Microsoft: Vista feature designed to 'annoy users'

By Tom Espiner
Special to CNET News.com Published: April 11, 2008 11:38 AM PDT
Microsoft: Vista feature designed to 'annoy users'
Tools
Talkback
Print
Related Stories
RSA 2008: Blanketing security
April 11, 2008
Related Blogs
Get your hands on Vista SP1
The Daily Download
March 18, 2008
Is Vista prettier in pink?
Beyond Binary
March 28, 2008
Nvidia to blame for many early Vista crashes
Beyond Binary
March 28, 2008
SAN FRANCISCO--A Microsoft manager has said that one of the security features in Vista was deliberately designed to "annoy users" to put pressure on third-party software makers to make their applications more secure.

David Cross, a product unit manager at Microsoft, was the group program manager in charge of designing User Account Control (UAC), which, when activated, requires people to run Vista in standard user mode rather than having administrator privileges, and offers a prompt if they try to install a program.

"The reason we put UAC into the (Vista) platform was to annoy users--I'm serious," said Cross, speaking at the RSA Conference here Thursday. "Most users had administrator privileges on previous Windows systems and most applications needed administrator privileges to install or run."

Cross claimed that annoying users had been part of a Microsoft strategy to force independent software vendors (ISVs) to make their code more secure, as insecure code would trigger a prompt, discouraging users from executing the code.

"We needed to change the ecosystem," said Cross. "UAC is changing the ISV ecosystem; applications are getting more secure. This was our target--to change the ecosystem. The fact is that there are fewer applications causing prompts. Eighty percent of the prompts were caused by 10 apps, some from ISVs and some from Microsoft. Sixty-six percent of sessions now have no prompts," said Cross.

Cross claimed it is a myth that users just turn UAC off, saying that Microsoft had collected opt-in information from users that showed that 88 percent were running UAC. Cross said it was also a myth that users blindly accept prompts without reading them.

"It's a myth that users click 'yes,' 'yes,' 'yes,' 'yes,'" said Cross. "Seven percent of all prompts are canceled. Users are not just saying 'yes.'"

Security company Kaspersky has severely criticized UAC, claiming in March last year that it would make Vista less secure than Windows XP.

At this year's RSA Conference, however, the security specialist seemed to have changed its tune. With Windows, "there is a large attack surface with a number of entry points," said Jeff Aliber, Kaspersky's U.S. senior director of product marketing. "Anyone trying to shrink that attack surface and promote secure apps development has to be a good thing."

Prior to the launch of Vista, Kaspersky issued a report in January 2007 that said UAC would be ineffectual. The company claimed that many applications perform harmless actions that, in a security context, can appear to be malicious. As UAC flashes up a warning every time such an action is performed, Kaspersky said that users would be forced to either blindly ignore the warning and allow the action to be performed or disable the feature to stop themselves from going "crazy."

Tom Espiner of ZDNet UK reported from San Francisco.

Click here for more stories on RSA 2008.

More from News.com on this story's topics

RSA Conference

 RSS feed

Security

 Create an email alert | RSS feed

Windows Vista

 Create an email alert | RSS feed

Microsoft

 Create an email alert | RSS feed

See more CNET content tagged:
prompt, ISV, myth, secure, ecosystem

Add a Comment (Log in or register) 85 comments (Page 1 of 5)
It works!
by robbtuck April 11, 2008 12:22 PM PDT
The first thing I do is turn off UAC! I think people blame Microsoft for the inconvenience, not ISV's - all they know is that Vista is bugging them. Over time, I'm sure most people just start clicking Yes without thinking - have you ever watched users? The "seven percent" comment doesn't make sense to me - doesn't that mean 93% of people just click Yes?
Reply to this comment View all 3 replies
Users are the pawns
by rmva April 11, 2008 12:27 PM PDT
Talk about unintended consequences! The only way Microsoft can get software vendors to stop writing apps that have to 'run as administrator' is to put pressure on users. The EU told ISVs they could effectively ignore anything coming from Redmond. Nellie made Joe User the pawn in Microsoft's effort to tighten its OS security. Gotta love that lady! Next time you see her, give her a big juicy kiss for me.
Reply to this comment
Turning off UAC is like Turning off a good Firewall
by Tergon April 11, 2008 12:35 PM PDT
Turning off UAC is like Turning off a good Firewall because its prompts are stopping you from watching Porn with a dangerous Codec. Look UAC (for the most part) is a slight annoyance. Personally I rather having to approve code, I want to run, to run than to have what ever code wants to do what ever it wants to whenever it wants to because I'm running my XP laptop as a Domain Administrator. Sure I hear that little ding the screen goes black and nothing happens until I alt-tab around to find the UAC Prompt. Sure the Prompt looks different depending on what kind of operation the Prog wants to do. But if I want stop "johnny's new Trojan Horse" from running regedit in the background by being told "Hey 1d10t!!! Johnny Beuatiful Pony is trying to turn you into a zombie." than a quick click on a randomly placed (so as not to be easliy clicked through or even, heaven forbid auto clicked by the Trojan) Prompt I ain't got no problem with it. It goes without saying but this post is IMHOO
Reply to this comment View reply
Spinning Wheel
by ppgreat April 11, 2008 1:30 PM PDT
So, it's OK to "annoy" your customers to get your way?? I'm all for added security, don't get me wrong, but putting the onus on users to facilitate change? Why not just use the 800 lb. gorilla tactic and tell the ISVs that you won't run their software in Vista until they get their act together, security-wise? Again, it's nice to be the monopoly. How much more abuse are Windows users supposed to take????
Reply to this comment View reply
Microsoft spying???
by wango2007 April 11, 2008 1:58 PM PDT
"Seven percent of all prompts are canceled. Users are not just saying 'yes.'" How do they know this? Who gave them permission to spy on people like this?
Reply to this comment View all 2 replies
Bunch of tools and frocking dropouts...
by colamix April 11, 2008 4:03 PM PDT
Here's an idea, let's annoy the heck out of our customers so they, in turn, will complain to our ISVs. Meanwhile Vista has taken the Millennium route due to lost productivity and more MS haters than ever before. Steve, you're my hero :)
Reply to this comment
Stories like this make me glad I bought a Mac...
by dillholio April 11, 2008 8:08 PM PDT
Early grumblings about UAC & across the board user dissatisfaction with Vista's incompatibility with various hardware & software was the reason I switched to Mac after years of being a PC user. I don't think I will ever spend any serious money on a PC ever again. If I do, I'll load Ubuntu on it. So a big thanks goes out to Microsoft -- I had been on the fence about switching over for several years, but without the threat of a Vista machine upgrade, I never would have taken the plunge. It's worth putting up with a bunch of snooty Mac fanboys just to not have to deal with this kind of garbage.
Reply to this comment View reply
ShippingSeven
by Mugunth April 12, 2008 2:44 AM PDT
Is this blog from ShippingSeven, the mysterious Windows 7 developer corroborates this??? http://shippingseven.blogspot.com/2008/04/okso.html
Reply to this comment
How is it a myth?
by balkce April 12, 2008 4:17 AM PDT
"It's a myth that users click 'yes,' 'yes,' 'yes,' 'yes,'" said Cross. "Seven percent of all prompts are canceled. Users are not just saying 'yes.'" Doesn't that mean that 93% of the prompts are being accepted... meaning saying 'yes'? How is it a myth then?
Reply to this comment
I payed big bucks to be annoyed!
by Ted Miller April 12, 2008 5:19 AM PDT
And annoyed I am! I sure got my annoyence dollars worth here. I am a Microsoft user and something of an IT guy here at my job. I use XP at work and Vista at home. The company has already decided to use Linux on their ITX computers that are embedded into machines for the bio research industry (Yup they used to use Microsoft), and are recoding all software from C++ to Java (Yup, we are having great success with Java for running machines). Why did I say this? Well this means a beginning of business lost from Microsoft for letting us down. It was not because Linux and Java are free, Its because Microsft is letting us down BIG time! I liked Microsoft, I really did, but boy did you let me down in a god awful way with your "strong arm bulling ways". And now the truth come out that you RIPPED me off, and I am nolonger just annoyed I am very angry. If big business can find the backbone to take the lead towards Linux I will soon follow. I will with out fail DeMicrosoft all my computers. By the way, the "zipping and unzipping" of files in Vista taking such a long time, was that ment to annoy me also? As a matter of fact the GUIless (Well partial GUI)defragmentation not showing details, was that supposed to annoy me also? Oh wait a minute, just one more thing all those applications like OCR programs that worked excellant in XP, but not Vista, was that supposed to annoy me also? Oh for crying out load, Just one more thing, All that money I spent to get the 2.3 rated Vista computer to a 5.9 rating, was that supposed to annoy me also? Oh man, I am trying to finish this and just relized one more annoying thing, and that is, in the end, are you going to leave me hanging, like you hung all the Windows ME users (Me as one of them)by rushing out Windows 7 next year? You fooled me twice and shame on me for being a devoted fan of yours, and for being stupid enough to be still one. Boy do I really suck.
Reply to this comment View reply
1 | 2 | 3 | 4 | 5 | Next 10 Comments >>
Powered by Jive Software
advertisement
RSS Feeds
Add headlines from CNET News.com to your homepage or feedreader.
Google
Yahoo
MSN
More feeds available in our RSS feed index.
Today's Top Stories
Cashing in on taking digital photos of strangers
iPhone 3G queue forms in Manhattan
Privacy advocates praise Google's new link
Photos: U.S. Army names its best inventions
Photos: Top 10 reviews of the week
Most Popular Stories
Photos: Army designates year's best inventions
Photos: Top 10 newly discovered species
Photos: Cracking Open the Apple Macintosh Classic
Photos: Top 10 reviews of the week
Source: Protective order will keep Viacom out of sensitive YouTube user data
Resource center from News.com sponsors
Aligning CIO & CEO visions
What CIOs need to know

It's a simple truth. The closer you and your CEO see things, the greater your chance for success. Our exclusive report can help you get there—and help your business grow. To get the report, featuring the views of 765 CEOs on innovation. click here

Click Here!
What CEOs think: Innovation Insights for CIOs

Learn How CIOs can deliver strategic success for their enterprises

The New CIO: Beyond Technology

Learn how CIOs become heroes

Podcast: Chris Gorog of Napster

Learn about the impact of technology in strategy execution

The future of the Enterprise

Read more about tomorrow's organization

Markets

Market news, charts, SEC filings, and more

Related quotes

Microsoft (0.39%) 0.10 25.98
Dow Jones Industrials (0.00%) 0.00 11,288.54
S&P 500 (0.00%) 0.00 1,262.90
NASDAQ (-0.27%) -6.08 2,245.38
CNET TECH (0.00%) 0.00 1,580.18
  Symbol Lookup
Detroit auto show
Detroit auto show

Detroit auto show
advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On MovieTome: TRANSFORMERS 2 SPOILERS!
Advanced
search
Advanced
search
Visit other CBS Interactive sites