Even by the low stands of this site I am not informed enough to comment knowledgably about Windows 7. I have not yet used it, and while I did follow its development I don’t have any really strong opinions on it one way or the other. For the lowdown on Windows 7 I read this review at Ars Technica. And while I have no ground to stand on when it comes to the functions and features of 7 or the accuracy of this review, one thing about the article did bother me.
Here’s a quote:
Probably the biggest source of whining about Vista—bigger even than compatibility issues or performance concerns—was User Account Control, the new feature that meant any attempt to use superuser privileges gets blocked unless you specifically permit it when prompted, with deliberately annoying prompts. Though this could on occasion result in seeing a plethora of UAC prompts (especially when installing and configuring the system in the first place, which just happens to be the scenario that most reviewers experience), the reality was that normal usage scenarios resulted in few prompts, certainly not enough to be a daily annoyance.
[…]
If you do this—which you probably should—then you’ll find that Windows 7 has virtually the same number of prompts as Vista does. By making it “less annoying” for Administrator users, Microsoft has just made it more likely that home and SOHO users will just run as Administrator all the time, which is precisely what the company was trying to prevent with UAC in the first place.
This attitude is, if not quite prevalent, at least common among professionals in what we’ve loathsomely dubbed “IT”. It’s this wildly false assumption that every install is a well thought out and well maintained one, note the scare quotes around ‘less annoying’. Obviously this is a review that’s been published on a website that expects at least a modicum of technical understanding from its readers. But the problems it is describing are those not of the kind of people who read Ars Technica, but of the less technically inclined, of the great technologically unwashed. Windows Vista, and by the looks of it Windows 7, were designed with the properly configured and tightly run IT environment in mind. How could they not be? But a great deal of systems, in everything from homes to large offices, won’t be run or configured that way because doing so is expensive, time consuming and, for many people, wholly unnecessary.
Sitting at home behind the built in Windows firewall and whatever firewall is built into their router most people are quite secure so long as they don’t fall for a phishing scam or take pity on any down on their luck Nigerians. This is true whether they’re running XP, Vista, or 7. Conversely, if someone does “confirm” their password or open an e-mail attachment they shouldn’t then no amount of built in security features will stop them all.
And thus we arrive back at the essential problem that IT people find so endlessly frustrating: you cannot stop the users from acting stupidly. If you’re running a large network you can restrict what they can do, but if it’s just some random ordinary citizen sitting behind a desk in some random ordinary living room, they’re on their own. They have full privileges to be completely ignorant of the power at their fingertips and inevitably some of them are going to destroy their systems.
The article is written from what I think of as a typical high level IT viewpoint that all too often is afflicted with a blind spot masquerading as annoyance when it comes to this essential flaw in all security systems. Here’s another example:
“Everything “bad” about Vista—and I use the word in the loosest possible sense, because the things that garnered most complaints have negligible legitimacy—is still “bad” in 7.”
It’s the “negligible legitimacy” that gives away the myopia because a serious IT person understands the meaning behind all the prompts and all the security features. To a non-technical user they are simply annoying and that means that they also fail as a security measure because asking a person to render a judgment on a security question they don’t understand is no kind of security at all. It’s like flashing a warning about two choices that reads “Click only the left box, clicking the right box will result in certain doom!”, only it’s written in runes. Many of the people who found Vista frustrating can’t read the runes and blaming them for the poor reception it received isn’t much of a solution.
Microsoft is certainly far from blameless when it comes to the foibles of Windows, but to some extent they are caught between a rock and a hard place. Their systems absolutely have to meet the approval of serious IT people, but at the same time they have to be usable by people who don’t know anything about computers. The features of Vista, that have been carried forward into 7, that the Ars review finds so important and defends so vehemently, are indecipherable to ordinary people. Until that gap can be bridged, until the sharp corners of independent computing can be smoothed out a little more without ordinary users being bothered, problems like this are going to persist. Things like UAC are stopgaps masquerading as solutions.
