Benefits of Vista's User Access Control? 118
Abtin Forouzandeh asks: "Having used Vista for a few months, something keeps nagging me about the user account control. For the UAC to be useful, the user needs to have a fair amount of knowledge about: what the UAC is; what application it is blocking; the consequences of blocking the action; and an alternate approach if the blocked action did something useful. Anyone who has ever worked with end-users can tell you that they are generally disinterested in learning anything about computer usage beyond how to use word and make a spreadsheet. Frankly, even as a highly technical user, I nearly always approve the UAC dialog, even if I don't know the consequences. Since users lack knowledge, and Vista keeps asking esoteric/ambiguous questions, then users will always approve UAC dialogs. Since the UAC so clearly fails in its goal of making computing more secure, and substantially increases complexity, why is it common wisdom that turning off UAC is 'not recommended'? For 99% of users, is there any true downside? Has the community come up with ways to make UAC useful?"
Re:Serves it's purpose (Score:3, Informative)
I found it to be useless (Score:4, Informative)
1) I got tired of the constant nagging and the need to enable admin mode by default on several apps by default to avoid compatibility issues, and
2) I realized that I clicked 'Allow' on anything anyway, the only exception would be a UAC dialog popping up from nowhere. This approach would make me wide open for attacks by supposedly trusted installers anyway.
So I turned it off! I still havent had any malware or viruses (Symantec Corporate kills most of that anyway). My life got all jolly and happy again. I can only imagine that the same "always allow" mentality will be the same for less savvy users. You want to do your work, right?
Re:Easy answer! (Score:4, Informative)
Re:useless but still the right thing (Score:2, Informative)
I haven't used Vista yet, but as long as it has at least WinXP grade access controls (properly configured ACL's can do wonders for limiting a virus's ability to sow chaos) I don't see the need for the Allow/Deny box to begin with--especially with a decent firewall/AV software--especially when that software already does useful things like say "We have stopped this program from running because it is infected with the DestroyYourHarddriveVirus/EvilTrojan, do you want to delete it?" (product plug: F-Prot AV makes Symantec look like trash IMHO).
Anyway, if I know most computer users, anything that asks them a question that will allow whatever they're doing to continue, they are going to hit yes with about 0% by volume thought
Re:useless but still the right thing (Score:5, Informative)
in the long run applications will have to avoid causing UAC prompts and eventually it will be possible to secure the "windows ecosystem" without breaking common programs.
That is the important point here. There is no reason for many of these programs to be asking for 'administrative' access to do any of this shit. MS can't just cut it off b/c it will break most of it's install base. This is a way to guide software companies into writing programs with a thought to security, rather than just doing it the 'easy way'.
Re:What the hell is the point? (Score:4, Informative)
Oh then please tell me why Vista degraded my nice SB FX DSP diving my 7.1 system into a software rendered piece of crap which is barely able to keep up with a 0.10$ intergrated sound chip
All the DRM made direct access to the DSP 'illegal', so it can't be used anymore in vista, nor will it likely ever be
Creative is advising every game creator to use OpenAL, to bypass this piece of crap situation DRM has brought us, so much for 'vista the ultimate gaming platform'
No password asked... (Score:3, Informative)
It's a deeper difference than that... (Score:3, Informative)
That is, in OS X this dialog is authorizing you to perform the action. If you are already authorized (that is if you were careless enough to run as root - the only real "administrator" account in the Windows sense) you shouldn't be presented with a dialog at all, because it's not asking you to *approve* an action you're already authorized to perform.
The difference between authorization and approval dialogs is obscured by dialogs like the UAC one that are sometimes authorization and sometimes approval dialogs.
But it's an important one. Approval dialogs are never necessary, technically, they're just there to try and give the user a "last chance" to keep a program from doing something that's possibly dangerous and may be irreversible. Whenever they exist, they should be a red flag, and an indication that the program may need to be restructured so the dangerous or irreversible operation doesn't happen.
For example, instead of deleting a file, move it to a location to be deleted later. Give the user the opportunity to look in that location and restore the files.
AND WHEN YOU HAVE DONE THAT, REMOVE THE APPROVAL DIALOG YOU DON'T NEED ANY MORE.
Sorry for shouting, but I still can't believe that someone thinks it's a good idea for Windows to ask you if you want to move a file to the trash.