UAC is like fine wine — The Blog of Justice

Hello there! If you are new here, you might want to subscribe to the RSS feed for more posts like this one.
If you use Google Reader: Click Here.

User Account Control, or UAC, is Microsoft’s solution to the “Always Admin” problem in XP. Most unix guys deride Windows XP because it has the user run as root (aka Administrator) by default. Running as Administrator means that if you get infected with spyware/viruses, the whole computer is pretty much infected. The reason for running as administrator by default is historical: Windows 9x had basically no multi-user separation, everyone was an admin. As a result, programs written for Windows 9x assumed they had write privileges to every file on the system, including files in system32 and their own directory in Program Files. If Windows XP suddenly had users running under limited accounts, 99% of windows 9x software would immediately break when run on XP. And unlike Apple, Microsoft makes backwards compatibility one of their most important priorities (for better or worse).

Fast forward about a decade to Windows Vista. Security is (and will forever be) a huge concern in operating system design. Running as administrator is no longer a viable option. However, backward compatibility is just as important as ever before. The solution, in the form of UAC, is to prompt the user every time administrator privileges are required. This allows users to continue to run as administrators, but selectively elevate their privilege level when needed in order to perform administrative tasks (such as installing programs). Every time elevation is required, the screen grays out, forcing the user to select whether they want to approve or deny.

From a user interface perspective, this really kind of stinks. Apple derides UAC in their Mac vs. PC advertisements (which is interesting, since OSX has a similar elevation mechanism I’m told). The problem is that admin privileges are simply needed too often. You need admin privileges to install applications, change system settings, but also 90% of legacy applications require admin privileges to run properly. Vista alleviates some of this to a certain extent by virtualization of the filesystem and the registry to give legacy applications the illusion of running as Administrator. However, there are plenty of programs that this doesn’t work for.

Fortunately, this is really a temporary problem. Any application written after the introduction of Vista, even if written to run on XP, will be written with the assumption that “I am not running as administrator”. This is fantastic, because new programs will be written to play nice on a limited account, and so will never need to request elevation. In other words, no more UAC prompts!

UAC is like fine wine, it only gets better with age.