Vista's Troublesome UAC is Developer's Fault? 228
MythMoth wonders: "We've heard all about the pain and discomfort of working with Windows' User Account Control (UAC) switched on, but now Ian Griffiths is explaining that the developers are the problem — they brought it on themselves. In earlier articles we have heard that Microsoft think that everyone should do it like this — Ian does acknowledge that things are better in the Unix world, but is he right? Is the onus now on the developers to help fix a problem that they did not cause?"
Rather than ask the user for permission on every operation, what other ways could Microsoft have improved Vista's security?
I saw a different problem (Score:3, Informative)
Re:I saw a different problem (Score:5, Informative)
Which goes to exactly what Ian was saying -- If you're really seeing UAC that often, you're doing something wrong (or you're using software from developers who did something wrong). As developers get their act together and stop requiring admin privileges for trivial things (hint: using %userprofile% and HKCU rather than %programfiles% and HKLM will solve 90% of your admin-privilege requirements when developing), UAC prompts should appear less and less often, and then only when you really expect them (you're doing system configuration stuff) or when there's a real issue that you should deny. Unfortunately, that world is probably 3+ years away as developers get with the program and rev their software, and in the meantime UAC will just become one more annoying dialog you have to click through to do anything.
With that said, I saw the UAC dialog exactly once today, and that was only because I had to upgrade my video drivers. I'm a professional software developer. I spend my time with Visual Studio and SQL Server, and I rarely have to deal with UAC prompts.
Re:I kinda like the concept (Score:2, Informative)
Just for the record, you don't have to stay out of the registry if you want to avoid admin privileges. You do need to stay out of the HKLM (HKEY_LOCAL_MACHINE) hive, but HKCU (HKEY_CURRENT_USER) can and should be used for user-specific stuff without requiring extra admin privileges.
Re:I kinda like the concept (Score:4, Informative)
I really hate to say this, but this is very similar to how Mac OS X works most of the time. Most programs are installed by dragging the icon into the Apps folder, and most programs are uninstalled by deleting them.
Configuration files are a little more complicated, but transferring all the user settings is very easy too, there is a transfer agent that allows you to copy your apps, files and settings to another computer. I know Windows has a transfer agent, I just used it today, and unfortunately, the Windows transfer agent isn't nearly as good. A lot of the preference settings do transfer if you just copy the Library folder in your home directory, system settings are in
Re:I saw a different problem (Score:5, Informative)
Gentle Reminder... (Score:3, Informative)
PROMPT $p$g
C:
CD \NWCLIENT
SET NWLANGUAGE=ENGLISH
loadhigh LSL
loadhigh NE2000
loadhigh IPXODI
VLM
CD \
Re:I kinda like the concept (Score:3, Informative)
Granted, some crap comes with a windos-like "installer", but on OSX you actually "install" most programs by drag&drop to the applications folder, and you uninstall them by drag&drop from applications to trash.
Re:I kinda like the concept (Score:2, Informative)
Re:The security model is all wrong.. (Score:3, Informative)
That would be called SELinux and is turned on in Fedora Core.
Writing policy files either as a user, admin or even developer is hellishly difficult. FC has been messing with SELinux policies for years before getting it right. It almost requires an interactive mode where the policy can be "trained" by running the app a multiple times to see what registry / folder / files it needs access to and then ensuring that the policy enforces it.
Re:I kinda like the concept (Score:3, Informative)
The problem with the OS X method is that it can't differentiate between removing because you are uninstalling and removing because you are upgrading. It would be nice if the user defaults system did some kind of auto-cleaning, where defaults created by programs that no longer exist are moved to the trash, and are then deleted the next time you empty it.