This is the twenty-forth in a series of notes about UAC in MSI. Per the earlier caveat, these are just my notes and not an official position from the Windows Installer team. The previous entries
This entry continues a section specifically focused on Question and Answers that often come up in the UAC in MSI dialogs. For this entry the topic is: wouldn't it just be easier for my current custom installer to support UAC than switch to MSI?
Generally no. The answer we provide to customers is 'use MSI'. The answer should be ‘use MSI’ and the customer has the burden to say why MSI is unacceptable.
When we say ‘use MSI’ we are acting in the customers best interests.
In my experience, the idea that 'we are undertaking the burden of security on behalf the ISV by providing these secure services in the box' sells. This sells as Microsoft’s commitment to Trustworthy Computing and it sells as Vista’s commitment to delivering a more secure platform. By reminding customers of the value in aligning with initiatives from the platform, they are usually happier in the end as it allows them to increase their focus on their market differentiating value propositions.
For now, Installer Detection and security manifests do provide application compatability mitigation but it is not intended to be a permanent solution for deployment. For example, few programs get user state correct in the Over the Sholder cases. Generally elevated programs write to the administrator's profile that provided the credentials rather than the Standard User that invoked the program. Windows Installer is designed to handle this case correctly.
Updates and other maintenace operations will also require elevation if one is using Installer Detection and security manifests. The requirement to go get an administrator creates problems in enabling Standard Users to keep their software functional and secure.
So the principle thing you are giving up are compelling packaging for corporate consumption. Windows Installer is a known quantity to IT departments so they trust MSI for their standard packaging format. When corporate IT departments get a package is not in the Windows Installer format, they repackage to MSI. You'll reduce the adoption costs of your software at scale if you use MSI.
When your application deviates significantly from the heuristics of the platform and you can't make the platform heuristics fit, the UAC currently recommends either: