We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Windows 7 UAC not fit for business

BeyondTrust says security feature is flawed

Windows 7's redesigned User Account Control (UAC) is little more than a superficial tweak aimed at consumers that will do nothing to solve the practical problems for businesses using the technology, a software company has claimed once again.

The company making the assertion has a vested interest - BeyondTrust markets its own Privilege Manager software for controlling and managing admin rights on Windows PCs - but perhaps the company's second blast at the technology in a year makes a valid point.

From Vista onwards, companies have had to decide whether users are given admin rights or whether their ability to perform actions is limited to 'standard' mode, that is to say heavily restricted. The problem has been that the restricted user mode makes it difficult to perform certain everyday actions, while even in admin mode users can be barraged with nagging prompts.

Windows 7 has modified UAC's design by introducing a slider control that allows two steps in between the two extremes of admin and standard user. According to BeyondTrust, however, the fundamental design remains the same; users either have rights or they don't.

Windows 7 UAC will cut the number of prompts for consumers with admin rights, but businesses will still face the problem of how much control to offer users.

"The core problem remains that there are things that users need to do that require admin privileges," says BeyondTrust's CTO, Eric Voskuil, who coincidentally spent time at Microsoft working on areas related to UAC.

According to Voskuil, this particularly affects the growing number of independent laptop users, who find it impossible with standard user accounts to perform simple tasks such as loading printer drivers or even installing line-of-business ActiveX controls. "It doesn't work. You can't take permissions away from users."

The new level of control being offered to standard users was of little real significance, and covered actions such as defragging the hard drive or the ability to alter the time zone of a PC, he said.

In certain environments such as government, compliance forces admins to turn all users into standard users with 'least privileges', creating a problem that Windows 7 cannot solve.

BeyondTrusts' Privilege Manager gives companies a way to refine the level of security privileges down to individual users in a more refined way, a set of features Microsoft will probably have to offer in some form in future versions of Windows. The disadvantage is that Privilege Manager is yet another layer of software for managing users and group policies using Active Directory, the advantage that it can unify user security for all versions of Windows, from Windows 2000, XP, Vista and 7.

See also:

Windows 7 review


PC security advice

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model