WINDOWS 7 UAC AND DIALOG BLINDNESS

win7-uac2

User Account Control (UAC) was introduced in Vista to make it harder for bad guys to write software that could take over your computer. By default, its volume has been turned down in Windows 7. Here’s some background about why you might want to turn it up again on your new computer.

At all times, your computer keeps track of how powerful you are. Earlier versions of Windows assumed you were always an administrator and anything you chose to do should always be obeyed, including installing programs and making changes to the computer.

supermanmouse That turned out to be an opening for the bad guys, since the computer stood by to do anything that looked like you started it. If you clicked OK to run a program from a malicious web site, that program could proceed immediately to take down your computer. You started it and you’re Superman, right? Over time, the bad guys got better at running programs without your knowledge when you visited a hacked web site or opened an infected file, and those programs also picked up your credentials as Superman.

In Vista, you’re not Superman most of the time. The computer thinks your powers are pretty limited. If you want to do something that requires Superman powers – install a new program or change a Windows feature – the process is halted in its tracks until you acknowledge that you intend to be Superman by clicking “Allow” an extra time. The screen goes grey to dramatize the seriousness of what you’re doing.

UAC provides a crucial extra level of protection. Something that starts without your knowledge cannot get very far without calling attention to itself. Last year one laboratory was testing security software for its protection against rootkits. They had to disable UAC on Vista because it stopped the rootkits dead before the security software ever had a chance to fail.

Most of the time we only see a UAC prompt when we’re doing something on purpose and the extra click seems unnecessary. Many people wished that there were fewer UAC prompts. Some of those people became enraged and irrational and complained – oh god, did they complain – that Vista was ruined by nagging UAC prompts. A recent summary (and this is by a friendly writer):

“The User Account Control (UAC) experience under Vista was a little like being shot in the face with a shotgun filled with dialog boxes. A single simple action could unleash a barrage of warnings that left many users feeling confused, bewildered and angry.”

I never understood the complaints, personally. (“If you turn off User Account Control and complain about how oh so annoying boo hoo it is to have to click OK an extra time, I have little sympathy.”) After the first couple of weeks of setting up a computer, UAC prompts rarely come up for most people. Personally, I want the extra chance to stop a program written by some Lithuanian teenage hacker that’s trying to sneak onto my computer.

malware_warning The real problem is that UAC only protects you if you pay attention to what it’s asking, and most people develop “dialog blindness.” After a while the UAC window is essentially ignored because the conditioned reflex is to click Allow whenever it appears.

Microsoft was stung by the criticism of UAC so it turned down its effectiveness in Windows 7. The default setting for UAC in Windows 7 allows many actions to go forward without bringing up a UAC prompt, essentially letting you become Superman without double-checking to make sure. Roughly, if you initiate an action – by clicking a button in Control Panel, for example – Windows 7 elevates your privileges automatically. If the action is software-initiated, Windows 7 displays a UAC prompt.

That’s not a bad compromise but it leaves some openings for clever bad guys. There was a controversy when Windows 7 was being developed about how big a hole had been left open. Recently researchers at Sophos found that they could readily sneak malware past the Windows 7 UAC without generating prompts. Their conclusions look unnecessarily alarming to me; it’s not a coincidence that they conclude that Windows 7 users desperately need to run Sophos antivirus software on their computers.

If you’re not threatened by an extra button-push once in a while, though, the point is well-taken. There is a slider in Windows 7 that can raise UAC back to the Vista level of watchfulness. As one Microsoft developer put it:

Now, my friend Crispin would prefer a different UI metaphor than a slider – he’d like to see a pair of pants – the further down you pull the slider, the further down your pants are while you’re computing. I actually think that’s a really good analogy.

I’m pulling the UAC slider up to the top on every Windows 7 computer I see. Look for it in Control Panel under “System and Security” and pull up your pants!

win7-uac