Benefits of Vista's User Access Control? 118
Abtin Forouzandeh asks: "Having used Vista for a few months, something keeps nagging me about the user account control. For the UAC to be useful, the user needs to have a fair amount of knowledge about: what the UAC is; what application it is blocking; the consequences of blocking the action; and an alternate approach if the blocked action did something useful. Anyone who has ever worked with end-users can tell you that they are generally disinterested in learning anything about computer usage beyond how to use word and make a spreadsheet. Frankly, even as a highly technical user, I nearly always approve the UAC dialog, even if I don't know the consequences. Since users lack knowledge, and Vista keeps asking esoteric/ambiguous questions, then users will always approve UAC dialogs. Since the UAC so clearly fails in its goal of making computing more secure, and substantially increases complexity, why is it common wisdom that turning off UAC is 'not recommended'? For 99% of users, is there any true downside? Has the community come up with ways to make UAC useful?"
Serves it's purpose (Score:4, Insightful)
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
Re:Serves it's purpose (Score:4, Insightful)
There's a difference to the programmer: Oh, my program is popping a UAC prompt, I'd better fix it.
Re: (Score:1, Insightful)
Re:Serves it's purpose (Score:4, Insightful)
I wonder if liability isn't involved here. When you think of the costs to our economy due to Windows' vulnerabilities, it's quite possible that MS was afraid that if they put another flimsy OS on the market they might get held responsible (finally).
Whenever I hear of a fix that's not really a fix, I wonder if liability wasn't involved.
Re: (Score:1, Interesting)
So i'm leaving UAC on. Not because I need it or want it, but because i'm worried that security in vista will come to rely on it (just like xp came to rely on it's built in firewall).
Re: (Score:2)
Re: (Score:2)
How about... (Score:1, Funny)
Easy answer! (Score:5, Funny)
With Windows 98 and, to a lesser extent, 2000, we
Well, then Microsoft went and did a big favor to the alternative OS community: UAC. Now, we can all get a big ol' chuckle (and "+5 Funny" mod points) out of saying, "Cancel or Allow?" in any thread whatsoever. It doesn't even have to be a thread about Vista or Microsoft. Apple even made a commercial about it! It's great. It's like Microsoft declared free karma Christmas!
"Mod me +5 Funny: Cancel or Allow?"!
And that's the benefit of UAC.
Re:Easy answer! (Score:4, Funny)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
http://www.windowsdevcenter.com/windows/2006/04/0
And the spelling here:
http://en.wikipedia.org/wiki/Shenanigan [wikipedia.org]
Re: (Score:2)
It's like Windows is asking for a "get out of jail free card" before it does whatever mysterious thing that it wants.
Re: (Score:1)
Re: (Score:1)
Re:Easy answer! (Score:4, Informative)
Re: (Score:1)
Re: (Score:1)
I believe that is the point the poster was trying to make.
Re: (Score:2)
http://www.aumha.org/win5/kbestop.php [aumha.org]
Re: (Score:2)
I found it to be useless (Score:4, Informative)
1) I got tired of the constant nagging and the need to enable admin mode by default on several apps by default to avoid compatibility issues, and
2) I realized that I clicked 'Allow' on anything anyway, the only exception would be a UAC dialog popping up from nowhere. This approach would make me wide open for attacks by supposedly trusted installers anyway.
So I turned it off! I still havent had any malware or viruses (Symantec Corporate kills most of that anyway). My life got all jolly and happy again. I can only imagine that the same "always allow" mentality will be the same for less savvy users. You want to do your work, right?
useless but still the right thing (Score:1, Interesting)
You want to do your work, right?
Agreed, and smart users will do the same. However, in the long run applications will have to avoid causing UAC prompts and eventually it will be possible to secure the "windows ecosystem" without breaking common programs. So I'd say Microsoft is doing the right thing, just that doing the right thing when it comes to security is rarely popular. Possibly I'm being optimistic, but I think they may have thought this one through.
Ok, here is what I'm wondering. If you have a
Re: (Score:2, Informative)
I haven't used Vista yet, but as long as it has at least WinXP grade acc
Re: (Score:3, Funny)
Re: (Score:1)
Re: (Score:2)
I always find it funny when I'm talking to someone who doesn't really know what they have and call it "Anti-Norton Virus."
Anti-Norton. =)
That's great. =)
Re:useless but still the right thing (Score:5, Informative)
in the long run applications will have to avoid causing UAC prompts and eventually it will be possible to secure the "windows ecosystem" without breaking common programs.
That is the important point here. There is no reason for many of these programs to be asking for 'administrative' access to do any of this shit. MS can't just cut it off b/c it will break most of it's install base. This is a way to guide software companies into writing programs with a thought to security, rather than just doing it the 'easy way'.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Okay, But... (Score:1)
Re: (Score:1)
It is a big deal though. So much custom software relies on the time/date setting. Can you imagine a targeted virus that set back the clock five seconds every hour on, lets say, securities trading systems, to a
Re: (Score:2)
That's really a very good point. Microsoft REALLY needs to set up a decent security model that developers can understand and accomodate. And I think this
Having edited the HOSTS file (Score:5, Insightful)
My procedure:
Start -> Right click on EMEditor (my text editor, it's pinned to the menu so it's always there) -> Choose "Run as Administrator"
Click "Continue"
File -> Open -> C:\windows\system32\drivers\etc\hosts
Edit File
Save
On XP:
Start -> Run
Type: "notepad C:\windows\system32\drivers\etc\hosts"
Click "OK"
Edit File
Save
Basically, you can't write to the hosts file by default, so you have to elevate an application (text editor, notepad, cmd.exe) to edit it. This is similar to Linux, where you have to use "sudo" or "su", except that there are better/more text-mode editors on Linux (although Vim/Nano/EMACS do run on Windows, you have to install them first).
Now, EMEditor is Vista compatible (certified even), but it would be nice if it could elevate when a write operation fails due to incorrect permissions. Then you could just edit the file as usual, and elevate when you save.
I've said it once, and I'll say it again: UAC is going to get better over time. Lots of applications require elevation now (even some games), but as developers update their programs, we'll see fewer and fewer UAC prompts. VMWare, for example, used to require elevation in the 6.0 betas, but it doesn't anymore. Give it a year or two. Apps will stop requiring elevation except for the things that really do affect the system.
UAC means that software developers will write software that doesn't need elevation. That can only be a good thing in the long run.
Re:Having edited the HOSTS file (Score:5, Interesting)
Re: (Score:2)
Re: (Score:2)
If you are already running as admin it doesn't. If you are running as a normal user, it *does* ask for administrator credentials.
Re: (Score:1)
The biggest problem with elevation is that it's not something you can do from an existing process, without launching a completely new process as elevated. Task Manager relaunches itself when you click the Show Processes From All Users, rather than doing any magic. Elevated processes can'
Re: (Score:2)
Agreed - this is a significant problem with UAC. Of course, I have always thought that a "launch this application after setup completes" option was kind of a bad idea anyway.
I don't know how this works with MSI packages, either, because elevation doesn't occur in the same way.
Re: (Score:1)
Windows Installer has a service component, which is already running elevated. I guess it just impersonates the user for any normal running, though it also has the new Session 0 restrictions to work around to interact with the desktop.
Maybe just a new RPC inte
Time to stop complainging (Score:4, Funny)
How many articles have there been complaining about Vista this week alone? Seriously, it isn't as if you guys are the customers, you're just the consumers more than willing to pay for it. Maybe if there were no alternatives, or it was a project paid for with tax dollars all this complaining would be meaningful, but it is niether; it is a product produced by a for-profit company.
Windows has been out long enough that it has long since gotten boring to be complain about it. Microsoft's business practicies are a lot more worthy of complaint; even I know there are intelligent engineers doing what one would assume to be their best, inside of Microsoft.
If Vista is rubbish, do what most people do with rubbish: throw is out, and not discuss it with company. Windows isn't a Linux distro, loud complaining isn't going to change anything
Peace
Re: (Score:2)
Unexpected actions (Score:3, Insightful)
Also, as someone already pointed out, this makes programs that require administrator rights unnecessarily much noisier, and provides a support incentive to software publishers to fix their software so it works unescalated.
Not great from a usability perspective but for a company that's almost ignored security until recently it's a start.
Re: (Score:1)
"User Access Control"? (Score:2)
What the hell is the point? (Score:5, Interesting)
Vista is here. The DRM features don't stop me from playing my MP3s, XVID videos, or from running FairUse4WM. It doesn't bring my modest 1.8GHz single-core Athlon 64 box to its knees, even with the Aero Glass UI (of course, my $40 Radeon X1300 helped that - the GeForce 6100 IGP was kind of sluggish. It hasn't stopped me from installing Ubuntu, ripping DVDs, using Daemon Tools, installing unsigned drivers, or doing anything else that I would do to a Windows system.
UAC hasn't prompted me for anything in the past 4 hours. I see - maybe - 1 or 2 prompts per day. Perhaps that's because I don't go trying to put files in "C:\windows" or screw with system DLLs.
Firefox works. So does Thunderbird, Office 2003, Visual Studio, Paint Shop Pro, VMWare, Virtual PC, Maple, EMEditor, WinSCP, PuTTY, AVG, SmartFTP, Microangelo, iTunes, Quicktime, Daemon Tools, TI Connect, WinRAR, ATITool, SpeedFan, RMClock, PowerStrip, Prime95, Paint.NET, uTorrent, Opera, NSIS, Java, Flash, Adobe Reader, 3DMark, Warcraft III, Steam, and WoW.
Oh, and all of my hardware works. On both of my desktops and my notebook.
So what doesn't work? Display aspect ratio selection doesn't work with NVIDIA's shitty drivers (one reason my desktop has an ATI card now). PDFCreator refuses to work, as does VNC.
Vista is the next version of the OS with the broadest hardware and software compatibility. $109 is a pretty cheap price for that.
Re: (Score:3, Insightful)
My average experience is even less; I can go for several days without a prompt. I've only seen them today due to testing installation of a program I'm writing.
I see a lot of UAC complaints on Slashdot but very little on details as to what the person is doing to garnish so many prompts. So here's my proposal to Slash
Re: (Score:2)
I ran into more than my fair share of UAC prompts in the 3-4 days following my Vista install, mostly because I was installing programs (openoffice, etc etc) and it prompted me.
After that, I haven't received any, except when running windows update.
Re: (Score:2)
Most recently? Debugging the uninstaller for the software I'm developing. I get:
1 UAC prompt when I run the remote debugger -- it needs to listen for network connections on port 6969
2 UAC prompts when I run the installer
2 UAC prompts when I run the uninstall
Re: (Score:2)
Re: (Score:2)
But how often will users run your installer? Users typically run installers at most twice during the time an app spends on their computer, once to install, and perhaps again to uninstall. Two prompts over several months or years is virtually unnoticeable. Your development scenario of 7 UAC prompts is bad, but again, it's not the experience for typical users because most people don't d
Re: (Score:2)
Re: (Score:2)
My AMD Athlon 2700+ with 1 GB RAM, Radeon 9800 Pro, and Vista installed on a 20 GB partition also runs Vista fine. I'm at 1920x1200 with full Aero. Oh and I built the machine in the summer of 2003, nearly 4 years ago. All the Slashdot bashing that Vista requires new hardware and uber specs is absurd.
Re: (Score:2)
Re: (Score:2)
You bought a computer in 2003 that had a massive graphics card for the time, that I'll bet alone cost more
Re: (Score:3, Insightful)
'Vista is the next version of the OS with the broadest hardware and software compatibility. $109 is a pretty cheap price for that.'
Can you think of any compelling reason why you should be paying $109 for a new version of the OS instead of receiving a free service pack that updates the driver database with new drivers?
Re: (Score:2)
Presumably you are referring to Mac OS X, because in Windows, you don't need a "service pack" to get new drivers - they come on a
Re: (Score:2)
If you are willing to settle for that then you could skip even the service pack. However I was referring to updating the included driver database so that you don't need to load a disk for every common piece of hardware you plug in. I re
Re: (Score:2)
> Those are some of the things that I think are pretty compelling. No, there isn't an "uberfeature". But, then again, such a thing
> cannot exist in a relatively mature OS
You are exactly wrong, you have it exactly backwards. It is only in a mature OS that you can start to see uberfeatures e
Re:What the hell is the point? (Score:4, Informative)
Oh then please tell me why Vista degraded my nice SB FX DSP diving my 7.1 system into a software rendered piece of crap which is barely able to keep up with a 0.10$ intergrated sound chip
All the DRM made direct access to the DSP 'illegal', so it can't be used anymore in vista, nor will it likely ever be
Creative is advising every game creator to use OpenAL, to bypass this piece of crap situation DRM has brought us, so much for 'vista the ultimate gaming platform'
Re: (Score:2)
Please understand what the hell you are talking about. Vista's user-mode audio framework no longer allows DirectSound3D to run directly on the hardware. This has to do with the fact that the audio subsystem is no longer in kernel space, not DRM.
Re: (Score:1)
Re: (Score:1)
Vista has however so far showed a few examples why it cannot yet be deployed in the company I work (no surprise)..
Among the things that make i undeployable.
- Loosing trust with a windows 2003 domain.
- Activation not working.
Activation is the most annoying part. If they feel the need to implement it ok, but if I as a corporate user is so annoyed as I am then it failed miserably.
However, these
$109 (Score:2)
Meanwhile, the cost of every single other thing in the computer has gone down, and the value provided has gone up. Processors: cheaper and faster. Optical drives: cheaper, faster, more capacity. RAM: cheaper, more capa
Re: (Score:2)
I dunno. Since Vista seems to offer not one single feature that most people want, could it not be viewed as costing $109 too much?
Now I finally know (Score:4, Funny)
Looks like it was Vista...
Useful? Sure. (Score:2, Funny)
Yes. I can now easily condition people to incessantly push a button without having to resort to all those messy endorphins.
It serves the same purpose... (Score:4, Insightful)
...As the lower-privileged user and graphical sudo equivalents in OS X and some Linux distributions. It allows the user to run at a lower level of privileges by default and elevate when necessary, limiting the amount of damage malicious code can do on its own.
Similarly, it suffers exactly the same weakness - the user can inadvertently raise the privilege level of malicious code.
Hopefully more developers will write their code properly and the number of spurious UAC prompts will drop over time. Given that most developers haven't made any effort to make their applications LUA-friendly in the preceding decade, however, I'm not holding out much hope Vista making it _easier_ for them to get away with it will create any more inventive.
Re: (Score:2, Interesting)
That indeed is a big shame.
I can understand that Windows programming has attracted a bunch of hobbyist programmers that already are happy when the program they have written performs its (niche) task without logic errors, and do not care about or understand more complex topics like security, error handling, etc.
However, the same mistakes still appear in "supposedly well written" programs like tel
Re: (Score:2)
Re: (Score:2)
End Users 'Disinterested'? (Score:2, Insightful)
Re: (Score:2)
Speaking as a past IT manager, there are times when IT guys and users have completely opposite agendas. The user wants to get the proposal out by the last FedEx pickup. The IT guy want the user to never, ever come to him with this same question again. They're both legitimate aims, but at some times one objective will have to take precedence over the other. In this exchan
Security and Safety features (Score:1)
Re: (Score:2)
(Yes, I can name a few reasons: You want ".NET or Java or Smalltalk or LISP all the way to the metal," or you have some nifty hardware for which no existing kernel or porting layer will work, or you have an embedded system where you need to control every CPU cycle, or you simply want to learn how to write an OS. All valid).
I'll bet that less than 1 percent of
As usual, Microsoft misses the point (Score:4, Insightful)
There are few specific APPLICATIONS, explicitly called by the user, that may have to run with elevated privileges, and beyond them there is nothing that is supposed to access system settings, write configuration files or executables. If anything other than those few select applications try to do that, user shouldn't be asked -- the action should be denied, just like it always was in Unix and occasionally even in Windows. If someone has to edit any system files, he knows that he has to run editor as administrator -- and if he doesn't, he has no reason to manually edit them in the first place. If someone runs installer, installer always has to run as administrator.
The reason why Gnome and KDE desktops have password dialogs is not to ask user if he does or doesn't want to do something privileged -- of course, he does if he just started some administrative application. It's to ask him for a password that malicious application or user with no sudo access can't enter by themselves, and to give him the application's name so he can be sure that the application that will run is the same application that he just asked for. The dialog can just as well be a captcha for users that can't remember their own passwords -- the point is to confirm that a program is started by a real human user in front of the keyboard. A piece of malware can run gksudo, and user will see the dialog with a program that he didn't run -- it's assumed that he will cancel it if he doesn't recognize the name. But this is actually a suboptimal use of sudo, a limitation of typical sudoers file configuration. A much better idea will be to supply sudoers file with all possible applications and arguments that may be used in this manner -- then anything else will be simply denied without any user's interaction, or user will be just notified that something tried to run gksudo with invalid arguments.
While the decision that administrative application may still run at reduced privileges unless it does something that requires true administrative access is a good idea, switching between those modes is not something that should be asked from user -- it should be asked at the very beginning when application starts, and should be done only for administrative applications.
Re: (Score:1)
It's to ask him for a password that malicious application or user with no sudo access can't enter by themselves, and to give him the application's name so he can be sure that the application that will run is the same application that he just asked for."
Actually, that's exactly what ZoneAlarm does on my system. "iTunes.exe wants to access the internet, Allow or Deny?"
And if I allow something to access the internet, it can access the LAN. If it can run as a server on the internet, it can access the internet. Actually, I think it's the best UI I've seen for permissions.
Re: (Score:2)
This all gets down IMO to the need for per process permissions, such as what CoreForce tries to do.
Re: (Score:2)
So what you're saying is that Microsoft cluelessly didn't include a "remember my answer" checkbox because they just didn't think the scenario through? Bash them if you must for predatory business practices, but the current design is the only way to ensure users approve of potentially system-damaging operations.
Re: (Score:2)
Plus in that instance, I would expect that Windows wouldn't allo
Re: (Score:2)
Re: (Score:2)
If an application needs elevated access that can directly affect the system, it should be requested from the user before application starts, but the point is, there are very few
Re: (Score:2)
Re: (Score:2)
What about PowerShell? (Score:2)
But... what if Windows users got accustomed to PowerShell and decided to do everything from the command line. What happens then? I haven't tested it to see what happens but what if an ubuntu-like solution could be built into Power
Re: (Score:2)
sudo was available for Windows 2000 (Score:2)
Note of course that sudo isn't only used on Ubuntu
Shift of responsibility (Score:2)
Mod me down, but UAC is another excuse M$ came up with to be able to say "Users are lame: we have warned them but they still clicked confirm."
No security system works that way. That's why impersonation was introduced into OSs (NT included) long time ago. Accounts a
DoS (Score:5, Interesting)
No password asked... (Score:3, Informative)
Re: (Score:2)
It's a deeper difference than that... (Score:3, Informative)
That is, in OS X this dialog is authorizing you to perform the action. If you are already authorized (that is if you were careless enough t
Security people should read this presentation (Score:4, Insightful)
Basically computer software has conditioned us to automatically press Ok in any dialog and there is nothing we can do about this. Automated actions by the user is inevitable and is present in every action in our life.
Nobody remembers if they locked the door or not and if you put "If you reach under your chair you will find $500" in a popup dialog, nobody is going to notice it.
From what I think I got from the presentation:
* If you want warnings to be at all effective, avoid "false positives" at all costs. That is: Never show the user popups like: "you are sending information unencrypted over the network" (or whatever the IE dialog says) when you press a submit form on a web site, because people don't care and they will learn to ignore all such popups, even the important ones. The UAC is extremely guilty of this.
* Some good insight into decision makers by users. Hint: people generate options one at a time and reject options that don't work. They never compare options but take the first one that works. This is called singular evaluation approach and is heavily taken advantage of in marketing. Software makers and web site creators should learn from this and modify their web sites accordingly.
LImited options (Score:3, Insightful)
Apple has in recent memory broken compatibility twice. The latest processor switch doesn't seem to have made much of a difference in hard-core Mac users - after all, they were punished with the PowerPC switch not very long ago and stuck around. However, the prospect of re-buying all the software for most people and companies isn't an attractive one. Certainly for security, emulation wouldn't be an available option. Apple, perhaps not completely a result of these compatibility breakages but nevertheless a factor, has about 4% of the personal computer market.
IBM has had an extremely long run with the same external processor architecture. Today, if you buy a IBM mainframe system it runs essentially a superset of the System/360 instruction set. A program that was written for OS/360 in 1965 stands a very good chance of running today. IBM has had since the 1960's such a commanding lead in the mainframe market so as to push all other vendors out of the business completely, or to force them to jump through IBM's hoops by being completely compatible. It is unthinkable today to even look at a mainframe system that would not be IBM-compatible. For practical purposes, IBM has 100% of the market.
OK, so which model makes the most sense? Apple with 4% or IBM with 100%? Periodic breaks in compatibility requiring new software or continuous software compatibility for 50 years? There are clearly differences between the personal computer and mainframe markets, but the similar effects of a break in compatibility are quite instructive.
Why do you think Microsoft has stuck with compatibility for the last 20 years and pushed other considerations aside? Could it be they really like having nearly 100% of the market?
Malware havoc without elevated privilege? (Score:2)
Value of UAC (Score:2)
Automobile Analogy - Obligatory (Score:2)
We can't have a Slashdot discussion without an automotive analogy, right? But in this case, it might be appropriate.
There is abundant evidence from insurance company data that Antilock Braking Systems do not do much in practice to prevent or mitigate accidents. No one knows why not, but they don't. But would you rec