Hiya everyone,
Before I send some feedback to Microsoft, could someone just check on what I'm actually saying regarding the User Account Control settings and information regarding each setting is correct and I'm not just blabbering about nothing.
When you get to the page that allows you to change the way User Account Control notifies you and then click on the "Tell me more about User Account Control settings", Setting 2 - "Always notify me" and Setting 3 - "Notify me only when programs try to make changes to my computer", as well as this which is written under the "Setting" heading which is slightly misleading and not clear enough, some of the information in the "Description" and "Security Impact" boxes is wrong and I also feel that some other information needs to be added all round, just say it's clearer to understand.
The first "Setting" – "Always notify me and dim my desktop until I respond", followed by the "Description" and "Security Impact" headings, the information here seems to be absolutely fine. Though, I feel that the following part should be added to the "Description" box:
"You will be notified if a program outside of Windows tries to make changes to a Windows setting".
In conclusion, I feel the information which needs to be included and the way it is laid out is similar to what is written below so it is straight forward to understand:
"Setting" = "Always notify me and dim my desktop until I respond."
"Description" = "You will be notified before programs make changes to your computer or Windows settings that require the permissions of an administrator. You will also be notified if a program outside of Windows tries to make changes to a Windows setting. When you are notified, your desktop will be dimmed, and you must either approve or deny the request in the UAC dialog box before you can do anything else on your computer. The dimming of your desktop is referred to as the secure desktop because other programs cannot run while it is dimmed."
"Security Impact" = "This is the most secure setting. When you are notified, you should carefully read the contents of each dialog box before allowing changes to be made to your computer."
The second "Setting" - "Always notify me", I find isn't clear enough and partially wrong. If you have set User Account Control to this second option, you are only prompted when you go to install programs. When you wan't to change windows settings like for example, opening device manager or changing other user accounts that are on the system and the date and time will automatically be allowed and you won't see a prompt. So, the "Always notify me" isn't quite correct and surely it should say something along the lines off, "Only notify me when programs try to make changes to my computer and dim my desktop until I respond".
The other thing I have noticed is even though it says that you will only be prompted when changing windows settings, when you want to launch "Regedit" or a command prompt with administrator privileges, User Account Control seems to prompt you. I understand that the amount of damage that could be caused in the likes of "Regedit" and running a command prompt administrative rights is very high compared to say if you had free access to other user accounts on the system and date and time but device manager, surely this could be potentially just as damaging?
Moving onto the second box of "Description", it says, "You will be notified before programs make changes to your computer………….."
Which seems correct. However, the next part:
"or Windows settings that require the permissions of an administrator"
With the exception of launching "Regedit" and launching a command prompt with administrative privileges which probably has a reasonable explanation behind why you are still prompted, all other changes you try to make to windows doesn't result in the User Account Control prompting you yet the above quote seems to suggest otherwise.
The next part in the same "Heading" box says, "You need to either approve or deny the request in the UAC dialog box to continue with that task, but you can still do other things on your computer while the UAC dialog box is open. This setting is fairly secure."
Which is again, slightly wrong. When you are prompted using this particular User Account Control setting, it runs in the "Secure Desktop" which forces you to take action of that task before you can do anything else on your system. It also says, "This setting is fairly secure" which sounds about right for the description but as said, most of what is written in the "Description" box is wrong.
I feel that this "Description" box should say something along the lines off:
"You will be notified before programs make changes to your computer and also notified if a program outside of Windows tries to make changes to a Windows setting. When you are notified, your desktop will be dimmed, and you must either approve or deny the request in the UAC dialog box before you can do anything else on your computer. You will not be notified if you try to make changes to Windows settings that require the permissions of an administrator."
Going onto the "Security Impact" part which says, "Because the UAC dialog box is not on the Secure Desktop with this setting, other programs might be able to interfere with the dialog's visual appearance. This is a small security risk if you already have a malicious program running on your computer."
The information here is also incorrect. As already been said, when you get prompted, you will be running in the "Secure Desktop" mode and the information should say something similar too, "This setting has a medium level of security. It is usually safe to allow changes to be made to Windows settings without you being notified. However, certain programs that come with Windows can have commands or data passed to them, and malicious software can take advantage of this by using these programs to install files or change settings on your computer."
In conclusion, I feel the information which needs to be included and the way it is laid out is similar to what is written below so it is straight forward to understand:
"Setting" = "Only notify me when programs try to make changes to my computer and dim my desktop until I respond."
"Description" = "You will be notified before programs make changes to your computer and also notified if a program outside of Windows tries to make changes to a Windows setting. When you are notified, your desktop will be dimmed, and you must either approve or deny the request in the UAC dialog box before you can do anything else on your computer. You will not be notified if you try to make changes to Windows settings that require the permissions of an administrator."
"Security Impact" = "This setting has a medium level of security. It is usually safe to allow changes to be made to Windows settings without you being notified. However, certain programs that come with Windows can have commands or data passed to them, and malicious software can take advantage of this by using these programs to install files or change settings on your computer."
Moving onto the next available "Setting", "Notify me only when programs try to make changes to my computer" is fine. However, I think it should be expanded a bit more and say "Notify me only when programs try to make changes to my computer but do not dim my desktop", just so it is a bit clearer.
If we then have a look at the "Description" box which says, "You will be notified before programs make changes to your computer that require the permissions of an administrator. You will not be notified if you try to make changes to Windows settings that require the permissions of an administrator. You will be notified if a program outside of Windows tries to make changes to a Windows setting.", which also seems fine.
All though, as already been said, where it says, "You will be notified if a program outside of Windows tries to make changes to a Windows setting", should also be added to the very first and second option.
Then taking a look at the "Security Impact" box, where it says, "This setting has a medium level of security. It is usually safe to allow changes to be made to Windows settings without you being notified. However, certain programs that come with Windows can have commands or data passed to them, and malicious software can take advantage of this by using these programs to install files or change settings on your computer", which is slightly clashing with what is being said in the second avaible option. However, this "Setting" isn't as secure since you don't get the "Secure Desktop" mode.
I feel it should say the following:
"This setting is fairly secure because It is usually safe to allow changes to be made to Windows settings without you being notified. However, certain programs that come with Windows can have commands or data passed to them, and malicious software can take advantage of this by using these programs to install files or change settings on your computer but also, the UAC dialog box is not on the Secure Desktop and with this setting, other programs might be able to interfere with the dialog's visual appearence. This is a small security risk if you already have a malicious program running on your computer."
In conclusion, I feel the information which needs to be included and the way it is laid out is similar to what is written below so it is straight forward to understand:
"Setting" = "Only notify me when programs try to make changes to my computer but do not dim my desktop."
"Description" = "You will be notified before programs make changes to your computer that require the permissions of an administrator and you will also be notified if a program outside of Windows tries to make changes to a Windows setting but the desktop will not be dimmed. You will not be notified if you try to make changes to Windows settings that require the permissions of an administrator."
"Security Impact" = This setting is fairly secure because it is usually safe to allow changes to be made to Windows settings without you being notified. However, certain programs that come with Windows can have commands or data passed to them, and malicious software can take advantage of this by using these programs to install files or change settings on your computer but also, the UAC dialog box is not on the Secure Desktop and with this setting, other programs might be able to interfere with the dialog's visual appearence. This is a small security risk if you already have a malicious program running on your computer."
Also, the last option, "Turn User Account Control off", the information in the "Description" and "Security Impact" seems to be absolutely fine.
All of the information were already in the boxes it was just some of it was muddled up.
One other thing I will point out is, if you are using the securest setting, when you would like to change a windows setting for example, the date and time or managing another user account, when the User Account Control dialog box appears, it says, "Do you want to allow the following program to make changes to this computer". If you then change the User Account Control setting to the default option, it says, "Notify me only when “programs” try to make changes to my computer". If you then go to change the date and time or manage another user account, then you obviously won't get a User Account Control prompt since it is a windows setting. However, when you do get a User Account Prompt pop up by using the securest setting, then it lists these windows settings as programs. Not a major problem but it just doesn’t seem very consistent to me.
This is what I am looking to send to Microsoft.
Unless I am reading this all wrong, something of the help information for User Account Control is slightly wrong. So, is this worth sending to Microsoft?
