In a reversal, Microsoft said on Thursday that it will make changes to the way a controversial security feature works in Windows 7.
After getting lots of feedback that Windows Vista too often prompted users to approve changes, Microsoft had decided in Windows 7 to prompt users less frequently. However, in recent days, some enthusiasts and security experts warned that the specific changes Microsoft planned to make with Windows 7.
Microsoft initially downplayed the risks and defended its choices around the User Account Control feature. On Thursday, though, the company's two top Windows engineers said the company will make some modifications in response to the outcry.
Microsoft won't change the default setting--which is to notify users only when a program is making changes to their system--it will add an exception when changes are being made to the UAC itself. Starting with the upcoming "release candidate" version of Windows 7, changes to the UAC settings will require user approval, senior vice presidents Jon DeVaan and Steven Sinofsky said in a blog posting.
"With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we'll all see," the pair wrote. "First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion...Second, changing the level of the UAC will also prompt for confirmation."
When the issue was first raised last week, Microsoft issued a terse statement that basically said the feature was working as it was supposed to.
"This is not a vulnerability," Microsoft said. "The intent of the default configuration of UAC is that users don't get prompted when making changes to Windows settings. This includes changing the UAC prompting level."
However, the criticism around the setting continued to build.
In an, DeVaan told CNET News that the company would consider changes, but he also said that it believed that the discussion had lost sight of the fact that the issues being discussed only applied if a system was already compromised by malware.
Rafael Rivera, who along with blogger Long Zheng was among the first to write about the UAC issue, praised Microsoft for its eventual action on the issue.
"I'm happy to hear of the changes upcoming in the public Windows 7 Release Candidate build," Rivera said in an email. "Regardless of the reasons (behind the changes), the increase in security is a win for all Microsoft Windows users."
Zheng also praised Microsoft's move in a blog posting late Thursday.
In their post, DeVaan and Sinofsky acknowledged their communication on the issue had been less than ideal.
"Our dialog is at that point where many do not feel listened to and also many feel various viewpoints are not well-informed," the pair wrote.
Sinofsky and DeVaan said they expected a breakdown in communication to happen at some point, but said that they hoped the dialogue around Windows 7 would continue.
"We don't want the discussion to stop being so lively or the viewpoints to stop being expressed, but we do want the chance to learn and to be honest about what we learned and hope for the same in return," they wrote. "This blog has almost been like building an extra product for us, and we're having a fantastic experience. Let's all get back to work and to the dialog about Engineering Windows 7. And of course most importantly, we will continue to hear all points of view and share our point of view and work together to deliver a Windows 7 product that we can all feel good about."
Reviews of the beta version of the product, which came out last month, have been largely positive, particularly around the performance and reliability of the product. The company has seen the first significant criticisms about Windows 7 this week, both in regard to the UAC feature as well as some dismay that the company will again offerwhen Windows 7 is released.
Officially, although Microsoft is still believed to be in time to be on computers sold during this year's holiday shopping season.