oscar
wrote
simple local applications such ... a media player won't usually need
administrative permission
You call a media player simple - they call home, they download pretty
pictures, they seek out digital rights, they install codecs on the fly, they
update themselves, they install themselves in QuickLaunch, they install
toolbars if your not careful, they run bits of themselves at start up, and
they invariably install themselves for access by all users.
Yet a straight forward stand alone cataloging application that I've used for
years is an "unidentified program". Who makes that decision, I can identify
it, I know the author, and her hiusband. I thought it might be to do with a
program being digitally signed, but I have signed programs that are
"unidentified" and unsigned programs that are "identified" and visa versa.
It seems that UAC looks not at what a program is, nor at what it does, but
rather whether it's in some arbitary bureaucratic list or other.
UAC interrupts one's workflow so often that one selects Allow or Continue by
habit, that makes it very easy for a nasty to come in under the radar. This
exposure results directly from UAC's deficiencies - the very thing it is
trying to prevent.
If all you do with your computer is chat, mail, watch voyereurist video
clips, word processing etc then you may not see much of UAC, especially if
you only use MS apps. But if you use your computer as part of a creative
process then you don't want some nanny standing over your shoulder saying
"are you sure you want to use that brush to paint that picture", or "do you
know where that chisel comes from and where it's been".
Why is it that UAC has to be ON, whereas Defender's change notification is,
by default, OFF. So its OK for somethimg to install a run once program
that downloads some malware tomorrow morning - but its not OK for me to run
a an application that I know is a perfectly safe. And, I think UAC allows
programs to run at startup that it would otherwise ask whether it's OK to
run - where's the sense in that.
I dont understand why virtualisation is tied up with UAC (as described in
the referenced Wikipedia article), seems like pathological coupling (ref
http://c2.com/cgi/wiki?CouplingAndCohesion) might alive and well in Seattle,
have we learnt nothing in almost 40 years. If UAC and Virtualisation are so
coupled why would it impact on installs and not the normal operations of a
program.
I found this
http://msdn.microsoft.com/en-us/library/bb530198.aspx which is
a summary of Registry Virtualization, does anyone know of something similar
for File Virtualization.
Perhaps what I really need to read is here
http://technet.microsoft.com/en-us/magazine/cc138019.aspx, and then maybe
here
http://www.microsoft.com/downloads/...69-A648-49AF-BC5E-A2EEBB74C16B&displaylang=en.
IMO someone in MS have confused, in presentation at least, management of
user priviledges with whether or not a program comes from a known and
trusted source.
I've never needed to run IE in Protected Mode, what that ever it is, I find
Fx and IETab do all I need.
--
wallaby
ASUS pk5pl, E8200, 4G, 250+320G, 16Mbps ADSL2+
Vista-Business-SP1, Office-Business 2007, AutoUpdate On.
"Write a paper promising salvation, make it a 'structured' something or a
'virtual' something, or 'abstract', 'distributed' or 'higher-order' or
'applicative' and you can almost be certain of having started a new
cult." -- Edsger W. Dijkstra
