beautiful technology

Why Windows Vista's Privilege Escalation Fails Aug 14 2008

There’s no question that Microsoft Vista’s User Access Control System fails in its principle goal (which is presumably to make users think twice before installing suspicious or unfamiliar software on their computers).

Why it fails isn’t quite so obvious. It’s not just because the message popup is annoying and a little vague, although those certainly contribute.

If you started this program, please continue.

Really? My own computer doesn’t know whether I started a program or not? FAIL. “A program needs my permission” to do what? FAIL.

No, the real reason this design fails is that it prompts far too often. During program installs I ran today, I was prompted with nearly identical dialogs 5 or 6 times!! You get prompts at the start of every installer script (some applications have many parts, which results in many prompts), then you get prompts every time an application wants to perform new types of protected operations.

By the time I’ve installed the basic collection of software on my machine, I’ve clicked Continue so many times that it’s a programmed response. I’m likely to hit Continue out of habit every time I see the window. It would be far more secure to present a single information dense dialog (so each one looks unique) that gave the installer free reign once approved.

It may sound absurd that making the thing less restrictive would make it more secure, but I’m confident that that’s the case here. The user is the weak link in this process, but pestering and annoying tend to be poor ways to encourage a change in behavior… at least for most people.

Now, in fairness, my issue may be better raised with the installer code developers because the API likely supports multiple privileged operations to be performed after a single UAC prompt. I don’t think this sufficiently answers the issue, though. On Mac OSX Leopard, I’ve never, ever been prompted more than once for Administrator approval during a software installation. Microsoft could learn a lot from Apple on this particular issue. Apple has done an excellent job of creating a developer community that values seamless, friendly user interactions. Microsoft seems to encourage the something entirely different.