Benefits of Vista's User Access Control? 118
Abtin Forouzandeh asks: "Having used Vista for a few months, something keeps nagging me about the user account control. For the UAC to be useful, the user needs to have a fair amount of knowledge about: what the UAC is; what application it is blocking; the consequences of blocking the action; and an alternate approach if the blocked action did something useful. Anyone who has ever worked with end-users can tell you that they are generally disinterested in learning anything about computer usage beyond how to use word and make a spreadsheet. Frankly, even as a highly technical user, I nearly always approve the UAC dialog, even if I don't know the consequences. Since users lack knowledge, and Vista keeps asking esoteric/ambiguous questions, then users will always approve UAC dialogs. Since the UAC so clearly fails in its goal of making computing more secure, and substantially increases complexity, why is it common wisdom that turning off UAC is 'not recommended'? For 99% of users, is there any true downside? Has the community come up with ways to make UAC useful?"
What the hell is the point? (Score:5, Interesting)
Vista is here. The DRM features don't stop me from playing my MP3s, XVID videos, or from running FairUse4WM. It doesn't bring my modest 1.8GHz single-core Athlon 64 box to its knees, even with the Aero Glass UI (of course, my $40 Radeon X1300 helped that - the GeForce 6100 IGP was kind of sluggish. It hasn't stopped me from installing Ubuntu, ripping DVDs, using Daemon Tools, installing unsigned drivers, or doing anything else that I would do to a Windows system.
UAC hasn't prompted me for anything in the past 4 hours. I see - maybe - 1 or 2 prompts per day. Perhaps that's because I don't go trying to put files in "C:\windows" or screw with system DLLs.
Firefox works. So does Thunderbird, Office 2003, Visual Studio, Paint Shop Pro, VMWare, Virtual PC, Maple, EMEditor, WinSCP, PuTTY, AVG, SmartFTP, Microangelo, iTunes, Quicktime, Daemon Tools, TI Connect, WinRAR, ATITool, SpeedFan, RMClock, PowerStrip, Prime95, Paint.NET, uTorrent, Opera, NSIS, Java, Flash, Adobe Reader, 3DMark, Warcraft III, Steam, and WoW.
Oh, and all of my hardware works. On both of my desktops and my notebook.
So what doesn't work? Display aspect ratio selection doesn't work with NVIDIA's shitty drivers (one reason my desktop has an ATI card now). PDFCreator refuses to work, as does VNC.
Vista is the next version of the OS with the broadest hardware and software compatibility. $109 is a pretty cheap price for that.
useless but still the right thing (Score:1, Interesting)
You want to do your work, right?
Agreed, and smart users will do the same. However, in the long run applications will have to avoid causing UAC prompts and eventually it will be possible to secure the "windows ecosystem" without breaking common programs. So I'd say Microsoft is doing the right thing, just that doing the right thing when it comes to security is rarely popular. Possibly I'm being optimistic, but I think they may have thought this one through.
Ok, here is what I'm wondering. If you have a single-user desktop and administer it yourself, what is the point of having a seperate administrative account? Any program that acquires *your privileges* will have access to all the sensitive data on the machine. So you are screwed anyhow.
Honestly I'd argue that running your OS in a virtual machine and having a virus and rootkit scanner running from outside that virtual machine is much more meaningful desktop security. At least that way you have some still security left after handing off administrative powers to random daily operations like installing windows stuff off the net.
Lets face it, forget technology, Linux is more secure simply because you typically download all your programs from a single distro's repository and those programs are already trained to handle limits on their permissions.
Re:Having edited the HOSTS file (Score:5, Interesting)
Re:It serves the same purpose... (Score:2, Interesting)
That indeed is a big shame.
I can understand that Windows programming has attracted a bunch of hobbyist programmers that already are happy when the program they have written performs its (niche) task without logic errors, and do not care about or understand more complex topics like security, error handling, etc.
However, the same mistakes still appear in "supposedly well written" programs like telebanking applications.
For example, ABN-AMRO bank distributes an application called "ABN OfficeNet" (for businesses) that is a total piece of crap.
It does not work correctly in LUA in Windows 2000 or XP. It creates its temporary files in the WINDOWS directory. Its error reporting in case of access problems is a total disaster.
These people do not understand at all what they are writing and supporting. Their helpdesk losers just state that "you have to have Administrator rights to run this program". Having a company policy that office workers do not get Administrator rights on their WS is just "your problem, not theirs".
However, now they have found their crap does not work on Vista at all
We are not running Vista, and are not planning to do so in the near future, but I am anxious to see how they wrestle themselves out of this "problem".
Hopefully someone fires the hobbyists in their software department and hires someone who understands the matter and the importance of security.
Of course, those are the same folks who always claim that their computing security is perfect and that every mishap is always the fault of the customer until he can prove that it is the fault of the bank (for which he will not get insight in the sourcecode and technical documentation of their software).
Re:Serves it's purpose (Score:1, Interesting)
So i'm leaving UAC on. Not because I need it or want it, but because i'm worried that security in vista will come to rely on it (just like xp came to rely on it's built in firewall).
DoS (Score:5, Interesting)