Prompts, prompts, and more prompts...jeez

  • Thread starter Thread starter Guest
  • Start date Start date
cquirke (MVP Windows shell/user) said:
On Sat, 24 Feb 2007 08:19:55 -0800, "Kerry Brown"


And when you run Linux, you get prompts to enter the root password
whenever you do something that needs root permissions.

Same thing in MacOS - I only had to use it for a few minutes,
troubleshooting a WiFi access issue, before I was appropriately
prompted for a system-rights password.

How is that different from UAC?

UAC allows you to run as an administrator for backwards compatibility. In
Linux or OS X this isn't possible. A task either has full superuser
privileges or it doesn't. UAC gives a task two security tokens, Linux and OS
X one. This has both good and bad points. Personally I think it is mostly
bad points but in the interest of backwards compatibilty I can see why it
was done. It improves security greatly over XP while still allowing the
majority of old programs to run with little or no changes. It allows
programmers to catch up before the next OS comes out which will be even more
secure :-)
I'm not that impressed with the notion of "user rights" as the be-all
and end-all of security, or even basic safety.

The whole "user rights" ediface stands on deeper levels of abstraction
that go all the way down to NTFS. But the same sort of holes in the
assumption that "code only does what it was written to do" etc. that
allow malware to run via exploits, may also drill through user rights
in various ways - either by assuming higher rights as a consequence of
what they've drilled into, ot escalating rights, or just going under
the whole thing alltogether, as Witty did.

Witty drilled in though an exploitable surface in a 3rd-party firewall
(Black Ice Defender), which presumably gave it admin rights, if not
complete system rights. From there it trashed the file system by
doing raw writes to arbitrary sectors, right from within XP.

I've always been against software firewalls. They are an easy attack vector
as by definition they must have very low level access to the system. This
situation is better in Vista because of the reduced ability of a low
privilege task to affect higher privileged tasks but I still see it as an
attack vector.
So all that fancy NTFS permissions stuff wasn't worth a pile of beans,
in this case. All sectors are the same, from raw hardware access.


It may do, prolly should do. YMMV depending on the nature of the
attack, especially if an exploitable surface allows the malware to
drill into a process that's accepted by UAC as part of the system.

I am sure that zero day attacks that work around UAC will eventually happen.
There is no doubt in my mind Vista is much more secure than XP could ever be
made through updates or service packs. How much more secure only time will
tell.
 
Adam

I didn't say that there were not holes, and I do not need lecturing on the
early design of Windows.. I was merely remarking that many users bring on
problems themselves..


Adam Albright said:
You get brownie points for defending Microsoft's poor design of Vista?

What part of "it is MY computer, I'll decide which features to
implement" don't you or Microsoft understand?

If UAC worked, transparently, behind the scenes, if it actually DID
offer some REAL protection it would be fine. From what I've read so
far it seems to do little if anything to protect the user but for sure
at the same time if UAC is turned on can get in the way of users with
constant nag screens.

Now sit back and learn how Windows in previous versions has "opened"
the door to hackers BY DESIGN.

As I've said before Windows wasn't designed to be a secure operating
system. Trying to patch holes is the most Microsoft seems willing to
do. For example I doubt many are aware that part of XP's design was to
automatically "turn on" file sharing. If your computer is connected to
the Internet, this is open door to your system hackers loved. The
irony is there was NO NEED to do this. It was done because originally
the Microsoft mindset was "turn everything on by default, otherwise
users would be too dumb to find out how to turn on features, that only
applies to LAN setups in this example.

Even fewer are aware that deep in the bowels of Windows there's a
hidden feature that without your knowledge is automatically turned on
and if you attempt to delete or turn off this feature through normal
means Windows, on its own, behind your back, will just install it
again the next time you boot. Microsoft likes to call these security
holes "features". Does not apply to XP home.

One of many, read all about it:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q314984

http://www.windowsnetworking.com/kb...WindowsNTW2KXPHiddenAdministrativeShares.html

I haven't had time to check how many things like this may still remain
in lurking deep in Vista or if hopefully they have been corrected. My
point, is while Microsoft talks a good game, what it has actually done
in the past in way of design suggests a lot more work needs to be done
if they are truly serious about making Windows really secure.

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/
 
Adam Albright said:
Why would anyone WILLINGLY give malware any permission to do anything?
You guys are priceless in your endless blind defense of Microsoft
decisions! The FACT is Microsoft ADMITS it had no choice but to leave
the door wide open to accept any installer request to have access
anything. Any reasonably clever hacker therefore can write code to
pretend his malware code is a installer of a "trusted" application and
such a attack will do whatever it wants.


In Linux or OS X or any other OS what would happen if someone downloaded a
program that said it needed to run as superuser, root, or whatever to
install, the user ran the program as root, and the program turned out to be
malware? There is no protection against a social engineering attack other
than user education. I know you really don't like Vista but this is a stupid
argument. Pick on areas where real flaws exist if you want to criticise
something.
 
In Linux or OS X or any other OS what would happen if someone downloaded a
program that said it needed to run as superuser, root, or whatever to
install, the user ran the program as root, and the program turned out to be
malware? There is no protection against a social engineering attack other
than user education. I know you really don't like Vista but this is a stupid
argument. Pick on areas where real flaws exist if you want to criticise
something.

You really don't understand UAC, but that's alright, get educated in a
new thread I just started called:

Giving UAC a second chance or why putting a silk dress on a sow its
still a pig.
 
Adam

I didn't say that there were not holes, and I do not need lecturing on the
early design of Windows.. I was merely remarking that many users bring on
problems themselves..

True, some users do, and the flip side is many "security" issues are
directly traceable to the shortcoming of the design of Windows going
all the way back to the early days.

Only fair to present BOTH sides of the UAC story, which seems to be
something no MVP seems willing to do openly in these newsgroups
probably out of fear of losing their cherrished MVP status, so it
seems with rare exception MVP's are cheer leaders for UAC and don't
really explain the pitfalls.

I'm not lecturing anybody, I'm simply detailing what I learn about UAC
as I go. So far, ain't been pretty. See seperate thread I started.
Comments welcome.
 
If you've just arrived to this "help" board, plan to be here awhile. I read
this post below by JD and thought.. "Yes, this is what I need to learn about
and the bulk of my questions and problems".... so are the following 53 posts
following in this thread helpful? hmmm... They are long and windy and most do
not clean up and remove previous posts like they should to leave only what
they are replying to. I have stayed away from newsgroups like this for a long
time because I seem to be very good at stirring up testostorone among male
web techs and I apologize for that. If you read on, you will LOL. The
testostorone is bouncing off the wall in this section. The name calling isn't
too funny, but a sentence or two in all of that is helpful. You will learn
more about security and/or lack of, and it may provoke more fear and concerns
for you. I did come back and noticed there are 17 pages to sort through. OH
brother indeed! If someone, anyone will reply to my questions, I will be
extremely greatful? I did search for UAC in the help section on my computer
and it's not there. Someone in this thread posted the need for an instruction
sheet ---YES, please .. for the average joe! Some simple, basic information
would be nice... I'll keep looking, but until then:
1. Does UAC mean "user admin. control"?
2. How do I turn it off only temporarily to say... play an online game like
slingo? or would I even need to? (i'm guessing since it doesn't work)
3. I would like to be able to adjust the settings so that when I drop/drag
files from say a flash drive to my hard drive that the two or three popups
wouldn't keep asking me.. "am i sure I want to do this". I can't even drop a
shortcut on my desktop without the idiot notes. Where is the UAC located that
I can see the options?
4. I "think" I understood from somewhere in the 53 replies that if I DO turn
off the UAC, then I'm at the same level of security as I am on my
XP---correct? or no?

and one more.. kinda OT
--- I have FoxTor (add-on) tool for Mozilla browser. It's an anomymous web
browsing tool. I cannot get it to work. ANd/or do you think Mozilla is a more
secure browser?
If anyone would please remove everything they are not replying to or
answering---that would be Wonderful! I look forward to reading the replies
and also surfing this board some more for helpful information. So far I've
noticed it takes a good while to surf through the mud.
Thank you! Ceece
 
Typing 'UAC' in the search box of Vista's Help and Support will bring up a
window that answers all of your questions re UAC (User Application
Control)..

Being constantly asked if you 'are sure that you really do' want to carry
out an action is frustrating for sure, but when you come across an
application that does not ask, and just deletes or sets in motion something
from which turning back is impossible, then you get to feel real
frustration.. finding a happy medium somewhere in between is difficult, as
we all have different tolerance levels..

I have made the executive choice to turn it off, and anybody esle, other
than in corporations where the guy in charge does not feel that all of users
are fit to make their own executive decisions, can do the same and take the
consequences just as I may have to..

Re Mozilla, I don't use it, have never had the desire to use it, as IE has
performed well enough for me..

Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/
 
Answered inline

ceece said:
If you've just arrived to this "help" board, plan to be here awhile. I
read
this post below by JD and thought.. "Yes, this is what I need to learn
about
and the bulk of my questions and problems".... so are the following 53
posts
following in this thread helpful? hmmm... They are long and windy and most
do
not clean up and remove previous posts like they should to leave only what
they are replying to. I have stayed away from newsgroups like this for a
long
time because I seem to be very good at stirring up testostorone among male
web techs and I apologize for that. If you read on, you will LOL. The
testostorone is bouncing off the wall in this section. The name calling
isn't
too funny, but a sentence or two in all of that is helpful. You will learn
more about security and/or lack of, and it may provoke more fear and
concerns
for you. I did come back and noticed there are 17 pages to sort through.
OH
brother indeed! If someone, anyone will reply to my questions, I will be
extremely greatful? I did search for UAC in the help section on my
computer
and it's not there. Someone in this thread posted the need for an
instruction
sheet ---YES, please .. for the average joe! Some simple, basic
information
would be nice... I'll keep looking, but until then:
1. Does UAC mean "user admin. control"?

User Account Control
2. How do I turn it off only temporarily to say... play an online game
like
slingo? or would I even need to? (i'm guessing since it doesn't work)
http://www.jimmah.com/vista/Security/disable_uac.aspx

3. I would like to be able to adjust the settings so that when I drop/drag
files from say a flash drive to my hard drive that the two or three popups
wouldn't keep asking me.. "am i sure I want to do this". I can't even drop
a
shortcut on my desktop without the idiot notes. Where is the UAC located
that
I can see the options?

There are some group policies that control how UAC behaves.

http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true
4. I "think" I understood from somewhere in the 53 replies that if I DO
turn
off the UAC, then I'm at the same level of security as I am on my
XP---correct? or no?

Vista without UAC enabled is a little more secure than XP because the file
system is locked down with NTFS permissions but yes disabling UAC and
running with an administrator account gives very similar security to XP -
almost none.
and one more.. kinda OT
--- I have FoxTor (add-on) tool for Mozilla browser. It's an anomymous web
browsing tool. I cannot get it to work. ANd/or do you think Mozilla is a
more
secure browser?

In Vista I think IE7 is more secure than Mozilla based browsers because of
IE's protected mode.

http://www.microsoft.com/windows/products/windowsvista/features/details/ie7protectedmode.mspx
 
JD Wohlever said:
I hate to say so MS, but your average joe, the person you are making UAC
for, is going
to do exactly what they are doing, that is turning UAC off.

So, what's the problem? That's why Microsoft included an "off" toggle for
the feature. Right? If you don't like it--you can turn it off. Problem
"solv-ed" as Clusoe would have said...;) If you want the extra security that
UAC provides--for instance, the protected mode support available under Vista
IE7--you can put up with the minor annoynances that UAC presents. It's the
user's choice--which is exactly what Microsoft intends it to be. I have some
experience, and using the Vista betas I turned UAC off. But in running the
retail versions of Vista I have decided that I'd rather have it on--and now
that I've gotten used to it, it just doesn't bother me any more. I'd rather
have that extra little security buffer than not.

I get really tired of "average joe" posts written by people who think they
know all there is to know about average joe. They don't, they just enjoy
thinking they do as it helps them to feel like an "above-average joe" for
saying it...;) People usually err when talking about Microsoft OSes by
failing to appreciate that the "default settings" are not the only settings
available. But in this case it is doubly ironic as many of the very same
people who have traditionally decried Windows for its lack of security are
now complaining about UAC simply because UAC assumes that the operator of
the computer may be more intelligent than the computer itself. Basically,
it seems to me that critics of features like UAC are simply being critical
of choices being provided for the end users of operating systems in general.
I think Microsoft is right--give people choices and don't assume that
"average joe" doesn't want them. If I'm going to err, I'd rather err in that
direction.
 
Kerry Brown - You are WONDERfuL! THANK YOU!
I am most definitely worse than the average Joe. Since I know "some" about
building websites and have had NO security problems or viruses with windows
95, then upgraded to XP and now I have both XP and Vista. I do know just
enough to make me a dangerous joe and could really mess something up. I don't
even know how to work this newsgroup or I'd change the subject line and move
your email up to the top, so everyone could be spared all the wind and
sassyness. I left the links you provided below and bookmarked them and edited
out my wind with the questions. I also must not have been using the help
feature correctly either. Older folks don't like change, once they get so
used to things the way they were. Sounds like Vista IS worth the extra popups
and it just takes time to get used to it. Thank you again SO much! ~ ceece

Kerry Brown said:
Answered inline


User Account Control


There are some group policies that control how UAC behaves.

http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true


Vista without UAC enabled is a little more secure than XP because the file
system is locked down with NTFS permissions but yes disabling UAC and
running with an administrator account gives very similar security to XP -
almost none.
------ANd/or do you think Mozilla is a
 
You're welcome. As you have seen by this thread and many others, UAC is a
controversial new feature with some people holding very strong opinions on
it's use. All anyone can do is read all the opinions, take it all (even
mine) with a grain of salt and make up your own mind.
 
MS knows home users are going to turn off UAC. But what are you gonna do?
Leave it turned off so the security professionals can be up in arms about MS
at least making an effort to protect the average Joe?

The security professionals have an argument for everything that's tough to
counter:

Some people drive without seat belts. But that's no reason for car
manufacturers to stop putting seat belts in cars.
 
Why would anyone WILLINGLY give malware any permission to do anything?

Most wouldn't, but the "I_AM_A_VIRUS.EXE" PoC showed that there are
indeed folks who will "open" such things. Why? Perhaps "I don't
believe it" reverse-SE, disgruntled users on work PCs, etc.

The problem is that quite often the consequences of doing things are
not obvious (or even visible), and Windows was always written to
assume good intentions, as in "scripts are usually safe".
You guys are priceless in your endless blind defense of Microsoft
decisions!

Jeez, you are so blind you can't tell when we're attacking dumb-ass
Microsoft design decisions. Do you even read what you reply to?
The FACT is Microsoft ADMITS it had no choice but to leave
the door wide open to accept any installer request to have access
anything. Any reasonably clever hacker therefore can write code to
pretend his malware code is a installer of a "trusted" application and
such a attack will do whatever it wants.

That's not the main problem.

When you install sware, you know you are giving it traction to not
only run code, but... well, to install software, DUH.

However, the same consequences could arise when you:
- visit a web site
- read "message text"
- open an MS Office "document"
- simply connect to the Internet (RPC etc.)

That's bad design, when content can pretend to offer the low risk of
"reading data" but actually execute the higher risk of running code.

This is before you factor in code insanity, i.e. that code written to
safely view data may in fact run it as raw code due to unchecked
buffers or whatever. The take-home lesson there is that all content
handling can be dangerous and therefore should be avoided until the
user has initiated that process. That lesson has not been taken home.

It's taken years from MS to slowly retreat from the excesses of IE 4's
"all the wotrld's a web page" model, MS Office's auto-running of
macros in "data" files, and Outbreak taking orders to spam.
If you include Windows in that statement you are entirely correct.

Any program. Yes, if you source Windows in the form of a ?tainted
download, or conterfeit CD, then what you're installing may be a
little more than just Windows alone ;-)
Windows is the biggest thread to your PC's security because of how it
was originally written and nothing to date changes that.

Current Windows is based on NT, and NT was written to be a network
chew-toy. It was intended that some big-boss system administrator
would be able to fiddle with PCs through the networjk, overriding any
wishes the user might have had on the subject.

When that design is chucked into broadband consumerland, guess what
happens? Anything that can spoof "sysadmin" status has all that
lovely remote admin access to play with.

XP was the first NT to be mass-sold into consumerland. It was also
the first version of Windows to be open to pure network worms that
attack within minutes of connecting to the Internet, without running
any apps at all - and there were two majot outbreaks of that (Lovesan
et al through RPC, Sasser et al through LSASS).

And now in Vista, we find the RPC service cannot be set not to restart
the whole damn PC whenever it falls in its ass. Where's the logic in
that? The only logic I can see is that corporate sysadmins want
access to the system at all times, even if the user kills RPC and thus
potentially blocks remote access. And because the same basic code
base is used across all Vistas, us home users have to have the same
"solution" for this as crafted for corporate needs.

MS still doesn't "get" it that consumers have needs that are too
different from pro-IT that you cannot simply use the same design as-is
for both. It's not enough to rip out the geekiest bits and dab on a
coat of "easy to use" paint, and call that "Home".
Windows has patches on top of previous patches over the course of 20
plus years. Just for kicks it would be damn interesting to see all the
source code don't you think?

IMO, this isn't where the problems come from. If anything, I'd expect
*NIX to have even deeper and more tortuous legacy roots. Only Apple
have slashed and burned compatibility, mainly when changing
processors, and I'm not sure how relevant that is, either.

In fact, I'd say the greatist risks in a new Windows are not from
legacy carry-over, but new 1.0 feature sets added for the first time.
Why is Windows so weak when in comes to security? Well Mr. Gates
himself made a poor decision. When Windows was first being developed
the Internet (main threat) was unknown to most. Microsoft originally
ignored the Internet. Gates is on record saying the Internet was a
passing fad that Microsoft wasn't interested in.

If you're going to initiate a discussion topic, you need to be a bit
more specific. For example, when you say "Windows", where are you
joining the evolutionary path - Windows 1.0, Windows 3.0 or 3.1,
Windows 95? You'd expect *NIX to have the strongest Internet
heritage, given that it was invented by a telecommunications
enterprise with communications as a major goal.

In fact, I'd say the version of Windows that had the best by-design
safety would have been Windows 95. This predated web browsers that
ran active content, HTML email clients that autoran scripts, HTML and
scripting embraced as internal technologies, deep integration of the
web browser, RPC and other remote-facing "services", ActiveX opening
up DDE/OLE to Internet access, etc.
Only after he realized that was a huge miscaculation did Microsoft
start to try to patch the huge number of security holes hackers were
starting to exploit in Windows itself (stupid policy of turning everything
on like file sharing) making Windows easy prey to port sniffers and the
laughable early attempts with Microsoft's early browsers and Active X.

The sequence was a bit different.

Even before Windows shipped with networking capabilities, viruses were
a clear and present danger with diskette swapping and BBS downloads as
the vectors. Destructive payloads were more common than today.

Then malware simply used by-design opportunites that Microsoft handed
out on a plate - MS Office macro viruses, scripts that used Outbreak's
by-design functionality, and HTML scripts within email "message text".

Quite late in the Win9x era, we saw a move to the discovery and use of
exploitable code defects. The first spectacular examples were SQL
Slammer (Sapphire) and perhaps Code Red, which swept through servers
like wildfire. Still, at this point, Win9x users were not at risk
unless they'd installed something that dropped a SQL engine on the PC.

When XP waved RPC, LSASS etc. at the Internet, mass exploits of
defects in these services followed fairly swiftly. From that moment
on, the search has been for exploitable code defects, rather than
simply using by-design opportunities that are beginning to wane.
The problem is no matter how much Windows gets patched it still wasn't
designed as a secure OS. Microsoft had pleny of time to fix this
oversight by rewriting Windows from scratch.

I make a distinction between "security" and "safety".

When you need some folks or contexts to use risky functionalities and
others not, then you need "security" to mediate access to these
things. But when you do NOT need any folks or contexts to have access
to risky things, then you simply need to rip these out altogether.

A piss-weak strategy is to rely on "security" to act as a zero-pass
band-aid instead of building in "safety". Would you feel safer if
nuclear weapons were never invented, or if anyone could pick up a
phone and command a strike, blocked by the 100%-foolproof security of
needing an impossible-to-guess 3072-character string?

NT was indeed designed as a secure OS, unlike Win9x - from the user
accounts and domain logon down to NTFS, it's designed to secure access
to everything - but, alas, also open everything to remote access,
"protected" by this security. And XP has suffered far more
devastating mass drive-by attacks than Win9x as a result.

On writing the OS from scratch, I remember it was claimed in the NT 4
era that the whole code base had been re-written to root out all
unchecked buffers. Er... right. As long as folks write in C, we will
prolly have unchecked buffers are similar exploitable defects, and
this underlying factor prolly applies equally to *NIX and MacOS.
they chickened out fearful they would lose too many customers if
Windows suddendly became more secure but nobody's hardware or software
worked anymore with this new beefed up Windows.

Interesting you mention that - as they have indeed come closer to
doing just that with XP SP2 and even more so with Vista.
...you would think Vista would be more secure, but all Microsoft did
was put a bandaid on Windows called UAC which is badly flawed

Actually, UAC is the temporary tip of a far larger iceberg of safer
re-design. It is there to bridge between today's apps and the safer
(or "more secure", if you prefer) native design of Vista.

UAC isn't going to be developed further; it more likely to fall away
as development embraces the new Vista practices. What happened to
Share.exe between Win95 and Win98 is what will happen to UAC... in a
few years' time, apps that throw up UAC prompts today will not run.

Hopefully, Vista64 will be that more secure platform - with DEP,
signed drivers etc. as the norm. It's the only clean-slate
opportunity MS is likely to get in the next 5-10 years, so I hope they
don't squander it by allowing today's practices to continue.
I'm not against the concept of UAC, I'm simply surprised Microsoft did
such a crappy job with it considering its taken them over 5 years to
push Vista out the door. What have they been doing all this time?

Prolly similar to what they did when Win95 was in (protracted) beta.

In both cases, the current OS had core reasons why it HAD to be
redeveloped. Win3.yuk was dying every few hours because the 64k
global heaps were being overrrun with modern multitasking needs. XP
is being shot to pieces because most of its security depends on
limited account rights, and no-one developing consumer software has
given a damn about writing for use with less than admin rights.

In both cases, MS responded by building a relatively clean-slate OS
designed to impliment a new software standard, with concessions added
so that current software will still work.

In 1995, the new standard was 32-bit code, as supported by the
minority NT OS of the time. In 2006, the "new" standard was pretty
much the same one they advocated for XP, i.e. develop code so that it
can run in limited user accounts, sign your drivers, etc.

The original Win95 moved everything from 16-bit to 32-bit heaps, thus
killing the resource heap crisis for once and for all. At the API
level, they hid this detail, so that existing sware would still
work... then they discovered many apps broke API rules and wrote
directly to the heaps, and thus would crash with the new OS. So they
moved some items back to the old legacy 16-bit heaps, and I suspect
the extended public beta period was mainly needed to test which items
had to be moved and which could stay in the 320bit heaps.

The original Vista was prolly written to run properly-developed
programs, with UAC as a tide-over for everything else. In its earlier
forms, UAC was even less tolerable than it is today. The extended
beta may have been required to polish it up, and if late changes were
still being made, it may explain why so many vendors are still not
Vista-ready today (e.g. HP printer drivers, QuickBooks, etc.)

IOW, simply developing for Vista from 2004 doesn't ensure you'll be
Vista-ready in 2006, if the OS changes late in the beta process so
that your development work is invalidated.

That's what 2007 smells like, to me.

I think MS's approach is sound, because the pain of today's sware and
UAC will fade with time. If the new platform we move to was deeply
compromised for the benefit of today's legacyware, then we'd carry
that pain forward for the next 5+ years.

As it was, the need to compromise Win9x for Win16 heap-fiddlers had a
crippling effect on Win9x in the long term. Let's hope we aren't in
for the same thing with Vista.


--------------- ---- --- -- - - - -
Saws are too hard to use.
Be easier to use!
 
Jeez, you are so blind you can't tell when we're attacking dumb-ass
Microsoft design decisions. Do you even read what you reply to?

Right now I'm reading the dumbass comments of some cross posting Bozo
that just now is responding to what I wrote over two weeks ago, but
first deleted my comments so I have no idea what he's yapping about.
Happy?

As usual I'm waiting on Windows to finish a task that doesn't require
my direct monitoring, so I have time to play with the kiddies that
post here that love to pretend they know what they're talking about.
Trust me, always laughs for real experienced users like myself to
learn" from the wannabe experts. Sure said:
That's not the main problem.

Oh, well then I'll wait breathless for you to tell us what the main
problem is then.
When you install sware, you know you are giving it traction to not
only run code, but... well, to install software, DUH.

DUH? As in you're too fu..ing dumb to know what you're talking about?
I'm not impressed with your made up terms. If your use of 'sware' is
suppose to mean spyware you rarely are ASKED if you want to install
it. Hint: That's why its called spyware dummy.
However, the same consequences could arise when you:
- visit a web site
- read "message text"
- open an MS Office "document"
- simply connect to the Internet (RPC etc.)

Really? oh wow, I bet nobody knew that! Thanks so much for repeating
the obvious.
It's taken years from MS to slowly retreat from the excesses of IE 4's
"all the wotrld's a web page" model, MS Office's auto-running of
macros in "data" files, and Outbreak taking orders to spam.

You're full of a brown substance that comes out a certain oraphous on
your backside. People are NOT aware of what they're installing half
the time. Hint: That's how trojans get "installed", worms, a virus,
malware of all kinds.

Sorry kid, you're just rehashing what I said. While I'm sure I could
come up with witty comments on the rest of the garbage you said, I'm
sure I find something more interesting. Bye-bye loser.
 
you know what's really funny is these guys went to all the time and effort
to write this post, however in two seconds could have turned of UAC
(hehehehe, is it really worth the bitching effort...)
 
Nathan Sheppard said:
you know what's really funny is these guys went to all the time and effort
to write this post, however in two seconds could have turned of UAC
(hehehehe, is it really worth the bitching effort...)

Well, I turned it off. Got tired of having to confirm 4 times when I wanted
to create a new start menu group. I have no problems with it being on for
something's, but Microsoft should have allowed you to choose what it nags
you about and what it doesn't. I really don't see how anything bad could
happen by creating a start menu group, or directory, etc. I think Microsoft
went too far with this.

As for it being for business people, well it is the consumers that spread
most of the viruses and stuff. Consumers are often dumber than the computers
they use. They have no problem opening an e-mail attachment from someone
they don't know. They have no problem giving personal information and
passwords to any site that asks for it. While business aren't perfect, they
are better than they dumb consumers.

=(8)
 
I really don't see how anything bad could happen by creating a start menu
group, or directory, etc. I think Microsoft went too far with this.

Truth is, there are two modes when using your computer with UAC mode.
"restricted" mode and "unrestricted" mode.

The line has to be drawn somewhere between "restricted" and "unrestricted".

Creating a directory in certain parts of your system or creating a start
menu group for all users is "restricted", because this change could affect
other users on your computer or your computer itself.

UAC steps in whenever a program wants to switch from "unrestricted" to
"restricted" - and it asks *you* if this change is OK.

UAC tells you "hey, this program here wants complete access to your computer
.... are you OK with allowing this program to continue? Did you actually
start this program? Do you trust that it will use this power to do what you
think it will do? Because it could use this power for evil."

This is important ... because even though you are "ONLY" trying to say
delete a directory, the program that you are using is about to be given
"unrestricted" access to your computer in order to do that - which means it
could do much, much, MUCH more damaging things to your computer than just
delete said directory ... it could render your computer useless.

so ... why can't you choose what the computer nags about and what it does?

Well, you actually CAN to some extent ... you can change the security on
things such as files so that any program, not just administrative programs,
can access them.

But, it is important to ask yourself ... are you OK with any program that
runs on your computer having that kind of access to your computer?

UAC protects you by allowing you to choose which programs have unrestricted
access to your computer, and preventing all other programs from having this
kind of access.


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/
 
Jimmy Brush said:
Truth is, there are two modes when using your computer with UAC mode.
"restricted" mode and "unrestricted" mode.

The line has to be drawn somewhere between "restricted" and
"unrestricted".

Creating a directory in certain parts of your system or creating a start
menu group for all users is "restricted", because this change could affect
other users on your computer or your computer itself.

UAC steps in whenever a program wants to switch from "unrestricted" to
"restricted" - and it asks *you* if this change is OK.

UAC tells you "hey, this program here wants complete access to your
computer ... are you OK with allowing this program to continue? Did you
actually start this program? Do you trust that it will use this power to
do what you think it will do? Because it could use this power for evil."

This is important ... because even though you are "ONLY" trying to say
delete a directory, the program that you are using is about to be given
"unrestricted" access to your computer in order to do that - which means
it could do much, much, MUCH more damaging things to your computer than
just delete said directory ... it could render your computer useless.

so ... why can't you choose what the computer nags about and what it does?

Well, you actually CAN to some extent ... you can change the security on
things such as files so that any program, not just administrative
programs, can access them.

But, it is important to ask yourself ... are you OK with any program that
runs on your computer having that kind of access to your computer?

UAC protects you by allowing you to choose which programs have
unrestricted access to your computer, and preventing all other programs
from having this kind of access.


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/



But that isn't why Microsoft added UAC at least not according to them. They
added it so that it was harder for any malicious programs to do something
bad. Again, it shouldn't have been an all or nothing features. It is just
Microsoft once again trying to control what we do with our computer and how
we do it. Until they allow me to decide what is and isn't monitored UAC can
go to hell right along with Microsoft and their poorly implemented grandiose
ideas.

=(8)
 
On Sun, 18 Mar 2007 21:25:22 -0400, "Jimmy Brush"

Well, I could re-witre the shortcut to WinWord.exe to point to my
malware code, which could then chain into WinWord.exe as if nothing
has happened. Or I could seed the StartUp group wiht malware, and
thus get to run whenever Windows runs.

Now that Vista gropes the Start Menu early in the match-finding
process (as invoked by typing in Search field), the significance of
this is if anything increased.

So yes, it seems entirely appropriate to defend these, especially the
system-wide (All Users) forms of these.


--------------- ---- --- -- - - - -
Saws are too hard to use.
Be easier to use!
 
Back
Top