Vista's Troublesome UAC is Developer's Fault?

MythMoth wonders: "We've heard all about the pain and discomfort of working with Windows' User Account Control (UAC) switched on, but now Ian Griffiths is explaining that the developers are the problem — they brought it on themselves. In earlier articles we have heard that Microsoft think that everyone should do it like this — Ian does acknowledge that things are better in the Unix world, but is he right? Is the onus now on the developers to help fix a problem that they did not cause?" Rather than ask the user for permission on every operation, what other ways could Microsoft have improved Vista's security?

I saw a different problem

[280Z28]

I noticed a different and (possibly) serious issue:

• First few times: What is this annoying thing?
• Next few times: Well I guess it's better than not knowing
• After that (without reading) click ok...

So does that mean it's not working, wasting my time, AND training me to ignore security warnings? Honestly I don't have a better solution except for the rhetorical question "why can't people who exploit users just /themselves......"

Re:I saw a different problem

[Osty]

So does that mean it's not working, wasting my time, AND training me to ignore security warnings? Honestly I don't have a better solution except for the rhetorical question "why can't people who exploit users just /themselves......"

Which goes to exactly what Ian was saying -- If you're really seeing UAC that often, you're doing something wrong (or you're using software from developers who did something wrong). As developers get their act together and stop requiring admin privileges for trivial things (hint: using %userprofile% and HKCU rather than %programfiles% and HKLM will solve 90% of your admin-privilege requirements when developing), UAC prompts should appear less and less often, and then only when you really expect them (you're doing system configuration stuff) or when there's a real issue that you should deny. Unfortunately, that world is probably 3+ years away as developers get with the program and rev their software, and in the meantime UAC will just become one more annoying dialog you have to click through to do anything.

With that said, I saw the UAC dialog exactly once today, and that was only because I had to upgrade my video drivers. I'm a professional software developer. I spend my time with Visual Studio and SQL Server, and I rarely have to deal with UAC prompts.

Re:I kinda like the concept

[Osty]

Hopefully this will cause applications to stay the hell out of the Windows directory, the registry and wherever else they seem to think would be a good place to sprinkle data randomly. I pine for the days of being able to uninstall a program fully from my system by deleting its folder. Or being able to simply copy a configuration file from one computer to the next and having all my settings preserved.

Just for the record, you don't have to stay out of the registry if you want to avoid admin privileges. You do need to stay out of the HKLM (HKEY_LOCAL_MACHINE) hive, but HKCU (HKEY_CURRENT_USER) can and should be used for user-specific stuff without requiring extra admin privileges.

Re:I kinda like the concept

[Jeff DeMaagd]

I pine for the days of being able to uninstall a program fully from my system by deleting its folder. Or being able to simply copy a configuration file from one computer to the next and having all my settings preserved.

I really hate to say this, but this is very similar to how Mac OS X works most of the time. Most programs are installed by dragging the icon into the Apps folder, and most programs are uninstalled by deleting them.

Configuration files are a little more complicated, but transferring all the user settings is very easy too, there is a transfer agent that allows you to copy your apps, files and settings to another computer. I know Windows has a transfer agent, I just used it today, and unfortunately, the Windows transfer agent isn't nearly as good. A lot of the preference settings do transfer if you just copy the Library folder in your home directory, system settings are in /Library. But Migration assistant handles almost all of that, IIRC, the only thing that doesn't transfer are a few software license keys.

Re:I saw a different problem

[AaronBrethorst]

VS2005 does not require you to run with admin privileges. There are some scenarios that require this, but they're generally the exception rather than the rule. If you want to do something like create a new IIS website on your local machine from within VS you'll need to launch VS elevated, but this is because IIS requires administrative privileges to accomplish this task. For VS 2005, there wasn't much we could do about that. Let me know if you want more information about the topic. I was the developer division's go-to guy for UAC for a year.

Gentle Reminder...

[HaeMaker]

@ECHO OFF
PROMPT $p$g
C:
CD \NWCLIENT
SET NWLANGUAGE=ENGLISH
loadhigh LSL
loadhigh NE2000
loadhigh IPXODI
VLM
CD \

Re:I kinda like the concept

[Tom]

I pine for the days of being able to uninstall a program fully from my system by deleting its folder.

http://www.apple.com/macosx/ [apple.com]

Granted, some crap comes with a windos-like "installer", but on OSX you actually "install" most programs by drag&drop to the applications folder, and you uninstall them by drag&drop from applications to trash.

Re:I kinda like the concept

[gazbo]

Try typing the following commands and reading the output:

ls /usr/lib
ls /etc

You're about to learn about whole new parts of Linux!

Re:The security model is all wrong..

[DrXym]

The security model should be, quite simply: the program has a manifest that declares what permissions it needs with a fine granularity.

That would be called SELinux and is turned on in Fedora Core.

Writing policy files either as a user, admin or even developer is hellishly difficult. FC has been messing with SELinux policies for years before getting it right. It almost requires an interactive mode where the policy can be "trained" by running the app a multiple times to see what registry / folder / files it needs access to and then ensuring that the policy enforces it.

Re:I kinda like the concept

[TheRaven64]

This doesn't actually uninstall the application, however. Most applications use NSUserDefaults, at the very least, which stores a dictionary in ~/Library somewhere (and possibly /Library). You need to delete this, if you want a complete uninstall.

The problem with the OS X method is that it can't differentiate between removing because you are uninstalling and removing because you are upgrading. It would be nice if the user defaults system did some kind of auto-cleaning, where defaults created by programs that no longer exist are moved to the trash, and are then deleted the next time you empty it.