Last year I wrote a post about why Vista UAC is a Good Thing, but also that because of its intrusive approach many users will turn it off. In that post I wrote:
The problem is that any security measure is only worthwhile if it is actually used. And such measures only get used if they are not too much of a pain. How useful would car safety-belts be if they were so tight that nobody could buckle up and still be able to breath? UAC is sort of like that over-tight safety-belt.
A recent report on Ars Technica from the RSA 2008 confab in San Francisco indicates that Microsoft made this safety-belt too tight by design. At that conference Microsoft’s David Cross said: “The reason we put UAC into the platform was to annoy users. I’m serious,”. The idea was, apparently, that these annoyed users would put pressure on software vendors (ISVs) to fix their products so that they would run properly in more restricted environments.
While this is the first time I’ve seen Microsoft publicly admit this design goal, it does not surprise me. In fact, I had written about this three months ago in a comment on the excellent 4SYSOPS website (a site dedicated to Windows administrators). Michael Pietroforte who runs 4SYSOPS responded to my comment, and his response is indicative of the problem with Microsoft’s approach. Michael wrote:
Dan, I think you are right. Maybe the strategy to get on the nerves of users in order to educate developers was not really a good one.