ANS: "What's the deal with UAC (Windows Needs Your Permission screens)" and "...But I thought I was

  • Thread starter Thread starter Jimmy Brush
  • Start date Start date
They have to be capable of making such decisions because, in the end, on one
else can. I would rather make my own decisions that have them made for me
by who knows who.
 
Just to add an example, how does the system know the difference between a
good cookie and a bad one when the difference often depends on the user's
own philosophy?

Jimmy Brush said:
[voice of MS] we can't figure out how to keep it out of your system, so
we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as to
allow the user to change hardware without breaking apps or requiring a
rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do statistical
analysis of all spyware and determine some indicator factors that say "if
program x does this, this, and this, then there is an 80% probability that
it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits
and hiding them on some poor sysadmin's machine so when is does a ps his
system is owned, to the few nasties floating around that attack OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus people
seem to like fame, and spyware people want the money. Windows has a big
target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are the
ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because they
have a good security model... it's called Least Privileged Access, where
programs run with only the minimum amount of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security model:
They run as a "standard user" until they need to do something that
requires "root", and then "sudo" just that program - for only the amount
of time it needs to do its thing - to have full access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/
 
It is a transitory pain. If Mac users had never had to enter their
passwords to install updates, etc., and now were asked to they would
complain just as loudly. UAC is now a part of Windows and going forward
will just be a part of the furniture in everyone's minds. The only part I
hate is the need for dropping into the Secure Desktop (the black screen).
It's ugly. But given the vulnerabilities of the user desktop to
manipulation during the UAC routine, necessary.

Jeff said:
No matter how much you all push and cheerlead UAC;the fact is;it'a a pain
in the ___
And this least priveledge security model will also get hacked;
No system is immune;and UAC isn't either; from ppl not understanding it;
to admin who intentionally turn it off;
to truly getting hacked; it's all in all a pain in the ___;; if not; why
has MS actually listened to the complaints;from the real world;not all you
power users and proponents; it's not user friendly at all; and no hot
air;or reasonable explanation;as to its merits(ala Jimmy; great
explanation btw;) will matter;in the end;to most;who will just turn it off
Jeff
Mark D. VandenBeg said:
Jimmy Brush said:
<snip>
[voice of MS] we can't figure out how to keep it out of your system, so
we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's
why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as
to allow the user to change hardware without breaking apps or requiring
a rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator factors
that say "if program x does this, this, and this, then there is an 80%
probability that it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits
and hiding them on some poor sysadmin's machine so when is does a ps his
system is owned, to the few nasties floating around that attack OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus
people seem to like fame, and spyware people want the money. Windows has
a big target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are the
ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because
they have a good security model... it's called Least Privileged Access,
where programs run with only the minimum amount of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something
that requires "root", and then "sudo" just that program - for only the
amount of time it needs to do its thing - to have full access to the
system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.
 
But you surely would take the advice of a physician or your investment
advisor, or even your furnace repairman instead of relying on yourself for
these decisions, wouldn't you?
 
Let them disable it. Then they are no worse off than they were under XP but
the rest of us are more secure. If UAC were backportable to XP I would
learn to use it there.

Jeff said:
Oh;
Mark;
To the contrary; it won't force users to do anything;except disable it
Jeff
Mark D. VandenBeg said:
Jimmy Brush said:
<snip>
[voice of MS] we can't figure out how to keep it out of your system, so
we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's
why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as
to allow the user to change hardware without breaking apps or requiring
a rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator factors
that say "if program x does this, this, and this, then there is an 80%
probability that it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits
and hiding them on some poor sysadmin's machine so when is does a ps his
system is owned, to the few nasties floating around that attack OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus
people seem to like fame, and spyware people want the money. Windows has
a big target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are the
ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because
they have a good security model... it's called Least Privileged Access,
where programs run with only the minimum amount of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something
that requires "root", and then "sudo" just that program - for only the
amount of time it needs to do its thing - to have full access to the
system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.
 
Sounds simple enough, my sister just called to find out what program to use
to open a .zip file...


installed the software and set the system settings to my liking, created
another account called "Extended User," turned UAC back on and then
downgraded the account I use to a standard user. It is very rare that I
ever see the UAC pop up in every day use, and if I am going to install
something or tweak something, I simply switch users.

Mark <snip>

So... by this time next year we should see the RTM... add 2 years for
everything to work properly, Vista Service pack 2 by Mid 2009? Let's
see... 10 minute security talk .... shut off UAC... $100.00 sound about
right? Second machine at same location free? No wonder the Vista topdog
jumped ship. Sigh, if nothing else it should be fun to watch.
 
If an advisor were available by clicking a link on the UAC prompt, yes I
would, but the analogy breaks down beyond that.
 
That can't be any worse than the person who posted here a couple of months
ago complaining that he wanted to uninstall Vista but couldn't find it in
his Add/Remove Programs.
 
OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for ppl
that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut it
off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow certain
functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be bypassed
just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Colin Barnhorst said:
Let them disable it. Then they are no worse off than they were under XP
but the rest of us are more secure. If UAC were backportable to XP I
would learn to use it there.

Jeff said:
Oh;
Mark;
To the contrary; it won't force users to do anything;except disable it
Jeff
Mark D. VandenBeg said:
<snip>
[voice of MS] we can't figure out how to keep it out of your system,
so we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's
why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as
to allow the user to change hardware without breaking apps or requiring
a rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator
factors that say "if program x does this, this, and this, then there is
an 80% probability that it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits
and hiding them on some poor sysadmin's machine so when is does a ps
his system is owned, to the few nasties floating around that attack
OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus
people seem to like fame, and spyware people want the money. Windows
has a big target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are
the ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because
they have a good security model... it's called Least Privileged Access,
where programs run with only the minimum amount of permission
necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something
that requires "root", and then "sudo" just that program - for only the
amount of time it needs to do its thing - to have full access to the
system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.
 
Jeff said:
OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for ppl
that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut it
off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow
certain functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be
bypassed just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Well, what if MSFT simply changed the name from "Administrator Level User"
to something else, like "Elevated User," or "Fred?" Then we won't have
semantics getting in the way of unlearning old habits from old operating
systems...
 
Of course not. If security is one thing it is a moving target.

Jeff said:
OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for ppl
that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut it
off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow
certain functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be
bypassed just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Colin Barnhorst said:
Let them disable it. Then they are no worse off than they were under XP
but the rest of us are more secure. If UAC were backportable to XP I
would learn to use it there.

Jeff said:
Oh;
Mark;
To the contrary; it won't force users to do anything;except disable it
Jeff

<snip>
[voice of MS] we can't figure out how to keep it out of your system,
so we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's
why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows
third-party programs to easily take advantage of the hardware
available, as well as to allow the user to change hardware without
breaking apps or requiring a rewrite of apps (ideally in as many cases
as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is
"good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator
factors that say "if program x does this, this, and this, then there
is an 80% probability that it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux
rootkits and hiding them on some poor sysadmin's machine so when is
does a ps his system is owned, to the few nasties floating around that
attack OSX.

The problem with Windows is twofold - its market share, and its
default security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus
people seem to like fame, and spyware people want the money. Windows
has a big target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are
the ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because
they have a good security model... it's called Least Privileged
Access, where programs run with only the minimum amount of permission
necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something
that requires "root", and then "sudo" just that program - for only the
amount of time it needs to do its thing - to have full access to the
system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.
 
Bring back Microsoft Bob!

Mark D. VandenBerg said:
Well, what if MSFT simply changed the name from "Administrator Level User"
to something else, like "Elevated User," or "Fred?" Then we won't have
semantics getting in the way of unlearning old habits from old operating
systems...
 
I see your point, but I guess I consider UAC itself as the advisor.
Perhaps, as time goes on, the generic UAC prompt will evolve and become more
descriptive.
 
Colin; you seem to have an unnatural obsession with "Bob." Bob is gone. He
isn't coming back. Let his memory live on in all of our fondest memories.
 
Well;
I for one; would like to see the numbers;after Vista is released;
providing msft doesn't change uac; of what the #1 complaint with Vista would
be?
Looking at the responses from earlier posts; and the fact that; even MSFT
has; noticed;
Who wants to take bets???
My money's on UAC

Jeff
Colin Barnhorst said:
Of course not. If security is one thing it is a moving target.

Jeff said:
OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for ppl
that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut it
off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow
certain functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be
bypassed just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Colin Barnhorst said:
Let them disable it. Then they are no worse off than they were under XP
but the rest of us are more secure. If UAC were backportable to XP I
would learn to use it there.

Oh;
Mark;
To the contrary; it won't force users to do anything;except disable it
Jeff

<snip>
[voice of MS] we can't figure out how to keep it out of your system,
so we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's
why.

Microsoft Windows is an operating system. Just like linux and OSX.
Its purpose is an abstraction layer to the hardware that allows
third-party programs to easily take advantage of the hardware
available, as well as to allow the user to change hardware without
breaking apps or requiring a rewrite of apps (ideally in as many
cases as possible).

Now, it is easy to say that Windows (or any OS for that matter)
should just be able to block all malware and only run software that
is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is
just software. The user is the one who determines what is good and
bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator
factors that say "if program x does this, this, and this, then there
is an 80% probability that it is spyware" - but that's all you can
do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux
rootkits and hiding them on some poor sysadmin's machine so when is
does a ps his system is owned, to the few nasties floating around
that attack OSX.

The problem with Windows is twofold - its market share, and its
default security model.

Market share - Why on earth would you create a virus or a spyware
that goes after a small percentage of the computers in the world?
Virus people seem to like fame, and spyware people want the money.
Windows has a big target on its back that won't go away any time
soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are
the ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because
they have a good security model... it's called Least Privileged
Access, where programs run with only the minimum amount of permission
necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something
that requires "root", and then "sudo" just that program - for only
the amount of time it needs to do its thing - to have full access to
the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.
 
Judging from the speed this thread has expanded, and it's size in relation
to other threads, I'd say that's a good bet.

Jeff said:
Well;
I for one; would like to see the numbers;after Vista is released;
providing msft doesn't change uac; of what the #1 complaint with Vista
would be?
Looking at the responses from earlier posts; and the fact that; even MSFT
has; noticed;
Who wants to take bets???
My money's on UAC

Jeff
Colin Barnhorst said:
Of course not. If security is one thing it is a moving target.

Jeff said:
OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for ppl
that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut
it off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY
dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow
certain functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be
bypassed just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Let them disable it. Then they are no worse off than they were under
XP but the rest of us are more secure. If UAC were backportable to XP
I would learn to use it there.

Oh;
Mark;
To the contrary; it won't force users to do anything;except disable it
Jeff

<snip>
[voice of MS] we can't figure out how to keep it out of your
system, so we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and
here's why.

Microsoft Windows is an operating system. Just like linux and OSX.
Its purpose is an abstraction layer to the hardware that allows
third-party programs to easily take advantage of the hardware
available, as well as to allow the user to change hardware without
breaking apps or requiring a rewrite of apps (ideally in as many
cases as possible).

Now, it is easy to say that Windows (or any OS for that matter)
should just be able to block all malware and only run software that
is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software -
in terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is
just software. The user is the one who determines what is good and
bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator
factors that say "if program x does this, this, and this, then there
is an 80% probability that it is spyware" - but that's all you can
do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux
rootkits and hiding them on some poor sysadmin's machine so when is
does a ps his system is owned, to the few nasties floating around
that attack OSX.

The problem with Windows is twofold - its market share, and its
default security model.

Market share - Why on earth would you create a virus or a spyware
that goes after a small percentage of the computers in the world?
Virus people seem to like fame, and spyware people want the money.
Windows has a big target on its back that won't go away any time
soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are
the ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because
they have a good security model... it's called Least Privileged
Access, where programs run with only the minimum amount of
permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something
that requires "root", and then "sudo" just that program - for only
the amount of time it needs to do its thing - to have full access to
the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.
 
I'm talking about AI that can tell you not only what program wants to run
but what that program is wanting to do.
 
Nonsense! Nonsense! Conspiracy!!!! I have Microsoft Bob running in a VM
and he's doing just GREAT. (I don't plan on letting him escape the vm
though.)
 
If you look at the number of respondents, though, it appears that there are
a few posters with strong feelings on both sides of the issue.

Don Short said:
Judging from the speed this thread has expanded, and it's size in relation
to other threads, I'd say that's a good bet.

Jeff said:
Well;
I for one; would like to see the numbers;after Vista is released;
providing msft doesn't change uac; of what the #1 complaint with Vista
would be?
Looking at the responses from earlier posts; and the fact that; even MSFT
has; noticed;
Who wants to take bets???
My money's on UAC

Jeff
Colin Barnhorst said:
Of course not. If security is one thing it is a moving target.

OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for
ppl that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut
it off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY
dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow
certain functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be
bypassed just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Let them disable it. Then they are no worse off than they were under
XP but the rest of us are more secure. If UAC were backportable to XP
I would learn to use it there.

Oh;
Mark;
To the contrary; it won't force users to do anything;except disable
it
Jeff

message <snip>
[voice of MS] we can't figure out how to keep it out of your
system, so we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and
here's why.

Microsoft Windows is an operating system. Just like linux and OSX.
Its purpose is an abstraction layer to the hardware that allows
third-party programs to easily take advantage of the hardware
available, as well as to allow the user to change hardware without
breaking apps or requiring a rewrite of apps (ideally in as many
cases as possible).

Now, it is easy to say that Windows (or any OS for that matter)
should just be able to block all malware and only run software that
is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software -
in terms that an operating system could understand and
differentiate between?

In fact, there's no difference to the operating system - there is
just software. The user is the one who determines what is good and
bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator
factors that say "if program x does this, this, and this, then
there is an 80% probability that it is spyware" - but that's all
you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux
rootkits and hiding them on some poor sysadmin's machine so when is
does a ps his system is owned, to the few nasties floating around
that attack OSX.

The problem with Windows is twofold - its market share, and its
default security model.

Market share - Why on earth would you create a virus or a spyware
that goes after a small percentage of the computers in the world?
Virus people seem to like fame, and spyware people want the money.
Windows has a big target on its back that won't go away any time
soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share
are the ones who have the BEST security model.

This is why malware doesn't get on these systems as easily -
because they have a good security model... it's called Least
Privileged Access, where programs run with only the minimum amount
of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do
something that requires "root", and then "sudo" just that program -
for only the amount of time it needs to do its thing - to have full
access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.
 
Back
Top