Microsoft Corp.'s plans to change a controversial security feature in Windows 7 are only cosmetic, nothing more than "lipstick on UAC," a developer of enterprise rights management tools said today.
BeyondTrust Corp., which touts its Privilege Manager software as a way for enterprises to sidestep intrusive messages from Vista's User Account Control (UAC) while still locking down PCs, took exception with Microsoft's plans to revamp the feature in its upcoming operating system.
In an e-mail yesterday, BeyondTrust CEO John Moyer called the UAC modifications "lipstick" and said "they still do not solve the major issue for enterprises."
Instead, he argued that Microsoft hasn't taken UAC's problems head on. "Windows 7 promises cosmetic changes to reduce UAC prompts, but it does nothing to fix the underlying security and usability problems for businesses," he said. "Just like Vista's UAC, Windows 7 keeps end users in charge of the security decision of what applications to run with administrative privileges. That's like hanging out a 'Welcome' sign for malicious users, hackers and malware."
In an interview Wednesday, Scott McCarley, BeyondTrust's director of marketing, expanded on that theme. "The changes [to UAC] didn't fix a lot of the issues that we see with UAC in Vista," he said. "They don't address the usability and security issues."
After he acknowledged that Microsoft "went a little too far" in displaying pop-up prompts, he said the company would answer critics by letting users and administrators set the warning frequency. "We've actually added a slider that allows you to decide how much of the UAC you want to see on your machine," Sinofsky said during his Windows 7 presentation at PDC on Tuesday.
That's just window dressing, countered BeyondTrust. "The slider control is a cool feature," said McCarley, "but it's designed for administrators [and] is a benefit only to administrators. They've done nothing to improve the standard user experience; they've only improved the messaging of UAC."
BeyondTrust markets its Privilege Manager software to enterprises that want to give users limited control over their machines without the hassle of wading through the UAC warnings. "UAC is tough to implement because users need to do things that prompt, like system changes and software installations," said Peter Beauregard, a product manager at the Portsmouth, N.H.-based firm. "A lot of our customers come to [Privilege Manager] to use with laptop users who they need to manage, but who also need to do things on their own from time to time, like install a program."
The company ported Privilege Manager to Vista in March 2007, shortly after Microsoft unveiled the then-new operating system. With Privilege Manager, an organization's IT staff can set user rights so that workers are still protected by UAC but don't see its often frequent messages.
McCarley and Beauregard denied that BeyondTrust is worried about losing business when Windows 7 gives administrators and users more control over UAC. In fact, the changes slated for Windows 7 are such that the market for the Privilege Manager will not shrink when Windows 7 debuts, they claimed.
It comes as no surprise that Microsoft modified UAC in Windows 7. Earlier this year, the company tagged the feature as one of five it said contributed to Vista's slow adoption. At the time, Microsoft said UAC had gotten a "bad rap" and was "misunderstood."
"We want to continue to work with Microsoft in a very cooperative manner," said BeyondTrust's McCarley. "But the additional work in Windows 7 is beneficial only to the administrator, and that's not what we want. The end objective of an enterprise should be to have everyone run as a standard user."