Windows Vista最令人讨厌的功能之一是用户帐户控制(User Account Control),简称UAC。许多人发现它很烦人并选择立即禁用它,即使这意味着他们的系统会面临额外的安全威胁。在Windows 7中,微软(Microsoft)已经严重改变了这个特性。现在用户可以更好地控制它以及它的工作方式,它应该提供更好的用户体验。为了了解这在数字上意味着多少改进,我在默认的 Windows Vista 和 Windows(default Windows Vista and Windows) 7 UAC级别之间进行了比较。让我们看看哪一个赢了,为什么。
基准描述(Benchmark Description):我测试的内容
首先,我搜索了需要可以触发UAC 提示(UAC prompt)的管理权限的所有任务的列表。我从这个触发Ed Bott的用户帐户控制提示的项目列表(list of items which trigger User Account Control prompts)开始,并对其进行了定制,使其尽可能与Windows 7和Windows Vista相关。
我运行的测试列表如下:
- 以管理员身份运行应用程序(Running an application as an Administrator)- 我以管理员身份运行随机应用程序,方法是右键单击它们的快捷方式并选择“以管理员身份运行”('Run as administrator')。当您需要使用仅与Windows XP兼容且需要访问系统文件和设置的较旧应用程序时,会执行此操作。
- 更改 Windows 和 Program Files 文件夹中的文件和文件夹(Changes to files and folders in the Windows and Program Files folders)- 我尝试编辑Windows 和 Program Files 文件夹中的(Windows and Program Files folders)随机系统(random system)文件。我还尝试创建新文件夹,然后将其删除。
- 安装应用程序(Installing applications)- 我安装了几个应用程序,从 CD 刻录机到浏览器插件和防病毒软件(antivirus software)。
- 卸载应用程序(Uninstalling applications)- 我卸载了安装练习(installation exercise)中使用的相同应用程序列表。
- 安装和卸载设备驱动程序(Installing & uninstalling device drivers)- 为了测试这一点,我为我的 PC 中的所有组件安装了驱动程序,然后我卸载了它们。
- 安装 ActiveX 控件(Installing ActiveX controls)- 对于这个测试,我使用了来自Nvidia 驱动程序下载页面的(Nvidia's driver download page)ActiveX。
- 更改 Windows 防火墙(Changing settings for Windows Firewall)的设置 -启用Windows 防火墙(Windows Firewall)后,我自定义了它的一些设置和规则。
- 更改 UAC 设置(Changing UAC settings)- 对于此测试,我打开和关闭了用户帐户控制功能(User Account Control feature)。
- 配置 Windows 更新设置(Configuring Windows Update Settings)- 我更改了Windows 更新(Windows Update)设置。
- 添加或删除用户帐户(Adding or removing user accounts)- 我创建和删除了多个用户帐户,包括标准用户和管理员。
- 更改用户的帐户类型(Changing a user's account type)- 此测试涉及将其中一个测试帐户的类型从标准帐户更改为管理员帐户,反之亦然。
- 配置家长控制(Configuring Parental Controls)- 对于这个测试,我为不同的用户帐户设置了不同的家长控制(Parental Controls)规则。
- 运行任务计划程序(Running Task Scheduler)- 这个测试很奇怪。在Windows Vista中,如果您从Start Menu -> Accessories -> System Tools任务计划程序(Task Scheduler),则不会显示UAC提示。但是,如果你从Control Panel -> System and Maintenance -> Administrative Tools运行它,你会得到一个UAC 提示符(UAC prompt)。因此,我在Windows Vista 和 Windows(Windows Vista and Windows) 7的控制面板(Control Panel)中运行了快捷方式。
- 使用备份和还原或 Windows 轻松传输备份和还原文件和设置(Backup & Restore Files and Settings Using Backup & Restore or Windows Easy Transfer)- 我使用这两种工具来备份和还原用户数据和设置。
- 查看或更改另一个用户的文件夹和文件(Viewing or changing another user's folders and files)- 这意味着浏览另一个用户的文件夹,添加和删除文件和文件夹。
- 运行磁盘碎片整理程序(Running Disk Defragmenter)- 我运行此工具对多个驱动器进行碎片整理
- 更改系统范围的设置(Changes to system-wide settings)- 我更改了控制面板(Control Panel)小程序中的不同设置,包括安全策略。
所有这些测试都使用默认的UAC级别运行。在Windows Vista中,这意味着在Windows 7中打开(Windows 7)UAC,这意味着将其打开并设置为“仅当程序尝试对我的计算机进行更改时通知”('Notify only when programs try to make changes to my computer')。
测试结果
测试结果总结在下表中。
在Windows Vista中,在所有 17 个场景中都会触发UAC 提示。(UAC prompt)在Windows 7中,只有 5.5 个。由于卸载某些应用程序时,Windows 7会显示UAC 提示(UAC prompt),因此分配了一半。仅当您卸载修改重要系统设置的应用程序时才会发生这种情况。在我运行的测试中,只有Microsoft Silverlight 插件(Microsoft Silverlight plugin)的卸载触发了UAC 提示(UAC prompt),而所有其他应用程序都没有。根据您使用的应用程序类型,您在卸载应用程序时可能永远不会遇到UAC 提示。(UAC prompt)
如下图所示,在Windows 7中,在(Windows 7)Windows Vista触发的至少 11 种情况下,您不会遇到UAC提示。(UAC)
这意味着减少了大约 67%,具体取决于您使用 PC 的方式以及您执行的最常见任务。
结论
在UAC 基准测试(UAC Benchmark)中,Windows 7轻松胜出,而且对它的青睐有很大的不同。看来微软(Microsoft)已经注意到了用户的反馈,并对这个功能进行了认真的调整。UAC现在比在Windows Vista 中的烦人少了很多,用户(Windows Vista and users)将获得更好的计算体验。剩下的唯一问题是:新的UAC 实施(UAC implementation)是否与之前的一样安全?时间(Time)会证明情况是否如此。
Windows 7 vs. Windows Vista: the UAC Benchmark
One of the most hated features of Windows Vista is the User Account Control, or UAC in short. Many people found it annoying and chose to disable it right away, even if this meant exposing their system to additional security threats. In Windows 7, Microsoft has seriously changed this feature. Now users have a lot more control over it and how it works and it should provide a better user experience. To see how much improvement this means in numbers, I have run a comparison between the default Windows Vista and Windows 7 UAC levels. Let's see which one wins and why.
Benchmark Description: What I Tested
First, I searched for the list of all tasks which require administrative privileges which can trigger an UAC prompt. I started with this list of items which trigger User Account Control prompts from Ed Bott and customized it a bit to be as relevant as possible for both Windows 7 and Windows Vista.
The list of tests I ran is the following:
- Running an application as an Administrator - I ran random applications as an administrator, by right-clicking on their shortcuts and choosing 'Run as administrator'. This is done when you need to use older applications, compatible only with Windows XP, and which need access to system files and settings.
- Changes to files and folders in the Windows and Program Files folders - I tried to edit random system files found in both Windows and Program Files folders. I also tried to create new folders and then delete them.
- Installing applications -I installed several applications, from CD burners to browser plugins and antivirus software.
- Uninstalling applications - I uninstalled the same list of applications used in the installation exercise.
- Installing & uninstalling device drivers - in order to test this, I installed drivers for all the components in my PC and then I uninstalled them.
- Installing ActiveX controls - for this test I used the ActiveX from Nvidia's driver download page.
- Changing settings for Windows Firewall - with Windows Firewall enabled, I customized some of its settings and rules.
- Changing UAC settings - for this test I turned on and off the User Account Control feature.
- Configuring Windows Update Settings - I changed the Windows Update settings.
- Adding or removing user accounts - I created and deleted multiple user accounts, both as standard users and administrators.
- Changing a user's account type - this test involved changing the type for one of the test accounts from standard to administrator and vice-versa.
- Configuring Parental Controls - for this test I set different Parental Controls rules for different user accounts.
- Running Task Scheduler - this test is pretty weird. In Windows Vista, if you run the Task Scheduler from Start Menu -> Accessories -> System Tools, no UAC prompts are shown. However, if you run it from Control Panel -> System and Maintenance -> Administrative Tools, you do get an UAC prompt. Therefore I ran the shortcut from the Control Panel in both Windows Vista and Windows 7.
- Backup & Restore Files and Settings Using Backup & Restore or Windows Easy Transfer - I used both tools to backup and restore user data and settings.
- Viewing or changing another user's folders and files - this meant browsing through another user's folder, adding and removing files and folders.
- Running Disk Defragmenter - I ran this tool to defragment several drives
- Changes to system-wide settings - I changed different settings in the Control Panel applets, including security policies.
All these tests were run with the default UAC levels. In Windows Vista this means having UAC turned on while in Windows 7, it means having it turned on and set to 'Notify only when programs try to make changes to my computer'.
Test Results
The test results are summarized in the table below.
In Windows Vista, an UAC prompt is triggered in all 17 scenarios. In Windows 7, in only 5.5 of them. The half of point was assigned due to the fact that, when uninstalling some applications, Windows 7 can show an UAC prompt. This happens only when you uninstall applications which modify important system settings. In the tests I ran, only the uninstall of the Microsoft Silverlight plugin triggered an UAC prompt, while all other applications did not. Depending on what type of applications you are working with, you might never encounter an UAC prompt when uninstalling an application.
As you can see in the graph below, in Windows 7 you will not encounter UAC prompts in at least 11 of the scenarios where Windows Vista triggered one.
This means a reduction of approximately 67%, depending on how you use your PC and which are the most common tasks you perform.
Conclusion
When it comes to the UAC Benchmark, Windows 7 wins easily and with a huge difference in its favor. It seems that Microsoft has paid attention to user feedback and has seriously tweaked this feature. UAC is now a lot less annoying than it was in Windows Vista and users will have a better computing experience. The only question that remains: is the new UAC implementation as secure as the previous one? Time will tell if that's the case or not.