Security UI

Over a decade ago, Windows started checking the signature of downloaded executables. When invoked, Attachment Execute Services’ (AES) UI displays the publisher’s information for signed executables; unsigned executables instead show a security prompt with a red shield and a bolded warning that the publisher of the file is unknown:

image

In contrast, signed executables show a yellow shield and the name of the publisher and the publisher’s declared name of the application.

When Windows Vista released in late 2006, an “elevation dialog” was introduced to prompt the user for permission to run an executable with elevated (administrator) rights. The new prompt’s design somewhat mirrored that of the earlier AES prompt, where unsigned executables are scary:

image

… and signed executables are less so:

image

As you can see, the prompt’s icon, program name, and publisher name are all pulled from the downloaded file.

To avoid double-prompting the user, the system detects whether a given executable will be elevated, and if so the AES dialog is suppressed and only the elevation prompt is shown.

As a consequence, the security UI in modern Windows is a bit backwards… the lower-risk “run as user” dialog seems complex and scary, while the higher-risk “run as administrator” dialog seems simpler and more trustworthy:

BadDesign

From a security design point-of-view, this seems unfortunate. Application designers should never be in the position of choosing higher-permission requests to get friendlier prompt behavior.

-Eric Lawrence

Security UI

One thought on “Security UI

  1. SatoMew says:

    The AES UI even looks the same since its inception in Windows XP SP2 (IIRC). Plus it violates the Windows User Experience Interaction Guidelines regarding dialog boxes that have been in place for desktop apps since Windows Vista: https://msdn.microsoft.com/en-us/library/windows/desktop/dn742499.aspx (no white background for the content area; improper formatting of the main instruction text; incorrect placement of the command area; at least some of the text in the footnote area belongs as a supplemental instruction in the content area).

    Unfortunately, UI design and consistency don’t receive the attention they deserve, in part due to attitudes like this: http://blogs.msdn.com/b/larryosterman/archive/2009/01/28/everyone-wants-a-shiny-new-ui.aspx

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s