I have a question I've wanted to ask since I first started working with Vista. Is it a requirement at Microsoft to make sure you don't do things like they are done in other Operating systems to avoid looking like you are copying stuff?
I mean the way UAC is done in EVERY other OS is better than what is implemented in Vista, so why didn't you do the right thing? Was that not allowed?
For instance, elevations should ALWAYS ask for admin password. Just clicking a button is ludicrous. Now I am sure that asking for a password every time an elevation is done today would drive people crazier, but that leads to the second issue. Why didn't you
perform a timeout based elevation.
For instance, if I want to perform some admin tasks, the OS asks for my password, and then for the next 5-10 minutes, I don't get another prompt again because the system knows I am the admin because I entered the password. After that time expires, then I can
expect to get prompted for the admin password again, because that's the right way to do it.
Your explanations in the video are very interesting for people who don't have a clue what the problems were with OS's based on DOS, but you fail to address why you implemented UAC in the most annoying and least secure fashion imaginable.
Or does Microsoft not agree that clicking a button is really NOT a security mechanism at all?