Prompts, prompts, and more prompts...jeez

  • Thread starter Thread starter Guest
  • Start date Start date
I hate to say so MS, but your average joe, the person you are making UAC
for, is going to do exactly what they are doing, that is turning UAC off.

I'm not a "average Joe" user and I turned off UAC too. I bet most have
or will because it isn't any real improvement in security and as many
have already found out be a real pain in the ass. You listed some good
reasons why people don't like it. Perhaps the biggest flaw with UAC is
Microsoft itself admits it is set up on purpose to be defeated. Read
that last sentence again slowly so it sinks in.

Don't just take my word for it. Listen to a "hacker", kind of cute
looking one too, not all hackers are kids or pot belly beer slurping
anti-social types.

"Joanna Rutkowska has always been a big supporter of the Windows Vista
security model. Until she stumbled upon a "very severe hole" in the
design of UAC (User Account Control) and found out — from Microsoft
officials — that the default no-admin setting isn't even a security
mechanism anymore".

"That's because Vista uses a compatibility database and several
heuristics to recognize installer executables and, every time the OS
detects that an executable is a setup program, "it will only allow
running it as administrator."

Note ===> On the surface this may sound like a good thing, actually
its not. Keep reading, but read carefully.

This, in Rutkowska's mind, is a "very severe hole in the design of
UAC."

In simple terms that means any hacker worth his or her salt could,
problably with little effort desgin some malicious bit of code to
pretend to be a "installer" type of application and Vista will
unbuckle its belt, drop its pants to its anxles and let that code do
whatever it wants, including access the deepest depths of Windows
including the kernel, having its way also with other applications or
your priceless data.

More than just talk, this hacker did eactly that at a high volume
conference of "black hat hackers" invited by Microsoft no less.

A poster named dara summed it up quite nicely in another piece you can
find here:

http://theinvisiblethings.blogspot.com/2007/02/vista-security-model-big-joke.html

A key point, I think, that Ms. Rutkowska made, perhaps
unintentionally, is that Microsoft cannot be expected (for reasons of
compatibility, I suppose) to design a completely new operating system.
This speaks to the root of all their problems - even Vista is just a
new shell built on top of old technologies. It's a bit like an upside
down pyramid; eventually it will collapse entirely as the underlying
structure proves incapable of sustaining all the new construction
piling up on top of it.

Perhaps because they serve a less diverse and expansive user base,
Apple Computer was willing and able five or six years ago to do what
Microsoft cannot - switch from their old, rickety operating system,
with it's myriad vulnerabilities, to a new system (OS X), build on a
sound, proven and substantially more secure foundation - UNIX. Since
then the trojans and viruses which used to plague the Mac OS have
dried up altogether.

LINUX, the open source alternative to Windows that is growing steadily
in popularity, is likewise modeled on UNIX.

It's not unreasonable to conclude, therefore, that Windows in any form
is living on borrowed time. Much of its current popularity is a result
of little more than inertia. It's hard to see how even the billions
Microsoft has committed to marketing Vista can make up for the core
weakness of the underlying system.

Vista may be an improvement over Windows XP in many respects, but the
differences, like beauty, are only skin deep.

Now read what Madam "hacker" Ms. Rutkowska said about UAC:

http://blogs.zdnet.com/security/?p=29&tag=nl.e589
 
Richard

It is easier to buy, try, fail and rant than ever it is to ask for advice or
help before making what turns out to be an ill-informed decision..

Imagine if all of these folk were presented with a computer that is entirely
controlled by typing in stuff at a command prompt.. I don't know about you,
but I would turn in my MVP badge and take up professional strawberry picking
or similar.. :)

Say Mike, wouldn't this be a good time to tell the nice people in this
newsgroup you're actually a MICROSOFT product manager? Why keep that a
secret?

http://channel9.msdn.com/ShowPost.aspx?PostID=10924

This is you, right Mike?

If so it does explain your outburts and bias, my goodness you're sure
wound up tight.
 
What she would propose is a UAC dialog with three options.

Continue with system-wide access | Continue with program access | Cancel.

Essentially splitting the admin account into an system-admin account which
effects Windows, and one for writing to Program Files.

Sure that's good for defending the system, but its hard enough to get
developers to test their applications as a standard user.

More can always be done on this front, and will be done in the future.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*
 
Please - no net nanny's - the world has enough problems without your
constant nagging about something not being a friggin setup issue in your
mind. We run this group - not you and we are the customer in case you've
forgotten who's paying the freight here.

I've read some of your posts in other groups and talk about being
off-topic - yours certainly were so quit your bellyaching.

We're kinda tired of your moaning about this - so either live with it or
stop reading this group.

Bob S.
 
Adam

No, that is not me.. one can't be a Microsoft employee and MVP status at the
same time.. sorry to disappoint..

I am also not one of the Mike Hall's in any IBM company employee directory
anymore, as I elected to leave IBM employ at the end of 2001..

I am Mike Hall, MS MVP Windows Shell/User, and I AM CANADIAN (well, I hold a
permanent residence card.. for now)..

Adam Albright said:
Say Mike, wouldn't this be a good time to tell the nice people in this
newsgroup you're actually a MICROSOFT product manager? Why keep that a
secret?

http://channel9.msdn.com/ShowPost.aspx?PostID=10924

This is you, right Mike?

If so it does explain your outburts and bias, my goodness you're sure
wound up tight.

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/
 
Adam

No, that is not me.. one can't be a Microsoft employee and MVP status at the
same time.. sorry to disappoint..

Why I asked if it was you or not. Actually relieved, not disappointed.
Was almost ready to dump my Microsoft stock.
 
You can turn off the UAC, buy going to Control Panel, User account, should
be the bottom option, Uncheck the box and reboot, No more nagging.

Yes, you'll lose some of the extra security and protecting you from you and
the unknowns.

If you have a program that is not compatibile, there isn't much option but
to get one that is or wait for one to come out. Or scour that products
forums and see if anyone has found a work around.
 
And how does the security in 'nix work? By separating users and superusers
(administrators). If you ran Linux as root (administrator) all the time you
would be much less secure than running Vista with UAC enabled. The old
saying "You can't have your cake and eat it too" is still true. Increased
security means increased complexity and inconvenience for the user. I don't
think anyone who knows anything about security would disagree with the
statement that Windows XP cannot be secured. It can be made more secure but
if you run as an administrator malware can find a way in. You can have all
the malware protection you want, you are still vulnerable to a zero day
attack. With Vista and UAC zero day attacks will certainly happen but UAC
will at least give you a warning that something is up. What you do with that
warning is still up to you.

I do see Joanna Rutkowski's point about UAC only allowing programs that it
deems to be an installer to run as an administrator. I also see Microsoft's
point about why this is so. If you read the next article in her blog she
also admits this. The point of this is so that you will always know when a
program is trying to install something. The down side as she rightly points
out is that for older programs that don't need administrator privileges to
install they will get them anyway. With installers written for Vista this
problem doesn't exist as the installer can notify Vista it doesn't need
admin privileges and it won't get them. This design feature could be
exploited by a social engineering attack. It's a bit of a catch-22
situation. Do you just let all of these old installers fail until the end
user explicitly uses Run as administrator? This would cause even more
frustration than exists now and even more people will turn UAC off. Or do
you do what Microsoft has done and try to determine if a program is an
installer and throw a UAC prompt? I haven't made up my mind which is the
better way but it is a conscious design decision not a bug.
 
Mike Hall - MS MVP Windows Shell/User said:
I am Mike Hall, MS MVP Windows Shell/User, and I AM CANADIAN (well, I hold
a permanent residence card.. for now)..

Draft Doger ! ! !


Just kidding
 
If after the computer is setup you are constantly seeing UAC prompts you are
doing something wrong. I hardly ever see a UAC prompt.

While getting at financial information and identity theft is the goal of
some malware it is not the goal of most current malware. Most current
malware has the goal of extortion (e.g. spysherrif) or the goal of taking
control of your computer to use it as a zombie. The extortion malware is
very obvious when you get it. The trojans that take over your computer for
use as a zombie are not. The fact that many hundreds of thousands of
computers are available for sale as part of a botnet attests to the fact
that you cannot secure XP (or any OS) if you run as an administrator. I see
many computers that have up to date antivirus and antispyware software that
are compromised in this fashion. UAC (or running XP as a standard user)
would have stopped these infections. Turning off UAC may relieve some short
term pain but it won't cure the disease and may have the opposite effect of
helping to spread the disease.
 
This will take time but as programs are updated for Vista UAC will become
less of a hassle.
 
If after the computer is setup you are constantly seeing UAC prompts you are
doing something wrong. I hardly ever see a UAC prompt.

That's way too broad a generalization. I'm hardly a casual user. I
went against typical "sage" advice and did a install in place as
opposed to a clean install because I got nearly 2 TB worth of stuff. A
nightmare to reinstall and reconfigure obviously. So I gambled (after
making so I had current backup) and it worked, ie no troubles
transferring applications, settings and data files from XP to Vista
with a couple minor hickups.

However once Vista was up and running it drove me crazy. Every couple
minutes it would pop up some moronic UAC window, gray my screen, nag,
nag, nag. If Windows did what it said, mirror my settings and in
effect save my system and only overlayed Vista then is already knows
or should know much of the stuff it keeps nagging about.

What's worse of course if if your move files around a lot, and I do,
it shouldn't nag, nag, nag, that in effect the user that has
administrative rights which has already done the same task repeatedly,
ie move files from Drive E Folder A, to Drive F Folder B needs again,
over and over Ad nauseam to get permission from his operating system,
click yes I want to do this time and time again until you are
literally ready to toss your monitor out the nearest window. That is
what I would call poor design and something no power user would ever
put up with for more than a few minutes which is why many people, even
MVP's turn UAC off.
While getting at financial information and identity theft is the goal of
some malware it is not the goal of most current malware. Most current
malware has the goal of extortion (e.g. spysherrif) or the goal of taking
control of your computer to use it as a zombie. The extortion malware is
very obvious when you get it. The trojans that take over your computer for
use as a zombie are not. The fact that many hundreds of thousands of
computers are available for sale as part of a botnet attests to the fact
that you cannot secure XP (or any OS) if you run as an administrator. I see
many computers that have up to date antivirus and antispyware software that
are compromised in this fashion. UAC (or running XP as a standard user)
would have stopped these infections. Turning off UAC may relieve some short
term pain but it won't cure the disease and may have the opposite effect of
helping to spread the disease.

I think a lot of people would call Windows the biggest and most
pervasive virus to ever infect a computer. <giggle>

I think most knowledgeable people if being totally honest would admit
no version of Windows is secure or can be made totally secure. So no
matter how much Windows gets "improved" it is really just patches on
top of previous patches.

The bottom line is Microsoft is stuck. It knows better then anybody
the real solution is to start over. From scratch. It won't and can't
really because to do that would blow the world's biggest installed
user base that demands that each new version of Windows be more or
less backward compatible with what hardware and software that ran on
earlier versions of Windows. The old catch 22.

Sure, I have no doubt if Microsoft really wanted to they could deliver
on a very robost Windows or something called something else. To do
that would mean they would have to be willing to give up a sizable
chuck of their users and obviously they don't want to do that and the
irony is way too many users don't want a total new and completely
different OS either because they would have to dump a lot of their
current hardware and software. If they did that, unlikely they would
pick any Microsoft OS as their OS of first choice.
 
Adam Albright said:
That's way too broad a generalization. I'm hardly a casual user. I
went against typical "sage" advice and did a install in place as
opposed to a clean install because I got nearly 2 TB worth of stuff. A
nightmare to reinstall and reconfigure obviously. So I gambled (after
making so I had current backup) and it worked, ie no troubles
transferring applications, settings and data files from XP to Vista
with a couple minor hickups.

However once Vista was up and running it drove me crazy. Every couple
minutes it would pop up some moronic UAC window, gray my screen, nag,
nag, nag. If Windows did what it said, mirror my settings and in
effect save my system and only overlayed Vista then is already knows
or should know much of the stuff it keeps nagging about.

What's worse of course if if your move files around a lot, and I do,
it shouldn't nag, nag, nag, that in effect the user that has
administrative rights which has already done the same task repeatedly,
ie move files from Drive E Folder A, to Drive F Folder B needs again,
over and over Ad nauseam to get permission from his operating system,
click yes I want to do this time and time again until you are
literally ready to toss your monitor out the nearest window. That is
what I would call poor design and something no power user would ever
put up with for more than a few minutes which is why many people, even
MVP's turn UAC off.

I think a lot of people would call Windows the biggest and most
pervasive virus to ever infect a computer. <giggle>

I think most knowledgeable people if being totally honest would admit
no version of Windows is secure or can be made totally secure. So no
matter how much Windows gets "improved" it is really just patches on
top of previous patches.

The bottom line is Microsoft is stuck. It knows better then anybody
the real solution is to start over. From scratch. It won't and can't
really because to do that would blow the world's biggest installed
user base that demands that each new version of Windows be more or
less backward compatible with what hardware and software that ran on
earlier versions of Windows. The old catch 22.

Sure, I have no doubt if Microsoft really wanted to they could deliver
on a very robost Windows or something called something else. To do
that would mean they would have to be willing to give up a sizable
chuck of their users and obviously they don't want to do that and the
irony is way too many users don't want a total new and completely
different OS either because they would have to dump a lot of their
current hardware and software. If they did that, unlikely they would
pick any Microsoft OS as their OS of first choice.


If you have that many programs that cause a UAC prompt you should have stuck
with XP until there were Vista compatible versions of them. I move files
around my network all the time and never see a UAC prompt because of moving
files. You may have to change your habits as to where you store your files
but simply moving files around doesn't cause a UAC prompt. You say no
version of Windows can be made secure. I'd extend that to say that no OS can
be made secure. The better ones at security all use some method to stop
normal users from changing system wide settings and changing system files.
I'll make another broad generalization and say that most Vista users who
have considerable experience with OS' than Windows leave UAC on. It's mostly
the long time Windows users and programmers who haven't used other OS' who
are whining the loudest about UAC.
 
The only way to fully secure a PC is to unplug it from the network and
turn the power off. No OS is fully secure, even a read only CD based
install (something is running in RAM).

With Windows Vista, they increased the security. But, again, when I do
security it has to be as transparent to the end user as possible yet
being as secure as possible.
 
I'll make another broad generalization and say that most Vista users who
have considerable experience with OS' than Windows leave UAC on. It's
mostly the long time Windows users and programmers who haven't used other
OS' who are whining the loudest about UAC.

Good observation.

I've just started the update manager on Linux to download some patches, I
had to supply my password for it to start up. That's just normal.

Running with administrative rights is *bad*.

Sure UAC could do with a few improvements - the system should auto-allow any
prompts from say the Control Panel for x number of minutes once you've
accepted one already. I think that will solve most complaints.

It would also be nice to prompt when something makes a change instead of
when the app launches. Like you can open the Device Manager without being
prompted, and then if you chance something to be prompted. But that will
require a huge amount of work to be done to implement that.

But ultimately we have to let go of running everything with full rights to
the box. It's a bad habit, and its a shame so many developers are slow in
reacting.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*
 
Good observation.

I've just started the update manager on Linux to download some patches, I
had to supply my password for it to start up. That's just normal.

Running with administrative rights is *bad*.

If running with administrative rights is bad (agreed) then why in the
heck does Microsoft under Vista give all installer applications
Administrative rights?

Hint: That means any malicious code can pretend to be a "installer"
too and in effect gain access to anything on your computer including
Windows kernel or YOUR data. It doesn't make much sense to me. Wish
somebody would attempt to explain why UAC as presently configured is
such a great idea. I even see several MVP's saying they turned it off,
now if we could just get them to stop top posting. <snicker>
 
You had to supply your "root" password - the same as running Windows as
administrator.

All these people complaining, especially the e-zine columnists, have never
before worked with a secure operating system.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
UAC is a feature not a setup or install issue. You need a preschool nanny
and a reading nanny not a net nanny. Get some elementary school reading
back ground.

SETUP /INSTALL have not a damn thing to do with UAC bub.

How frigging dumb do you have to be not to understand what setup or install
means. Do you need a dictionary? I am not trying to run a group. I answer
questions and fix things when I have time. And you don't speak for anyone
but BobS.

It's amazingly stupid for anything but setup or install issues to be taken
up on a setup/install group. I understand a large number of posters since
they let RTM go on sale have flooded the groups who don't know the basics of
Win mail or how to find the other groups.

To the extent anythng is on here that isn't setup/install then it
camouflages the setup/install questions that are appropriate to this group.
This phenom only broke out when Vista went on sale to the public and it's a
symptom of laziness. Why don't you teach your fellow spamers how to search
for the dozen or so categories of Vista public groups?

And you're insipid distorted point about "who is paying the freight here" is
insane. This is a public group. You don't pay the freight any more than
anyone else here. You don't pay a damn thing. Why don't you fix what you
can, and get help where you can,and do it in the appropriate group.

Further, what frigging idiot thought it would serve any purpose except
stupidity to cross post to 4-5 groups?

LOL

CH
 
Back
Top