Beginning in 2002, however, Microsoft started making security an essential part of software development. As a result, the then next version of Windows, Vista, featured a total separation between what a user can do on a machine and what an administrator can do, a separation that has always been enforced on Unix distributions.
This separation, enforced by UAC, limits the damage that a user can do to a machine.
UAC could be seen as the Windows equivalent to the Unix sudo command, Cowan explained. Sudo allows a user to execute privilege tasks only after supplying an administrator, or root, password. Some Linux distributions, such as Ubuntu, do away, at least out of the box, with root accounts altogether, relying entirely on sudo.
Many users chafed at using UAC, however. Every time a program would require full administrative rights to run, a UAC box would pop up on the screen, asking the user for permission.
The annoyance of UAC actually proved to be beneficial over the long run, Cowan explained, because it reduced the number of applications that required administrative rights.
In many cases, programs did not need administrative permissions at all. Many Windows programs were designed to write their configuration data to the system registry, when it could as just as easily be stored in user folders.
Over time, application developers got the message from all the user complaints. Using anonymous telemetry data, Microsoft estimated that the number of Windows applications that required user access dropped from approximately 900,000 to 180,000.
While Vista got the bad reputation for user-hostility, Windows 7 made UAC more user friendly without relaxing the strict divide between user and administrator. This OS offered auto-elevation, in which a limited number of Microsoft pre-approved programs could get administrative access without the annoying user prompts. It offers a sliding UAC scale, so users can pick the level of restriction for their applications. Windows 7 also established virtual accounts so individual applications could get their own user accounts, Cowan said.
After the talk, one audience member said he agreed that UAC probably did encourage application vendors to rewrite their programs, but wondered if that was really Microsoft's goal in the first place, given the amount of user dissatisfaction it caused. Cowan himself admitted, when discussing browser security, that "Prompts are not purely evil. Prompts in which the answer is almost always 'yes' are evil."
UAC was one of a number of features that, Cowan said, brought Windows to security parity with Unix. The other features include a built-in firewall and the signing of 64-bit kernel drivers. In some cases, he argued, Windows now has security features that aren't even found in most Unix distributions, such as network access protection, memory address randomization, and data execution prevention.
"Unix had a very large security lead. Since then, Microsoft has closed the gap on every front and in some cases exceeded Unix security," Cowan said.