UAC: Don't be part of the problem
-
Programit wrote:
Microsofts BIG security fix for windows - Annoy the users and blame the developers!
You're insane. Users running as non-admins is a big security boon. And MS is not blaming the developers -- Ian Griffiths does not work for Microsoft. But he's right nonetheless; devs should be building software that runs on non-admin accounts.
Programit wrote:
Linux can, Apple can
Both of those operating systems run users in non-admin mode. UAC is a way to help users and developers ween off the admin mode that's been prevalent for the last 10 years on Windows.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: A Torah-observer's answers to Christianity The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
UAC, in its implimintation, IS the biggest security vulnerability because it endlessly pops up useless messages, that 90% of end users ignore! Just hit okay and continue! - No one takes any notice, its just an annoyance that people who know how to, just turn off! IF microsoft was ever to get serious about security, then simply lock out the admin access to general users. Bad luck that 95% of all software won't run. Developers would soon then rewrite software to be secure and compatable because they'd have to if they stick with MS. In a couple of years Windows could then be a semi secure system. - It'll never happen! MS won't do this because it would mean they didn't make countless billions off insecure software. Linux and apple got it right, microsoft won't. "Vista - the WOE starts now!"
-
Hey this computer belongs to ME! If I want to run all kinds of stuff at any friggen privilege level I want to then that is MY RIGHT. I am getting pretty alienated with M'soft forgetting that fact, and thinking the whole darn thing belongs to them and the friggen OS. Perfect example: I left my w/s running last night as I was late getting out of the office. When I came in today, windows update decided it just "HAD" to reboot my w/s .... My Gawd! Os-es-interruptus is getting too much in the way.... What I want is an application shipped from m'soft to protect me from *them* more than I'm worried about a program I purchased and *want* to use running at some so-called "admin level." This appliance is supposed to be a tool from which I benefit by use of, not some extension of some over hardened security dink that thinks they have any right to determine what I should allowed to do with MY GEAR without needing some "special permission" to do so....Come on, don't be so quick to buy the m'soft party line on this stuff.....They have lost their way....The more power ballman gets, the worse that company gets.....
Just trying to keep the forces of entropy at bay
I fully agree with you. Since Microsofts started using malware and virus type intervention with updates hiding programs and their "genuine advantage" fiasco marking 6 of 18 work machines as non-genuine, I have ALL automatic updates turned off on all computers. I then select the ones I want, if any, have a lot less issues. We removed Vista from all new business machines and loaded XP (and a couple of Ubuntus-hooray!) and have no problems now! My Personal machine runs full admin in vista (Hidden admin account[^]) I have a lot of compatability issues - but thats Vista in general - but no security problems. (I still run XP 95% of the time - it works and is far better for development.)
-
Yes, the OS is interrupting. Reason? Software that you and me write is doing potentially dangerous things when it doesn't need to be. The point? Write software that doesn't require admin privileges. It's safer for users to run as non-admins; so let's not continue the unfortunate habit of writing software the requires admin privileges when it doesn't really need it. Honestly, it's not that hard.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: A Torah-observer's answers to Christianity The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
You missed my point....the point is: That 99.999% of the users don't care for all this hogwash. They just want the darned thing to work, and to do what they want it to do....all these goofy messages only "alarm the user" and these notices are terroristic in nature; they just freak the user out and don't help a ding-dang thing.....And what in the world is a "potentially dangerous" thing? For goodness sake, the pc is not a freaking explosive device. If an app I write crashes, because it can't do what it wants, then that is that, but "dangerous" gads! I don't buy it....this is just another attempt at the monopolistic empire that m'soft has become to garner more control....it echoes the worst of the modern facism.....as in: "Hey if we can't convince them with facts, then we'll resort to fear...." What is hard is to keep the world a sensible place....I mean, I don't run the friggen world bank on my pc; so who cares if I want to run at admin level? Now I can't even directly twiddle bits on the parallel port anymore because m'soft doesn't trust me to talk to the hardware without writing a bazillion lines of code? the whole industry has gotten jacked by large corporate and govt interests, they are the only ones that care about all this security nonsense.....most folks just want to have fun; but I'll wager in the near future there will be a message box from the OS that says: "Warning you are about to enjoy your PC again. Continue? [yes] [no] [abort] " I think it is getting high time for some embedded programming again, where my code is in control of every register, can access anything in the hardware it wants to and is as "dangerous" as I want it to be .... phhhhhhhttt
Just trying to keep the forces of entropy at bay
-
I fully agree with you. Since Microsofts started using malware and virus type intervention with updates hiding programs and their "genuine advantage" fiasco marking 6 of 18 work machines as non-genuine, I have ALL automatic updates turned off on all computers. I then select the ones I want, if any, have a lot less issues. We removed Vista from all new business machines and loaded XP (and a couple of Ubuntus-hooray!) and have no problems now! My Personal machine runs full admin in vista (Hidden admin account[^]) I have a lot of compatability issues - but thats Vista in general - but no security problems. (I still run XP 95% of the time - it works and is far better for development.)
Glad to know I am not alone here.....My theory: Auto Update is a crafty and insidious mechanism that is designed to slowly trash the OS you have all the way to the point that you have to buy a new one just to get all the cruft out of the way ....as in: let's just keep futzing with the files there until the whole thing is a snarl, then they'll have to get a new one just so that the stuff that used to work before we started 'fixing it' will work again....
Just trying to keep the forces of entropy at bay
-
Hey this computer belongs to ME! If I want to run all kinds of stuff at any friggen privilege level I want to then that is MY RIGHT. I am getting pretty alienated with M'soft forgetting that fact, and thinking the whole darn thing belongs to them and the friggen OS. Perfect example: I left my w/s running last night as I was late getting out of the office. When I came in today, windows update decided it just "HAD" to reboot my w/s .... My Gawd! Os-es-interruptus is getting too much in the way.... What I want is an application shipped from m'soft to protect me from *them* more than I'm worried about a program I purchased and *want* to use running at some so-called "admin level." This appliance is supposed to be a tool from which I benefit by use of, not some extension of some over hardened security dink that thinks they have any right to determine what I should allowed to do with MY GEAR without needing some "special permission" to do so....Come on, don't be so quick to buy the m'soft party line on this stuff.....They have lost their way....The more power ballman gets, the worse that company gets.....
Just trying to keep the forces of entropy at bay
"Hey this computer belongs to ME! If I want to run all kinds of stuff at any friggen privilege level I want to then that is MY RIGHT." Truer words were never spoken, absolutely spot on mate. I'm sick and tired of Microsoft telling me what I can and can't do. I've spent a lot of time & money on MY computer, and Microsoft just want to put obstacles (and UAC is just one big annoying obstacle) in my way. Enough. Guess what? Vista will suffer from malware and viruses and badly written software exactly as much as any other operating system on the planet (written by Microsoft). UAC doesn't solve anything, except to annoy experienced users and freak out inexperienced ones. Granted, there are SOME aspects of it which are good - but *only* the transparent parts. Anything that pops up several frigging dialogs every time I try and run a program will cause far more problems than it potentially solves.
-
UAC, in its implimintation, IS the biggest security vulnerability because it endlessly pops up useless messages, that 90% of end users ignore! Just hit okay and continue! - No one takes any notice, its just an annoyance that people who know how to, just turn off! IF microsoft was ever to get serious about security, then simply lock out the admin access to general users. Bad luck that 95% of all software won't run. Developers would soon then rewrite software to be secure and compatable because they'd have to if they stick with MS. In a couple of years Windows could then be a semi secure system. - It'll never happen! MS won't do this because it would mean they didn't make countless billions off insecure software. Linux and apple got it right, microsoft won't. "Vista - the WOE starts now!"
Programit wrote:
UAC, in its implimintation, IS the biggest security vulnerability because it endlessly pops up useless messages, that 90% of end users ignore!
That's a non-sequitur. Even if 90% of users ignore it, as you say, that's 10% better security than XP. But you're missing the point: developers will get feedback from their users/managers, "why the hell is your app asking for permission all the time?!" Developers will then make their software run without admin rights -- somethign we should already be doing. (That was the point of the article.) Thus, UAC will pop up less and less, and security will get better and better since fewer users will be running as admin.
Programit wrote:
Bad luck that 95% of all software won't run.
Exactly. UAC is forcing developers to change that.
Programit wrote:
In a couple of years Windows could then be a semi secure system. - It'll never happen!
You'd fit in at Slashdot perfectly.
Programit wrote:
MS won't do this because it would mean they didn't make countless billions off insecure software.
Insecure software costs MS billions. They've been sued over security vulnerabilities; they devout developer time and effort (which also costs money) into releasing security fixes for Windows, Office, and other MS software. If MS wasn't serious about fixing security, they would've let users continue running as admins. The only folks making money off of insecure software are the security vendors like Symantec and MacAfee.
Programit wrote:
Linux and apple got it right, microsoft won't. "Vista - the WOE starts now!"
:laugh: I haven't heard insane crap like that since I was an immature slashdotter anti-Microsoft, Linux fanboy, spelling Microsoft with a cash symbol. Ah, those were the days of ignorance and insanity. Thanks for the laugh.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Funny Love The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
-
You missed my point....the point is: That 99.999% of the users don't care for all this hogwash. They just want the darned thing to work, and to do what they want it to do....all these goofy messages only "alarm the user" and these notices are terroristic in nature; they just freak the user out and don't help a ding-dang thing.....And what in the world is a "potentially dangerous" thing? For goodness sake, the pc is not a freaking explosive device. If an app I write crashes, because it can't do what it wants, then that is that, but "dangerous" gads! I don't buy it....this is just another attempt at the monopolistic empire that m'soft has become to garner more control....it echoes the worst of the modern facism.....as in: "Hey if we can't convince them with facts, then we'll resort to fear...." What is hard is to keep the world a sensible place....I mean, I don't run the friggen world bank on my pc; so who cares if I want to run at admin level? Now I can't even directly twiddle bits on the parallel port anymore because m'soft doesn't trust me to talk to the hardware without writing a bazillion lines of code? the whole industry has gotten jacked by large corporate and govt interests, they are the only ones that care about all this security nonsense.....most folks just want to have fun; but I'll wager in the near future there will be a message box from the OS that says: "Warning you are about to enjoy your PC again. Continue? [yes] [no] [abort] " I think it is getting high time for some embedded programming again, where my code is in control of every register, can access anything in the hardware it wants to and is as "dangerous" as I want it to be .... phhhhhhhttt
Just trying to keep the forces of entropy at bay
RedZenBird wrote:
That 99.999% of the users don't care for all this hogwash.
They do care about spyware and viruses, which are propagated more easily when the user runs as admin.
RedZenBird wrote:
They just want the darned thing to work, and to do what they want it to do
Another purpose of UAC - now that developers realize they're writing software that requires admin rights, they'll change it. I can picture it now, "why is your program keep asking me for permission?!" The devs will turn around and fix that.
RedZenBird wrote:
And what in the world is a "potentially dangerous" thing?
Writing to protected locations like c:\windows. Trying to delete a system file. Writing to protected registry locations. These things are bad practices to begin with, but are dangerous because they can make the machine unstable.
RedZenBird wrote:
I don't buy it....this is just another attempt at the monopolistic empire that m'soft has become to garner more control
:laugh: You're on the wrong site: for insane, childish, anti-MS bunk, please go to this site[^].
RedZenBird wrote:
who cares if I want to run at admin level
Go ahead. The point of the article is not to "never run as admin", but rather, stop writing software that needlessly requires admin rights. It's bad for security. That said, you'd be insane to run as root on Mac and Unix-based OSes for the same reason you shouldn't run as admin on Windows.
RedZenBird wrote:
Now I can't even directly twiddle bits on the parallel port anymore because m'soft doesn't trust me to talk to the hardware without writing a bazillion lines of code?
:laugh: A bazillion? I've heard more convincing arguments from my 7 year old.
RedZenBird wrote:
the whole industry has gotten jacked by large corporate and govt interests
Thank you, Agent Mulder. Remember, don't give in to the conspiracy! The truth is out there! :~
RedZenBird wrote:
they are the only ones that care about all this security nonsense
I'd laug
-
Ian Griffiths tells it like it is[^]. Excellent article.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Torah Answers to Christian Questions The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
I've been living under a large rock (of Java) for a few years. However I read this thread (and the article referenced) and grasped some key concepts of security on Vista without pain. Glad I did, cheers. It would be sane to also lower the default access privileges in our real-world society - I can't believe most people are allowed to drive. Seriously, there's a big proportion who can't cope with roundabouts. Giving Joe Public an admin account is like arming kids with real weapons for a game of 'reality paintball Quake 2007'. In my mind, anyway. :-)
'All there really is, is: virute and vice' ...Black Crowes
-
I've been living under a large rock (of Java) for a few years. However I read this thread (and the article referenced) and grasped some key concepts of security on Vista without pain. Glad I did, cheers. It would be sane to also lower the default access privileges in our real-world society - I can't believe most people are allowed to drive. Seriously, there's a big proportion who can't cope with roundabouts. Giving Joe Public an admin account is like arming kids with real weapons for a game of 'reality paintball Quake 2007'. In my mind, anyway. :-)
'All there really is, is: virute and vice' ...Black Crowes
nilotic wrote:
I can't believe most people are allowed to drive. Seriously, there's a big proportion who can't cope with roundabouts.
:-D
nilotic wrote:
Giving Joe Public an admin account is like arming kids with real weapons for a game of 'reality paintball Quake 2007'.
Good analogy. A bit exaggerated maybe, but good picture.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Funny Love The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
-
Programit wrote:
UAC, in its implimintation, IS the biggest security vulnerability because it endlessly pops up useless messages, that 90% of end users ignore!
That's a non-sequitur. Even if 90% of users ignore it, as you say, that's 10% better security than XP. But you're missing the point: developers will get feedback from their users/managers, "why the hell is your app asking for permission all the time?!" Developers will then make their software run without admin rights -- somethign we should already be doing. (That was the point of the article.) Thus, UAC will pop up less and less, and security will get better and better since fewer users will be running as admin.
Programit wrote:
Bad luck that 95% of all software won't run.
Exactly. UAC is forcing developers to change that.
Programit wrote:
In a couple of years Windows could then be a semi secure system. - It'll never happen!
You'd fit in at Slashdot perfectly.
Programit wrote:
MS won't do this because it would mean they didn't make countless billions off insecure software.
Insecure software costs MS billions. They've been sued over security vulnerabilities; they devout developer time and effort (which also costs money) into releasing security fixes for Windows, Office, and other MS software. If MS wasn't serious about fixing security, they would've let users continue running as admins. The only folks making money off of insecure software are the security vendors like Symantec and MacAfee.
Programit wrote:
Linux and apple got it right, microsoft won't. "Vista - the WOE starts now!"
:laugh: I haven't heard insane crap like that since I was an immature slashdotter anti-Microsoft, Linux fanboy, spelling Microsoft with a cash symbol. Ah, those were the days of ignorance and insanity. Thanks for the laugh.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Funny Love The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
Your obviously a one eyed Microsoft devotee. (There is only one way, The Microsoft way! - YOU WILL COMPLY!) I forgot that Microsoft doesn't make any money from software such as Windows, OneCare security, software maintenance contracts, etc. They get all their money from selling cookies I presume. No reason to want people to upgrade continuously! Anyway Thanks for your comical and cynical view. (Very Mature!) Seriously though, here is a quote from Micro$oft! (Like the $ sign ;) ) Microsoft says "UAC is not for security. The User Account Control (UAC) feature in Windows Vista isn’t intended to set security boundaries, after all." "Because the boundaries defined by UAC and Protected Mode IE are designed to be porous, they can't really be considered security barriers" Microsoft themselves don't even treat UAC as a serious security feature. As far as developers are concerned then they must fall in line with Microsofts demands if they are to develop on Vista. End of story. (Malware authors can, so time for regular developers to take it on! ;))
-
Your obviously a one eyed Microsoft devotee. (There is only one way, The Microsoft way! - YOU WILL COMPLY!) I forgot that Microsoft doesn't make any money from software such as Windows, OneCare security, software maintenance contracts, etc. They get all their money from selling cookies I presume. No reason to want people to upgrade continuously! Anyway Thanks for your comical and cynical view. (Very Mature!) Seriously though, here is a quote from Micro$oft! (Like the $ sign ;) ) Microsoft says "UAC is not for security. The User Account Control (UAC) feature in Windows Vista isn’t intended to set security boundaries, after all." "Because the boundaries defined by UAC and Protected Mode IE are designed to be porous, they can't really be considered security barriers" Microsoft themselves don't even treat UAC as a serious security feature. As far as developers are concerned then they must fall in line with Microsofts demands if they are to develop on Vista. End of story. (Malware authors can, so time for regular developers to take it on! ;))
You didn't address a single point I made earlier. However, I don't blame you since it shines reality on your dark, anti-MS, slashdot-esque, childish rant of a nutjob conspiracy theorist who believes MS is taking over the world. :rolleyes: Your arguments hold no truths for working people who write software for Windows for a living. Maybe that doesn't fly in a Stallman-fanboy's, GPL'd, "M$ is teh evil" fantasy world, so feel free to leave the confines of reality and head back to Slashdot. ;) Or, if you prefer, stay here awhile and -- after some time and a little open-mindedness -- I bet you won't hold the same dark worldview as you spout so vehemently now.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: The Virginia Tech Shootings, Guns, and Politics The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
-
You didn't address a single point I made earlier. However, I don't blame you since it shines reality on your dark, anti-MS, slashdot-esque, childish rant of a nutjob conspiracy theorist who believes MS is taking over the world. :rolleyes: Your arguments hold no truths for working people who write software for Windows for a living. Maybe that doesn't fly in a Stallman-fanboy's, GPL'd, "M$ is teh evil" fantasy world, so feel free to leave the confines of reality and head back to Slashdot. ;) Or, if you prefer, stay here awhile and -- after some time and a little open-mindedness -- I bet you won't hold the same dark worldview as you spout so vehemently now.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: The Virginia Tech Shootings, Guns, and Politics The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
Judah Himango wrote:
You didn't address a single point I made earlier
Thats because you seem to want to greater effort in attacks against me because I don't agree with Microsoft than state a logical point. I think YOUR the one in a fantasy world.
Judah Himango wrote:
Your arguments hold no truths for working people who write software for Windows for a living.
People working in the REAL world of software development have to stick to budgets and time constraints and the end user does not give a rats about UAC and other Vista problems, they just want software to work. UAC IS a WORK AROUND that means that us REAL DEVELOPERS who don't have 100s of co workers and endless budgets, have to cope with. YES I AGREE WITH YOU - WE HAVE TO LEARN TO GET ON WITH UAC, but we shouldn't have to!
Even if 90% of users ignore it, as you say, that's 10% better security than XP.
WHat about the 90% allowing all these so called nasties in? Fatalities of war? My statements, comments and personal thoughts on UAC (and Vista in general) are based on reports from Microsoft, (Sorry Micro$oft), Synaptic, Numerous User groups, and personal info gain from ACTUALLY using it, programming and the feedback and dramas brought on by the company I work for. NOT because I'm some half-baked Microsoft loving, fan boy, who can't handle any criticism to the almighty GOD that IS MICROSOFT! Final comment - Open your eyes to the real world, and though it may be hard to admit, but Microsoft IS NOT perfect, and everything they do, IS NOT necessarily for the best for all users. No, there not the EVIL empire, but they are definitely not heaven! If your really concerned about security, run linux or OSX. (Professional non biased security personell state that Linux (and OSX) is far more secure.) Lastly - Get a life!
-
Judah Himango wrote:
You didn't address a single point I made earlier
Thats because you seem to want to greater effort in attacks against me because I don't agree with Microsoft than state a logical point. I think YOUR the one in a fantasy world.
Judah Himango wrote:
Your arguments hold no truths for working people who write software for Windows for a living.
People working in the REAL world of software development have to stick to budgets and time constraints and the end user does not give a rats about UAC and other Vista problems, they just want software to work. UAC IS a WORK AROUND that means that us REAL DEVELOPERS who don't have 100s of co workers and endless budgets, have to cope with. YES I AGREE WITH YOU - WE HAVE TO LEARN TO GET ON WITH UAC, but we shouldn't have to!
Even if 90% of users ignore it, as you say, that's 10% better security than XP.
WHat about the 90% allowing all these so called nasties in? Fatalities of war? My statements, comments and personal thoughts on UAC (and Vista in general) are based on reports from Microsoft, (Sorry Micro$oft), Synaptic, Numerous User groups, and personal info gain from ACTUALLY using it, programming and the feedback and dramas brought on by the company I work for. NOT because I'm some half-baked Microsoft loving, fan boy, who can't handle any criticism to the almighty GOD that IS MICROSOFT! Final comment - Open your eyes to the real world, and though it may be hard to admit, but Microsoft IS NOT perfect, and everything they do, IS NOT necessarily for the best for all users. No, there not the EVIL empire, but they are definitely not heaven! If your really concerned about security, run linux or OSX. (Professional non biased security personell state that Linux (and OSX) is far more secure.) Lastly - Get a life!
I apologize for attacking. I was in a bad mood and have long been sick of the childish, anti-MS bull crap spewed by Slashdot, Digg, et al. I come here for an escape from that childish nonsense. But I shouldn't take it out on you, so my apologies. Let's pretend UAC didn't exist in Vista. What happens? Lots of software breaks, because so much software expects it can be run as admin. Thus, the only real options for Vista were:
- There is no UAC and users as admins.
- UAC exists and users as non-admins.
The latter is what Vista chose, and I'm damn sure glad they did.
Programit wrote:
WHat about the 90%
That's inaccurate - you mentioned that only 10% of users won't just click the OK button. Even if it were true, it'd be a moot point; the real purpose of UAC is getting developers to stop writing software that requires an admin user.
Programit wrote:
If your really concerned about security, run linux or OSX.
Ahh....your real colors shine through at last. :) Have you ever considered one aspect to the better security those OSes enjoy is the fact that standard users do not run as root/admin? That is a boon for OSX and Linux distros -- they run as limited users, if you will, by default.
Programit wrote:
No, there not the EVIL empire, but they are definitely not heaven!
We agree. Of course, Apple, Red Hat, and others aren't heaven either. :)
Programit wrote:
YES I AGREE WITH YOU - WE HAVE TO LEARN TO GET ON WITH UAC, but we shouldn't have to!
Yes, see, we agree. In an ideal world, Windows software developers won't write software that requires admin privileges, just as it is on Linux and OSX. However, since we've been in this unfortunate habit for so long, all hell would break loose -- virtually all Windows software would break! -- if Vista made everyone standard users, but didn't build anything like UAC to allow it to work. UAC is a compatibility feature that lets a good security feature -- users as non-admins by default -- to work. So, technically speaking UAC isn't a security feature; it just lets a really great security feature exist. p.s. you're = you are; your = belonging to you. there = at that location; they're = they are.
Tech, life, family, fait
-
nilotic wrote:
I can't believe most people are allowed to drive. Seriously, there's a big proportion who can't cope with roundabouts.
:-D
nilotic wrote:
Giving Joe Public an admin account is like arming kids with real weapons for a game of 'reality paintball Quake 2007'.
Good analogy. A bit exaggerated maybe, but good picture.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Funny Love The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
Quote: "Your obviously a one eyed Microsoft devotee. (There is only one way, The Microsoft way! - YOU WILL COMPLY!)" To Paraphrase: "Resistance is futile. You will be assimilated." Fantasy Scenario; :-D An OS that lets you be both Admin and Selected User at the same time. Microsoft fading away until it is completely gone, taking it's little dog (OS's) with it. :laugh: