Microsoft's plans to change a controversial security feature in Windows 7 are only cosmetic, nothing more than “lipstick on UAC,” a developer of enterprise rights management tools said. In an e-mail yesterday, BeyondTrust Corp. CEO John Moyer called the UAC modifications "lipstick" and said "they still do not solve the major issue for enterprises."
Instead, he argued that Microsoft hasn't taken UAC's problems head on. "Windows 7 promises cosmetic changes to reduce UAC prompts, but it does nothing to fix the underlying security and usability problems for businesses," he said. "Just like Vista's UAC, Windows 7 keeps end users in charge of the security decision of what applications to run with administrative privileges. That's like hanging out a 'Welcome' sign for malicious users, hackers and malware."