Just noticed that my reply didn't ever get to the group for some reason. So
here goes repost. A bit late though but anyway.
///////////////////////////////
Michael,
Comments inline
MICHAEL said:
Oh my goodness. To think, many of us have been using various versions of
Windows all these years *without* UAC, and have had a wonderful, mainly
non-eventful user experience. How did we possibly survive without UAC?
Must be a miracle.
You are missing the point IMO.
Various versions of windows, huh? Let's take Windos 9x series as an example.
Many of us have been using Windows 95/98 all these years without security at
all. We didn't have NTFS, piviledges, securable objects, nothing. How did we
possibly survive without security? Must be a miracle, right?
Wrong. The reason is security wasn't that of an issue at the time.
Environment wasn't that hostile as it is now. Do you wan't to use 9x online
today? I don't thik so.
Do some need it? Sure. Of course, some need diapers
and training wheels a lot longer than others, too.
UAC is okay for the clueless and the careless. I am neither, and I
decided I don't need, nor do I want it running on my machine. I turned it
off for good on Wednesday. I've tried to do the "careful" thing- I'm over
it. I want my computer to run the way I want. Unbound, unhindered, and
not treating
me like some dummy.
Training wheels? That's how you feel about UAC? Well, I'm not sure if I can
agree with that. Being a system administrator for more than 5 years and
Windows user since 3.11 I probably don't need training weels. Yet I'm happy
to have UAC. I definately will have it on on all my own computers. Why is
that? For exactly same reason as yours: I want the system to run the way I
want. If some program tries to do something system-wide, I want to be aware
of it. But then again, I'm not running as an admin, and do not make system
changes that often to be bothered by UAC that much.
I've made it many years without it- I think I'll be just fine, thank you.
UAC takes away from a pleasant, smooth, free flowing user experience.It is
obnoxious, annoying, and aggravating. That's not how I want my computer
experience to be. It's like have some overbearing authority figure hiding
in my machine asking me a hundred times if I'm sure I want to do such
and such. It's rather insulting. So, no thanks.
I agree that UAC may be quite annoying when you make massive amount of
system-wide changes. It's completely fine for user to turn UAC of when you
do that. But not for the program to ask to turn it off permanently. Which
was my only point.
I looked at Tweak Vista, and like similar programs for XP- you have to
be careful what you do. Of course, to make the many changes at once
that it does, UAC can't be hanging around blocking the changes.
It doesn't block. It asks me. If I feel I don't need that during tweaking my
system, I'll turn it of temporarily, taking the risk of being more
vulnerable during this period.
There are actually some very useful tweaks in the free version. One that
may interest some, forcing AERO to run on non-approved cards. Quite
a few other interesting tweaks. The program also allows you to easily
change any setting you make, built in backup of previous settings- in case
you forget what the heck you changed. It also implore you to set a System
Restore point, which happens when you first install it. You can even
invoke SR from within Tweak Vista. I found the program to be useful.
We don't duscuss the set of features of the app at all. It may be the best
tweaking program in the world. The point is that it just makes another
[false] argument about UAC being a bad thing like saying:
"Look, I can do a lot of great stuff to your system, but this UAC thing
doesn't allow me to do that. So let's start with just turninig it off
permanently. Because after you install me you will use me all the time to
tweak the system over and over and over, right? Right?"
Since I already had UAC turned off,
I didn't shite my pants like some because it asks you to turn UAC off.
Oh, it didn't fudge up my machine. If a user doesn't know what they
are doing- don't do it. It really is that simple.
The problem is that people do mistakes. All the time. Everyone of us. It's
just a nature of humans to do mistakes. It's commonly known fact that
security-wise a human is a weakest link in any system.
If you like using UAC, go ahead. It's all good. For me, I don't need a
mommy program holding my hand. Or, some techno version of Depends
undergarment. I'm quite capable of knowing when I need to go, how often I
need to go, where I need to go, or hold it if I have to.
It's not only about helping you not to make mistakle. It's about helping you
to control what applications do on your computer. Interactive or not,
after you clicked a button or if program desided to do something on it self.
Now, at the bigger picture a user shouldn't see UAC at all. Yes, that's
right.
First, Because UAC is all about protecting *administrative* accounts and
nobody should run as admin in the day-to day life anyway.
Second, no program should require admin rights if it doen's perform admin
tasks. If it does, run it as admin account (works nicely in Vista with
almost same interface as UAC). If it doesn't but still tries to make
system-wide change, complain as hell to the developer to fix the LUA [1]
bug.
That said, there are three possibilities when system-wide settings need to
be changed:
1. User knowlingly performs administrative task or starts a program that
does that.
2. User unknowlingly performs administrative task. Changing system time can
an example. You rarely need to change that. Time zone? Yes. But mot the
time.
3. (except 1-2) A program performs administrative task on itself. Variants:
a) it is poorly written to store per-user settings in wrong place like
%programfiles%; b) it is mailcious program. UAC protects from both 2 and 3
while bugging you when you do 1.
Why we have so many cases of securty breach and infection in the Windows
world. I say the big part of it is that so many people are still running
with
administrative priviledges day-to-day. And why is that? Because Windows is a
victim of it's success. So many programs require admin priviledges to run
without any sane reason. Accounting, IM's, productivity, multimedia. It's
all over the place. Developers do not care to take a moment and to design
a program as it should be designed for Windows (ie store user settings in
user-writable areas like HKCU and %programfiles% etc). UAC is a kind of
solution (or should I say workaround) to this problem.
[A bit OT but] With more strict requirements to drivers signing I can see
how MS tries to deal with two biggest problems of Windows in terms of
stability and security: Admin users and third-party drivers. Did you know
that only 5% of blue screens are caused by MS code? 70%? You probably
guessed - those third party drivers.
Now, Tweak VI maybe doesn't fall in this bucket as it is admin utility but
the bottom line is it does the same job - pushing user towards turning off
even more security features.
