It’s one of the longest standing Windows problems. The vast majority of Windows users log into their computers with full Administrator privileges. And that applies only to Windows NT, Windows 2000, and Windows XP. Users running Windows 9x or Windows Me don’t even have a true user account system. Either way, there’s a security vulnerability with this kind of login condition. Anyone who accesses your computer (whether they are sitting at it, connecting to it, or hacking into it via the Internet [or a network]) automatically has full rights to make whatever changes he wants on your computer, including things like formatting your hard drive, making off with documents and data files, or placing malicious files on your computer. It’s not just hackers either. Full access means that applications are permitted to install, and malware can easily be scripted to do just that. A Windows PC with porous security (that is, poorly configured or updated, or missing antivirus, firewall, and antispyware and antispam protection) logged in with Administrator privileges is a sitting duck. So why has Microsoft allowed this condition to exist for so long? Other OSes, such as Linux, have more usable and protective login protection mechanisms. It’s a more complex problem than appears on the surface. Win2000 and WinXP offer “Limited” default account logins. When you log in with a Limited account, there are things Windows doesn’t let you access or change, and if you work this way, your system is more secure. The expectation with this kind of account is that you’ll log out of your Limited account and log in to an account with administrator privileges when you need to change settings, install drivers, and install applications. For many of us, however, the time and effort required to live in a Limited account while having to log in and out of an Administrator account to perform these system-related tasks is a hassle. So our inclination is to always use an Administrator account. The problem is compounded by WinXP’s Fast User Switching feature, which makes it easy to switch from one account to another on a single computer. Prior to Fast User Switching it could take a long time to log off and log back on to a different account with Administrator privileges, and then repeat the process to log back on to your Limited account. With WinXP users can be logged into multiple Administrator accounts at the same time and switch between them quickly. It’s no wonder that most WinXP users prefer using Administrator accounts all the time.Microsoft had hoped that WinXP’s Fast User Switching feature would be enough to get more people using Limited account logins. Trouble is, hundreds of millions of Windows users have been doing it the old way, some of them for a couple of decades. There is a large educational issue that Windows users must overcome, but the reality is that Microsoft can’t really force us or train us to protect our PCs better in this area without risking a user revolt. The better plan is to keep working on the user interface to make it easier for people to do the right thing. Work on the message. And work toward a day when the new user process is seamless enough that you can disable the old way. I don’t think Windows Vista will get us all the way there, but it’s a move in the right direction. So what’s Microsoft doing? Its solution is called UAP (User Account Protection), and it makes a good deal of sense. Microsoft is attacking the problem from both sides. On one side it is expanding the scope of Limited account privileges, making it more usable without compromising security. For example, locking down the system clock is an important thing to do for security purposes on a Limited account. But there’s really nothing wrong with allowing the user to change the time zone of a Limited account. You can’t make that change from a WinXP Limited account. But you’ll be able to do so in Vista. So, Microsoft is running through all the privilege restrictions on the Limited account to make the default privileges more lenient, where possible. By doing so, it eliminates some of the head-aches of living with a restricted user login. The other part of the OS maker’s strategy is to borrow the privileges of your Administrator account by authenticating to it. In a Vista Limited account, it’s possible, for instance, to change the system date, month, and year. Instead of logging out and logging in with Administrator rights, though, all you have to do is click the new Unlock button that appears in the Date And Time Properties dialog box. When you click Unlock, Vista prompts you to enter the name of a user account with administrator privileges and its password. After clearing that authentication hurdle, Vista gives you full access to make date and time changes. When it comes to configuring Windows system-wide settings, networking, and working with other Windows specific programs and Vista Microsoft applications, this solution is about as good as it gets. But there’s a catch when it comes to the activities of installing applications and at least some device drivers. Application makers have to also join in the effort to make this work. Third-party software developers must make their applications Limited account- aware and support the Unlock functionality in their setup routines. Microsoft is a much better than- average market leader when it comes to creating structured environments for third-party software and hardware providers, helping them work toward shared goals like this one. And I suspect that most traditional commercial apps will support Windows Vista’s UAP features in short order. Microsoft has several incentives that will nudge them to add this support. But there are literally thousands of shareware, freeware, and open-source Windows applications that will be oblivious to any nudges. Until the Windows Vista market share is very large, many are unlikely to get around to adding Windows Vista Limited Account Unlock support. So, especially early on right after Windows Vista ships, many people trying to use Limited accounts may become sufficiently frustrated by installation hassles that they may go back to working in admin-level account, which, of course, defeats the purpose. I can’t fault Microsoft’s technical strategy in solving this problem. It’s spot on. But something more should be done to inspire the majority of software makers to comply— or to make it a moot point whether they comply. For example, could Microsoft make a basic 32-bit installation routine that supports Unlock freely available to smaller software makers? Or could it offer some help to these small programming companies? In Windows Vista Beta 1, the UAP feature is something you can turn on or off. Unless Microsoft can fully resolve all the issues with this new functionality, particularly with respect to application installation, I would hope that UAP would continue to be something you could turn on or off as an option. Microsoft is working hard to solve a problem that has long needed attention. We shouldn’t expect miracles, but Microsoft should do as much as possible to solve this problem in Vista. You and I have a responsibility, too. We need to investigate UAP and try hard to make it work. We all have to take some responsibility for our own computer security.