A key security feature of Windows Vista, User Account Control (UAC), is still nearly unusable, Symantec has said.At a press presentation last week, Symantec Vice President of Engineering Rowan Trollope said Symantec’s customers had found the feature so “chatty” that it was a burden on users, potentially creating new help-desk calls.He said that personally he had found the feature so distracting he had finally turned it off—not a good sign for companies intending to use UAC to protect systems.UAC allows administrators to create user accounts that have limited privileges, correcting what security experts perceive as a major weakness in previous versions of Windows. Previously, all Windows users were administrators, something nearly unheard of in the Linux/Unix world. The change is designed to limit the damage malicious attacks can cause, and to put a damper on attacks that take over large numbers of systems. But it can only be effective if UAC is enabled on a large proportion of Windows systems.The feature attracted criticism during the beta-testing process, from respected analysts and others, and Microsoft said it fine-tuned UAC. Symantec does have a vested interest here—the company plans to sell products that smooth out UAC’s alleged faults—but the company’s findings could be evidence of additional headaches for system administrators considering Vista.Symantec’s idea is somewhat different. Trollope said the company is proposing to add an extra layer of “intelligence” on top of UAC that would make it easier to use. Such a plan will involve Microsoft’s cooperation, Symantec acknowledged, but Microsoft security executives said the company was not yet aware of what Symantec has in mind.Following Symantec’s comments, Microsoft stood by its work. “If the user decides they do not want to run UAC and they would rather run a third-party solution that provides similar functionality, they do have the choice to disable it,” Microsoft said in a statement.Over recent months, Microsoft has been moving toward bringing many basic security features under its own roof, providing its own firewall, antivirus and antispyware software, for example.Symantec said users shouldn’t get the idea that Vista no longer needs third-party security products—which it admitted would be a disaster for Symantec’s own business.So far, however, industry analysts have largely agreed with Symantec, saying Microsoft has yet to prove itself as a security provider, particularly at the enterprise level. -Matthew Broersma, Techworld.com Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe