One of the biggest user complaints about Windows Vista was the UAC (User Account Control) feature, which generated frequent popups as a way of notifying users whenever anything tried to make changes to the computer. The UAC was in theory a good idea. Spam or rogue email attachments frequently contain malware designed to make changes or trigger a download, and the UAC would let you know when something’s going on. The problem was that it popped up for many routine tasks, and users became annoyed. Now personally, I’d rather have tight security and have to deal with clicking “allow” a few times a day, as opposed to loose security and more convenience, but that’s just me, and I always tend towards paranoia.

According to a Microsoft blog entry, Windows 7’s UAC now has a little more flexibility, with four settings: “Never notify”, “Notify me only when programs try to make changes to my computer (without desktop dimming), “Notify only when programs try to make changes to my computer (with desktop dimming)”, and “Always notify.” Vista on the other hand, was all or nothing, with choices only for “Always notify” or “Never notify.” The risk now however, is that users will tend towards shutting it off completely, since that option is now a lot easier to do—thereby leaving the door open to more attacks.

Of course, Microsoft took a lot of flak over the UAC under Vista, and they’ll probably take more flak now for going in the other direction with Win7’s UAC. The medium setting on Windows 7, which is the default setting, may offer inadequate protection, though time will tell. It is advisable to bite the bullet and use the “Always notify” setting—although it may be a hard sell to get users to agree.