Paul Thurrott's SuperSite for Windows
Home > Type > News > Microsoft backtracks on Windows 7 UAC, pretends it was all part of the plan

Microsoft backtracks on Windows 7 UAC, pretends it was all part of the plan

Feb. 5, 2009 Paul Thurrott | Paul Thurrott's Supersite for Windows

Sometimes you just gotta laugh. Otherwise, this stuff gets really frustrating.

Here's my beef.

I've complained for a while now that Microsoft has tested Windows 7 in secret, not allowing its tech beta participants, reviewers, and others via the public beta to actually impact the final product in any meaningful way. This is evidenced by the fact that Windows 7 features aren't provided to anyone outside of Microsoft until they are feature-complete and, thus, essentially completed. So all that's left for anyone outside of the inner sanctum to do is find bugs.

Why is this a problem? Because, as it turns out, Microsoft doesn't always have all the answers. And sometimes they make changes that are bad. And even though we outside of the company may have valid complaints, it doesn't matter. That feature you're so concerned about was set in stone months ago. By someone. Somewhere. We don't know how it happens. None of it is transparent.

Which brings us to this week's silliness over User Account Control (UAC).

Here's what happened:

1. Rafael and co. discuss what they feel is a very serious shortcoming in Windows 7's UAC feature.

2. Mary Jo Foley and the Windows blogosphere weigh in, with some wondering aloud whether Windows 7 will be "less secure than Windows Vista."

3. Microsoft tells everyone to back off (twice). Windows 7 UAC works exactly the way they planned it, and they're not changing a thing. They communicated this via a prepared statement. And then again in the Engineering 7 Blog.

4. Microsoft abruptly changes course, says they will change UAC.

But here's the kicker. Microsoft refuses to acknowledge that the complaints about UAC had anything to do with this decision. You see, these changes were planned all along.

LOL. Sure they were.

So here's my take: Not only are Microsoft very serious about not making any changes in Windows 7 after they're locked it down (i.e. handed out to the public in beta form) but now that they've been forced to make such a change, they can't even admit that it's happened.

First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics [Rafael discussed in his original complaint] and the like from working.

To summarize, from Microsoft's perspective (paraphrased for your convenience):

Bloggers and testers complained about a very specific issue in Windows 7. We told you it wasn't a problem. But we are fixing that very specific issue. And you had nothing to do with that change.

This is how small children behave.

So is this:

Windows 7 is too much fun and folks are having too much fun for us to be having the dialog we’re having. We hope this post allows us to get back to having fun!

Wow. And here I was thinking that having a dialog about important features in Windows was your fracking job.

By the way, Rafael Rivera has provided me with the following statement in the wake of this mess:

"I'm happy to hear of the changes upcoming in the public Windows 7 Release Candidate build. Regardless of the reasons, the increase in security is a win for all Microsoft Windows users."

Yeah. He's nicer than I am.

Discuss this Article 54

war59312
on Feb 5, 2009
People are over reacting about this big time. Seems most do not understand that UAC is NOT a security boundary. Yes it's a security feature but it is NOT a security boundary. Huge difference!!
Rasken
on Feb 5, 2009
The worst part is that once RC rolls around, the bloggers will probably be up in arms again because they feel UAC is too annoying. MS needs to have a prompt at install time that will ask users how secure they want to be any force everyone to set the slider then and there.
subzerohitman721
on Feb 5, 2009
It's great that the Windows 7 testers and bloggers stood up loudly and proudly to Microsoft and told them in one voice. "CHANGE THIS!" Finally, they did and we'll see it in the RC. Very cool that my voice and the voice of so many bloggers and testers were not ignored. Just keep running the UAC at the highest setting until we have the RC. Yes, Paul is right. Taking a step back it is hilarious. But in practicality, the UAC is a very important security feature, that Microsoft shouldn't treat lightly. I think Bryant's comments on Aero XP highlight this excellently. http://www.aeroxp.org/2009/02/the-real-issue-with-win7-uac/#more-798 It makes me feel good that in the end, we do have some say about Windows 7. We do have some sway with Microsoft, since ultimately if they didn't listen, there are alternatives out there both from Apple and any Linux distro. I also want to thank Paul, Mary Jo, Bryant, and others out there not just taking Microsoft's "No" for the final answer.
tayme
on Feb 5, 2009
"This is how small children behave." Hey, robertsjoe...where are you? Here's another thing that Microsoft copied Apple on...you should be pointing that out to us. --tayme
shark47
on Feb 5, 2009
"The worst part is that once RC rolls around, the bloggers will probably be up in arms again because they feel UAC is too annoying." I think that's why Microsoft has reacted this way. It's a touchy topic for them because whatever they do with UAC, it always seems to evoke an outcry from the blogger community. It's funny that with Vista, everyone hated UAC and now that they've tempered it in 7, people are craving for Vista's UAC. No, I'm not talking about the Long Zhengs and Rafaels. I'm talking about the people from Engadget, Gizmodo and other other such sites, who probably couldn't care less, but joined in the chorus, nevertheless, simply because they needed something at Microsoft to bash.
tayme
on Feb 5, 2009
@subzero - Very well put. I am guessing that millions clicked on the feedback link in 7 and sent messages about this. It is good that the user community was vocal enough to make a difference and good that Microsoft listened. --tayme
alamfour
on Feb 5, 2009
Paul, I think you put it nicelly and I whole heartedly agree. Good on Long Zhen and Rafeal for ensuring that Windows 7 will not be less secure than Vista. It was great to see that the blog community got behind this to. A positive result all round.
Waethorn
on Feb 5, 2009
Does this really matter? The shipping product is changing and that's the point of a beta and an RC. Paul, I think if anything, you're more off-base by claiming that the beta is somehow "done". The haven't announced many product edition feature specifics, Windows Welcome Center isn't finished, localization isn't even close to being done, and the deployment tools won't even be released until after the RTM, making early corporate deployment a no-go until that's complete. Why, Sysprep doesn't even roll back drivers with the Generalize option correctly. It's not done. Quit jones'n! ;)
Waethorn
on Feb 5, 2009
BTW Paul: It's supposed to be spelled "frak" because it's meant to be a four-letter "f"-word, like that other one....
Waethorn
on Feb 5, 2009
@alamfour: It would only be less secure than Vista if you lowered the slider below that of Vista's setting. Even with this fix, it will still mean trouble having it at the lower level by default....
Ocean
on Feb 5, 2009
>>He's nicer than I am<< And your headline is nicer than Mary Jo's about the same problem.
techboy2000
on Feb 5, 2009
The beta program worked beautifully. The Microsoft beta testers found a problem. Microsoft does not seem to understand the success. Microsoft's ridiculous response makes me question their management team's competence. Viva Rafael Rivera and Long Zheng.
alamfour
on Feb 5, 2009
@Waethorn It is less secure than Vista because the bar is lowered by default. An average user will not know how to change UAC to be more or less secure. The average user sites down in front of a PC to work or play not to tweak their system. This change insures that while UAC will be less annoying than Vista was it won't compromise security.
jonathanmarston
on Feb 5, 2009
I must say, Paul, I totally disagree with this post. The first change (making the UAC applet run as high integrity) very well could have already been in the works. Rafael already stated on his blog that "birdies" told him the rundll32.exe issue has already been taken care of in internal builds - changing the UAC applet is a similar change. Do you have any other inside information to suggest otherwise? You also claim that MS is not admitting that the feedback had anything to do with the changes, but what about this quote from the E7 blog? "The second change is due directly to the feedback we’re seeing." Seems like a pretty direct admission that they are reacting as a direct result of community feedback to me. Now, sure, there's a bit of PR-speak going in to that post, but what do you expect from a large corporation? Personally, I'm happy that Microsoft is actually taking user feedback this seriously. You may not be totally happy with how they've run the development process of Windows 7, but isn't this a step in the right direction from previous Windows releases?
shark47
on Feb 6, 2009
Paul, that was actually a well written post by Jon and Steven over at the Engineering Windows 7 blog. And jonathanmarston is right - they do credit users for at least one of the changes. The first one, they say, was a bug. in the UAC code. "The first change was a bug fix and we actually have a couple of others similar to that—this is a beta still, even if many of us are running it full time. The second change is due directly to the feedback we’re seeing." Now, you can either choose to believe them and enjoy the product or you can complain about how they're not givine bloggers their due. Your choice!
shark47
on Feb 6, 2009
Hopefully, we can all concentrate on the other hot topic now: the Windows 7 SKUs! (And of course, any topic that robertsjoe or --to a lesser extent-- Ocean deem worthy of discussion.)
vijju
on Feb 6, 2009
its nice to see that it reckons its mistakes LOL :) why dont you guys shift to linux atleast ......
Waethorn
on Feb 6, 2009
"This change insures that while UAC will be less annoying than Vista was it won't compromise security." Only security as far as the OS design. The user still won't understand the consequences of their actions. Vista did it right. I hope the OPK has options to change the default UAC level, because I intend to move it up. BTW: Has there been ANY news about Morro lately? I wonder if Mike's "consulting" job has to do with that.... I really think that the easiest option for Microsoft is to just take the existing Defender/Forefront Client Security UI, do a new colour scheme, rebrand it with a different logo, and just clean up the FCS agent installation routine (it's too complicated for the average Joe). Pretty simple. Oh, and FCS installs and works fine on the Windows 7 beta.
tayme
on Feb 6, 2009
@Waethorn - "I wonder if Mike's "consulting" job has to do with that...." No, he is working on some voice recognition stuff, I think... --tayme
tayme
on Feb 6, 2009
@Waethorn - You are right...until users learn to understand what they are answering "Yes" to, that there will still be issues. Until users learn to use safe browsing habits...like staying away from P O R N sites, there will still be issues. As long as the mosquitos are still out there and people don't use Deep Woods Off, they will still get bitten and some will get malaria...regardless of if they are wearing long sleeves(Windows) or short sleeves(OS X/Linux). --tayme
yert
on Feb 6, 2009
@Waethorn: Actually it is "frack" not "frak" as the word Paul is using is from a television show that called Battlestar Galactica.
Waethorn
on Feb 6, 2009
"You are right...until users learn to understand what they are answering "Yes" to, that there will still be issues." Some people ask me "why is Vista so annoying?". When I explain UAC to them, they understand it. "More annoying" = more secure IMO. Microsoft still maintains that as a security best practise, no user should run day-to-day as an admin. In that scenario, UAC is ideal, and Windows works just like *nix. Also, I'm glad that they changed the behaviour of SBS 2008 so that users don't have to be local admins anymore. That was a big problem. Now user permissions work as they should. Now let's take away more users' civil liberties!!! :P
Waethorn
on Feb 6, 2009
"Actually it is "frack" not "frak" as the word Paul is using is from a television show that called Battlestar Galactica." If you mean the old one, I have no idea, but for the new show, the producers have already stated that it is supposed to be a "four-letter f-word". http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2008/09/02/entertainmen...
Victek
on Feb 6, 2009
It appears that Microsoft is suffering from a chronic infection with the malware identified as: "W32_gBushMistakeIncapable.A After an eight year exposure it is no longer possible to perceive, let alone admit, mistakes....:-)
shark47
on Feb 6, 2009
"And your headline is nicer than Mary Jo's about the same problem." Umm, not really: http://blogs.zdnet.com/microsoft/?p=1930 In fact, she has better words for Microsoft than Paul does: "Kudos to the Windows brass for showing that the Windows beta process isn’t just for show. And kudos to Long Zheng and Rafael Rivera for keeping the pressure on the Windows team to do the right thing." :-)
tayme
on Feb 6, 2009
"W32_gBushMistakeIncapable.A" That sounds like the new one that is out there - W32_bObamaChangeNotHappenning.A It enters your system promising that it is going to change things for the better and not just use the same old tactics as in the past...then starts appointing old malware like Melissa and Slammer to do the dirty work. --tayme
kenmcnamee
on Feb 6, 2009
W32_gBushMistakeIncapable.A, W32_bObamaChangeNotHappenning.A Ugh, they're both just derivatives of the W32_AllPoliticiansSuck.A trojan that is far more dangerous and pervasive.
tayme
on Feb 6, 2009
@kenmcnamee - So true!!! --tayme
shark47
on Feb 6, 2009
@kenmcnamee: That was funny... and true. :-)
Waethorn
on Feb 6, 2009
"W32_gBushMistakeIncapable.A" That sounds like this one: OSX_AppleCanDoNoWrong.A and the follow up: OSX_ItsNotApplesFaultYouHaveNoProtectionAgainstMe.B
Ocean
on Feb 6, 2009
Why are we bashing Apple?
reddragon72
on Feb 6, 2009
are you surprised at all by this??? look at what MS just did to the Xbox 360, they broke it with there HDMI update on Tuesday and now 360's everywhere are either RROD or like mine the HDMI just doesn't work anymore and I'm forced to use the component cables. everyone on multiple forums are complaining about it including myself and calling and MS is saying that they will fix it for 99 bucks!! total BS I have never had an issue with my 360 and now after the Tuesday patch my HDMI is broke!! MS is the biggest bunch of backtracking lieing people I have ever seen!
Ocean
on Feb 6, 2009
Ars ran a post claiming that Windows 7 was going to go for $200... They've now retracted it. I wonder if they felt some pressure from MS... Here is what they said: http://lifehacker.com/5148157/windows-7-pricing-starts-at-200
chuckb84
on Feb 6, 2009
"That sounds like this one: OSX_AppleCanDoNoWrong.A and the follow up: OSX_ItsNotApplesFaultYouHaveNoProtectionAgainstMe.B" Geez. These "OSX is just as insecure as Windows" claims are really interesting in that they avoid a little thing that we call "data". There are no, none, zero, zilch, nada, null, bupkus, examples of any propagating worm, virus or malware for OSX in the wild, period, ever. Such things infest Windows computers in the millions, Macs none at all. Note well: "In the wild" and "propagating". These are two terms that make a security issue of any sort MATTER. This may come to OSX someday, but in 10 years there are no examples. There are---of course---examples human engineering trickery that get people to type in their admin password. There are numerous "theoretical vulnerabilities", there are controlled contests "pwn this Mac", but no examples at all, ever, anywhere or at any time in the history of OSX of the "in the wild propagating" strain.....the only one that matters. So the real threat is the Win_FUDSinceWeHaveNothingUsefulToSay.A
tayme
on Feb 6, 2009
@chuckb84 - Actually, the real threat is the lack of speed in which Apple has responded to vulnerabilities. They have a track record that is well documented and have not improved on it. One day, if the OS X user community, which I am part of, does not use safe browsing, firewall, and other safegaurds, it will bite them in the A S S. Myself, I'm not worried...I am covered. I know plenty of OS X users that and have read the opinion of others, even here on this Windows centric site, that say they don't need any of that...it don't matter. Go ahead and be complacent about security...eventually it will get back at you. --tayme
Waethorn
on Feb 6, 2009
"There are no, none, zero, zilch, nada, null, bupkus, examples of any propagating worm, virus or malware for OSX in the wild, period, ever." Then you're not looking too hard. Two were released in the last two weeks.
shark47
on Feb 6, 2009
"Ars ran a post claiming that Windows 7 was going to go for $200..." Oooh, may I start a rumor too? Please? I've heard from my sources within the company that Windows 7 cases will be plated with 7 kt gold. And Starter will cost $950 and not $200. My sources are more reliable than Ars' sources.
Ocean
on Feb 6, 2009
>>Oooh, may I start a rumor too? Please? I've heard from my sources within the company that Windows 7 cases will be plated with 7 kt gold. << This isn't credible. The Ars stuff *could* be true.
Ocean
on Feb 6, 2009
This comment makes some sense: http://lifehacker.com/5148157/windows-7-pricing-starts-at-200#c10566766 Windows Vista Ultimate with SP1 from Amazon, $234.99: [www.amazon.com] List price: $339.99 - Windows 7 Ultimate from ARS Technica rumor mill,\ $319: Probable street price for W7 Ultimate: ~$220 - The ARS Technica prices seem to be in line with how Microsoft prices Vista.
shark47
on Feb 6, 2009
"This isn't credible. The Ars stuff *could* be true. " Oh, yes. If I had been anonymous, maybe my statement would've been credible. http://arstechnica.com/microsoft/news/2009/02/rumor-pricing-for-the-wind... "Update: Upon further reflection, we regret posting this rumor. The source was anonymous and not one of our usual, trusted tipsters." So, stop being silly Ocean.
shark47
on Feb 6, 2009
" The ARS Technica prices seem to be in line with how Microsoft prices Vista. " That's the whole idea. When you want to start a rumor, make sure it's at least believable. Send it to enough rumor crazy sites and maybe one of them will publish it.
Ocean
on Feb 6, 2009
Ars is no rumor site...and they put the post back out there. They un-retracted their retraction. http://arstechnica.com/microsoft/news/2009/02/rumor-pricing-for-the-wind...
Waethorn
on Feb 6, 2009
....in other news: Steve Wozniak just married Linus Torvalds in California in the first-ever Segway marriage. IBM is broadcasting it in RealVideo G2 format via OpenSolaris on Hyper-V Server R2 beta on their new DeepAK WOPR-a system. Ok, it's on the intertubes. It must be true!
Ocean
on Feb 6, 2009
>>Steve Wozniak just married Linus Torvalds << Nope. According to the same intertubes: Steve: Spouse(s) Alice Robertson (1976-1980) Candice Clark (1981-1987) Suzanne Mulkern (1990-2004) Janet Hill (2008-***************Present******************) Linus: Spouse(s) Tove Torvalds
robertsjoe
on Feb 6, 2009
Some detailed information about Microsoft copying Apple's Dock. Including Microsoft's numerous infringements on Apple's patent. http://www.appleinsider.com/articles/09/02/06/exploring_windows_7_on_the...
Waethorn
on Feb 6, 2009
@Ocean: I never said they were divorced. Polygamy is legal in the state of California after all. robertsjoe is their love-child too.
tayme
on Feb 6, 2009
School must have let out early today for some reason... --tayme
Ocean
on Feb 6, 2009
>>robertsjoe is their love-child too.<< Interesting. Which gave birth?
shark47
on Feb 6, 2009
"@Ocean: I never said they were divorced. Polygamy is legal in the state of California after all. robertsjoe is their love-child too." :-) Ocean is right though. When there's conflicting information on the net, which is often the case, go with the one that supports your image of the individual / company in question. So, if you're Ocean or robertsjoe, all pro-Microsoft news is made up.
Waethorn
on Feb 6, 2009
"Which gave birth?" He was stillborn.

Please or Register to post comments.

Related Articles

IT/Dev Connections

Las Vegas
September 30th - October 4th

Paul ThurottYou'll have the opportunity to experience:
• 120 Technical
Sessions
• Networking with Peers
• Expert Speakers


Come See Paul Thurrott & Mary Jo Foley in Person!

Register Now

Office 365 InfoCenter

Get the latest insight and info from Paul

Read Now!

What I Use
Apr. 18, 2013
Article

What I Use: On the Road 21

Every so often, I publish an updated version of my “What I Use” document, which details the technology products and services I actually use day-to-day. Since I’m currently on my third business trip in five weeks, this is perhaps an ideal time to discuss the technology products I rely on when I travel and a few related points....More
Mar. 6, 2013
Article

What I Use: March 2013 33

Lots of changes since November, including a new PC-based home server running Windows 8, several new smart phones, new PCs and tablets, new cloud backup, Office 365 Home Premium and a nice doubling of my Internet speeds courtesy of Verizon FIOS....More
WinSuperSite.com
Related Penton Sites
Copyright © 2013 Penton Media, Inc