Martin McKeay

Security is important to us ... unless it's hard

By Martin McKeay
February 14, 2007 9:27 AM EST
Microsoft is taking a bit of a beating over a decision they made in designing the User Access Control (UAC) for Vista.  While they've made improvements over previous windows security models, there's a fundamental flaw in the assumptions made by the OS: to install a program you have to be acting as administrator, whether you're installing the latest version of office or the new game you downloaded from the Internet.  There are no other options with less privileges, so the latest copy of 'Whack-a-mole' gets the same access to your operating system and files as your anti-virus or personal firewall do.  Which brings up the question, why would a game program need to access your system32 directory  and registry when it's just placing files in a single directory?  The answer is, it shouldn't, but that's exactly the power Vista gives the installer.

This isn't just a problem created by Microsoft, though they are guilty of perpetuating it.  Programmers are, quite frankly, lazy.  Okay, 'lazy' is a bad term for it, but the reality is, they want to do things in the easiest possible way so they can get on to all the other problems in their programs.  So when it comes to building the installation routines for their programs, they want to be able to assume that they'll have access to everything in the OS, rather than having to deal with permissions issues if they're running as a user with lesser privileges.  Have you ever had an argument with a programmer about why this is a bad idea?  None of the programmers I've worked with have understood the problem without long discussions and even then they've barely been willing to consider that there may be a problem demanding administrator privileges for installs.

Microsoft has the capabilities to create a more tiered security structure for installing software.  Programmers can create installations that don't need full administrator rights on your computer.  But it's going to take a lot of education and work by both groups.  And the end user will need to be educated as well.  Of course, with Windows and Mac users already complaining about having to approve programs use of administrator mode, adding complexity may be enough to drive some of them over the edge.