I wonder if they appreciate the importance of promptly alerting users to security problems. Delaying the reporting of a security issue could result in additional damage being done.
Maybe prompts could be presented differently, so they wouldn't interfere with what users were doing and on the same time inform them about problem?
I was thinking the same thing. And even more, the exact moment when a security warning appears is sometimes a good indicator about the security issue itself; for instance, I wouldn't want to get a warning that site X is malicious after I close it and go to site Y because that would be very misleading about the cause of the warning.
the writer of the article doesn't even understand UAC's purpose lol ; like many of the uninformed people, he thinks UAC is a kind of HIPS/anti-exe
I didn't read anything that led me to believe that he doesn't understand UAC, you must have read another article.
I understand the points the author intended to make and while I can agree with him on those points he mentioned, I have to respectfully disagree with UAC being called useless. The author only makes the argument from the POV of what he sees UAC as - that is the prompts only - and expect it to be a security boundary...which as we all know by now, it is not. UAC encompasses more than just the prompts. Without UAC, we would still be stuck with the admin mentality developers have in XP days whereby programs run with high privileges even if they do not require it.
Yes, this is true of course. But the points that he made are valid, it's basically why so many people are skeptical about UAC. But to get back at the topic, that's why it's important to keep alerts to a minimum when trying to protect most regular users.
It doesn't really matter that much, IMO. I've been in the business of fixing infections for around 8 years, and people don't really care about the message being presented. You can have a full-screen flashing warning with a death threat in exotic colors, and most people would still be like "meh, whatever" I think that's because we feel less threatened in front of a monitor. What really changes people's behavior is time and money. If those are hurt, they change.
The problem with security warnings has less to do with timing and more to do with mere psychology. Most people hate warnings. If there's an easy way to dismiss it, people will dismiss it. I would rather software developers default to the safer choice to prevent access and provide a way to override. The exception would be in cases where a false positive may break a working system or cause downtime..
How many times i have to repeat it... UAC is made to block elevation NOT malwares (as this writer obviously think it is, he even said it) ! if a malware doesn't require elevation , UAC will stay silent. UAC isn't a protection feature working as an HIPS or anti-exe that detect and block malicious/suspicious processes/executable; Smartscreen + WD does it; not UAC. UAC was made as a convenient feature to avoid users to logout SUA and login in as Admin to install softwares or make changes to the system; from this, some people consider it as a protection feature (because many malwares needs elevation). when people will understand that, they will stop bashing UAC...
Once cleaned a person's computer and made it much faster, removing a number of trojans/adware/spyware. They complained afterwards that they missed having to close all the popups on Windows start.
No, I don't believe the writer thinks it's meant to block malware. He even says that the intention behind UAC is good. But he is trying to explain why most people might as well turn it off. And that is because of the fact that most people probably don't understand the purpose of the alert, will become annoyed, and as a result will blindly click on Yes/OK.