UAC should have been a Business class feature, not for Home Users

  • Thread starter Thread starter JD Wohlever
  • Start date Start date
Mike Hall - MS MVP Windows Shell/User said:
I am Mike Hall, MS MVP Windows Shell/User, and I AM CANADIAN (well, I hold
a permanent residence card.. for now)..
Click to expand...

Draft Doger ! ! !


Just kidding
 
If after the computer is setup you are constantly seeing UAC prompts you are
doing something wrong. I hardly ever see a UAC prompt.

While getting at financial information and identity theft is the goal of
some malware it is not the goal of most current malware. Most current
malware has the goal of extortion (e.g. spysherrif) or the goal of taking
control of your computer to use it as a zombie. The extortion malware is
very obvious when you get it. The trojans that take over your computer for
use as a zombie are not. The fact that many hundreds of thousands of
computers are available for sale as part of a botnet attests to the fact
that you cannot secure XP (or any OS) if you run as an administrator. I see
many computers that have up to date antivirus and antispyware software that
are compromised in this fashion. UAC (or running XP as a standard user)
would have stopped these infections. Turning off UAC may relieve some short
term pain but it won't cure the disease and may have the opposite effect of
helping to spread the disease.
 
This will take time but as programs are updated for Vista UAC will become
less of a hassle.
 
If after the computer is setup you are constantly seeing UAC prompts you are
doing something wrong. I hardly ever see a UAC prompt.
Click to expand...

That's way too broad a generalization. I'm hardly a casual user. I
went against typical "sage" advice and did a install in place as
opposed to a clean install because I got nearly 2 TB worth of stuff. A
nightmare to reinstall and reconfigure obviously. So I gambled (after
making so I had current backup) and it worked, ie no troubles
transferring applications, settings and data files from XP to Vista
with a couple minor hickups.

However once Vista was up and running it drove me crazy. Every couple
minutes it would pop up some moronic UAC window, gray my screen, nag,
nag, nag. If Windows did what it said, mirror my settings and in
effect save my system and only overlayed Vista then is already knows
or should know much of the stuff it keeps nagging about.

What's worse of course if if your move files around a lot, and I do,
it shouldn't nag, nag, nag, that in effect the user that has
administrative rights which has already done the same task repeatedly,
ie move files from Drive E Folder A, to Drive F Folder B needs again,
over and over Ad nauseam to get permission from his operating system,
click yes I want to do this time and time again until you are
literally ready to toss your monitor out the nearest window. That is
what I would call poor design and something no power user would ever
put up with for more than a few minutes which is why many people, even
MVP's turn UAC off.
While getting at financial information and identity theft is the goal of
some malware it is not the goal of most current malware. Most current
malware has the goal of extortion (e.g. spysherrif) or the goal of taking
control of your computer to use it as a zombie. The extortion malware is
very obvious when you get it. The trojans that take over your computer for
use as a zombie are not. The fact that many hundreds of thousands of
computers are available for sale as part of a botnet attests to the fact
that you cannot secure XP (or any OS) if you run as an administrator. I see
many computers that have up to date antivirus and antispyware software that
are compromised in this fashion. UAC (or running XP as a standard user)
would have stopped these infections. Turning off UAC may relieve some short
term pain but it won't cure the disease and may have the opposite effect of
helping to spread the disease.
Click to expand...

I think a lot of people would call Windows the biggest and most
pervasive virus to ever infect a computer. <giggle>

I think most knowledgeable people if being totally honest would admit
no version of Windows is secure or can be made totally secure. So no
matter how much Windows gets "improved" it is really just patches on
top of previous patches.

The bottom line is Microsoft is stuck. It knows better then anybody
the real solution is to start over. From scratch. It won't and can't
really because to do that would blow the world's biggest installed
user base that demands that each new version of Windows be more or
less backward compatible with what hardware and software that ran on
earlier versions of Windows. The old catch 22.

Sure, I have no doubt if Microsoft really wanted to they could deliver
on a very robost Windows or something called something else. To do
that would mean they would have to be willing to give up a sizable
chuck of their users and obviously they don't want to do that and the
irony is way too many users don't want a total new and completely
different OS either because they would have to dump a lot of their
current hardware and software. If they did that, unlikely they would
pick any Microsoft OS as their OS of first choice.
 
Adam Albright said:
That's way too broad a generalization. I'm hardly a casual user. I
went against typical "sage" advice and did a install in place as
opposed to a clean install because I got nearly 2 TB worth of stuff. A
nightmare to reinstall and reconfigure obviously. So I gambled (after
making so I had current backup) and it worked, ie no troubles
transferring applications, settings and data files from XP to Vista
with a couple minor hickups.

However once Vista was up and running it drove me crazy. Every couple
minutes it would pop up some moronic UAC window, gray my screen, nag,
nag, nag. If Windows did what it said, mirror my settings and in
effect save my system and only overlayed Vista then is already knows
or should know much of the stuff it keeps nagging about.

What's worse of course if if your move files around a lot, and I do,
it shouldn't nag, nag, nag, that in effect the user that has
administrative rights which has already done the same task repeatedly,
ie move files from Drive E Folder A, to Drive F Folder B needs again,
over and over Ad nauseam to get permission from his operating system,
click yes I want to do this time and time again until you are
literally ready to toss your monitor out the nearest window. That is
what I would call poor design and something no power user would ever
put up with for more than a few minutes which is why many people, even
MVP's turn UAC off.

I think a lot of people would call Windows the biggest and most
pervasive virus to ever infect a computer. <giggle>

I think most knowledgeable people if being totally honest would admit
no version of Windows is secure or can be made totally secure. So no
matter how much Windows gets "improved" it is really just patches on
top of previous patches.

The bottom line is Microsoft is stuck. It knows better then anybody
the real solution is to start over. From scratch. It won't and can't
really because to do that would blow the world's biggest installed
user base that demands that each new version of Windows be more or
less backward compatible with what hardware and software that ran on
earlier versions of Windows. The old catch 22.

Sure, I have no doubt if Microsoft really wanted to they could deliver
on a very robost Windows or something called something else. To do
that would mean they would have to be willing to give up a sizable
chuck of their users and obviously they don't want to do that and the
irony is way too many users don't want a total new and completely
different OS either because they would have to dump a lot of their
current hardware and software. If they did that, unlikely they would
pick any Microsoft OS as their OS of first choice.
Click to expand...


If you have that many programs that cause a UAC prompt you should have stuck
with XP until there were Vista compatible versions of them. I move files
around my network all the time and never see a UAC prompt because of moving
files. You may have to change your habits as to where you store your files
but simply moving files around doesn't cause a UAC prompt. You say no
version of Windows can be made secure. I'd extend that to say that no OS can
be made secure. The better ones at security all use some method to stop
normal users from changing system wide settings and changing system files.
I'll make another broad generalization and say that most Vista users who
have considerable experience with OS' than Windows leave UAC on. It's mostly
the long time Windows users and programmers who haven't used other OS' who
are whining the loudest about UAC.
 
The only way to fully secure a PC is to unplug it from the network and
turn the power off. No OS is fully secure, even a read only CD based
install (something is running in RAM).

With Windows Vista, they increased the security. But, again, when I do
security it has to be as transparent to the end user as possible yet
being as secure as possible.
 
I'll make another broad generalization and say that most Vista users who
have considerable experience with OS' than Windows leave UAC on. It's
mostly the long time Windows users and programmers who haven't used other
OS' who are whining the loudest about UAC.
Click to expand...

Good observation.

I've just started the update manager on Linux to download some patches, I
had to supply my password for it to start up. That's just normal.

Running with administrative rights is *bad*.

Sure UAC could do with a few improvements - the system should auto-allow any
prompts from say the Control Panel for x number of minutes once you've
accepted one already. I think that will solve most complaints.

It would also be nice to prompt when something makes a change instead of
when the app launches. Like you can open the Device Manager without being
prompted, and then if you chance something to be prompted. But that will
require a huge amount of work to be done to implement that.

But ultimately we have to let go of running everything with full rights to
the box. It's a bad habit, and its a shame so many developers are slow in
reacting.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*
 
Good observation.

I've just started the update manager on Linux to download some patches, I
had to supply my password for it to start up. That's just normal.

Running with administrative rights is *bad*.
Click to expand...

If running with administrative rights is bad (agreed) then why in the
heck does Microsoft under Vista give all installer applications
Administrative rights?

Hint: That means any malicious code can pretend to be a "installer"
too and in effect gain access to anything on your computer including
Windows kernel or YOUR data. It doesn't make much sense to me. Wish
somebody would attempt to explain why UAC as presently configured is
such a great idea. I even see several MVP's saying they turned it off,
now if we could just get them to stop top posting. <snicker>
 
You had to supply your "root" password - the same as running Windows as
administrator.

All these people complaining, especially the e-zine columnists, have never
before worked with a secure operating system.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
UAC is a feature not a setup or install issue. You need a preschool nanny
and a reading nanny not a net nanny. Get some elementary school reading
back ground.

SETUP /INSTALL have not a damn thing to do with UAC bub.

How frigging dumb do you have to be not to understand what setup or install
means. Do you need a dictionary? I am not trying to run a group. I answer
questions and fix things when I have time. And you don't speak for anyone
but BobS.

It's amazingly stupid for anything but setup or install issues to be taken
up on a setup/install group. I understand a large number of posters since
they let RTM go on sale have flooded the groups who don't know the basics of
Win mail or how to find the other groups.

To the extent anythng is on here that isn't setup/install then it
camouflages the setup/install questions that are appropriate to this group.
This phenom only broke out when Vista went on sale to the public and it's a
symptom of laziness. Why don't you teach your fellow spamers how to search
for the dozen or so categories of Vista public groups?

And you're insipid distorted point about "who is paying the freight here" is
insane. This is a public group. You don't pay the freight any more than
anyone else here. You don't pay a damn thing. Why don't you fix what you
can, and get help where you can,and do it in the appropriate group.

Further, what frigging idiot thought it would serve any purpose except
stupidity to cross post to 4-5 groups?

LOL

CH
 
JD--

This is a user's group. This isn't a hotline to MSFT. And the cross posting
meant absolutely no sense. If you want to get your message to MSFT do it on
a MSFT blog--there are hundreds or post on the Vista team blog read by Jim
Allchin who ran Windows until a few weeks ago, and the Vista marketing team
and others from MSFT.

It's a little bit like opening the window and saying you want the Iraq
fiasco to stop.

UAC is a security feature in Vista and it has been discussed in the Vista
general group and the Vista security group. It's not a setup feature lol or
a game feature or particularly a file management feature. Cross posting
without a very specific reason just clutters more groups.

CH
 
My posts are on point to fixing what the question wants or supplying info.

Anything below my signature is a variation of somoene's sigining with a
quote etc.

To the extent that you read any of them, you increased your steep learning
curve positively. I'm looking for any of yours I can learn anything from.

CH
 
UAC is User Account Control and if you want to learn more, some ways for you
to do this are to put it in the Help and Support Search box on the start
menu or go to http://technet.microsoft.com and put it in search or google
for msdn uac vista or search it on the MSDN Radio 9 site
http://channel9.msdn.com/ or go to the Vista general group and View
search>uac.

CH
 
My posts are on point to fixing what the question wants or supplying info.
Click to expand...

If you only had a clue how many people are laughing at you. You're
trying to run the newsgroup. Sorry, we all already have mommys.
 
You had to supply your "root" password - the same as running Windows as
administrator.

All these people complaining, especially the e-zine columnists, have never
before worked with a secure operating system.
Click to expand...

Yea right. I keep forgetting so many MVP's are "experts".

Yep, at spreading bullshit.

Memo to Richie. You should consult with other MVP's, several have said
just today there is no such thing as a secure operating system.
 
Albright--

I could care less who is in charge. It's a user group. I've been using
them a good while. The cross posts are absurd. This is no MSFT hotline.
UAC isn't an install issue. Has nothing to do with who is in charge. All 3
statements are accurate. I gave direct connections to bitch to MSFT about
it; that's more than I've seen you do.

I see a lot of little children grown into adult bodies who had a lot of
people push them around as kids and an even greater number pushing them
around as adults projecting their pissedoff affect onto me.

How dumb does someone have to be to dump off topic issues into a setup group
when there are a dozen or so more groups for them?

CH
 
Albright--

I could care less who is in charge.
Click to expand...

The proper phrase is you couldn't care less. Meaning you are already
at your limit of caring. Hint: If you could care less, as you just
said, then you're not caring the least amount you could, because you
just told us "I could care less". said:
It's a user group. I've been using them a good while.
Click to expand...

Probably no where as long as I have which is why I always laugh when
somebody admits they're not in charge, but keep acting like they are.
The cross posts are absurd.
Click to expand...

Cross posting is common on Usenet. Hint: You're posting on Usenet.
There are no special rules for Microsoft groups. I bet you didn't know
that when people cross-post (post the same comments to multiple
newsgroups at the same time by setting the header to post their
messages to multiple groups), they are just saved in one place on the
news server. You see, you don't know anywhere near as much as you
think you know.

So cross-posting bothers nobody except maybe up-tight twits, doesn't
take up bandwidth and doesn't waste space on anybody's news server. So
what's your problem? Again it seems you just like to pretend you're in
charge.
This is no MSFT hotline.
Click to expand...

Nobody but you keeps saying that. Which brings us full circle. You
keep saying you're not in charge, we all know you're not, yet you
insist on trying to control what other do. If you don't wish to help,
and you're not asking questions, why are you here? Nobody forces you
to answer anybody's post. You elect to do so or not. Your choice.
UAC isn't an install issue.
Click to expand...

More of you attempting to control who posts what. Instead of having a
hissy fit if you bothered to read up on the subject you would learn
many people are bothered by UAC's implemenation, even MVP's and far
more knowledgeable people then you including professionals Microsoft
hired to deliberately attempt to break into Vists an demonstrated how
they did at a well attended Microsoft sponsored convention because of
the UAC. When you recover, pick yourself off the floor.
Has nothing to do with who is in charge.
Click to expand...

Kindly explain your obsession with who's in charge. I don't claim to
be, you're certainly not and I see nobody else complaining yet you are
fixiated on who's in charge of a newsgroup you admit you aren't in
charge of, yet you keep acting like you are or want to be.
All 3 statements are accurate. I gave direct connections to bitch to MSFT about
it; that's more than I've seen you do.
Click to expand...

You're just another primadana that got his ears pinned back and you
don't like it because it bruised your bloated ego. May I suggest you
develop a thicker skin and mellow out.
I see a lot of little children grown into adult bodies who had a lot of
people push them around as kids and an even greater number pushing them
around as adults projecting their pissedoff affect onto me.
Click to expand...

You've been staring in a mirror haven't ya. What you just said is
known in the mental health industry as projecting.
How dumb does someone have to be to dump off topic issues into a setup group
when there are a dozen or so more groups for them?
Click to expand...

How dumb do you have to be to keep complaining about something you
can't control or change? This group doesn't have much traffic. Its
probably the first newsgroup people trying to install Vista come to.

The scope of installing a operating system is rather broad and open
ended. If people after installing Vista immediately start getting
moronic UAC nag screens I would wager a good many of them may conclude
something happened that corrupted the install or that they missed a
step. If you're too big a primadona to want to help may I humbly
suggest you simply try real hard to find the willpower to simply skip
over such posts since they bother you so. You can try harder to be a
good little boy can't you Chad?
 
Back
Top