Microsoft Windows core OS folks get a bad rap for Vista and in particular, UAC dialogs. The UAC dialogs have been a source of great ridicule and humor; ads that I love watching even though I remain an ardent supporter of the UAC dialogs that produce the “allow or deny” messages.
I maintain that UAC dialogs are your friends and that Vista was a necessary step toward fixing some large issues planted into the operating system a decade earlier. In the post that follows, I lay out some compliments and throw some rocks, some rocks that are mostly deserved and I otherwise provide my view of why UAC dialogs have improved the Windows operating system.
The original mistake was Windows XP
When Microsoft made the move from Win Me to Windows XP for general purpose desktop operating system, they made a choice that user’s should be admins!
- This violates some core principles of computer science that say that “users are users and admins are admins, never shall the two get confused”.
I can’t find a good reference for that quote on the Internet, if you have one, please add to comments. The best approximation I can find is this one from Ghost Busters about “crossing the streams” and how “that would be bad” and even searching for that fine term on Google turns up only video game references and 5,000 dorkie remakes on youtube that don’t warrant a link from this blog. Back on track…
users are administrators? EXCUSE ME!
Windows NT 4.0 never made this mistake and Windows 2000 on a server side never made this mistake. Here, users are users and admins are admins. Yes, you COULD run your NT machine as an administrator, but doing this is not nearly as secure and reliable as running on a user privilege account. Most of the bit-head programmers hanging out in these spaces even understood this. BUT – Application compatibility is king.
With the Windows 9x based systems, there was no concept of users vs. admins; everyone is an admin all the time. It’s like DOS man, party on and do what ever you want to the computer! If it stops working, just reload!
With the release of Windows XP, Microsoft was in a pickle. Leave NT “users as users” and have a technically correct operating system where huge quantities of applications will not work, or go with “users are administrators” by default and have a far greater chance of actually running the 37 quadrillion applications that exist for the legacy OS, who depend on being administrators.
- They took option “2”. We can look back with the benefit of hindsight and suggest that it would have been better to have the 2 year Beta in 2002.
Enter Vista about 6 years later
Windows XP has been out for a very long time, is crazy successful – yet not too secure – and a high percentage of the “it’s not secure” problems, including lots of the massive rocks thrown at Internet Explorer are not because of the foundations of the OS, it’s because user’s are administrators!
The poor Microsoft folks that picked up this mess in a Vista time frame had to deal with the carnage! How to “fix” applications so they do not require admin rights?
Example – Forcing applications to change
At the Nord house, I was a big proponent of running User Privilege on XP. Let’s go back to the 2004 edition of Intuit Quicken. This program was still writing user configuration settings to the program installation directory (C:\QuickenW).
YOU CAN’T DO THAT!
Applications cannot write to program installation space at runtime; you just CAN’T and it’s supposed to be obvious; yet here’s a prime commercial application violating this core principle of programming. Bazaar, but there it is. To Intuit’s defense, they DID fix this. I tested the 2007 version and this was “all better”.
To fix the 2004 edition on Windows XP, I had to manually adjust the DACLs to grant full rights to the user account to the \Quickenw directory. Now the program, and I’ll add, all other programs, can write to the Quicken program space at runtime. Quicken can store it’s settings and I’m still on user privilege account! SUPER! ??
This was 2004 edition of Quicken and the XP OS has already been out for a couple years, yet the application was still executing Windows 95 style. If you’re not an administrator, the application flat out doesn’t work and this is less than ideal.
Is this an operating system incompatibility with history on Windows Me or is it an application deficiency when running on a multi-user operating system?
The Nord house and Quicken is just ONE example of a problem so vast, it was likely impossible to place it into scale inside the Windows core team at Microsoft. It must have made for some really lively debates on the best way to convert the world to user privilege.
If Microsoft switches to “users are users”, the sky will fall!
UAC dialogs change the equation. The UAC dialogs and the associated double identity tokens let the poorly written application run, but they also make sure the user knows that this application is doing things that will diminish the security and reliability of the machine. To force the change, Microsoft had to PISS SOME PEOPLE OFF, and with the release of Vista, they did.
Hey app vendor – you take the service call rather than me
UAC dialogs said a few things to users.
1) The application wants to do something that will make the machine insecure
2) If you say “okay”, I will run the insecure application as you instruct.
3) You should call the application vendor to get it fixed!
Notice “3”. This changed the monetary formula and the application vendors were now forced to recognize the cost of writing crappy software!
Vista still doesn’t get much love
Vista was out long enough to force many application vendors to fix their crap even if the adoption of Vista was pretty slow. The 2 year beta plan cleared the path for a more polite arrival of Windows 7. It is also true that many things in the operating system also made assumptions about being administrator.
- I should not have to be an administrator to see the calendar!
I congratulate the Windows core group – these were tough decisions to make and likely even tougher decisions to STICK WITH. They did and the result is Windows 7. The operating system improves, the applications improve, become much more reliable for multi-user execution and the resulting need for Application Isolation is reduced.
WHAT DID YOU JUST SAY
Yeah, that’s right. If the applications work in a “user privilege” and muli-user friendly fashion from the outset, there is less NEED to isolate the execution of the application, App Streaming style. I have seen this change over the last 5 years. There are far fewer commercial applications that NEED isolation to work correctly in a terminal services / XenApp world today than there used to be. I’m told by many admins to not worry, the back log of applications that do benefit from isolation is so huge that this problem will never go away, but it has improved and it has improved because of Vista.
Application Streaming value line has also changed as a result. In the beginning, isolation was king and just in time delivery was secondary. This has changed over time to where we isolate less and less with each version of App Streaming, while maintaining the ability to lock this down more agressively via settings in the profiler. The RADE aspects are now king to deliver applications to machines where the application does not otherwise exist and isolation is reduced to a necessary item to deliver the applications to machines where they are not installed. Yeah, we still solve DLL Hell, but this isn’t the primary motivator – largely thanks to Vista UAC Dialogs.
So, next time you see an admittedly funny Mac ad, also take a few minutes to thank the Microsoft folks that made the right decision to move the operating system to “users are users” and then had the stones to stick with it despite the bad press.
I’m a PC!
Citrix Systems Product Architect
XenApp Product Group – Fort Lauderdale, FL