ANS: "What's the deal with UAC (Windows Needs Your Permission screens)" and "...But I thought I was

[Colin Barnhorst]

I take the view that MS is saying, "yes, you are smart enough to protect
your own computer and we are empowering you with the choices to do it."

Ordinary Mac users are able to comprehend what permissions are for and
nobody claims ordinary Mac users to be sophisticated operating systems folks
any more than ordinary Windows users.

 

[Chad Harris]

Umm Mark. For the public, and sub enterprise the "MSFT Support Centers" are
in India, the Phillipines and sometimes Canada. I have the highest respect
for those countries and their cutting edge technology as a whole. However,
MSFT contracts with Convergys of Ohio who puts minimum waged butts in seats
who couldn't find a start button if it bit them in the ass.

You aren't talking to MSFT support when you call for MSFT support. Check it
out. I call everyonce in a while with test questions and they flunk with
flying colors. The Indians have an accent that is borderline unintelligible
and my Indian neighbors say that their English is horrendous for the most
part. (They are well educated here, and they speak many Indian dialects--my
neighbors not the minimum waged butss in seats MSFT contracts out to through
Convergys of Cinncinaiti Ohio in India.

They ain't MSFT Research in India believe me.

Tell them you boot to windows and your user account doesn't show up, but the
admin account (the non-deletable one from Safe Mode shows up) and ask them
what to do and they'll say "Vely well. Format the box." That means they
don't have a clue. That's what MSFT proferrs as "support."

It's like using the Titanic as a sail boat.

CH

 

[Chad Harris]

Excellent advice and this takes next to no time, and you have to do this if
you want to run a computer with any degree of reasonable safety.

CH

 

[Chad Harris]

Yep well said. And that's exactly what's going on here. The senior
security people at MSFT are out giving talks around the country saying
exactly that. Many people are glad that UAC is available, and we just want
to learn how to use it so that we can tighten down security and get things
running smoothly.

CH

 

[Steve Dassin]

Can you post a link for the ftp problem and solution.

Thank you.

 

[Don Short]

Well I guess time will sort this one out. My UAC was turned off the first
time I tried to delete multiple files. I guess MS is saying.. we can't
figure out how to keep it out of your system, so we will implement this, so
its your fault if it runs once it's there. Seems like a cop out to me... I
had hoped for something better.

 

[iam bennu]

I am really happy with the security that I am seeing in Vista. I gives me
the tools I need to secure my system.

I am a power user though, and do not think that many people are capable of
making the decisions about malicious content and programs. I have always
felt that most users need even less choice as they will not be able to make
the decisions necessary to insure the safety of their system. They just want
to use it.

A PC needs to be like a taster for most (and someone would still try to warm
their cat in it). I'm surprised that systems aren't sold by level of
knowledge instead of by just, what you want to do with it. There should be
a testing console that would test a users knowledge and determine what kind
of access to give them. Like a drivers test. Ha!

Convenience is not all is is cracked up to be. I would rather be pressing a
permission button all day, than a "virus detected what do you want to do"
button any day.

iam

 

[Jimmy Brush]

MS seems to be saying "you aren't smart enough to protect your own
computer, so now we will do it for you by asking you to decide what runs
on
your computer." It just makes no sense to me at all.

I'm afraid your argument here doesn't make sense to me. If MS didn't think
you were smart enough to run your computer, YOU wouldn't be put in a
position to make the decision of whether or not to run a pogram... The
system would chose for you. There would be no "Continue" button - there
would me a "More Information" button linking to a Windows Media-style
website help screen (shudder) giving you a general "Microsoft stopped
something bad from happening code 0xcf400192" message.

MS is trying to make it EASIER for the ordinary home user - heck, not just
the home user EVERY user - to figure out security.

(I can't tell you how many times in the past that I have wanted to know when
programs start that have the potential of hosing my system - lol ... would
have prevented a lot of things ... ah the past. Anyway)

Home users aren't stupid - they KNOW the difference between just browsing
the web and trying to change a setting. And that's ALL THE INFO they need to
determine if they should allow something.

Sure, it will be confusing at first - the same way Windows 95 was confusing
to Windows 3.11 users.

I have to agree with Colin on this one.

Once users get used to the idea that the system will check with them before
a program runs that could mess up their system, and this is pretty obvious
from the dialog that is what it is doing, then they will figure it out.

The KEY here is not to overwelm users with prompts - and that is exactly
what MS is doing right now - making sure that MOST of the things users do
routinely to their computer don't prompt.

If you keep on flying a prompt into a users face and they don't understand
why, of course they are just going to click continue.

But, if it ONLY happens when the user is changing a system setting, or
trying to modify a system file - which shouldn't happen much - and the
screen makes it ABSOLUTELY clear why it's there - I think they will get it.

BTW Thank you for your clear and concise posts, they are very informative.

Thank you

- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Jimmy Brush]

[voice of MS] we can't figure out how to keep it out of your system, so we
will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as to
allow the user to change hardware without breaking apps or requiring a
rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should just
be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in terms
that an operating system could understand and differentiate between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do statistical
analysis of all spyware and determine some indicator factors that say "if
program x does this, this, and this, then there is an 80% probability that
it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits and
hiding them on some poor sysadmin's machine so when is does a ps his system
is owned, to the few nasties floating around that attack OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that goes
after a small percentage of the computers in the world? Virus people seem to
like fame, and spyware people want the money. Windows has a big target on
its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are the
ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because they
have a good security model... it's called Least Privileged Access, where
programs run with only the minimum amount of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security model:
They run as a "standard user" until they need to do something that requires
"root", and then "sudo" just that program - for only the amount of time it
needs to do its thing - to have full access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Jimmy Brush]

I have to agree with Colin on this one.

And Chad as well.

- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Mark D. VandenBeg]

[voice of MS] we can't figure out how to keep it out of your system, so
we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as to
allow the user to change hardware without breaking apps or requiring a
rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do statistical
analysis of all spyware and determine some indicator factors that say "if
program x does this, this, and this, then there is an 80% probability that
it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits
and hiding them on some poor sysadmin's machine so when is does a ps his
system is owned, to the few nasties floating around that attack OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus people
seem to like fame, and spyware people want the money. Windows has a big
target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are the
ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because they
have a good security model... it's called Least Privileged Access, where
programs run with only the minimum amount of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security model:
They run as a "standard user" until they need to do something that
requires "root", and then "sudo" just that program - for only the amount
of time it needs to do its thing - to have full access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.

 

[Jeff]

No matter how much you all push and cheerlead UAC;the fact is;it'a a pain in
the ___
And this least priveledge security model will also get hacked;
No system is immune;and UAC isn't either; from ppl not understanding it; to
admin who intentionally turn it off;
to truly getting hacked; it's all in all a pain in the ___;; if not; why has
MS actually listened to the complaints;from the real world;not all you power
users and proponents; it's not user friendly at all; and no hot air;or
reasonable explanation;as to its merits(ala Jimmy; great explanation btw
will matter;in the end;to most;who will just turn it off
Jeff

[voice of MS] we can't figure out how to keep it out of your system, so
we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's
why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as
to allow the user to change hardware without breaking apps or requiring a
rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do statistical
analysis of all spyware and determine some indicator factors that say "if
program x does this, this, and this, then there is an 80% probability
that it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits
and hiding them on some poor sysadmin's machine so when is does a ps his
system is owned, to the few nasties floating around that attack OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus people
seem to like fame, and spyware people want the money. Windows has a big
target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are the
ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because they
have a good security model... it's called Least Privileged Access, where
programs run with only the minimum amount of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something that
requires "root", and then "sudo" just that program - for only the amount
of time it needs to do its thing - to have full access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.

 

[Jeff]

Oh;
Mark;
To the contrary; it won't force users to do anything;except disable it
Jeff

[voice of MS] we can't figure out how to keep it out of your system, so
we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's
why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as
to allow the user to change hardware without breaking apps or requiring a
rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do statistical
analysis of all spyware and determine some indicator factors that say "if
program x does this, this, and this, then there is an 80% probability
that it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits
and hiding them on some poor sysadmin's machine so when is does a ps his
system is owned, to the few nasties floating around that attack OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus people
seem to like fame, and spyware people want the money. Windows has a big
target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are the
ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because they
have a good security model... it's called Least Privileged Access, where
programs run with only the minimum amount of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something that
requires "root", and then "sudo" just that program - for only the amount
of time it needs to do its thing - to have full access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.

 

[Jimmy Brush]

I don't hear many unix people or mac people complaining about it ... perhaps
thats because their software makes the best of it?

When Windows software makes the best of it, things will be like they are
with unix and mac, and we will finally reap the benefits.

And you are absolutely correct, there will still be security breaches (but
not nearly like there was before), and it is a pain in the *** right now,
mostly because of lack of software support.

And MS is listening to user complaints - UAC is one of the top 10 most
complained about things in Windows Vista. There are 15,000 Vista beta
testers, and not all of them are power users.

MS is working hard to make the top 1,000 programs Just Work in vista without
any UAC nastiness, and making most of the things users do on the computer
not require UAC intervention.

I think by RTM the pain part of it will be manageable, and by 2 years after
RTM we will be sailing easy and wondering how security got sooooo bad
before.

Even if alot of people turn it off, the VAST MAJORITY won't - simply because
most people don't mess with settings like that. Either because they don't
know how or they're afraid to.

Since software makers will need to program for the vast majority, it means
they will make their software not need admin privileges, or reduce what
kinds of admin-type things they do. And since their software will do less
admin things, there is less of a chance of such software messing up the
system or being exploited, even if it IS running as an administrator.

It's a WIN-WIN situation for the future, even if it hurts now, and even if
it is not as successful as it should be.

- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Todd]

This is not something Microsoft thought up on its own. Microsoft
historically has ignored security, and concentrated on making Windows easy
to use. UAC is a response to complaints - from Microsofts biggest and most
influential customers, the corporations that have networks of tens or
hundreds of thousands of users and the U.S. government. The ones who have
Enterprise Licenses, and deal directly with Microsoft. The ones who can get
Steve Ballmer on the phone. They have staffs of MCSEs and PHD computer
scientists, who are constantly carping and nagging Microsoft about the
security holes in Windows.

Microsoft is losing server sales to Solaris and Linux systems, and large
users are threatening to find another operating system for their desktops
that require the most security.

If the U.S. government switched its standard desktop to Linux, and a few
large corporations followed, that would be the beggining of the end for
Microsoft. Could that really happen? Probably not, but if the security
situation got significantly worse, absolutely.

In any case the complaints have reached the point that Microsoft has decided
to do something about it. The Enterprise customers have staffs of system
administrators who will set up the operating systems, and load approved
software onto images that will be burned on to their set-up disks. If a
user is trying to change a system setting or load a software package, he is
probably violating policy, and if he is not, he can get a system
administrator to log on to an administrative account and load it for him.

Of course Microsoft wants to sell home computers too, so Vista Home may have
some changes in security that make it easier for the home user (and make it
easier for viruses), but the fact remains that UAC is for Microsoft's real
customers, the ones who buy the most systems, and who upgrade them every two
or three years, not every five or six.

No matter how much you all push and cheerlead UAC;the fact is;it'a a pain in
the ___
And this least priveledge security model will also get hacked;
No system is immune;and UAC isn't either; from ppl not understanding it; to
admin who intentionally turn it off;
to truly getting hacked; it's all in all a pain in the ___;; if not; why has
MS actually listened to the complaints;from the real world;not all you power
users and proponents; it's not user friendly at all; and no hot air;or
reasonable explanation;as to its merits(ala Jimmy; great explanation btw
will matter;in the end;to most;who will just turn it off
Jeff

<snip>
[voice of MS] we can't figure out how to keep it out of your system, so
we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's
why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as
to allow the user to change hardware without breaking apps or requiring a
rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do statistical
analysis of all spyware and determine some indicator factors that say "if
program x does this, this, and this, then there is an 80% probability
that it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits
and hiding them on some poor sysadmin's machine so when is does a ps his
system is owned, to the few nasties floating around that attack OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus people
seem to like fame, and spyware people want the money. Windows has a big
target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are the
ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because they
have a good security model... it's called Least Privileged Access, where
programs run with only the minimum amount of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something that
requires "root", and then "sudo" just that program - for only the amount
of time it needs to do its thing - to have full access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.

 

[Mark D. VandenBerg]

No matter how much you all push and cheerlead UAC;the fact is;it'a a pain
in the ___
And this least priveledge security model will also get hacked;
No system is immune;and UAC isn't either; from ppl not understanding it;
to admin who intentionally turn it off;
to truly getting hacked; it's all in all a pain in the ___;; if not; why
has MS actually listened to the complaints;from the real world;not all you
power users and proponents; it's not user friendly at all; and no hot
air;or reasonable explanation;as to its merits(ala Jimmy; great
explanation btw will matter;in the end;to most;who will just turn it off
Jeff

Isn't the real issue that software vendors, for the past few years, have
ignored the policies suggested by MSFT when writing the applications? As an
example, Logitech's Setpoint (to configure mouse and keyboard settings)
triggers a UAC prompt at every system boot with Vista. Why does this
software need this high a level of access every time the system boots? I
can understand when actually using the application to change the settings,
as this may need to write to some registry keys, but simply to run the
application, once the settings have been created is merely poorly written
code. To suggest that MSFT change its operating system code because of the
whims of third-party software vendors is a "tail wagging the dog" scenario.

MSFT also has suggested to vendors that those applications that need
Administrative level with Vista can be programmed with a "shim" and the
application will be granted access silently (with no pop-up) regardless of
the user level. Once the software vendors realize that they must adopt the
policies they have been ignoring for so long, UAC will be a non-issue.

And yes, I agree that no software is perfect and that there will be
(possibly already are) malwares that will circumvent the protection applied
by the proper use of UAC in Vista. That is "dog bites man" as far as news
goes. But for sysadmins to arbitrarily turn UAC off as a matter of policy
is an example of improperly understanding and implementing the Vista
operating system. Besides, it may be moot, anyway. I would assume that
most sysadmins worth their keep will not be adopting Vista until the
software vendors write the software for Vista, and by virtue of the software
being written within the guidelines of Vista, UAC will not be an issue.

When I installed Vista on my testbox (this time around) I turned UAC off,
installed the software and set the system settings to my liking, created
another account called "Extended User," turned UAC back on and then
downgraded the account I use to a standard user. It is very rare that I
ever see the UAC pop up in every day use, and if I am going to install
something or tweak something, I simply switch users.

Mark

 

[Dennis Pack x64, v64B2 \(5384\), OPP2007B2]

Jimmy:
An analogy from a user for many years that does no programming. The
original mission of Windows was to make the PC user friendly for the non-DOS
user. With Windows 3.1 passwords couldn't be bypassed, security was relaxed
in Windows 95 and eliminated in Windows 98. NT was available for business
because security was requested. With XP Home there was no security
requirements but it was available with XP Professional. At work six years
ago we were still using Windows 3.1, five years ago we migrated to Windows
95, four years ago we finally migrated to Windows 2000 Professional. The
elimination of security made the PC user friendly and opened the flood gates
for hacking and malware. With the growth and scope of the industry at this
time security is an extreme necessity for data, communications and most
other functions. To all users it's a new learning curve that a lot will
reject until they're infected and can't figure out why. Currently I'm not
comfortable with UAC yet but it will become habit with time. It is a long
overdue requirement for the continued growth in the PC market.

 

[Tony Hoyle]

MSFT also has suggested to vendors that those applications that need
Administrative level with Vista can be programmed with a "shim" and the
application will be granted access silently (with no pop-up) regardless
of the user level. Once the software vendors realize that they must

I really hate that feature. Instead of failing the application (which
is noticed quickly and can be coded for even if it's a pain in the arse)
it pretends to work - in the registry case even storing data... but not
globally.. which is a bit of a 'mare when you're trying to work out why
an admin application designed solely for administrators appears to be
working but the system config isn't changing... took me a day and a half...

Tony

 

[Mark D. VandenBerg]

I really hate that feature. Instead of failing the application (which is
noticed quickly and can be coded for even if it's a pain in the arse) it
pretends to work - in the registry case even storing data... but not
globally.. which is a bit of a 'mare when you're trying to work out why an
admin application designed solely for administrators appears to be working
but the system config isn't changing... took me a day and a half...

Tony

Oh, there's no doubt that this is a learning curve for every one involved,
from the coders all the way down to the basic users. Any time there is a
new way of doing things, some will adopt readily and some will resist
change. Isn't this a microcosm of human nature in general?

I understand your concern, and it is real because you have an application
that legitimately needs to be run at an extended level with full system
access. But I pose a question: as a ratio, what percent of future Vista
users will use this type of application? Maybe 15%?

Since the old adage rings true in many facets of life, MSFT can not please
two gods, and therefore programs for the greatest percentile of expected
user groups. Ergo, they must often choose the better of two bad options
when there is no clear-cut path. Whether they have chosen wisely with
regards to UAC will only be known at some point in the future, no matter how
much posturing I, or any one else, do.

Mark

 

[Fernando]

Excellent explanation about UAC. I hope people understand why is
mandatory to keep UAC enabled. Thanks Jimmy

Jimmy Brush escribió: