Thread: RE: Programs ???
View Single Post
  #3 (permalink)  
Old 02-28-2007
Jimmy Brush
 

Posts: n/a
Re: Programs ???
> One of the big problems with UAC and the new security model are the amount
> of confirmation dialogs generated. This isn't just about user annoyance,
> it's about the psychology of asking users for permission. Once you've done
> so a very large number of times, for tasks them seem mundane to users,
> users will begin to take the dialogs less and less seriously!

True; however, I believe UAC strikes a good balance. Users will only see UAC
prompts while doing system maintenance. As long as they realize system
maintenance = prompts, not-system-maintenance = no prompts, they are good to
go.

> This problem is exacerbated by the way UAC is initiated in Explorer, for
> example. When a user tries to delete a file, he might have to confirm it
> three times in a row! (Yes to Explorer's are-you-sure, Yes to confirm an
> elevation request... this will have that little button with the windows
> security logo on it, and then Yes on the UAC dialog.) A similar situation
> happens in Internet Explorer because of the warning about opening files
> from the internet. Also, there are going to be lots and lots of
> applications that need elevation to run, so the user will be very used to
> clicking yes to this.

The only apps that need elevation to run are admin utilities or poorly
written legacy applications. Same thing with explorer or any other app that
only asks for admin when needed - it only asks when the user is doing some
sort of administrative tasks. Users should eventually realize and then be
accustomed to prompting whenever they are performing administrative tasks,
and then be wary of click "Continue" when not doing anything administrative.

The number of prompts can indeed be daunting, but it becomes painfully
obvious after use that the prompts ONLY occur when a program is doing
something that could damange the system - this is the important part, and
once users understand that this is what is happening they will be able to
utilize the cancel button when necessary.

> Eventually, Joe user who doesn't know how to turn off UAC is going to be
> sooo conditioned to click Okay, okay, yes, yes, okay, yes... he's going to
> stop reading dialogs!

Again, I think most users will realize that prompting only occurs when
performing administrative actions, and become accustomed to such prompting.
It would be different if the prompting was random or occured for every
application - but since it only occurs for applications needing
administrative access, it should be easy for the consumer to grasp.

> It would help if Windows would consolodate some of this
> multiple-confirms-in-a-row, but I realize they don't because they want to
> let the user know something he does is going to bring up the secure
> desktop. Personally, I think that is a less important goal than
> consolodating confirmations.

Consolodating confirmations is not possible in the current security model,
as it would open a hole that malware could exploit. I do see alternative
solutions possible, and it will be interesting to see how MS deals with this
in the future.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

Reply With Quote