Allchin on Vista: Security Features vs. Convenience


Vista site on MSDNThis is excellent explanation and commentary by Jim Allchin on some of Vista’s new security features, including User Account Control (UAC) and Data Execution Prevention (DEP). 


He goes into detail about the security features vs. convenience decisions that were made during the development of Vista.  (“If you don’t lock your doors at night because it is too much of a hassle, the locks don’t offer much security.”) 


For both home and enterprise users, Jim concludes by offering a good-better-best strategy for configuring several of Vista’s core security features.


 


So who’s using UAC?  I just tweaked a few of my Vista’s settings at Jim’s suggestion, including enabling DEP in Internet Explorer 7.  I must confess, though, that although I enable UAC most of the time, I turn it off when doing development work on Vista.  Security features versus convenience, and all that…

Comments (4)

  1. tzagotta says:

    I do development under Vista all day long, and I don’t notice UAC to be any hassle. When does that come up as an impediment for the development work you do?

  2. RobBurke says:

    tzagotta, these days, for me development is more of a night job than a day job, so I don’t like anything that impedes me.  Even if I get challenged for a confirmation two or three times in an hour, I find it frustrating.  I don’t expect that most developers will feel the same, it’s just my personal comfort zone on the tradeoff between security and convenience.

    Because you’ve challenged me, next time I settle down for some dev, I’ll leave UAC on, and post something about how I felt.

  3. I’m on my second week of Vista as my main development PC.  Once I’d got through all the set up, I’ve not found UAC to be too bad.  The only annoyance is that because I have adjusted my Visual Studio icon so that it runs as Admin (as recommended in the VS2005 on Vista guidelines on MSDN) when I start up Visual Studio I get the little warning checking that I want to run a process with admin rights.

    The rest of the stuff works fine.  Admitidly, I spend most of my time in the Java world where most of the applications are written to not need admin rights anyway – but so far so good.

  4. tzagotta says:

    Martin, did you notice that there is an option on that warning dialog to suppress it for future start-ups?

    Also, I decided to try not running VS2005 as admin, and I have found it not any less reliable. I do mostly C#/WinForms and MFC/C++ work. I do get occasional crashes in VS2005, but not any more than when I was running as admin.

Skip to main content