Sunday, October 12, 2008

Symantec’s Vista User Account Control Tool – UAC done right

UAC is a feature of Vista that I long ago learned to dislike. Recently, I’ve been playing around a bit with Symantec’s Vista User Account Control tool. Currently in beta (and available for a free download), this effectively replaces Vista’s UAC tool so as to both make your system more secure and to improve the user friendliness.

UAC, as a concept, is a great idea. In most case, you really don’t need high privileges to do most day to day jobs. Of course, it depends on your job, but for most of the folks out there for whom their PC is just a business tool, UAC makes sense. While the concept is great, the implementation by Microsoft is so awful that many users (myself included) have just simply turned it off. I recognise the risk – but I do enough “privileged” things that UAC was more of a hindrance than a help. Like a lot of IT Pros that know better what they are doing than some mindless individual back at Redmond, I just said no to UAC.

Symantec’s tool, on the other hand, offers some nice features that would make UAC tolerable for many – it’s about good enough that I might actually buy it for my home machines. You can compare Vista and Symantec’s UAC fea\ture over on the ZD site:

The key feature that, for me, makes Symantec’s product acceptable (and MS’s version so unacceptable) is the “Don’t ask me again” feature – it stops the UAC prompt coming up when you repeatedly do things (that would otherwise trigger UAC). If you are constantly doing some action that UAC doesn’t like – Vista prompts you each time, and there’s no way around it. In other words, Symantec’s UAC learns what is ‘normal’ and simply prompts less – making the prompts that do come up more useful in the long term.

The Symantec tool also provides more information about what triggered the alert. The way MS has implemented it, most users just get conditioned to click Yes and to allow the action. ALl in all, with Symantec’s tool, users can make more informed decisions on those few(er) occasions when they get nagged and are less conditioned to just click Yes!

The product is currently in beta. One aspect to be aware of is that the beta will send information back to their labs about the tool’s usage. A FAQ on the Symantec web site says this information “contains file name and file hashes for the EXE that caused the prompt and the EXE that is to be the recipient of the elevated privileges. In addition, the meta information contains file name and file hashes for DLLs that were active in either of the two EXEs, response information (what option did the user choose, how quickly, and did they choose "do not ask me again"), and date/time info.

So well done Symantec! Hopefully MS will try to catch up in this area in time for Windows 8. In the mean time, if you like the UAC concept but hate how MS have done it – take a look at Symantec’s offereing.

Technorati Tags: ,,

No comments: