Days after being released on MSDN, reviews for IE 7 Beta and Windows Vista (formerly Longhorn) Beta are coming in.

Two reviews that I especially recommend are Paul Thurrott’s review of Windows Vista B1 and Andrew Rondeau’s review of IE 7 B1. At the end of Andrew’s review, he lists some suggestions for the upcoming versions of IE (B2, RC, and gold). I agree with almost all of his points especially the “new tab button” comment. It does look like a bug and it is confusing.

One of the items that made me raise my eyebrows in Paul Thurrott’s review was the section on the new security feature title User Account Protection (UAP – formerly known as Least Privileged User (LUA)).

According to his review, once UAP is enabled the user gets prompted any time they “try to do something dangerous.” He goes on to say, “The sheer number of actions that trigger this dialog, however, is alarming. Virtually every single Control Panel applet makes it come up, for example, as does installing an application. And so on. It gets kind of tiring after a while.”

Notice something here? First off, in Beta 1, UAP is disabled by default. I hope that this doesn’t carry on to other versions of Vista. Second thing is, I have mixed feelings about even being able to disable UAP in the first place.

In Linux and Mac OS X, root is root and the other users are just users. People seem to understand this limitation feature and use the system as it was intended. If Vista gives the user the ability to disable UAP (especially in the face of countless warning messages) the first thing that they will seek to do is to disable the source of the messages (which is of course UAP).

The other thing that concerns me about disabling UAP is, if a user can do it, it’s probably not that much of a stretch that malicious software can do it too. I wonder how long we’ll have to wait before we see privilege escalation vulnerability in Vista.