Most of us already know what User Account Control is supposed to do. It's not only a security feature, making users aware of possible damage that programs and the likes may do to their systems - UAC is also a pressure tool to force Microsoft programmers and software houses to write software that works under limited user accounts. As it turns out, UAC is succeeding in that goal, according to the usage statistics put forth.
A little more than 70% of Windows machines (excl. servers) have only one user account (with administrative privileges). During the first few months of Vista's availability, people encountered a UAC prompt in 50% of their sessions (with a session being a 24hr period, or the period from log-on until log-off, whichever comes first), produced by 775312 (!) applications. The data for August 2008 shows a dramatic reduction in applications triggering UAC prompts: from those 775312, to 168149 in August 2008. This means that users now experience a UAC prompt in 33% of their sessions, instead of 50%. This echoes claims from a lot of Vista users (yours truly included) that over the course of time, UAC has become a rarity on Vista.
No matter how you look at it, these are some staggering figures, showing that User Account Control - annoying, useless, and broken as some made it out to be - is really working. It's performing its intended function perfectly. Interestingly, 40% of the UAC prompts are triggered by Windows itself. Windows 7 will make changes to reduce the number of Windows prompts even more.
Based on the data, Microsoft promises to work on the following points:
- Reduce unnecessary or duplicated prompts in Windows and the ecosystem, such that critical prompts can be more easily identified.
- Enable our customers to be more confident that they are in control of their systems.
- Make prompts informative such that people can make more confident choices.
- Provide better and more obvious control over the mechanism.
Microsoft has already done user testing with more informative and simpler UAC dialogs, and responses have been positive. Let's hope for the best. One final note from me: do not disable UAC. Seriously. You don't run as root all the time on Linux either, now, do you?