Categories
Uncategorized

Jon DeVaan provides an update on UAC and security in Windows 7… and switches banks

As I updated on Twitter (OK, "tweeted"), Jon DeVaan posted a new entry on our Engineering Windows 7 blog with regards to the UAC feedback we’ve been receiving. (The post is also available via http://tinyurl.com/uacupdate.)

Most of our work finishing Windows 7 is focused on responding to feedback. The UAC feedback is interesting on a few dimensions of engineering decision making process. I thought that exploring those dimensions would make for an interesting e7 blog entry. This is our third discussion about UAC and for those interested in the evolution of the feature in Windows it is worth seeing the two previous posts (post #1 and post #2) and also reading the comments from many of you.

UAC is one of those features that has a broad spectrum of viewpoints with advocates staking out both “ends” of the spectrum as well as all points in between, and often doing so rather stridently. In this case we might represent the ends of the spectrum as “security” on one end and “usability” on the other. Of course, this is not in reality a bi-polar issue. There is a spectrum of perfectly viable design points in between. Security experts around the world have lived with this basic tension forever, and there have certainly been systems designed to be so secure that they are secure from the people who are supposed to benefit from them. A personal example I have, is that my bank recently changed the security regimen on its online banking site. It is so convoluted I am switching banks. Seriously!

More after the jump. Enjoy.

Update, 3:00PM: Today, Jon and Steven posted a follow up in order "to get both the blog right and the feature right."

"We don’t like where we are in terms of how folks are feeling and we don’t feel good – Windows 7 is too much fun and folks are having too much fun for us to be having the dialog we’re having. We hope this post allows us to get back to having fun!

"To start we’ll just show representative comments from the spectrum of feedback. We’ll then talk about the changes we’re making and also make sure we’re all on the same page regarding how we move forward.

"With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation."

Listen and Respond much?

Tags: Microsoft, customer support.

Delicious Bookmark this on Delicious  Bookmark and Share

http://tinyurl.com/Win7UAC2

One reply on “Jon DeVaan provides an update on UAC and security in Windows 7… and switches banks”

Comments are closed.