I read this article from Computerworld by Scot Finnie this morning about Vista. It’s an interesting discussion of his belief of Microsoft’s priorities with Vista (avoiding negative publicity, and enterprise customer focus). I think he makes a lot of great points but there’s one area that I do think he’s giving Microsoft the short stick. I quote:
Now that Vista has shipped and my review work is finished, I’ll admit it: I turn off UAC on my machines. But here’s the most important point: I’ve never even looked to find the off button for a similar feature on the Macintosh. Why? Because Apple smartly reserved the prompts for the most dangerous things, not everything.
He’s got a point in suggesting that reserving alerts for the most serious issues is a good strategy to prevent users from becoming complacent about security alerts. But… Macintosh has clearly not been subject to the kinds of attacks that Microsoft is on a daily basis, and for good reason, Microsoft has most of the market share. So it’s most profitable for attackers to go after the most common operating system. Microsoft has thus responded to the wide variety of attacks by providing alerts for the many potential issues in UAC. If they stopped providing those alerts, they’d get nailed for NOT warning the users to the multitude of attacks. Perhaps the appropriate balance lays somewhere in the middle but I don’t believe that the motivation for UAC is simply to avoid bad publicity, but to actually warn users of reality of the various threat avenues.