Microsoft is doing some backtracking today. After initially downplaying the risks and defending its choices around the User Account Control feature in Windows 7, the company has now bowed to pressure and said it will make some modifications to the upcoming release candidate in response to the outcry.
For those who haven’t been following this story, the problem stems from a more permissive UAC default setting in Windows 7 compared to Vista, which has been blasted by users as being too intrusive regarding these security measures. The change resulted in a by far less annoying Windows 7, but it also introduced a gaping security hole in which the feature could easily be turned off altogether, using pre-approved Microsoft applications to fool Windows 7 into granting malicious code full access rights.
Microsoft refused to acknowledge this as a flaw but rather claimed it constituted a feature created “by design.” However, in a reassuring sign that the Windows beta process isn’t just for show, the company has now vowed to make some seemingly straightforward changes in the upcoming release candidate to address this concern. Namely that changing the level of the UAC will prompt for confirmation.