Amid criticism about the annoyingly frequent UAC (User Account Control) notifications on Windows Vista, Microsoft decided to prompt users less frequently in Windows 7. But this decision has generated sharp criticism from all circles. Security experts have criticized that this exposes a vulnerability that will put users at high risk. Basically, with Windows 7, users can choose how often they want to be notified - the default setting is to notify only when a third-party application is making a change. The catch here is that any changes to the UAC setting itself are being made within the OS and not by a third party. Hence malicious code could turn off such alerts entirely without notifying the user that such a change had been made. MS is literally getting beaten up for this decision. Finally, Microsoft announced that they have decided to adjust the feature such that it notifies users when the UAC itself is modified. These changes will be available in the Windows 7 RC due later this year.
As I write this, I am reminded of the Malayalam proverb "Velukkan thechathu paandaayi" (translation: the face cream that was applied to become fair has created a patch)
