Once upon a time, a Microsoft employee said that UAC was designed to annoy people, thus encouraging people (and systems administrators) to bug application developers and get those developers to fix their use of resources in Windows. Well, it seems that one company actually went backwards, making its application more annoying than it used to be.
Of course, I’m talking about Java.
I figured I would turn Java into an example of what not to do when designing something for Windows before uninstalling it. Since Sun Microsystems clearly has no idea how to develop for Windows Vista, I’m going to direct them to this wonderful page.
I highlighted the single switch present in the command which indicates the problem: “-auto”. UAC prompts should never be automatically launched without informing the user prior to launching one. It’s very plain and very simple, and when developers start writing applications which throw consent prompts without any obvious reason as to why, they’re clearly doing something wrong.
Worse yet, Java Automatic Update decides to tell me after I click Cancel that it wants to update.
This bubble should be thrown first, followed by launching the consent prompt should the user decide to update. Doing it the other way around is mindblowingly stupid. It’s not exactly an easy thing to screw up, either, so I’m chalking this one up either to developers not knowing what they’re doing or developers testing UAC out for the heck of it to see how many people obey random UAC prompts.
If you’re seeing this, I highly encourage you to click Cancel. Better yet, go ahead and uninstall Java. That’s what I did.
Now if you’ll excuse me, I’ll be going off to celebrate my birthday away from random UAC prompts.
Follow Bryant on Twitter! 
That is certainly really stupid. But Java is pretty good for doing things in a rather roundabout way. Maybe with this they will finally get some idea. We should get Rafael on there to see why it needs elevation to check for updates. It should really only need to prompt when the MSI for updating is launched.
Unfortunately, there are also many apps that require Java, so uninstalling it is easier said than done. Though, if you’re following Microsoft’s instructions exactly, you should click “Cancel” as you didn’t start the program.
I remove java from all the computers I come across (mine, family members, etc.) My father-in-law got hit by a bad virus due to an old java version on his laptop a few months ago.
Still waiting for an application that comes along where I need the jvm…
That auto-updater is one of the many (maaany) reasons why I don’t *do* Java on any of my machines.
However, while the Java updater is a POS, and definitely shouldn’t be triggering UAC prompts out-of-the-blue, I think part of the problem lies with the design of the UAC consent dialogs: They don’t allow programs to show context about what they are asking the user to consent to.
Programs shouldn’t have to display a pre-prompt to tell the user why they’re about to prompt them. That’s a UX failure right there. Users shouldn’t have to put up with annoying prompts-about-prompts which double the amount of time & clicks they have to spend interacting with what is, to many of them, a nagging message that just gets in the way of what they’re doing (even if some of us do appreciate the prompts).
But, as I said, I do absolutely agree that UAC prompt appearing out of the middle of nowhere and with no context is a very bad thing for Sun/Java to be doing. They should be working better within the design of the OS and only launching that elevated process after the user sees and clicks on a notification bubble (or similar).
I should clarify that I’m talking about apps which end up showing interactive prompts-about-prompts — like in Explorer when you delete a file in a protected location — more than passive messages such as notification bubbles. Bubbles are fine since they never interrupt what you’re doing unless you choose to respond to them.
Dont you kinda need java if your using the internet?
Ahh well, doesnt bother me at least, disabling UAC is the first thing i do when i install windows…
@Leo: Two things:
First, it is up to developers to inform users why they are to be prompted. Every developer could put a description into place, but the words “user experience” and “standards” are rarely found in the same sentence. Also, there is a bit of a system in place for that with the shield overlay. Wherever it is found throughout the system, it indicates to users that for some reason, clicking that control will cause that sort of prompt.
Secondly, you have hit the nail on the head concerning the purpose of bubble notifications.
If only these software companies would care. From my experience, this isn’t an isolated case. IMHO, it’s an even worse case with Microsoft Visual Studio 2008. Yes, the one released after Vista (and thus UAC) was. As you compile .NET code with key signing, you suddenly need to have started VS 2008 with elevated rights. But, and here’s the kicker, it never tries to elevate the user rights! It just complains about it silently in the output window, and you’re left to restart it youself, right-click in the start menu, and pick “Launch as administrator”. I thought that was a bug due to Visual Studio 2005 wasn’t quite ready for Vista, but oh, how wrong I was.
Devin: I agree on the shield icon, but there are times when it isn’t possible (or is too expensive) to calculate that elevation will be needed in advance and show a shield. In those cases apps that follow the rules end up showing prompts just to tell you why they’re about to show you another (UAC) prompt. That’s stupid, IMO, when all of that information could be put into the UAC prompt.
Even better, in some cases (though not all), the information in the UAC prompt could be generated by components on the admin side (i.e. more secure than the non-admin side, though not perfectly isolated) based on the objects/arguments being elevated. The user would then, in some cases at least, actually know what it is they’re about consent to in a way which is much more difficult to spoof. (Any dialog or text string generated by user-mode code can be spoofed by any other process with the same access. Similarly, any UAC prompt can be hijacked by another process and be made to do something entirely different. When the only context you have is a component name, but nothing about the actual operation, the prompts are less useful.)
e.g. UAC now displays the command-line, not just the exe name, if you expand the details. That’s a step in the right direction. If I’m consenting to a file copy/move/delete/rename done through IFileOperation, why can’t I be shown a list of the operations queued up on that object? (Well, that couldn’t work now because the elevation happens when the object is created, not when the queued operations are committed, but it refactored to work that way.)
You should bug this with Sun and point to your breakdown of what is happening in the bug report. This definaly is backwards and has annoyed me for a while. Also why does the toast bubble still show up if I click cancel, messed up.