Tuesday, December 05, 2006

I need your permission to continue.

I've spent a few days now with Windows Vista (Ultimate). It is the ultimate many things, but I sure hope that it's not the ultimate operating system. In a way it seems to me that Vista is sort of like a really shallow, hot girlfriend - You have to pay her lots of attention, work hard constantly to keep her happy and in return, she looks gorgeous and drives you absolutely insane with her stupidity and nagging...

I'm talking particularly about User Account Control. This one single 'feature' has the potential to make people throw their machines across the room in all their shiny transparent aero glory. Essentially, the way it works is this: anytime you do anything that could possibly affect the configuration of your computer, Windows prompts you to enter your username and password again, to confirm that you really meant for the action to occur.

This may seem like a cool idea. I understand the point. The theory goes that no nasty virus or spyware will ever be able to do anything mean or nasty, without the user knowing. But, it seems to me, that in this case, as in many things, that Microsoft's heart is bigger than it's brain...

Things that trigger a UAC event include: installing software, re-configuring software, starting a program, saving files (to certain locations), connecting anything to the Internet, starting a windows service, opening a management console, renaming certain files - In short, pretty much everything.

You know, configuring my new OS today(as a local administrator), I think I must have typed my username and password over one hundred times. If a malicious or evil program had somehow been one of those 100 times, would I have typed it in? Chances are, I probably would have. Hell, after about the first 5 UAC events, I was ready to give my username and password to any stupid dialog that popped up and asked. I mean, occasionally I found myself just typing it randomly into e-mails, out of habit...

It reminds me of a story Paula was telling about an organization making a password policy so complex, that users were forced to write passwords down on sticky notes and stick them to their monitors. It devalues the whole thing. My password has been commoditized. It's nearly worthless to me.

So, UAC doesn't solve the problem that it was built to solve - it actually makes it worse. If users aren't prepared to get a whole lot looser with their passwords, then they won't be able to install anything, or make windows perform properly. Either way, it will drive users around the twist. (There were some really choice swear-words coming out of my cube today. )

Sure, you can turn UAC off. But in what may be the 'ultimate' irony, if you do, Windows helpfully nags you constantly to turn it back on!

No comments:

Post a Comment