of dialogue boxes that can be curtailed only by rebooting, says Paul Thurrott, news editor of Windows IT Pro magazine.
"Microsoft completely botched UAC," Thurrott says. "It's almost criminal in its insidiousness."
Microsoft counters that refinements are being continually made. "The final product will be very usable and have a good balance of security," says Windows senior product manager Alex Heaton.
Once scheduled to arrive in 2004, Vista has been beset by delays, the latest nudging its public launch from fall to early 2007. Vista improves on Windows XP; it is the cornerstone of the software giant's push to extend its products deeper into the workplace and home. Yet Microsoft has struggled to infuse Vista with tighter security, partly because of a decision to let older software applications run on it, says Michael Cherry, tech security analyst at Directions on Microsoft.
Most Windows applications are written to take advantage of the fact that the operating system treats users as "system administrators" with carte blanche to alter basic system configurations. Trouble is, this has opened the door for cybercrooks to infect Windows with malicious programs that steal data and use infected PCs to carry out cyberfraud.
Microsoft should have set stricter parameters for Vista, Cherry says. But it hasn't required software developers to retool system administrator access.
Instead, it devised workarounds. The result: UAC's labyrinth of dialogue boxes. "Windows historically has been wide open," says Andrew Jaquith, senior analyst at the Yankee Group. "By trying to restrict what people can do, it's going to cause a lot of pain."
Security experts worry that Vista users will dismiss the dialogue boxes, clicking through them rapidly and undermining any security benefit. Or they will figure out how to turn off UAC. "Consumers, sadly, are probably going to disable it," Thurrott says. |
