By Harry McCracken | Thursday, February 5, 2009 at 10:12 pm
Yesterday I wrote about the Windows 7 dust-up that involved a couple of security bloggers’ concern that malware could silently turn User Account Control off, and Microsoft’s seeming unwillingness to talk much about the issue other than to say it wasn’t really a problem. Today, Microsoft’s Jon DeVaan addressed the controversy on the Engineering Windows 7 blog. The gist of his 2100-word post: Microsoft appreciated the input, but UAC’s behavior wasn’t an issue, because malware could only fiddle with UAC settings after it had gotten on a PC, and Windows 7 is really good at warding off malware. And to change UAC’s default behavior to alert users when UAC settings changed would be inconsistent with the approach which Microsoft’s testing had shown that real people liked.
I make no claim to being a security expert (or even the intended audience for DeVaan’s post, which was aimed at developers). But like the rest of Microsoft’s response to this mini-firestorm to date, it was profoundly unsatisfying. No matter how strong Windows 7’s anti-malware protections are, some bad stuff is going to get on some PCs. Why not make it tough for it to perform one task which would unlock the ability for it to do further damage? Screwy but possibly appropriate metaphor: It’s like an apartment manager telling tenants that a presence of a burly doorman in the lobby meant that anyone found in the building changing the lock on a particular conso must be doing so with the owner’s permission.
That post went up at midnight. At 3pm, another one appeared–cosigned by DeVaan and Windows 7 honcho Steve Sinofsky. With reasonably good humor, it ate crow and said that Microsoft will change Windows 7’s behavior:
With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.
It’s startling that it took Microsoft so many false starts before they got this right: Even if Microsoft was right on some theoretical, technical level, the issue had snowballed into an argument the company simply couldn’t win, period. Nerds will be nerds, and nerds are often stubbon, prickly, and prone to falling victim to the hobgoblin of little minds. But good for Microsoft for (eventually) engaging in healthy, bloggy debate, and being willing to concede its mistakes and move on. Knowing when you’ve screwed up and being unafraid to admit it in public is very 2009.