User Account Control is easily one of the most hated features of Windows Vista, according to readers. The seemingly endless stream of UAC pop-ups, asking you to confirm this action or that action, just get in the way (and aren't particularly zippy, given the screen redraw). Others don't mind UAC, but there's no doubt it's a controversial "feature" of the OS.

At the RSA 2008 confab in San Francisco, Microsoft admitted that UAC was designed, in fact, to annoy. Microsoft's David Cross came out and said so: "The reason we put UAC into the platform was to annoy users. I'm serious," said Cross.

This isn't a total revelation. UAC was designed to get in your face; it's all about that "hey, you sure about that bauddy?", second-guessing thing. It's a less intimidating, less entertaining version of Clint Eastwood saying, "do you feel lucky, punk?" All this because you wanted to do something unimpressive like view all running processes on your system or install GAIM.

What makes UAC annoying is that it's a half-breed of sorts. UAC is not a security barrier, which is one of the reasons why users hate it: they don't see the point in a process elevation alert box that asks you to click "OK," as opposed to inputting a password when you're an admin.

UAC's real purpose is quite simple: it's meant to trip whenever a routine attempts to elevate security privileges, and get in your face. As we have reported before, this has two goals: a) it give users a chance to approve of the elevation in the off chance that something wrong is happening, and b) it encourages developers to design their software such that privilege elevations aren't needed in the first place. The latter is really the point of UAC, since users have absolutely zero control over the privilege requests their applications make (other than to chose not to install said apps).

Peter Watson, Microsoft Australia's chief security advisor, explained it all last year. "Various application providers in the market are coming to terms... recognizing that it's much more effective to run applications and have actual users running on systems as standard users as opposed to system administrator," he said. "Why should I be letting my normal user be running as system administrator?" he asked.

Microsoft's approach to UAC is a carrot-and-stick way to get developers to adopt Microsoft's latest views on secure application installation and setup, but it does come at the expense of the user experience. It's hardly no surprise, then, that one of the most popular post-Vista install activities is disabling UAC. I still haven't disabled it myself, but I've come close. Microsoft claims that 88% of Vista users leave UAC enabled, and that application developers are already greatly enhancing their setup routines to avoid process elevation.

One could argue that this approach is incredibly flawed, since the people best in position to make the changes needed are developers, not the end users who are stuck with a cavalcade of UAC prompts.

For more on what makes UAC a bit of a head scratcher, see: Microsoft's guru: malware and viruses will evolve on Vista

Further reading: