Windows 7 Dev Team Blog
-
Hmmm...When you really think of it, it should not be possible right? I think it's mandatory to require admin for debug (attaching to process, stopping thread, step by step execution, etc.) I think you will agree!
In the end, we will remember not the words of our enemies, but the silence of our friends. - Martin Luther King Jr. Ernest Laurentin
If the goal is for developers to develop code that works in non-admin environments they must be able to do there job in non-admin environments. For every security hole you identify there are known solutions/work arounds. I am not advocating making the fix, I am just stating what should have been obvious.
Need software developed? Offering C# development all over the United States, ERL GLOBAL, Inc is the only call you will have to make.
Happiness in intelligent people is the rarest thing I know. -- Ernest Hemingway
Most of this sig is for Google, not ego. -
That's probably because you don't have to sudo unless you're installing something via the command line or using an admin tool.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001Um...and the difference is...? I never see a UAC prompt in Vista unless I'm a) running poorly written outdated software or b) doing something potentially dangerous using an admin tool. This is seriously ironic when people bitch that windows isn't as secure as linux then when similar security is enabled that is actually *easier* to deal with in windows people bitch that it's there in the first place as if the computer should be psychic or something and read their minds. When did society become such a bunch of crybabies or such absolutely insignificant things? I blame "the customer is always right" mentality that apparently some people have taken far too much to heart. The policy should be "the customer is often wrong but be polite when you tell them so".
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
-
MS don't care how many users turn UAC off. UAC is Microsoft's way of getting the point across to developers that you can't assume all users are admins. UAC has focused the attention of the software community into developing software that runs as non-admin. That was MS's goal. Future versions of UAC will be different. Possibly stricter, possible unable to be disabled, but it won't matter because by then, software writers will have taken heed and written software that doesn't require admin.
Simon
*Exactly* right. Unfortunately *to this very day* there are some very high level professional developers who haven't a clue how to write software to Microsofts security guidelines that have been in place since at least Windows 2000 era. What the bitchy developers here seem to be clueless about is that nothing has changed at all, it's just being enforced for the first time. I put in the effort to conform to Vista security with my own apps, it took me about a week to learn how to do it properly and implement it, it would have taken a day if Microsoft had bothered to document it properly in one place in a concise and practical format. At this point any developer still bitching about UAC or that their app doesn't work right under Vista is basically the equivalent of someone standing up in a crowd with a dunce cap on their head.
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
-
Have you ever tried to debug software as a non-admin, pita.
Need software developed? Offering C# development all over the United States, ERL GLOBAL, Inc is the only call you will have to make.
Happiness in intelligent people is the rarest thing I know. -- Ernest Hemingway
Most of this sig is for Google, not ego.Of course it's difficult, a virus or other piece of malware can do whatever you can do as a user. If you can break into programs and stop threads, so can a virus.
AxisFirst For Business
-
*Exactly* right. Unfortunately *to this very day* there are some very high level professional developers who haven't a clue how to write software to Microsofts security guidelines that have been in place since at least Windows 2000 era. What the bitchy developers here seem to be clueless about is that nothing has changed at all, it's just being enforced for the first time. I put in the effort to conform to Vista security with my own apps, it took me about a week to learn how to do it properly and implement it, it would have taken a day if Microsoft had bothered to document it properly in one place in a concise and practical format. At this point any developer still bitching about UAC or that their app doesn't work right under Vista is basically the equivalent of someone standing up in a crowd with a dunce cap on their head.
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
Totally agree.
AxisFirst For Business
-
blackjack2150 wrote:
In Ubuntu I have to provide password when I'm installing using the UI wizard, when I'm modifying video/network settings and many other. All this using the UI and not the terminal.
Normally it asks for the password once then performs the entire process without fail. It never asks for the password and then refuses for other reasons. As a concept UAC is fine, the RTM Vista implementation was flawed. SP1 is better but not quite there yet.
Mike Mullikin wrote:
As a concept UAC is fine, the RTM Vista implementation was flawed. SP1 is better but not quite there yet.
5. I agree completely.
-- Russell Morris Morbo: "WINDMILLS DO NOT WORK THAT WAY!"
-
blackjack2150 wrote:
In Ubuntu I have to provide password when I'm installing using the UI wizard, when I'm modifying video/network settings and many other. All this using the UI and not the terminal.
Normally it asks for the password once then performs the entire process without fail. It never asks for the password and then refuses for other reasons. As a concept UAC is fine, the RTM Vista implementation was flawed. SP1 is better but not quite there yet.
I've only had a UAC prompted action fail if the application itself fails to install. Fortunately, Vista is pretty good about cleaning up partial installations that fail. Flynn
-
Have you ever tried to debug software as a non-admin, pita.
Need software developed? Offering C# development all over the United States, ERL GLOBAL, Inc is the only call you will have to make.
Happiness in intelligent people is the rarest thing I know. -- Ernest Hemingway
Most of this sig is for Google, not ego.Ennis Ray Lynch, Jr. wrote:
Have you ever tried to debug software as a non-admin
Do you debug web apps? 'Cause I debug Windows apps (C++, C#) all the time as non-admin and VS works fine. [edit]Admittedly, I use Windows XP Pro, not Vista - does that make a difference?[/edit]
-
Ennis Ray Lynch, Jr. wrote:
Have you ever tried to debug software as a non-admin
Do you debug web apps? 'Cause I debug Windows apps (C++, C#) all the time as non-admin and VS works fine. [edit]Admittedly, I use Windows XP Pro, not Vista - does that make a difference?[/edit]
I think it is just 2000 that has the problem. To be honest my first task is always getting Admin on the local machine at a new assignment because I usually need to for something so I haven't had a chance to "check" the issue out in a LONG time.
Need software developed? Offering C# development all over the United States, ERL GLOBAL, Inc is the only call you will have to make.
Happiness in intelligent people is the rarest thing I know. -- Ernest Hemingway
Most of this sig is for Google, not ego. -
I think it is just 2000 that has the problem. To be honest my first task is always getting Admin on the local machine at a new assignment because I usually need to for something so I haven't had a chance to "check" the issue out in a LONG time.
Need software developed? Offering C# development all over the United States, ERL GLOBAL, Inc is the only call you will have to make.
Happiness in intelligent people is the rarest thing I know. -- Ernest Hemingway
Most of this sig is for Google, not ego.Not had trouble with Windows 2000 either - so long as you're a member of the Debuggers user group (something like that, anyway), same as XP Pro. Now that I think about it, XP Home DID require you to be admin, as it didn't have user groups and permissions and things, so you couldn't be a member of the debuggers user group.
-
*Exactly* right. Unfortunately *to this very day* there are some very high level professional developers who haven't a clue how to write software to Microsofts security guidelines that have been in place since at least Windows 2000 era. What the bitchy developers here seem to be clueless about is that nothing has changed at all, it's just being enforced for the first time. I put in the effort to conform to Vista security with my own apps, it took me about a week to learn how to do it properly and implement it, it would have taken a day if Microsoft had bothered to document it properly in one place in a concise and practical format. At this point any developer still bitching about UAC or that their app doesn't work right under Vista is basically the equivalent of someone standing up in a crowd with a dunce cap on their head.
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
Totally agree * 2
Mark Salsbery Microsoft MVP - Visual C++ :java:
-
I believe TaskbarShuffle only works on 32-bit Windows: that's one up for mine if you're running 64-bit :-D Nick
---------------------------------- Be excellent to each other :)
You're right. *bleh* That's the 1st piece of software I use on a daily basis that isn't x64 compatible.
Today's lesson is brought to you by the word "niggardly". Remember kids, don't attribute to racism what can be explained by Scandinavian language roots. -- Robert Royall
-
Um...and the difference is...? I never see a UAC prompt in Vista unless I'm a) running poorly written outdated software or b) doing something potentially dangerous using an admin tool. This is seriously ironic when people bitch that windows isn't as secure as linux then when similar security is enabled that is actually *easier* to deal with in windows people bitch that it's there in the first place as if the computer should be psychic or something and read their minds. When did society become such a bunch of crybabies or such absolutely insignificant things? I blame "the customer is always right" mentality that apparently some people have taken far too much to heart. The policy should be "the customer is often wrong but be polite when you tell them so".
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
People just want Windows to work like it always has, with the ability to spray files everywhere and edit anything, any time, anywhere. I've come from the other direction - I used to use (and still do use, at work) Windows XP as a standard user, using Run As or MakeMeAdmin (a batch file which wraps runas.exe, twice, to temporarily add your account to the Administrators group then remove it again) to elevate where necessary. It's a real pain in the backside and some apps - notably Explorer - can't be elevated because running another instance simply invokes the previous instance. From that perspective UAC is a huge step forward. Perhaps the same people have a different mindset with Linux - it's always behaved like that, so they're used to it. It may not be conscious at all.
"Multithreading is just one damn thing after, before, or simultaneous with another." - Andrei Alexandrescu
-
*Exactly* right. Unfortunately *to this very day* there are some very high level professional developers who haven't a clue how to write software to Microsofts security guidelines that have been in place since at least Windows 2000 era. What the bitchy developers here seem to be clueless about is that nothing has changed at all, it's just being enforced for the first time. I put in the effort to conform to Vista security with my own apps, it took me about a week to learn how to do it properly and implement it, it would have taken a day if Microsoft had bothered to document it properly in one place in a concise and practical format. At this point any developer still bitching about UAC or that their app doesn't work right under Vista is basically the equivalent of someone standing up in a crowd with a dunce cap on their head.
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
The voting would suggest that the Code Project community, at least that part that hangs out in the Lounge, is split into two camps that are getting farther and farther apart. So far today I've read my email, read some websites, downloaded and installed DVD Shrink, ripped a DVD that was making horrible buzzing noises in my DVD player (disc 3 of my Firefly box set), extracted the first two episodes from it and am now burning the resulting ISO to a blank DVD. I only saw one UAC prompt, when I installed DVD Shrink, which I was expecting. As I said in a different message, I still use XP at work, but I run as a standard user. I only run Visual Studio elevated when I want to register COM objects, or debug a service running under a different account. Windows' security model allows you to debug any process running under your account. The only thing I normally run elevated is our thin-client application server, which expects to be able to write to an INI file in the Windows folder when you change the configuration. I still managed to commit a few security violations in a recent project, which I only detected when testing on a clean machine, because the file I needed to access was (of course) under my working folder, so I had write access to it. The .NET library I was using hadn't specified what level of access it needed to the file, and .NET defaults to read/write (unlike Windows CreateFile, which defaults to nothing at all).
"Multithreading is just one damn thing after, before, or simultaneous with another." - Andrei Alexandrescu
-
The voting would suggest that the Code Project community, at least that part that hangs out in the Lounge, is split into two camps that are getting farther and farther apart. So far today I've read my email, read some websites, downloaded and installed DVD Shrink, ripped a DVD that was making horrible buzzing noises in my DVD player (disc 3 of my Firefly box set), extracted the first two episodes from it and am now burning the resulting ISO to a blank DVD. I only saw one UAC prompt, when I installed DVD Shrink, which I was expecting. As I said in a different message, I still use XP at work, but I run as a standard user. I only run Visual Studio elevated when I want to register COM objects, or debug a service running under a different account. Windows' security model allows you to debug any process running under your account. The only thing I normally run elevated is our thin-client application server, which expects to be able to write to an INI file in the Windows folder when you change the configuration. I still managed to commit a few security violations in a recent project, which I only detected when testing on a clean machine, because the file I needed to access was (of course) under my working folder, so I had write access to it. The .NET library I was using hadn't specified what level of access it needed to the file, and .NET defaults to read/write (unlike Windows CreateFile, which defaults to nothing at all).
"Multithreading is just one damn thing after, before, or simultaneous with another." - Andrei Alexandrescu
Mike Dimmick wrote:
The voting would suggest that the Code Project community, at least that part that hangs out in the Lounge, is split into two camps that are getting farther and farther apart.
The voting is meaningless bullshit.
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
