Wacky UAC – Part I

Vista-UAC-Prompt

During our current work on upgrading EP Office, I ran smack into the wackiness that is Vista UAC (User Access Control). If you use Vista at all, you know what that is. You start a program, everything seems to freeze for an inordinate period of time, then, the screen goes gray, and the dreaded UAC dialog appears, asking you to click to make sure you approve that the program you just started is something you really wanted to start. UAC is an attempt to fix the security problems of Windows that arose because Windows was not initially designed with security in mind. It was not conceived originally as a multiuser system. It did not anticipate networking and the Internet. It took the tact that the computer was your machine, and you can do anything you want with it at anytime. In Unix/Linux terminology, you ran the machine as a “superuser” or “root.” This is in complete contradistinction to the philosopy of Unix, which, even though designed long before the Internet and Internet viruses, provided limited access to machine resources for ordinary users. Thus in Linux today, to install a program, you need to log in as the superuser with a separate password. Running programs as an ordinary user though is no problem in Linux. Program data is written to user directories, and you do not have to face a log in dialog, or ask permission to run programs. In Windows, users are almost always administrators, so any program run can theroretically totally trash your computer, since you have unlimited privileges as an administrator. This was true at least until Vista. With Vista, the system pretends you are an ordinary user even though you are really an adminsitrator, so when you want to do an adminstrator type thing (like install a program, or run a program that writes to protected areas of the disk or registry, e.g. C:\Program Files, or HKEY_LOCAL_MACHINE), you have to pass the “click-test” by proving you are a human being and not a computer virus that is able to physically move your mouse to the right position on the screen and push your mouse button. Microsoft in order to support all the legacy programs that write to sensitive areas of your machine can’t just mandate that all users simply become plain users without adminsitrator privileges, because most older programs won’t run when started by plain users. So, the UAC permission dialog is a workaround for this fundamental problem. However, the annoying UAC permission gray screen is only a small part of the misery that is going on here. UAC is even more wacked out than that.

To be continued….

By mannd

I am a retired cardiac electrophysiologist who has worked both in private practice in Louisville, Kentucky and as a Professor of Medicine at the University of Colorado in Denver. I am interested not only in medicine, but also in computer programming, music, science fiction, fantasy, 30s pulp literature, and a whole lot more.

1 comment

  1. [This is in complete contradistinction to the philosopy of Unix, which, even though designed long before the Internet and Internet viruses, provided limited access to machine resources for ordinary users.]

    Actually Unix and the Internet were developed concurrently in the late 1960s. And Unix was developed originally to run on multi-user mainframe computers while Windows was developed to run on single-user micro-computers (PCs).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.