Why I Still Avoid Windows Vista’s UAC

This entry was posted on Nov 22 2008 by Samuel

I remember beta testing Windows 95 when it was code-named Chicago. Back then, I was running MS DOS 6.22 and running Microsoft Windows for Workgroups 3.11. I also beta tested numerous versions of Windows 98 when it was codenamed Memphis, Windows 2000, Windows XP, which brings us to this century where I beta tested so many versions of Microsoft Windows Vista (or, Longhorn) that I can’t even recall. I watched as Microsoft scrambled to try to meet the security disaster that were plaguing Windows XP. Some of you may not recall, but Windows XP was such a disaster in terms of security that it was rare to find a computer running a default copy of Windows XP, without a ridiculous infestation of spyware of some kind.

Back in the DOS days, I rarely used Windows 3.11 for hardly anything. I would use DOS to copy files, defragment my computer, browse BBSs, send e-mails, write batch scripts, just about everything. In fact, even when I switched over to using Windows more often I would still go back to DOS to do simple copy commands because it was easier for me to just write out the commands longhand. I used a hex editor to check executables for viruses because I didn’t have any antivirus software at the time. I guess my point is that Microsoft has had more than enough time to make a working security model for Windows.

The fact that they missed that opportunity, decided on UAC (User Account Control), made updates in service pack 1 (SP1) for Vista, and it still prompts me every single time I uninstall a program despite the fact that I may have uninstall the program dozens of times… is absurd. Why is there no option for me to check a box labeled simply “do not prompt me again.”? The lack of such a checkbox is what drives me to completely disable UAC.

For those of you who don’t know, to disable UAC simply open up the control panel type “UAC” in the upper right search box, click “Initial Turn User Account Control On or Off” uncheck the box and press OK, then reboot.

I read numerous articles by Paul Thurrott telling me to keep UAC enabled because it’s far more secure. I agree. It is more secure for a variety of reasons that operate under the hood, but I just can’t bring myself to do it. Simply the fact that Windows Vista comes with Windows Defender in many ways makes Windows so much more secure than XP particularly when combined with powerful anti-virus such as a Avast! That it seems unnecessary to piss off end users with UAC.

Obviously, on Microsoft’s decision to have every single user treated as a default administrator in Windows XP was a catastrophe. I know that I’m writing this article a little bit late, given that Microsoft is about to release Windows 7 in short order and they intend to fix UAC dramatically. However, I felt it necessary to explain why I still refuse to enable UAC on my computers.

Initially, I was very excited about UAC. Microsoft promised again and again (SP1 articles, but you get the idea) to make UAC less intrusive and less irritating in general. At the time of launch, however, it was still prompting far too frequently. None of this morning, in any way, is going to affect the type of people who actually need to be warned of their stupidity. The above linked articles discuss SP1, but it’s essentially the same thing, Microsoft said it before launch, and they said it again before SP1… it still pisses me off.

Simply put, UAC is a nice gesture and in some ways an improvement, but I just don’t see how it can practically prevent anything more than antivirus and anti-spyware solutions already provide. That is to say, I cannot imagine anybody actually clicking cancel and preventing something from loading. I just don’t expect the average computer user to know what should and should not be running. Isn’t that how Norton has gotten away with making millions off of people not knowing anything better? Average computer users don’t know what should be allowed to run, it is the job of anti-spyware and antivirus to figure this out for the average computer user. I was happy to hear that Microsoft has announced that they intend to offer free antivirus software (codename: “Morro”) for this exact reason. Maybe this will have the added benefit of finally getting rid of Symantec once and for all. Good riddance.

I get particularly bothered when UAC prompts me for things like disk defragmenter. How on earth can the disk defragmenter possibly have any sort of adverse effect on the entire system? What sort of malicious software would ever want to launch the disk defragmenter? And, if so, and worst-case scenario the disk defragmenter were maliciously launched, then what?

If you can think of any time that UAC has actually helped you prevent anything bad from happening, please let me know.

Related software: TweakUAC.

As always, e-mail or comment with questions.

9 Responses to “Why I Still Avoid Windows Vista’s UAC”

  1. I usually do not comment on blog posts but I found this quite interesting, so here goes. Thanks! Regards, P.

  2. Amazing stuff thanx :)

  3. It just don’t make sense to me, plain damn weird…

  4. thanks !! very helpful post!

  5. You are really great in providing stories! Thank you!

  6. ohhh nice info

  7. WoW:)

  8. Samuel,
    As always, great article. ^^
    I found something that might be of interest to you. There are third-party programs that change how often User Account Control notifies you. One such program is Norton UAC. While I haven’t tried it myself, it does look promising.
    Also, in Windows Vista, the frequency of UAC notifications can be changed via Local Security Policy.

    I probably don’t need to tell you that (as you most likely already know), but it may help someone who sees this post.
    Thank you!

  9. I once looked into those alternatives. You know what, though? I discovered that it is easier to just deal with a malware incident than with incessant UAC prompts since they do very little to stop an infestation anyway. An end user would need to understand what they’re doing in order to benefit from UAC. It’s nice in theory, but in practice it just doesn’t do much good. It’s still the first thing I disable on Windows Vista and Windows 7 — right along with taskbar grouping. :)

Post a Comment