Microsoft's plans to change a controversial security feature in Windows 7 are only cosmetic, nothing more than "lipstick on UAC," a developer of enterprise rights management tools has said.

BeyondTrust, which touts its Privilege Manager software as a way for enterprises to sidestep intrusive messages from Vista's User Account Control (UAC) while still locking down PCs, took exception with Microsoft's plans to revamp the feature in its upcoming operating system.

In an email, BeyondTrust 's CEO, John Moyer, called the UAC modifications "lipstick" and said "they still do not solve the major issue for enterprises."

Instead, he argued that Microsoft hasn't taken UAC's problems head on. "Windows 7 promises cosmetic changes to reduce UAC prompts, but it does nothing to fix the underlying security and usability problems for businesses," he said.

"Just like Vista's UAC, Windows 7 keeps end-users in charge of the security decision of what applications to run with administrative privileges. That's like hanging out a 'Welcome' sign for malicious users, hackers and malware."

In an interview Wednesday, Scott McCarley, the company's director of marketing, expanded on that theme. "The changes [to UAC] didn't fix a lot of the issues that we see with UAC in Vista," he said. "They don't address the usability and security issues."

At Tuesday's Professional Developers Conference (PDC), Microsoft's Steven Sinofsky, the head of Windows' development, outlined UAC tweaks planned for Windows 7.

After he acknowledged that Microsoft "went a little too far" in displaying pop-up prompts, he said Microsoft would answer critics by letting users and administrators set the warning frequency. "We've actually added a slider that allows you to decide how much of the UAC you want to see on your machine," said Sinofsky.

That's just window dressing, countered BeyondTrust. "The slider control is a cool feature," said McCarley, "but it's designed for administrators [and] is a benefit only to administrators. They've done nothing to improve the standard user experience, they've only improved the messaging of UAC."

BeyondTrust markets its Privilege Manager software to enterprises that want to give users limited control over their machines without the hassle of wading through the UAC warnings.

"UAC is tough to implement because users need to do things that prompt, like system changes and software installations," said Peter Beauregard, a product manager at BeyondTrust. "A lot of our customers come to [Privilege Manager] to use with laptop users who they need to manage, but who also need to do things on their own from time to time, like install a program."

The company ported Privilege Manager to Vista in March 2007, shortly after Microsoft announced the then-new operating system. With Privilege Manager, an enterprise's IT staff can set users' rights so that workers are still protected by UAC, but don't see its often-constant messages.

McCarley and Beauregard denied that BeyondTrust was worried about losing business when Windows 7 would give administrators and users more control over UAC. In fact, the changes planned for Windows 7 were such that the market for the Privilege Manager would not shrink when Windows 7 debuts, they claimed.

It comes as no surprise that Microsoft modified UAC in Windows 7. Earlier this year, the company tagged the feature as one of five it said contributed to Vista's slow adoption. At the time, Microsoft said UAC had been given a "bad rap" and was "misunderstood."

"We want to continue to work with Microsoft in a very co-operative manner," said BeyondTrust's McCarley. "But the additional work in Windows 7 is beneficial only to the administrator, and that's not what we want. The end objective of an enterprise should be to have everyone run as a standard user."