The latest version of a well-reviewed third-party security policy enhancement system for Windows Vista claims to solve what its manufacturer characterizes as “not a secure solution” to a critical problem Windows historically had with administrator privileges on programs. But in the announcement of the upgrade earlier this week, a key Microsoft product manager is quoted as having acknowledged Vista’s own take on the solution was not quite enough, effectively reversing his company’s stand on User Account Control.
The product is BeyondTrust Privilege Manager 3.5, and its key new feature is the ability to run Vista’s UAC transparently without prompting the user for privilege elevation. In Monday’s press release, Microsoft director of client security product management Austin Wilson is quoted as not only endorsing the product, but appearing to agree with BeyondTrust’s key contention: that the UAC prompts were not only a nag but an insecure solution in itself.
“Microsoft recognizes that to help create a secure, auditable and compliant enterprise environment all users should be Standard Users and ideally not have administrative privileges or access to administrator passwords,” the press release quotes Austin as saying. “BeyondTrust Privilege Manager helps corporations that need to allow standard users to run applications that require administrative privileges on Windows Vista with UAC enabled without any prompts or input required from the user.”
It is the Vista feature which Apple so successfully parodied in one of its “I’m a PC” ads earlier this year: the part of User Account Control which asks the user to “Cancel” or “Continue,” so that a task may run under elevated privileges. Alternately, Vista can be set up so that the user is asked to supply an administrator password – instead of just clicking on “Continue” – before any process is run that requires highest-level privileges.
Microsoft, Windows Vista, UAC, Vista UAC, BeyondTrust Privilege Manager