K
Kevin Arthur
Is there any way to create exceptions in the UAC for programs that you
trust? Or will there be in RC1?
trust? Or will there be in RC1?
J
Jimmy Brush
Hello,
Unfortunately there will be no way to do this for Windows Vista.
The reason is because the operating system does not know the difference
between YOU starting a program and a program starting a program.
If you allow a certain program, for example the command prompt, to always
run "as administrator", a malware program would be able to start a command
prompt without your permission and use that command prompt to do things that
you don't want it to do, such as format your hard drive.
Unfortunately there will be no way to do this for Windows Vista.
The reason is because the operating system does not know the difference
between YOU starting a program and a program starting a program.
If you allow a certain program, for example the command prompt, to always
run "as administrator", a malware program would be able to start a command
prompt without your permission and use that command prompt to do things that
you don't want it to do, such as format your hard drive.
D
dotcom
That's too logical Jimmy...cut it out!
dotcom
dotcom
S
Scott
Jimmy Brush said:
It's too bad there's no SUID option in Vista. It works quite nicely in
Linux.
Microsoft gets it wrong, yet again.
--
Scott http://angrykeyboarder.com
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on Usenet?
J
Jimmy Brush
Actually, SUID is a major security concern when used improperly and has been
the source of many, many security breaches to linux systems. Most linux apps
nowadays do the same thing that MS enforces with UAC - running the program
as a "standard user" and elevating to "root" only when necessary.
The difference is MS doesn't need a poorly-implemented SUID to make this
work correctly - thus closing an avenue for potential privilege elevation.
the source of many, many security breaches to linux systems. Most linux apps
nowadays do the same thing that MS enforces with UAC - running the program
as a "standard user" and elevating to "root" only when necessary.
The difference is MS doesn't need a poorly-implemented SUID to make this
work correctly - thus closing an avenue for potential privilege elevation.
S
Scott
Jimmy said:
True but a few of them still need it. You do get a security warning
before installing though. And in most cases it's only a risk if your
computer is directly connected to the Internet with no Firewall (mine
isn't).
They seem to do a much better job of it though.
They need something. I shouldn't have to enter my administrator
password after logging in to Windows every time to run some programs
that require Administrator access. Perhaps it's the software and not
the OS that needs some tweaking?
Speaking of passwords.: The sudo command in Linux (and OS X I believe)
asks you to enter your own password and not thee root/administrator
password.
--
Scott http://angrykeyboarder.com
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on Usenet?
J
Jimmy Brush
They need something. I shouldn't have to enter my administrator
It sounds like you are running in a standard user account. This will always
prompt you to enter the password of an administrator when you run an
application that needs admin permissions.
This is a good idea; as a suggestion, if you are opening a program that
usually throws a lot of permissions dialogs, right-click that program and
click Run As Administrator - this will implicitly give any other action that
program does permission.
Otherwise, if you change your account type to administrator, you will see
behavior similar to OSX (based on what you have descibed). When logged in as
an administrator, programs run with limited rights, and you are asked to
click "continue" to authorize programs to have admin rights. You can change
this behavior using Local Security Settings in Administrative Tools to
always ask you to enter your password instead of just being able to click
continue, and this should exactly mimick OSX behavior.
It sounds like you are running in a standard user account. This will always
prompt you to enter the password of an administrator when you run an
application that needs admin permissions.
This is a good idea; as a suggestion, if you are opening a program that
usually throws a lot of permissions dialogs, right-click that program and
click Run As Administrator - this will implicitly give any other action that
program does permission.
Otherwise, if you change your account type to administrator, you will see
behavior similar to OSX (based on what you have descibed). When logged in as
an administrator, programs run with limited rights, and you are asked to
click "continue" to authorize programs to have admin rights. You can change
this behavior using Local Security Settings in Administrative Tools to
always ask you to enter your password instead of just being able to click
continue, and this should exactly mimick OSX behavior.
J
Jimmy Brush
Most linux apps nowadays do the same thing that MS enforces with UAC -
I agree
.
The difference is, Linux apps have volunatarily done this to make the system
more secure.
In Windows, Microsoft has to drag software vendors kicking and screaming
into this new security model. This is the major pain point with UAC as is -
old/current apps don't play nice because they don't follow the rules.
I agree
.The difference is, Linux apps have volunatarily done this to make the system
more secure.
In Windows, Microsoft has to drag software vendors kicking and screaming
into this new security model. This is the major pain point with UAC as is -
old/current apps don't play nice because they don't follow the rules.
K
Kevin Arthur
These are all valid points, but it seems to me that the UAC should act more
like a firewall. I'm programming with JCreator, and whenever I re-compile,
I have to tell Vista it's ok to run the java compiler. It seems like I
should be able to disable UAC for this particular program, or at least only
have to approve it once in, say, a 30 minute period.
like a firewall. I'm programming with JCreator, and whenever I re-compile,
I have to tell Vista it's ok to run the java compiler. It seems like I
should be able to disable UAC for this particular program, or at least only
have to approve it once in, say, a 30 minute period.
J
Jimmy Brush
Why on earth does a java compiler need admin access to the computer?
I think once applications are written with UAC in mind you won't run into
these types of situations.
I think once applications are written with UAC in mind you won't run into
these types of situations.