- FTC targets prerecorded telemarketing drivel
- 16 hot roles for IT pros
- Securing SSLVPN with client certificates
- 13 desktop-virtualization tools
- 10 must-have virtualization tools
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Bowing to criticism, Microsoft plans to modify a key new security feature in its upcoming Windows Vista operating system to make it less cumbersome for users.
The current implementation of the User Account Control (UAC) feature in Vista triggers too many pop-up boxes, requiring users to click on them to confirm things as simple as running regular programs, Steve Hiskey, lead program manager for User Account Control in Microsoft's Windows Security Core group, acknowledged in his blog on the MSDN Web site.
According to the June 1 blog, Hiskey said that the next beta release of Windows Vista, Release Candidate 1 (RC1), will reduce the number of security prompts users will face by creating safe scenarios for Standard User accounts. Microsoft will also create fixes, called "shims," for applications that don't easily run as a standard user.
Vista RC1, originally set for mid-July, is now slated for Aug. 25.
Microsoft officials did not return calls seeking comment Wednesday.
Current versions of Windows, including Windows XP, grant logged-in users full administrator rights over all software and processes by default.
By contrast, operating systems considered more secure, such as Linux, tend to have users and software running at a "nonroot" level, meaning that malware or hackers that successfully take over some application or process are hemmed in and can't do as much damage.
UAC was designed to reduce the ability of hackers and malware to take control of systems by forcing users to confirm that they intended to perform key administrative tasks. But the current implementation evidently not only "annoyed" users, said Michael Gartenberg, an analyst at Jupiter Research, but it also likely caused them to start clicking "yes" on prompts without reading them.
"If you have too many locks on the front door, after a while, you may eventually stop using them," he said.
Gartenberg said that Microsoft's strategy in Beta 2 was likely to "make things as locked down as secure, and then figure out in what areas they could tone it down. It's better to do it this way than to do it in reverse."
"Microsoft was going to get flack no matter which way they approached it," he said. "Part of being Microsoft is that you get flack."
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment