file system for
hard disks.


--
Dzomlija

Peter Alexander Dzomlija
-Do you hear, huh? The Alpha and The Omega? Death and Rebirth? And as
you die, so shall I be Reborn...-

_*Prometheus*_
MOBO: ASUS MB-M3A32-MVP Deluxe/WiFi-AP
CPU: AMD Phenom 9600 Quad
RAM: 2 x A-Data 2GB DDR2-800
GPU: ASUS ATI Radeon HD 2400PRO, 256MB
BOX: Thermaltake Tai-Chi Water Cooled
OS: Windows Vista Ultimate x64
'' (http://valid.x86-secret.com/show_oc.php?id=333562)'[image:
http://valid.x86-secret.com/cache/banner/333562.png]'
(http://valid.x86-secret.com/cache/banner/333562.png)

MS said they made UAC irritating on purpose.
They obviously don't know what real users do when they are annoyed by a
'feature' of their software...

"Clear Windows" <> wrote in message
news:4840f19f$...
> UAC is stupid the way it is, nuff said read article:
>
>
> http://blogs.zdnet.com/Bott/?p=461
>
> UAC could certainly have been handled better. It does something the
> security industry has been well aware of for a long time - it creates the
> "cry wolf" problem of popup fatigue (people turn off or ignore the popups
> after awhile). Vista is more secure than XP, despite what others might
> say, but it still gets infected. Since over 80% of all infections are
> based on social engineering, the popups should focus on that weak point.
> If UAC targeted the key areas where people run into trouble (as opposed to
> harassing the user on inane actions), it would be far more helpful and
> potentially make a really significant impact on infection rates.
>
> Absolutely right. A single request for permission doesn't bother most
> people. What gets under the skin is the second UAC prompt, and the third,
> and the fourth, and so on. The closer together those dialog boxes arrive,
> the more annoying the phenomenon.
>
> I was all prepared to lay out my modest proposal for how Microsoft should
> tweak UAC in Windows 7. And then I said, "Hey, wait a minute! I already
> did this."
>
> And sure enough, with a little help from Google I was able to reread "How
> Microsoft can save User Account Control." which I wrote way back in May
> 2006, while Vista was still in beta. In that post, I offered four
> "suggestions that might ease the pain" of UAC. Two years later, I think
> those recommendations are still valid, so I'm reprinting them here, with a
> little updated commentary on each one:
>
> Create a special Admin Mode. Power users would appreciate a UAC option
> that lets an administrator respond to a single prompt and temporarily open
> a session that runs with full administrative permissions. The devil is in
> the details, of course. How do you keep people from choosing this option
> as the default?
>
> I sure hope someone at Microsoft has been actively working on a way to
> implement this type of behavior, which I like to think of as Advance
> Consent mode. In Vista as it exists today, I can do this by switching into
> silent consent mode (as I describe in Fixing Windows Vista, Part 2: Taming
> UAC), but that setting is persistent, in the current session and in future
> sessions. If I forget to switch UAC back to its normal behavior, I've made
> myself more vulnerable to a variety of attacks. The default settings could
> exit Advance Consent mode after a specified time - say, 15 minutes - in
> which I take no activity that would have required UAC approval.
>
> Put a time limit on UAC. [E]ach UAC prompt is tied to a single process.
> When that process ends, so does the elevated set of permissions. But what
> if a UAC consent dialog box elevated your permissions for 10 minutes? Long
> enough to install a couple of programs or make a series of system tweaks,
> but not so long that you forget and fall victim to a piece of malware.
>
> I think this should be an option in every UAC dialog box. It can be
> hidden, just as the Options section of IE7's Close dialog box is hidden by
> default. Give me a check box that says "Automatically approve elevation
> requests for the next 10 minutes." That way, I get to approve the first
> UAC dialog box and then don't have to worry about a flurry of additional,
> related UAC prompts.
>
> Provide easy options to open Control Panel and/or Explorer with full Admin
> rights. As I indicated earlier, it takes only a right-click and a quick OK
> to open either of these windows with full permissions. So why not offer
> those options on the Start menu?
>
> This is an especially important change to make for Control Panel. If I
> open Control Panel and double-click an icon with the UAC shield, that
> consent should transfer to any other action I execute from Control Panel,
> until I close the Control Panel window. This feature might work especially
> well in tandem with the next suggestion.
>
> Identify applications running in an elevated context. Today, if I open two
> Windows Explorer sessions - one as a standard user and another using an
> administrator's process token - I have no way to distinguish which is
> which. A text label in the title bar, or a blood-red border around the
> window, would help prevent this convenient shortcut from becoming a
> security hole.
>
> For Command Prompt sessions, this was addressed (too subtly, in my
> opinion) in Vista RTM. When you run Cmd.exe as an Administrator, the word
> "Administrator:" appears in front of the window title in the title bar. I
> still like the idea of the blood-red border.
>
> As I noted in that original May 2006 post, "Microsoft has to deal
> decisively with the perception that UAC imposes an unacceptable tradeoff
> between performance and security. In its current incarnation, too many
> people are likely to dismiss it completely, and if that happens, everyone
> loses."
>
> That plea fell on deaf ears two years ago. Maybe, after more than a year
> of user complaints and frustration, someone is finally ready to listen.
>
>

"Not Me" <> wrote in message
news:ek%...
> MS said they made UAC irritating on purpose.
> They obviously don't know what real users do when they are annoyed by a
> 'feature' of their software...
>

Doesn't annoy me - I just click and forget.

On Sat, 31 May 2008 08:28:09 +0100, "Gordon"
<> wrote:

>"Not Me" <> wrote in message
>news:ek%...
>> MS said they made UAC irritating on purpose.
>> They obviously don't know what real users do when they are annoyed by a
>> 'feature' of their software...
>>
>
>Doesn't annoy me - I just click and forget.

Doesn't annoy me either - I clicked it OFF and forgot about it.

"Gordon" <> wrote in message
news:g1qume$iu0$...
> "Not Me" <> wrote in message
> news:ek%...
>> MS said they made UAC irritating on purpose.
>> They obviously don't know what real users do when they are annoyed by a
>> 'feature' of their software...
>>
>
> Doesn't annoy me - I just click and forget.

Doesn't annoy me either. I turned it off as soon as I had Vista installed
and that's the way it has stayed ever since. Too damned annoying switched
on.

Trev

You and millions of other people...

they just turn it off or press the yes button automatically without
thinking...

this is by no means any serious security measure... but now Microsoft can
blame the user for pressing the uac yes button
and giving access to is very insecure underlying structure.


Vista is crap and its unfixable... I have been saying this since it was
released.. and guess what? MS isnt trying to fix vista that much,
its just abandoning it and going on to windows 7 just like I said they would



"Nonny" <> wrote in message
news:...
> On Sat, 31 May 2008 08:28:09 +0100, "Gordon"
> <> wrote:
>
>>"Not Me" <> wrote in message
>>news:ek%...
>>> MS said they made UAC irritating on purpose.
>>> They obviously don't know what real users do when they are annoyed by a
>>> 'feature' of their software...
>>>
>>
>>Doesn't annoy me - I just click and forget.
>
> Doesn't annoy me either - I clicked it OFF and forgot about it.

> MS said they made UAC irritating on purpose.

yes I know, I posted that article here when It first appeared.

have I said before that vista is stupid? OH YEAH JUST ABOUT A TRILLION
TIMES! lol





"Not Me" <> wrote in message
news:ek#...
> MS said they made UAC irritating on purpose.
> They obviously don't know what real users do when they are annoyed by a
> 'feature' of their software...
>
> "Clear Windows" <> wrote in message
> news:4840f19f$...
>> UAC is stupid the way it is, nuff said read article:
>>
>>
>> http://blogs.zdnet.com/Bott/?p=461
>>
>> UAC could certainly have been handled better. It does something the
>> security industry has been well aware of for a long time - it creates the
>> "cry wolf" problem of popup fatigue (people turn off or ignore the popups
>> after awhile). Vista is more secure than XP, despite what others might
>> say, but it still gets infected. Since over 80% of all infections are
>> based on social engineering, the popups should focus on that weak point.
>> If UAC targeted the key areas where people run into trouble (as opposed
>> to harassing the user on inane actions), it would be far more helpful and
>> potentially make a really significant impact on infection rates.
>>
>> Absolutely right. A single request for permission doesn't bother most
>> people. What gets under the skin is the second UAC prompt, and the third,
>> and the fourth, and so on. The closer together those dialog boxes arrive,
>> the more annoying the phenomenon.
>>
>> I was all prepared to lay out my modest proposal for how Microsoft should
>> tweak UAC in Windows 7. And then I said, "Hey, wait a minute! I already
>> did this."
>>
>> And sure enough, with a little help from Google I was able to reread "How
>> Microsoft can save User Account Control." which I wrote way back in May
>> 2006, while Vista was still in beta. In that post, I offered four
>> "suggestions that might ease the pain" of UAC. Two years later, I think
>> those recommendations are still valid, so I'm reprinting them here, with
>> a little updated commentary on each one:
>>
>> Create a special Admin Mode. Power users would appreciate a UAC option
>> that lets an administrator respond to a single prompt and temporarily
>> open a session that runs with full administrative permissions. The devil
>> is in the details, of course. How do you keep people from choosing this
>> option as the default?
>>
>> I sure hope someone at Microsoft has been actively working on a way to
>> implement this type of behavior, which I like to think of as Advance
>> Consent mode. In Vista as it exists today, I can do this by switching
>> into silent consent mode (as I describe in Fixing Windows Vista, Part 2:
>> Taming UAC), but that setting is persistent, in the current session and
>> in future sessions. If I forget to switch UAC back to its normal
>> behavior, I've made myself more vulnerable to a variety of attacks. The
>> default settings could exit Advance Consent mode after a specified time -
>> say, 15 minutes - in which I take no activity that would have required
>> UAC approval.
>>
>> Put a time limit on UAC. [E]ach UAC prompt is tied to a single process.
>> When that process ends, so does the elevated set of permissions. But what
>> if a UAC consent dialog box elevated your permissions for 10 minutes?
>> Long enough to install a couple of programs or make a series of system
>> tweaks, but not so long that you forget and fall victim to a piece of
>> malware.
>>
>> I think this should be an option in every UAC dialog box. It can be
>> hidden, just as the Options section of IE7's Close dialog box is hidden
>> by default. Give me a check box that says "Automatically approve
>> elevation requests for the next 10 minutes." That way, I get to approve
>> the first UAC dialog box and then don't have to worry about a flurry of
>> additional, related UAC prompts.
>>
>> Provide easy options to open Control Panel and/or Explorer with full
>> Admin rights. As I indicated earlier, it takes only a right-click and a
>> quick OK to open either of these windows with full permissions. So why
>> not offer those options on the Start menu?
>>
>> This is an especially important change to make for Control Panel. If I
>> open Control Panel and double-click an icon with the UAC shield, that
>> consent should transfer to any other action I execute from Control Panel,
>> until I close the Control Panel window. This feature might work
>> especially well in tandem with the next suggestion.
>>
>> Identify applications running in an elevated context. Today, if I open
>> two Windows Explorer sessions - one as a standard user and another using
>> an administrator's process token - I have no way to distinguish which is
>> which. A text label in the title bar, or a blood-red border around the
>> window, would help prevent this convenient shortcut from becoming a
>> security hole.
>>
>> For Command Prompt sessions, this was addressed (too subtly, in my
>> opinion) in Vista RTM. When you run Cmd.exe as an Administrator, the word
>> "Administrator:" appears in front of the window title in the title bar. I
>> still like the idea of the blood-red border.
>>
>> As I noted in that original May 2006 post, "Microsoft has to deal
>> decisively with the perception that UAC imposes an unacceptable tradeoff
>> between performance and security. In its current incarnation, too many
>> people are likely to dismiss it completely, and if that happens, everyone
>> loses."
>>
>> That plea fell on deaf ears two years ago. Maybe, after more than a year
>> of user complaints and frustration, someone is finally ready to listen.
>>
>>
>
>

tweakuac it's a small free tool that allows one more mode >>>

ON, but SILENT

see here

http://www.tweak-uac.com/

If you've used TweakUAC, you've seen the "quiet" option it offers that lets
you suppress the elevation prompts of UAC without turning the UAC off
completely. In such a mode, you keep all the positive effects of UAC, such
as Internet Explorer operating in the protected mode, applications starting
without the administrative privileges by default, etc. The only thing that
gets changed is that you will no longer see the infamous "Windows needs your
permission to continue" messages whenever you attempt to make a change to
your Vista configuration, or when you run a program that needs
administrative rights.

However, reading what other people wrote about TweakUAC in their articles
and blogs, I often see comments suggesting that using TweakUAC to operate
UAC in the "quiet" mode makes your system less secure. Such comments show
that there is a lot of confusion about how UAC works and what it is
protecting the system from. Let me try to clarify it a bit here.

I can see how the confusion may occur: whenever someone is presented with
the "Windows needs your permission to continue" message, it creates the
impression that UAC is looking after the user, and protects the vital system
settings from being destroyed or corrupted. The user is probably thinking,
"If a virus or spyware gets into my system and attempts to do something
dangerous, UAC will alert me, right?" Wrong.

There is only one single "moment of truth" when it comes to malware getting
unlimited access to your system, and it occurs when you attempt to run a
program you have downloaded from an unknown web site:








"Patrician" <> wrote in message
news:BC67908B-08FC-4EC7-83C7-...
>
>
> "Gordon" <> wrote in message
> news:g1qume$iu0$...
>> "Not Me" <> wrote in message
>> news:ek%...
>>> MS said they made UAC irritating on purpose.
>>> They obviously don't know what real users do when they are annoyed by a
>>> 'feature' of their software...
>>>
>>
>> Doesn't annoy me - I just click and forget.
>
> Doesn't annoy me either. I turned it off as soon as I had Vista installed
> and that's the way it has stayed ever since. Too damned annoying switched
> on.
>
> Trev
>
>

tweakuac it's a small free tool that allows one more mode >>>

ON, but SILENT

see here

http://www.tweak-uac.com/

If you've used TweakUAC, you've seen the "quiet" option it offers that lets
you suppress the elevation prompts of UAC without turning the UAC off
completely. In such a mode, you keep all the positive effects of UAC, such
as Internet Explorer operating in the protected mode, applications starting
without the administrative privileges by default, etc. The only thing that
gets changed is that you will no longer see the infamous "Windows needs your
permission to continue" messages whenever you attempt to make a change to
your Vista configuration, or when you run a program that needs
administrative rights.

However, reading what other people wrote about TweakUAC in their articles
and blogs, I often see comments suggesting that using TweakUAC to operate
UAC in the "quiet" mode makes your system less secure. Such comments show
that there is a lot of confusion about how UAC works and what it is
protecting the system from. Let me try to clarify it a bit here.

I can see how the confusion may occur: whenever someone is presented with
the "Windows needs your permission to continue" message, it creates the
impression that UAC is looking after the user, and protects the vital system
settings from being destroyed or corrupted. The user is probably thinking,
"If a virus or spyware gets into my system and attempts to do something
dangerous, UAC will alert me, right?" Wrong.

There is only one single "moment of truth" when it comes to malware getting
unlimited access to your system, and it occurs when you attempt to run a
program you have downloaded from an unknown web site:







"Not Me" <> wrote in message
news:ek#...
> MS said they made UAC irritating on purpose.
> They obviously don't know what real users do when they are annoyed by a
> 'feature' of their software...
>
> "Clear Windows" <> wrote in message
> news:4840f19f$...
>> UAC is stupid the way it is, nuff said read article:
>>
>>
>> http://blogs.zdnet.com/Bott/?p=461
>>
>> UAC could certainly have been handled better. It does something the
>> security industry has been well aware of for a long time - it creates the
>> "cry wolf" problem of popup fatigue (people turn off or ignore the popups
>> after awhile). Vista is more secure than XP, despite what others might
>> say, but it still gets infected. Since over 80% of all infections are
>> based on social engineering, the popups should focus on that weak point.
>> If UAC targeted the key areas where people run into trouble (as opposed
>> to harassing the user on inane actions), it would be far more helpful and
>> potentially make a really significant impact on infection rates.
>>
>> Absolutely right. A single request for permission doesn't bother most
>> people. What gets under the skin is the second UAC prompt, and the third,
>> and the fourth, and so on. The closer together those dialog boxes arrive,
>> the more annoying the phenomenon.
>>
>> I was all prepared to lay out my modest proposal for how Microsoft should
>> tweak UAC in Windows 7. And then I said, "Hey, wait a minute! I already
>> did this."
>>
>> And sure enough, with a little help from Google I was able to reread "How
>> Microsoft can save User Account Control." which I wrote way back in May
>> 2006, while Vista was still in beta. In that post, I offered four
>> "suggestions that might ease the pain" of UAC. Two years later, I think
>> those recommendations are still valid, so I'm reprinting them here, with
>> a little updated commentary on each one:
>>
>> Create a special Admin Mode. Power users would appreciate a UAC option
>> that lets an administrator respond to a single prompt and temporarily
>> open a session that runs with full administrative permissions. The devil
>> is in the details, of course. How do you keep people from choosing this
>> option as the default?
>>
>> I sure hope someone at Microsoft has been actively working on a way to
>> implement this type of behavior, which I like to think of as Advance
>> Consent mode. In Vista as it exists today, I can do this by switching
>> into silent consent mode (as I describe in Fixing Windows Vista, Part 2:
>> Taming UAC), but that setting is persistent, in the current session and
>> in future sessions. If I forget to switch UAC back to its normal
>> behavior, I've made myself more vulnerable to a variety of attacks. The
>> default settings could exit Advance Consent mode after a specified time -
>> say, 15 minutes - in which I take no activity that would have required
>> UAC approval.
>>
>> Put a time limit on UAC. [E]ach UAC prompt is tied to a single process.
>> When that process ends, so does the elevated set of permissions. But what
>> if a UAC consent dialog box elevated your permissions for 10 minutes?
>> Long enough to install a couple of programs or make a series of system
>> tweaks, but not so long that you forget and fall victim to a piece of
>> malware.
>>
>> I think this should be an option in every UAC dialog box. It can be
>> hidden, just as the Options section of IE7's Close dialog box is hidden
>> by default. Give me a check box that says "Automatically approve
>> elevation requests for the next 10 minutes." That way, I get to approve
>> the first UAC dialog box and then don't have to worry about a flurry of
>> additional, related UAC prompts.
>>
>> Provide easy options to open Control Panel and/or Explorer with full
>> Admin rights. As I indicated earlier, it takes only a right-click and a
>> quick OK to open either of these windows with full permissions. So why
>> not offer those options on the Start menu?
>>
>> This is an especially important change to make for Control Panel. If I
>> open Control Panel and double-click an icon with the UAC shield, that
>> consent should transfer to any other action I execute from Control Panel,
>> until I close the Control Panel window. This feature might work
>> especially well in tandem with the next suggestion.
>>
>> Identify applications running in an elevated context. Today, if I open
>> two Windows Explorer sessions - one as a standard user and another using
>> an administrator's process token - I have no way to distinguish which is
>> which. A text label in the title bar, or a blood-red border around the
>> window, would help prevent this convenient shortcut from becoming a
>> security hole.
>>
>> For Command Prompt sessions, this was addressed (too subtly, in my
>> opinion) in Vista RTM. When you run Cmd.exe as an Administrator, the word
>> "Administrator:" appears in front of the window title in the title bar. I
>> still like the idea of the blood-red border.
>>
>> As I noted in that original May 2006 post, "Microsoft has to deal
>> decisively with the perception that UAC imposes an unacceptable tradeoff
>> between performance and security. In its current incarnation, too many
>> people are likely to dismiss it completely, and if that happens, everyone
>> loses."
>>
>> That plea fell on deaf ears two years ago. Maybe, after more than a year
>> of user complaints and frustration, someone is finally ready to listen.
>>
>>
>
>