Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Windows Vista Beta 1: Page 8 of 17

Document Explorer

The last bit of significant change to the Start Menu is the addition of the Document Explorer, which is prominently displayed on the right side of the primary Start Menu. The menu item reads "Documents," but this doesn't link to your C:\User\{Current User Account}\Documents folder as you might expect. It links to the All Documents virtual folder, or preconfigured search of all the documents on your hard drive. The "Pictures" and "Music" menu items below Documents are also links to virtual folders.

Microsoft has hit upon the perfect solution to a long-standing Windows problem that has become more important in recent years because of security issues. While it's a perfect solution in theory, I'm concerned it might fail in the real world.





In Windows Vista Beta 1, you turn on User Account Protection by clicking on an icon on the All Programs menu on Start. Doing so opens this dialog.



Click to Enlarge

The Old Way

The problem is this: Most Windows users log into the default user account, Administrator, and never use any other account. The Administrator login has full power to make changes to any part of the file system or operating system. In other words, it's a dangerous account for someone other than you to access your computer with. And it can be a dangerous account for you to use if you're not an experienced Windows user. Younger kids, for example, should never be given Administrator access to a computer. That's asking for trouble.

Worse, since every Windows computer has this default full-privileges user account, and that account name is "Administrator," it's very easy for hackers to access it. They know where to look. On many computers, this user account isn't even password-protected.

But there are solid reasons why this unsafe situation has been the typical condition on literally millions and millions of PCs for years and years. The only other default account type that Microsoft offers, the Limited Account, is so limited that even experienced users find it very difficult to work with. For example, you'll have serious trouble doing things like changing the date and time of day, making changes to your network stack, installing applications, and installing device drivers from a Limited account. What you're supposed to do is log out of the Limited account, log back in with your Administrator account, make those changes for the Limited account, log out of Administrator, and log back in to the Limited account. Even if you know enough to do that, most of us are far too busy having real lives to bother with what is truly a lot of nonsense.

And yet important security issues, especially in recent years, make this about as far away from nonsense as you can get. A whole new way of dealing with this is sorely needed.