“There have been some comments on the blog recently suggesting that the UAC dialog boxes in Windows Vista are not accessible and I just wanted to clear up the confusion here. First, to set the scene though. When a user attempts to access an application or setting that requires elevated privileges to run, they are presented with a UAC prompt, the appearance of which will vary depending on the type of user they are or the type of application that is trying to run.”
So this means new versions of JAWS for everyone?
The idea of UAC is good, the implementation of it was honestly pathetic.
The first thing any new Vista user I have met or read about, gets a few UAC prompts, and quickly turns it off.
There should be either:
A.) No UAC to start with, or, implement it completely and not allow it to be turned off and just train people to use it, or get developers to work with it.
B.) Make it more transparent without so much user intervention.
I’m sure it will improve over time as with most things, but right now, it’s a huge obstacle and is the first thing turned off.
Those Windows saying to run as other users are seriously huge, do they think we are running 30″ LCD’s with insane res’s? Do we really need all that information in the box? Or can we just have very minimal window, with a details button if we want more info.
That’s my sole problem with Vista at the moment, is the increased size of everything from Borders, Menus, Icons, Prompts you name it, everything seems to be 3x bigger.
I suspect you will UAC much much less over time, just from the fact that after awhile you have most things you need installed already, and then also developers will be forced into the habit of writing apps with the standard user in mind.
UAC implementation is very good and much better and safer than other OS’s.
Make it more transparent is impossible because this means a trojan can easily by-pass it.
UAC asks for an authorization when an activity requires administrative privileges and this doesn’t occur frequently; during daily activities you haven’t UAC messages.
Edited 2007-01-26 13:26
I totally agree. Which systems have done it better? The *nix’es? I dont think so.
_Nobody_ could have implemented this stuff, without bugging the users somehow. I think microsoft did it OK.
OS X has still done it best of all I think.
Windows asks questions on nearly everything.
OS X seems to only ask if it’s really a system change, and they’ve done it quite well. There’s a good balance, it asks when it needs to, but not enough to bug the user.
OS X seems to only ask if it’s really a system change, and they’ve done it quite well. There’s a good balance, it asks when it needs to, but not enough to bug the user.
Unless the app decides it would rather not prompt the user (this has been posted before):
“There exists a pretty significant interface problem with the Apple Installer program such that any package requesting admin access via the AdminAuthorization key, when run in an admin user account, is given full root-level access without providing the user with a password prompt during the install. This is even explained in Apple’s Installer documentation as proper behavior. The distinction between the AdminAuthorization and RootAuthorization keys is, simply, whether or not the admin user is prompted for a password; the end powers are exactly the same and it is up to the creator of the package as to if he will be kind enough to ask for a password.”
http://www.macgeekery.com/tips/security/how_a_malformed_installer_p…
http://www.codepoetry.net/2006/09/20/thwap_thwap_is_this_thing_on
This seems to have been fixed, since Parallels and a custom installer required prompting before it would grant me root permissions. Also note that the Apple reference linked to from macgeekery is marked legacy.
So regular apps are not allowed access to the UAC dialogs. This makes sense, but by modifying your manifest file you can build an application that has access to this dialog. So, what’s stopping someone from creating a program built with those special privileges (disguised as an IE toolbar of some sort for example) and then having full control over installing anything on the user’s computer? The Vista installation (at least my copy of Business) created a user with admin privileges, so I don’t even have to enter my password, just click ok. Is there an extra warning when you install a program that requests these privileges?
Related to UAC, but not accessibility, is another annoyance I have with Vista. When I double click on an installer on the desktop, the UAC dialog sometimes pops up minimized, so it is very easy to miss and think nothing happened at all.
And why can’t I boost the priority of processes? I like my video player at higher priority when I’m compiling stuff in the background. In Vista it just says “permission denied”.
Edited 2007-01-26 04:15
“So, what’s stopping someone from creating a program built with those special privileges (disguised as an IE toolbar of some sort for example) and then having full control over installing anything on the user’s computer?”
I went to the supplemental link (and its follow-up link), and skimmed the content.
http://msdn2.microsoft.com/en-us/library/ms742884.aspx
http://msdn2.microsoft.com/en-us/library/aa480150.aspx
It appears that you need to get the app digitally signed. Also, wouldn’t be surprised if you need admin privileges to install such an app, which would require going thru UAC in the first place. So I don’t think the drive-by install of some “special privileges” browser toolbar is likely.
Regarding UAC dlg coming up minimized, I never heard of that before, so I’d guess not many are running into it and MS doesn’t even know about it; maybe you should report it as a bug.
It appears that you need to get the app digitally signed.
Hmm. Not so great news for me then. I work for a non-profit organization that creates software and devices for disabled people. One of our products is a new kind of on-screen keyboard which would need to interact with these dialogs. We don’t really have spare money to get our software digitally signed and definitely can do without the hassle. I can imagine it would be a royal pain for development as well.
Edited 2007-01-26 06:52
We don’t really have spare money to get our software digitally signed and definitely can do without the hassle. I can imagine it would be a royal pain for development as well.
Microsoft has special programs for non-profit organisations. For instance, non-profit organisations can get Microsoft software dirt cheap or even as a gift; you should try to contact MS and see if they can help you out on this one.
UAC pop’s up minimized only if the program that brings it up isn’t active.
Say you start an application installation and quickly switch to IE7 while Vista is still verifying the digital signatures. In such a case an UAC caption appears in the titlebar which will constantly blink until you click on it.
If in such a case you can’t see the minimezed UAC, maybe you should get your eyes checked?
Although if your Vista behaves somehow differently as described then it could be bug of somekind.
It might be possible to actually miss the blinking UAC if you have like 20 different programs active and your taskbar is filled to the grim with their captions…