UAC BS


Howdy once again from RSA. It's raining. So much for sunny California!


Jeff and I just gave our talk about Windows Vista Security Engineering. It was a packed room. In fact, when we got to the room we saw a bunch of people milling around outside. We went to the door to enter and we were told we could not enter because the room was full. We thought the previous talk had yet to finish, but we were wrong, it was filled with people attending our talk. We asked if we could enter because we were the speakers, and again we were told, "NO" Then Jeff said, "seriously, we're the speakers." So they let us in. So much for security!


Anyway, back to the topic at hand.


There is a great deal of FUD about UAC. Yeah, it was very chatty in beta 2, but we really made a great deal of progress for the final release of Windows Vista. In general, it's a little chatty at the start, but once you settle in, install the apps you need, and the printer drivers and so on, it's pretty quiet.


But there is a perception that it's still very chatty. Here's a case in point. I bumped into a guy I haven't seen in a couple of years (let’s call him Xx) , here’s how the conversation went.


Me: How’s things?
Xx: Good, you?
Me: Kids doing well?
Xx: Growing up! How are Blake & Paige?
Me: Getting into my computers, read my blog.
Xx: What's new? Things going well with you?
Me: Excellent, we shipped Vista. Yay!
Xx: It’s ok.
Me: Waddya mean?
Xx: Too ‘noisy’?
Me: Waddya mean?
Xx: too many pop-ups.
Me: Like what?
Xx: UAC stuff
Me: When do you see the pop-ups?
Xx: all the time
Me: When?
Xx: When I do stuff
Me: Like what?
Xx: everything!
Me: like when? I probably get two prompts a day – and that’s only ‘coz I do geeky stuff. Gimme specifics
Xx: like right when I logon
Me: we suppress prompting on logon/startup, and fail the app load, you will see no prompts as you logon.
Xx: oh.


At this point Xx had a sheepish look...


Perception != Reality.

Comments (20)

  1. Roger says:

    The URL to "Jeff" is returning a 404.

  2. Michael Craigue says:

    MH: really enjoyed your talk today at RSA on Vista but discovered it wasn’t in the CD of conference proceedings. Would you be willing to post it? thanks.

  3. Susan says:

    I was at the local Best Buy being a "Vista rep" this past weekend.  All of the floor models that had the Best Buy screen saver program had UAC totally disabled.

    Yes, ALL had UAC disabled.  I hope it’s just the floor models and not the OEM units themselves.

    There were two gentlemen who said they build custom desktops say that one of their customers nearly threw their new Vista computer threw the wall..and they had to disable UAC  "Why?" says I.."Because they want control, way too many popups"  "I don’t get prompted hardly at all ..when does this occur"  "She was copying files between her C: and D: drives and kept getting prompted all the time".  

    I do not remember ever having a UAC popping up during file copying… I gave this gentlemen my card and told him to email me and that I wanted to fully understand exactly when this was occuring.

    Is there a different window now for copy and paste, sure.  But I cannot for the life of me figure out what process either he or she is doing to get UAC to pop up during a mere file copy process from one drive location to another.

    I get it when going into management style stuff… but most of the time when using applications, surfing the Internet… I don’t.

    Yes, there is a ton of perception versus reality going on.

    He’s yet to email me… when he does… I’m going to say "prove it".

  4. Susan says:

    P.S.  We need the rain..thanks for bringing it with you…

  5. Hugh Ashmead says:

    Oh my.

    Let me guess – probably a "security consultant" of some sort.

    I fear for his client base.  🙁

  6. anonymous says:

    The perception that UAC can be a pain is accurate. I’d be shocked if anyone working in the Windows group doesn’t know of at least a few huge annoyances that need to get fixed ASAP.

    For example, right-click Computer, select Manage. It forces a UAC prompt every single time.

    I appreciate that Windows will catch a malicious app trying to sneak a CreateProcess past me. However, it’s infuriating to have to rubber stamp-agree to an extra pop-up after selecting certain UI options.

    What exactly is UAC accomplishing with overactive warnings, other than annoying users to the point where they end disabling an otherwise-good security mechanism?

    It would help if I knew of a location where the UAC implementation could be tweaked to better match the things I want to protect on my PC.

    There are other problems too. Try launching a process with a long command line. The command line arguments get truncated in the UAC pop-up, making it possible for attackers to fool users by padding the front of the arguments with legit-looking options, then hiding a malicious switch at the end of the string.

    If I could scroll sideways in the UAC dialog to read the full command line, I would, but the pop-up UI doesn’t include that option. Then again, how many users would actually scroll sideways?

  7. Susan says:

    Jesper’s Blog : Help: Vista won’t let me write to my external hard drive:

    http://msinfluentials.com/blogs/jesper/archive/2007/01/16/help-vista-won-t-let-me-write-to-my-external-hard-drive.aspx

    Whadya wanna bet this is what he was hitting…..

    Now if he’ll only email me back…

  8. >>For example, right-click Computer, select Manage. It forces a UAC prompt every single time.

    There’s a magic word in that sentence – MANAGE!! You can tweak the OS with the management stuff in that tool! like add new users, and create tasks, and look at the security event log and install device drivers and do I need to keep going! 🙂

  9. 404 is fixed – there’s something funky about the way this blog tool builds URLs – it prepends some ControlPanel URl…

  10. C Gomez says:

    While the Mac commercials are funny, they help perpetuate these lies with most of their commercials.

    See, in the rose-colored glasses world of Mac:

    – They are immune from malware of any kind

    – They can talk to USB devices as they are plugged in, Windows cannot (I must be very lucky in the devices I buy).

    – They don’t have operating system reinstalls (this may have gone away, but I used to talk to many a Mac user that used OS version x.y.z.a to get Application A to work and then dual booted to b.c.d.e for Application B to work).

    – They don’t have UAC, which pops up anytime you do anything.

    I’d actually be worried a little bit if Apple didn’t put some sort of user protection in there.  Maybe they just don’t let their users run with high privileges.  Maybe they just aren’t getting attacked.  I don’t really care, since I don’t use Macs, well… at all.  So in fairness, I can’t comment.

    I just think they shouldn’t lie about Windows.

  11. C Gomez says:

    "There are other problems too. Try launching a process with a long command line. The command line arguments get truncated in the UAC pop-up, making it possible for attackers to fool users by padding the front of the arguments with legit-looking options, then hiding a malicious switch at the end of the string."

    If I didn’t launch the process, it would be obvious to me that I shouldn’t let it continue.  At the very least, I’d be able to cancel it and investigate what is going on.

    You say normal users won’t know what to do here?  Okay then, let’s look over their options.

    1) Deny the operation.  This is what we want them to do.  It sucks they are now probably frustrated and will blame MSFT, but heh these people people will complain that MSFT let the bad guys in.  So it’s a "can’t win" but a more desirable outcome.

    2) Allow the attack.  UAC didn’t protect us this time, but what did we have before?  Nothing!  So nothing’s changed except the user had a chance to prevent the attack.

    Sure, there’s going to be some training and pain, but until people at home (and even us trained and talented power users) can live and use software (and write software!) that doesn’t need elevated privileges… how can "some protection" be worse than "no protection".  Because you are annoyed?  If you’re annoyed, I think it’s perfectly fine to keep using Windows XP.  It has no UAC, and should be able to stop many privilege based attacks merely by running as a standard user.

  12. I love the "Get a Mac" ads. They are quite funny, even if I don’t always agree with them. But today I am calling bullsh*t to the ignorant and arrogant marketing department at Apple. You know dick about Vista security, and really should go back and sit

  13. aca says:

    michael_HOWARD: "There’s a magic word in that sentence – MANAGE!! You can tweak the OS with the management stuff in that tool! like add new users, and create tasks, and look at the security event log…"

    The magic words you should see in your sentence is "you can". The user doesn’t really change anything at the moment you annoy him. How about moving such stuff to the "Apply" and "OK" points, for example?

    Or how can anybody let his machine be attacked by having Task Manager which remembers "Show processes of all users"?

    I must admit, you selected surprisingly appropriate title for your post. 🙂

  14. NCG says:

    On my dev machine I had to turn off UAC within an hour of installing it.  The Razzle build scripts do something that repeatedly triggers the UAC prompt.  After entering my password 5+ times in a row with no end in sight, I was relieved that I could disable it completely.  Otherwise I’d still be using Win2003 Server for my dev machine.

  15. In preparation for the job change, I decided to get a spare laptop to use in case my main computer goes down. I bought the Sony Vaio PCG-7M1L last summer at Best Buy, along with the 3-year, drop-in-in-the-ocean-and-we’ll-replace-it warranty, so…

  16. Joel says:

    I don’t mean to be rude, but this whole post is kind of insulting and anti-reason. A lot of people <em>hate</em> how annoying UAC is and your whole response is, "no it’s not" or "you’re actually not having the problem you say you’re having." um…got anything better to offer?

  17. >>you’re actually not having the problem you say you’re having

    what he was doing was being a little stingy with the truth – we *DO NOT* pop-up UAC prompts during logon. We don’t. Seriously, we don’t. It was a decision we made post beta 2. So he was simply uttering urban myth without knowing the facts, and i hear this all the time.

  18. Vista is still very new in it’s RTM form. For most people that means plenty of application installation

  19. Anono says:

    I would like to know a way to Selectively allow some programs to run on start up with elevated privileges With or without the pop up… simply blocking the application from running is not an option, seeing as there is no option in that dialog that allows me to say "Let this run from now on". and I would like to be able to do this without making a scheduled task for it. Is it really that much to ask?  

Skip to main content