ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Microsoft: Users confused by Vista UAC prompts Video icon

Munir Kotadia and Liam Tung ZDNet Australia

Published: 23 May 2008 10:13 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Scott Charney, head of trustworthy computing at Microsoft, admitted this week that Windows Vista's User Account Control prompts are not intuitive and confuse users.

In a video interview with ZDNet.com.au at the AusCERT2008 conference this week, Charney said Microsoft needs to make improvements around User Account Control (UAC).

"Clearly there is work that has to be done around the UAC prompts — in part because of user feedback that they get the prompts at times they don't necessarily expect them and it is not intuitive," said Charney.

"If you give people too many prompts in too many situations, they view it as an impediment to getting their work done and they just start clicking 'OK' on everything," Charney added.

He said that the language used in prompts is also confusing.

"We give them dialogues and prompts that don't help them make the right decision as often as we would like. You can be surfing the web and get a warning that this site is out of another site's control, or you may be passing data to another site. What is a user supposed to do with that information?," said Charney.

"You can click 'cancel' and not do what you were trying to do, or you can accept the risk. We need to figure out better ways to mitigate that risk but let the user achieve their objective," he added.

Charney's comments echo those of Ivan Krstić, the former director of security architecture for the One Laptop per Child project, who opened last year's AusCERT conference by claiming that desktop security was completely broken.

In an interview with ZDNet.com.au at last year's conference, Krstić said: "If you go to a website whose security certificate is, for any reason, not checking out, you get a dialogue box that you [require] strong internet security [skills] to decipher," he said. "For anyone else, they get to do a random guess between 'yes', 'no' and 'cancel'. That's no way to protect anyone," he added.

Krstić said software vendors were "weaselling off responsibility for security to users" in order to "legally protect themselves".

Credit: Microsoft admits Vista UAC prompts 'need work' from ZDNet Australia

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
10 out of 13 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Digital Agency Account Manager

Sales Support Engineer - Optical Fibre

Senior Support Analyst (Desktop Support)

Sentry Posts Blog

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers