C
cquirke (MVP Windows shell/user)
Take it back to the logical conclusion. Microsoft has waved the white
flag of surrender and now admits all prior versions of Windows were
major security risks and much of that was due to how Windows was
written including how many Microsoft developers, including those
inside Microsoft wrote applications. They further admit by deploying
UAC, they can't fix Windows to make it safer so they tossed the ball
in the user's court by flashing a simplistic warning; the UAC nag
screens.
Not really, no - IOW, the detail's different.
UAC is the consequence of trying to force a complex and inappropriate
security model derived for corporate use (NT) into consumerland, and
having the model largely ignored by users and developers alike.
Users (myself included) weren't interested in pretending to be
different employees with different job descriptions when using the
same PC that they own, and should have full access to.
The way that user accounts were initially presented to consumers in XP
"Gold" was arrogant; if you dropped rights to anything less than Admin
on an account, all settings for that account fell back to MS
duhfaults. The arrogance is expecting us to find these acceptable!
So users just carried on with one Admin user account, and as a result,
developers for this market (who were largely trasitioning to XP from
Win9x, just as wqe users were) saw no reason to bother with all this
"limited user rights" malarky either.
In short, consumerland flat out rejected MS's security model, which
meant that much of what had been designed in as "security" was simply
not operating in consumerland. All those "mitigations" like "a
malware would only have user rights, so if the user wasn't running as
admin, all malware could do would be trash your data" didn't apply
What UAC attempts to do, is bring the notional advantages of not
running as admin, to folks who are in fact ruinning as admin.
The idea is that developers can avoid user-annoying UAC prompts if
they write their software to be compatible with reduced user account
rights. The hops is that this time round, developers will do so,
given they've sat on their ass through 5 solid years of XP, so that at
the start of Vista, we're no better off that we were 5 years ago.
The real solution would be to rebuild Windows from the grown up, 100%
redo and make it secure that way.
Those are the dice that Netcape rolled with Gekko, when they decided
to drop the existing code base and start from scratch - and it nearly
killed them. The new netscape was late and buggy, and they've been
eclipsed by Firefox since. If that happens with a stand-alone web
browser, imagine how a full OS would spin out of control?
That of course would cause a huge chunk of their customers to run
away screaming since little if any current hardware or software would
work in such a totally new from the ground up radically different Windows.
Put it this way: If you think that Vista is large, slow, demanding a
high hardware specification, late to market, and beset with
compatibility issues... your approach would blow these out even more.
So Microsoft was stuck between a rock and a hard place and
picked UAC as a "solution".
Vista isn't just XP + UAC. UAC is just one particular component of
the solution set, and is actually a part of the compatibility
subsystem - which means it is destined to play a shrinking role in
daily life as the Vista platform matures.
It is a bridging technology, in other words... something like the PnP
wrapper for non-PnP ISA cards that gave PnP so much grief back in the
days of Win95's first release. Do we care whether ISA cards work with
PnP today? No. So should UAC be largely irrelevant by 2010.
All UAC really does is create the illusion of security in most situtations
because we all know 9 times out of 10 once a user, any user starts
out to do something, some nag screen he can click through isn't
going to stop him from doing what he planned to do in the first place.
They key here is "when the user starts out to do something". UAC is
there to catch things other than the user, that attempt to initiate
actions that the user had no intention of doing.
Yep, it will be Darwin take the hindmost", but no more so than "don't
open attachments even if from 'someone you know' unless certain they
are safe and a human sender really meant to send them".
I see UAC as annoying (especially when trying to clean up the AllUsers
Start Menu) but I welcome any attept to put the user in control of
processes automated by software, web sites, "content", etc. as a step
in the right direction, and a long overdue one at that.
Saws are too hard to use.--------------- ---- --- -- - - - -
Be easier to use!