Sunday, April 10, 2005

Limited user accounts

One of the things that Linux fanboys love to mock Windows for is how users are administrators by default, and it's true; just about everyone runs as an administrator if they can (home machines, enthusiasts, developers). It's also true that Microsoft could have made limited accounts the default in Windows XP, and they didn't. This is one of those decisions that I'm not that sure about. It's the fine line that Microsoft always has to walk between compatibility and security. If they made limited user accounts the default, then a lot of stuff wouldn't work. Slashdotters seem to love to bring this up. But this isn't Microsoft's fault. Making programs require administrative privileges was acknowledged to be bad a decade ago, and Microsoft started really trying to get developers to make the easy changes to make their programs work in a multiuser environment seven or eight years ago. Microsoft's software works really well in this regard; you have to be an administrator to install it, but Office works extremely well with multiple users. Visual Studio is probably the worst example; prior to VS2005, Visual Studio didn't really operate under a non-admin account at all. I'm much more willing to forgive VS, though, being a developer tool. There is a lot of development that you just can't do without an administrative account, so it's not as bad.

But that's no excuse for new software like World of Warcraft. (See how it manages to make it into almost every post?) World of Warcraft still puts user files under C:\Program Files. This has been unacceptable since before it started development. Most games are guilty of this; games are tested as games, not as applications, and it usually shows up in a lack of quality in almost everything not related to advertising or the gameplay experience. Command & Conquer Generals almost made me wet myself when I saw that it stored its per-user data in My Documents. My Documents isn't really the correct place for this either (should be C:\Documents and Settings\username), and they used a ridiculous folder name, but it's still better than putting things in Program Files.

But developers only do this because they run as administrators. They run as administrators because Visual Studio and other development tools require them to. I don't know what Microsoft needs to do to fix this. I think that they've shown that they can focus on security even if it breaks stuff with XP SP2, and because of it, I think that they're probably going to make non-admin accounts the default in Longhorn. I think that Microsoft needs to be less forgiving of stupid software developers. If developers see that users have to see a stupid "enter administrator password to continue" dialog every time they want to play the game, they'll change quickly.


Anonymous said...

"There is a lot of development that you just can't do without an administrative account..."

oh that's a ringing endorsement of development on Windows.

Anonymous said...

This entire post makes me think that someone like you must be in charge of user accounts on the windows development team.

Without getting into it too much: there is no worldly reason for development tools to have to run as admin ... none!

The reason for it in windows is that none of you MS guys paid any attention in your software engineering classes and tightly coupled OS functionality with development candy in a shoddy way. Because of this, in order to do any kind of reasonably advanced development in windows you have to make a bunch of under the covers OS calls, which in turn requires (and rightfully so) admin access.

Undoing this without completely breaking years of functionality is not a trivial problem … I don’t envy the people that has to solve it.