Linked by Thom Holwerda on Fri 11th Apr 2008 21:47 UTC
Windows User Account Control is easily one of the most hated features of Windows Vista, according to readers. The seemingly endless stream of UAC pop-ups, asking you to confirm this action or that action, just get in the way (and aren't particularly zippy, given the screen redraw). Others don't mind UAC, but there's no doubt it's a controversial 'feature' of the OS. At the RSA 2008 confab in San Francisco, Microsoft admitted that UAC was designed, in fact, to annoy. Microsoft's David Cross came out and said so: "The reason we put UAC into the platform was to annoy users. I'm serious," said Cross. Cross had more to say than just that: Microsoft is going to put more emphasis on whitelisting.
Order by: Score:
ideas for future Vista versions
by ari-free on Fri 11th Apr 2008 21:55 UTC
ari-free
Member since:
2007-01-22

"Hi Billy Mays here for Windows Vista! Am I annoying? Am I annoying?"
"Vista! Apply directly to the forehead! Vista! Apply directly to the forehead! Vista!"
"Here's Bob! Bob is doing well! Very well indeed... That's because not long ago, he heard of Vista, the once-a-day OS for natural male enhancement"

Reply Score: 4

RE: ideas for future Vista versions
by Frobozz on Fri 11th Apr 2008 22:51 UTC in reply to "ideas for future Vista versions"
Frobozz Member since:
2005-12-04

"HI THERE. MY NAME IS VISTA AND I HAVE A PROPOSITION TO OFFER YOU 250 MILLION DOLLARS. BUT BECAUSE OF FINANCIAL ISSUES, I NEED 400 DOLLARS IN ORDER TO ACCESS THE 250 MILLION. SEND ME THAT AMOUNT AND HALF IS YOURS!"

Reply Score: 2

first thing to be turned off
by netean on Fri 11th Apr 2008 21:59 UTC
netean
Member since:
2006-01-08

First thing to be changed in Vista when I install it. (came preinstalled, but I've still had to re-install it twice since then!)

I love the way it warns you with a dialog box that it's going to request UAC.. then requests UAC.

Trying to move Start menu items around is just amazing.
Prompt - going to show you the uac dialog
prompt - uac dialog
prompt - move or copy
prompt - are you sure/ overwrite?


UAC is to vista what the fecking paperclip was to Office... a PITA and counter productive

so counter productive that you HAVE to disable it in order to be anything useful, thereby negating it's purpose... bit like banks who give you so much "security information" to remember you end up having to write it down somewhere - thus negative the point of security in the first place.

Reply Score: 12

RE: first thing to be turned off
by sonic2000gr on Fri 11th Apr 2008 22:13 UTC in reply to "first thing to be turned off"
sonic2000gr Member since:
2007-05-20

I love the way it warns you with a dialog box that it's going to request UAC.. then requests UAC.


:) Yes I love these UAC "pre-warnings" myself. They way UAC is meant to work effectively is like this:

- Create a standard user account. NON administrative. Give it a password if you wish (optional).

- Create a password for the administrators account

- Use the standard account for doing all your everyday work.

- While working with the standard account, if administrator access is required, Vista is usually smart enough to request (via UAC) for privilege elevation asking at the same time for the PASSWORD you assigned to the administrative account. This makes a lot more sense, and gives you a moment to think what you are about to do rather than clicking an OK button like a monkey ;)

IMHO, this should have been the default behavior. MS is probably getting there - they are just preparing the way with Vista. Probably Seven will have this much more sane system.

Reply Score: 16

hobgoblin Member since:
2005-07-06

people are to darn used to setting up admin accounts on windows. one had to to get anything done in xp or 2k...

at least for anything related to non-office use where the user is the admin...

Edited 2008-04-12 00:05 UTC

Reply Score: 6

google_ninja Member since:
2006-02-05

That is absolutely the way to do it, but here are two "additions" ;-)

On win 2k8, the Administrator account has no UAC prompts at all. This makes sense, because if you are logged in as administrator, you damn well be knowing what you are doing and why you are doing it. This app http://www.tweakuac.com/ will squelch the grey overlay prompts for administrative users, while not touching the elevation prompts for normal users.

Second tip is something I got used to in Linux a long time ago, change your admin account background to something like a bright orange/red. This helps to remind you where you are, and to do what you gotta do then get out again. I also turn off aero for the admin account on vista for the same reason.

Reply Score: 2

RE: first thing to be turned off
by Googol on Sat 12th Apr 2008 08:45 UTC in reply to "first thing to be turned off"
Googol Member since:
2006-11-24

You must be doing something wrong, all of you. I have Vista on a system for over a year now and I don't see UAC often. In fact 90% of the time is when I update definitions for Spybot. I just checked for you how many apps I am running: 54.

What's with arranging icons/entries..? Do you do it on a daily basis? There are people who seem to be tinkering with their wall paper, icons, etc.. all day long. Also, some people had to re-install XP all the time and I guess it is those people who have to reinstall Vista all the time.
Btw, I am a self-declared Vista hater here, but I think you guys have a serious UAC condition ;)

Reply Score: 6

RE[2]: first thing to be turned off
by gustl on Sat 12th Apr 2008 20:24 UTC in reply to "RE: first thing to be turned off"
gustl Member since:
2006-01-19

I did not know until today, that Vista is THAT bad. I have zero experience with Vista, and always thought that it now has a clean seperation between users and admin, similar to the UNIX-like systems.

For example, if I wanted to move the START button or change the desktop background, this is an action which only affects one user, naturally admin rights are not required.

I can understand that some 3rd party software might constantly ask for privilege escalation if implemented uncleanly, but that Vista itself is inconsistent is something I did not expect.
Although I have the same order of buttons in the task bar and the same desktop background for years, I would be annoyed by this unnecessary behaviour.
Especially as it does not enhance the security, since something that constantly cries "wolf" all the time tends to get ignored after a while.

Reply Score: 3

UAC proved..
by Square on Fri 11th Apr 2008 22:32 UTC
Square
Member since:
2005-10-01

UAC Proved that people don't care that much about security and would rather run as admin.

My Only complaint about UAC is the secure desktop effect (how the screen goes black and can only interact with the dialog box) It just causes too many problems, from getting in the way of what you want to do to crashing video and games when it pops up.

Secure desktop can be disabled keeping UAC mostly intact but it requires a registry edit on home versions of windows. really needs to be an option in the control panel.

the reg key if anyone cares is PromptOnSecureDesktop (change to 0 to disable) located at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\Syste­m

Reply Score: 3

RE: UAC proved..
by linumax on Fri 11th Apr 2008 23:44 UTC in reply to "UAC proved.."
linumax Member since:
2007-02-07

I think it secures the desktop so that no other program can choose Allow for you, which kinda makes sense.
(I might be wrong though!)

OTOH, on MacOSX since you are entering the password and not just clicking a button, that behavior is not required.

Reply Score: 6

RE[2]: UAC proved..
by PlatformAgnostic on Sat 12th Apr 2008 17:04 UTC in reply to "RE: UAC proved.."
PlatformAgnostic Member since:
2006-01-02

It's also done for the opposite reason: so that no program can read data entered into the UAC Consent password box. I don't know anything about the OS X input/windowing architecture, so maybe this ability for one app to read/write to the windows tree of another app is not something Apple has to worry about.

Reply Score: 3

Not so bad
by Angel Blue01 on Fri 11th Apr 2008 22:47 UTC
Angel Blue01
Member since:
2006-11-01

Sure its going to be annoying... how else are you going to pay attention?

I leave it on, its about as annoying as the root prompt in Linux, if you don't go in there and change admin stuff every hour. I don't see much to complain about, except that it comes up too often on simple tasks -deleting machine-wide program group should only prompt once.

Reply Score: 7

RE: Not so bad
by AndyM103 on Fri 11th Apr 2008 22:59 UTC in reply to "Not so bad"
AndyM103 Member since:
2008-03-18

The thing with Linux asking for the root password is that it's actually secure. Vista is, to be honest, somewhat less secure than Linux.

Reply Score: 5

RE[2]: Not so bad
by Bending Unit on Sat 12th Apr 2008 10:26 UTC in reply to "RE: Not so bad"
Bending Unit Member since:
2005-07-06

How?

Reply Score: 1

RE[3]: Not so bad
by SlackerJack on Sat 12th Apr 2008 10:38 UTC in reply to "RE[2]: Not so bad"
SlackerJack Member since:
2005-11-12

If a hacker was to get into your machine as your user then all they need to do is do what the user does. I can do what I like on my wifes Vista machine.

If a hacker did the same thing on Linux they still would need your root(sudo) password(my wife can't do what she likes on my machine). This also goes for local security as well.

Reply Score: 5

RE[4]: Not so bad
by iain.dalton on Sat 12th Apr 2008 16:02 UTC in reply to "RE[3]: Not so bad"
iain.dalton Member since:
2006-02-28

Sounds like your wife has an administrator account on the Vista box. Try giving her a less-privileged account.

Reply Score: 2

RE[4]: Not so bad
by Michael on Sat 12th Apr 2008 20:44 UTC in reply to "RE[3]: Not so bad"
Michael Member since:
2005-07-01

That's not necessarily true. Linux is a kernel not an OS. I'll keep saying that 'til people listen.

In Ubuntu, for example, you only need the user's password. And in some configurations of sudo, once you've entered the password you can sudo freely for fifteen minutes or more before it's needed again.

Exactly how exploitable these facts are is debatable. But a system is only as secure as it's sysadmin makes it, and most home desktops don't really have a sysadmin. The Linux distros don't always take this fact into account.

Reply Score: 3

RE[5]: Not so bad - hear hear
by jabbotts on Sat 12th Apr 2008 21:27 UTC in reply to "RE[4]: Not so bad"
jabbotts Member since:
2007-09-06

Linux is only the kernel. oh how i'd love too see people recognize the individuality of disto instead of one commodity part.

Reply Score: 2

RE[5]: Not so bad
by siride on Sun 13th Apr 2008 00:41 UTC in reply to "RE[4]: Not so bad"
siride Member since:
2006-01-02

Except you missed the part that when people say "Linux" they mean "Linux Distribution". You aren't proving anything here except that you are a very annoying pedant, like so many "Linux is a kernel" and "GNU/Linux" dorks. It's really annoying. Please stop. Do something useful instead.

Reply Score: 5

RE[6]: Not so bad
by Michael on Sun 13th Apr 2008 01:09 UTC in reply to "RE[5]: Not so bad"
Michael Member since:
2005-07-01

Er, no. How sudo is set up varies between distributions. Therefore, when you say "In Linux sudo does...", it really does matter which Linux distro you're referring to. Type "man sudoers" for more information.

People often say "Linux" when saying things which are true for all or most distros. That's fine. But Linux supporters often apply all the good qualities from the various different distros into one imaginary Super Distro and call this "Linux". Whereas Windows, Mac OSX, Solaris, FreeBSD, et al each stand and fall on their own merits, "Linux" shifts in definition according to argumentative convenience.

This is far from always true. People who know what they're talking about (of whom there are many at OSNews) know when to make the distinction.


By the way, replacing "Linux" with "Linux Distribution" wouldn't make any sense. Replacing it with a specific distro is exactly what I'm saying he should have done. In this case, what he said was false for one of the most popular desktop distributions.

But you are right about one thing. I am pedantic.

Reply Score: 2

RE[7]: Not so bad
by siride on Sun 13th Apr 2008 15:01 UTC in reply to "RE[6]: Not so bad"
siride Member since:
2006-01-02

I'm really sorry that people aren't 100% exact and precise in their speech every second of the day.

Did you know that Linux as a kernel actually refers to multiple versions and releases, which may vary in functionality in bugs? Why can't people just say "Linux kernel 2.6.25-fedora-build-3075.34-i686"?

Some people are ridiculous...

Reply Score: 2

RE[6]: Not so bad
by jabbotts on Sun 13th Apr 2008 16:23 UTC in reply to "RE[5]: Not so bad"
jabbotts Member since:
2007-09-06

it was a short two line agreement with the previous person so I'm not really seeing what your issue is since I didn't drone on and one.

However, since you couldn't leave well enough alone and let a pleasent agrement in passing be just that:

"Linux" meaning the whole OS and greater Linux based OS ecosystem leads to people ignoring the differences between distrobutions; you know.. the actual usable OS including user space. Someone see's one bad distribution and think that anything based on the Linux kernel must be crap because some obscure "Linux" they saw once was crap.

There is also the "but there's too much choice, it scares users so" crap. "Linux" meaning everything is very overwelming. It confuses a very simple thing. By focusing on different distributions instead of "Linux" there is less confusion. They all use the Linux kernel but Debian != Red Hat != Mandriva != Ubuntu. They are seporate distributions and have seporate personality attributes.

Recognizing that "Linux" is only a commodity part and instead focusing on the different distributions that happen to use Linux at there core does not premote confusion and seek to scare away anyone who may be interested. Sure, the elitist pricks loose out on seeing that look of dread and confusion on noob's faces but they can always feel special using LFS or whatever gives them a "better than you" feeling.

While it was a pleasent agreement in passing that could have simply been left at that. The unspoken points behind it are well known to all those anoying "Linux is a kernel" people. There are very good reasons for clarifying and focusing on distribution brands instead of a small part of the greater system.

So, no, I will not keep quiet. I will continue to agree with people publicly. I will continue to do it pleasently in passing except for where someone such as yourself needs a long winded clarification.

On a website dedicated to OS geeks, I don't see that being all that out of place. Even if pundit's such as yourself dislike it.

Other than that, have a great day. I know I will.

Reply Score: 3

RE[2]: Not so bad
by gustl on Sat 12th Apr 2008 20:34 UTC in reply to "RE: Not so bad"
gustl Member since:
2006-01-19

I would not call Vista per se less secure than Linux, as security is not inherently given in an operating system, it is a PROCESS. And Microsoft has gotten much better at providing patches during the last few years of contantly being beaten up by the crackers.

But one thing is for sure: The ratio of annoyance vs. system security is still MUCH better at all of the UNIX-like systems than with Windows.

Reply Score: 2

RE: Not so bad
by leos on Sat 12th Apr 2008 04:38 UTC in reply to "Not so bad"
leos Member since:
2005-09-21

I leave it on, its about as annoying as the root prompt in Linux, if you don't go in there and change admin stuff every hour.


No, it's much more annoying. And here's why: In linux, I need to enter my root pwd if I install software. That's it. I don't ever see it otherwise.

In vista, I see it all the time, for several reasons. Firstly, software installation and updating is decentralized, so whenever some random crappy app is updated, it has to pop up the UAC prompt. So just from software installs and updates alone, the UAC prompts are far more common than on Linux.
Then there's prompts for completely random actions that I don't even understand what you need it for. Screw around in the start menu? UAC prompt. Go into the performance monitor? UAC.

They tried to bolt on security far too late, and it's going to be really difficult to make it less annoying now. Just the fact that each app on windows has its own updating check means that you will always have far more UAC prompts on Windows than on Linux.

Edited 2008-04-12 04:39 UTC

Reply Score: 11

RE[2]: Not so bad
by PlatformAgnostic on Sat 12th Apr 2008 17:13 UTC in reply to "RE: Not so bad"
PlatformAgnostic Member since:
2006-01-02

Screwing around with the Start Menu engenders UAC prompts because large parts of the start menu are stored on a system-wide basis. I did a thought experiment about how one would implement this on a per-user basis with a shared system view, but I couldn't think of anything great because you'd have to merge any changes to the global start menu groups into a potentially changed set of per-use groups. I just tend to use the start menu search feature and igore the particulars of my start menu's organization.

On the reliability and perf monitor, I think it should require admin access because the program needs information about the specific Disk, CPU, and Network activity of everything on the system. Allowing untrusted users to see this information would be classiied as an Information Disclosure Vulnerability.

Reply Score: 2

RE[3]: Not so bad
by gustl on Sat 12th Apr 2008 20:56 UTC in reply to "RE[2]: Not so bad"
gustl Member since:
2006-01-19

I did a thought experiment about how one would implement this on a per-user basis with a shared system view, but I couldn't think of anything great ...


Well, how about how the Linux desktops do it (Gnome as well as KDE). They are TWO different desktops and manage to have the same menu entries no matter if you log into a Gnome session or a KDE session.
Additionally there are system-wide setings for the Start menu (changeable by root) and user-specific changes to that system-wide settings.

Therefore, when root installs a new program, the entry is made to the system-wide settings, and as no modification entry is in the user-specific setting, the new program is displayed.
It is very easy and works well. The same is done with mime-type settings (which kind of file to be opened with which application).

On the reliability and perf monitor, I think it should require admin access because the program needs information about the specific Disk, CPU, and Network activity of everything on the system. Allowing untrusted users to see this information would be classiied as an Information Disclosure Vulnerability.


Quite the opposite is the reality. In the company I work for we calculate stresses and safety factors of engine parts with FiniteElement software. We need to know which machine is under which load when we start another number-crunching job. Needing admin rights just to get the information is ridiculus. I agree that priority enhancing ones process or priority changes to an other users process require admin rights, but not for getting information. Security by obscurity does not work, so why even try that approach. If the system becomes insecure when somebody finds out about it's load, network, memory and disk status, it's security is not worth much.

Reply Score: 6

RE[4]: Not so bad
by PlatformAgnostic on Mon 14th Apr 2008 06:44 UTC in reply to "RE[3]: Not so bad"
PlatformAgnostic Member since:
2006-01-02

I agree that there are some reasonable scenarios where you'd want someone who's non-admin to be able to access performance statistics. Thus there exist two built-in groups on my Vista Business installation: "Performance Log Users" and "Performance Monitor Users." I haven't tested those myself, but based on their names and description strings I believe that these groups give you what you want: the ability to grant non-admin users the right to view perf data for the whole machine.

Reply Score: 2

RE[3]: Not so bad
by bnolsen on Sun 13th Apr 2008 15:00 UTC in reply to "RE[2]: Not so bad"
bnolsen Member since:
2006-01-06

Thanks for describing some few of the severe system design and implementation faults Microsoft has had for more than 10 years.

Explaining why isn't an excuse. They should have just fixed this crap years ago.

Reply Score: 2

RE[4]: Not so bad
by PlatformAgnostic on Mon 14th Apr 2008 06:49 UTC in reply to "RE[3]: Not so bad"
PlatformAgnostic Member since:
2006-01-02

First of all, I don't exactly see what you consider to be a flaw (or how you'd design it differently). Second, I don't see your implementation of a time machine that I could use to fix flaws 10 years ago before apps took reasonable dependencies on whatever design decision you're complaining about.

Reply Score: 2

RE[3]: Not so bad
by google_ninja on Sun 13th Apr 2008 21:00 UTC in reply to "RE[2]: Not so bad"
google_ninja Member since:
2006-02-05

On the reliability and perf monitor, I think it should require admin access because the program needs information about the specific Disk, CPU, and Network activity of everything on the system. Allowing untrusted users to see this information would be classiied as an Information Disclosure Vulnerability.


On Vista Business, maybe, on Server 2k8, definately. But Vista Home/Ultimate?

Reply Score: 2

RE[4]: Not so bad
by PlatformAgnostic on Mon 14th Apr 2008 06:55 UTC in reply to "RE[3]: Not so bad"
PlatformAgnostic Member since:
2006-01-02

If you want to grant people that right, there are ways (see my earlier response).

On the Home vs. Business distinction, I think it's general practice to keep the SKUs of an OS as similar in shared configuration as possible so that it's clear what should happen when you move from one SKU to the other (like through Windows Anytime Upgrade).

Maybe the people who own that MMC snap-in will make some tweaks to make it accessible securely to less-privileged users, but that was apparently not a priority so far (it's far more important to have something which you can later tweak given the feedback of the first version than to not have that thing at all).

Reply Score: 2

RE: Not so bad
by SlackerJack on Sat 12th Apr 2008 07:14 UTC in reply to "Not so bad"
SlackerJack Member since:
2005-11-12

The difference with Linux is that you get to know your password prompts and work by them, switching XP users or upgraders get annoyed with it because their not used to it.

Fact is Windows should have done this from day one and learn their users to use passwords for admin stuff, it's really that simple. If you learn something from the outset it really becomes a process like everything else but Microsoft like to nanny their users with popups rather than teach them.

Edited 2008-04-12 07:16 UTC

Reply Score: 3

RE[2]: Not so bad
by Doc Pain on Sat 12th Apr 2008 12:29 UTC in reply to "RE: Not so bad"
Doc Pain Member since:
2006-10-08

Fact is Windows should have done this from day one and learn their users to use passwords for admin stuff, it's really that simple. If you learn something from the outset it really becomes a process like everything else but Microsoft like to nanny their users with popups rather than teach them.


I hope it does not sound impolite, but... users don't care to learn anything. Furthermore, passwords are too complicated, you need to learn / know them (or at least look them up from the sticker placed beneath the mouse pad). Security is another concept no average user seems to be interested in. Clicking OK buttons does not provoke any intellegence based examination with a certain circumstance, it just starts a kind of "automated mechanism" - clicking the button - to continue what has been intended anyway. And I think the guys at MICROS~1 know about this habit. But I cannot imagine why they didn't get rid of something nobody wants (said UAC) and turned it into something that simply annoys the users...

Reply Score: 3

Better than nothing
by dimosd on Fri 11th Apr 2008 23:25 UTC
dimosd
Member since:
2006-02-10

I don't know if it's the best implementation, but I prefer UAC/limited account than Administrator/I dare you to hack my machine

UAC is at the bottom of the list of my Vista complaints

Reply Score: 15

Design
by blitze on Fri 11th Apr 2008 23:35 UTC
blitze
Member since:
2006-09-15

Of course UAC was going to be annoying. Geez people, most folks using a computer haven't a clue and have been reared on the school of being able to do anything on their systems without thinking of the consequence.

UAC isn't designed for techies, it's designed for them. The ones who need constant reminding that although they can do the following system operation on thier OS, there are consequences that need to be thought of when doing it.

I'd prefer UAC than the current spate of XP spam bots that exist. Turn it off if you want but don't come winging to us when your system gets pwnd by malicious code. For the corporate world there is the sane approach where User accounts can have all UAC requests elevated to Admins. Without passwords this makes it a crap load easier for keeping the system safe from user stuff ups. Same in OS-X and Linux.

Reply Score: 4

RE: Design
by elektrik on Sat 12th Apr 2008 06:39 UTC in reply to "Design"
elektrik Member since:
2006-04-18

UAC isn't designed for techies, it's designed for them. The ones who need constant reminding that although they can do the following system operation on thier OS, there are consequences that need to be thought of when doing it.


Erm...that's a great theory, except UAC doesn't pop up a message saying "are you sure you want to do this? These are the consequences..." It merely annoys with a somewhat generic pop up...

I'd prefer UAC than the current spate of XP spam bots that exist. Turn it off if you want but don't come winging to us when your system gets pwnd by malicious code. For the corporate world there is the sane approach where User accounts can have all UAC requests elevated to Admins. Without passwords this makes it a crap load easier for keeping the system safe from user stuff ups. Same in OS-X and Linux.


...here's hoping you're not a system admin somewhere, because if you believe that your system isn't going to be "pwnd" because of UAC being turned on (which has already proven to be easily turned off), you're clearly mistaken

Reply Score: 2

RE[2]: Design
by blitze on Sun 13th Apr 2008 00:38 UTC in reply to "RE: Design"
blitze Member since:
2006-09-15

If I was to admin outside of the home environment I would be utilising user accounts and admin accounts with the systems users being just that, users.

Biggest problem with UAC is that many apps still require installing in Program Files (x86) which MS seamed to require Admin access. If you change the install path to another area with User Security privileges, then UAC will not bug you as much. Vista will also not bug you as much (at least not so annoyingly) if you restrict the main User Account and setup an Admin Account. Why it doesn't install this way as default, god only knows why.

Maybe the miraculeous Windows 7 will fix all as so many seem to be hoping for (that or Linux really does gain traction). Still, when it comes to everyday computing and user experience, Linux and Windows are on the same level of being a right PITA.

Reply Score: 2

RE: Design
by mabhatter on Mon 14th Apr 2008 17:37 UTC in reply to "Design"
mabhatter Member since:
2005-07-17

Exactly, the real purpose of UAC is to get PROGRAMMERS to stop writing programs with sloppy security and just telling you to "run as admin" to make it go away. Mac and Linux have always been that way so programmers write safely so as not to annoy the user. Windows programmers basically refused to update from the Win98 days of do whatever for far too long.

Reply Score: 1

Try This...
by tomcat on Sat 12th Apr 2008 00:08 UTC
tomcat
Member since:
2006-01-06

There's an easy way for experienced users to enable/disable UAC on the fly (without rebooting):

Tweak-UAC
http://www.pcworld.com/downloads/file/fid,67530-order,1-page,1/desc...

Reply Score: 3

UAC vs. sudo
by johnnysaucepn on Sat 12th Apr 2008 00:18 UTC
johnnysaucepn
Member since:
2006-08-22

The problem is not that UAC stops you from doing things you didn't intend, it's that it stops things happening that you did intend, because it thinks that maybe something else requested it.

It's the user interface equivalent of 'Are you talking to me?'

Reply Score: 6

......
by islander on Sat 12th Apr 2008 02:50 UTC
islander
Member since:
2007-04-11

They did the job right because it did annoy the hell out of me when I used Vista!

Its not a good all across the board solution I think and somehow could have been graded towards the logged in user's technical ability maybe from something like a MMC snap in.

Reply Score: 3

UAC prevents remote login exploits
by rakamaka on Sat 12th Apr 2008 05:52 UTC
rakamaka
Member since:
2005-08-12

I am not expert but its main advantage is preventing manupilation on your system by hacker after remote login. Thats why even if hacker gets full admin access (which is possible) he cant do anything without physical presence in front of desktop....
BTW isnt it same as su login? and many modern distros event dont allow root login to begin with. So each time i have to install something i have to go through su route...

Reply Score: 4

Doc Pain Member since:
2006-10-08

I am not expert but its main advantage is preventing manupilation on your system by hacker after remote login. Thats why even if hacker gets full admin access (which is possible) he cant do anything without physical presence in front of desktop....


I think that's an aspect of a growing tendency: Disabling or bypassing means of security to increase individual feelings of comfortability. Please get me right: I don't think it's a good solution to disable UAC, but it should have been implemented more... appealing? It seems that most users of "Vista" get annoyed by the way authorisation requests are performed. So maybe a better selection of where it is needed / recommended and where not would have been welcome.

Spoken by a "Windows" layman: UAC's ability to prevent the system from remote login exploits would be present if UAC wouldn't look at local interventions, wouldn't it? So it would be less annoying to the user?

BTW isnt it same as su login? and many modern distros event dont allow root login to begin with. So each time i have to install something i have to go through su route...


Most Linux distributions come with an application called sudo. It temporary elevates user previleges in order to perform an operation. If sudo is setup correctly, no root password is needed. Any sudo operations are logged. Users who are not present in the sudo database cannot use sudo, so they cannot destroy anything outside their home directory. The su command is mostly used by root to "mulate" an ordinary user; su means "substitute identity". The "plain" BSDs have a more strict concept. Here, it's neccessary for a user to be in a special group in order to do security related tasks (with possibilities for fine differentiations of what can be done - inclusion in different groups, e. g. wheel, operator, mount, dialer enables or disables special abilities, such as mounting media, connecting to network or accessing system files or interfaces). Performing operations does not only include installation of applications, but modification of system files, too. So a sudo-enabled user account with no password would be as dangerous a a password-free root login (if it's allowed). While sudo performs the previlege elevation just for one commmand, su leaves you in administrator mode as long as you wish. To prevent the nasty habit to do everything as root (NB: Comfortablilty feelings!), many distributions do not allow direct root logins or can be configured to do so.

Examples from the UNIX / Linux world:

Ordinary user installs an application system-wide (without password):
% sudo pkg_add -r nmap
% _

Ordinary user removes does stupid things (with password):
% su -
Password:
# rm /etc/fstab
# rm -rf /home/*
# exit
% _

The means of su and sudo, as well as UAC, don't replace a good system administration layout. :-)

Reply Score: 4

Robocoastie Member since:
2005-09-15

I agree. UAC comes up so often in Vista simply because people are still running XP programs which store individual data in the "admin" area instead of userland. Vista is almost completely unusable when run in user mode because of this.

Reply Score: 2

I don't really mind UAC
by Gone fishing on Sat 12th Apr 2008 06:57 UTC
Gone fishing
Member since:
2006-02-22

Personally I don't really mind UAC – it's certainly better than the no security in XP, if it's annoying this is only a mild irritation compared with Vista's:

slowness
horrible overly wizard driven interface
slowness
running out of memory when opening a small spread sheet etc.
slowness
failure for the mouse to wake up after resume
slowness
The on-off-logout button
Failure to run common MS programs like MS office
Slowness
horrible blue screen
Horrific slowness when connecting to network shares / printers
and slowness

Reply Score: 9

disabled vista
by netpython on Sat 12th Apr 2008 09:27 UTC
netpython
Member since:
2005-07-06

I bought a HP 6820s laptop a week ago. I just erased Vista home premium and installed Ubuntu on it. works flawlessly

Reply Score: 2

Th real security
by WyldStylist on Sat 12th Apr 2008 11:22 UTC
WyldStylist
Member since:
2006-12-30

The real security would be being prompted to what services/programs to install at the start of the installation Win95 had that i dont see xp or vista having it.
Having an installed 90 mb xp would prove more secure than a 1 gb xp same goes for vista.
But Vista cant run my favourite win32 programs so i rather switch to reactos if i definitly gotta switch OS some day.

Reply Score: 1

RE: Th real security
by DrillSgt on Sun 13th Apr 2008 06:25 UTC in reply to "Th real security"
DrillSgt Member since:
2005-12-02

"But Vista cant run my favourite win32 programs so i rather switch to reactos if i definitly gotta switch OS some day."

Which programs by any chance? I have yet to find a program that does not run under Vista that ran under XP. I have "read" about that happening, but have not seen one myself. Please expound on it...

Reply Score: 3

RE[2]: Th real security
by sbergman27 on Sun 13th Apr 2008 11:47 UTC in reply to "RE: Th real security"
sbergman27 Member since:
2005-07-24

Nomachine NX Client consistently locks up after 1 - 2 minutes of use under Vista. Works fine on XP and Linux. That's the only Windows app my customers absolutely require. And it doesn't work with Vista.

Reply Score: 3

RE[3]: Th real security
by DrillSgt on Sun 13th Apr 2008 18:10 UTC in reply to "RE[2]: Th real security"
DrillSgt Member since:
2005-12-02

"Nomachine NX Client consistently locks up after 1 - 2 minutes of use under Vista."

Thanks for actually posting an app. That is something I don't use so would not see. I would report that to the software vendor, since Vista is claimed to be supported under version 3.2. Granted that was just released April 8 though, so you may not have had time to know that yet.

Reply Score: 2

modding
by SlackerJack on Sat 12th Apr 2008 11:54 UTC
SlackerJack
Member since:
2005-11-12

Who's modding down comments like this?, modding up someone who basically said the same 8 times +. You silly people.

Reply Score: 0

succes
by gfx1 on Sat 12th Apr 2008 12:39 UTC
gfx1
Member since:
2006-01-20

Well I must admit, it really did annoy me.

After turning it of, together with windows defender, auto updater, file search, file indexer and some other annoying services it almost is usable

Reply Score: 1

security isn't all that important
by netean on Sat 12th Apr 2008 13:24 UTC
netean
Member since:
2006-01-08

to the average user, they don't care. Sure they dont' want to get virii and spyware and malware etc, but for most people this doesn't happen as they have firewalls, anti-virus and anti-spy/malware. UAC doesn't remove the need for these, and for most people, just doesn't seem to do anything except annoy people.

Myself, I have my user account (like most ppl it's the only account on my machine) - I'm set up as an administrator and I've turned UAC...

I've NEVER ever been infeced by a virus. and I don't know anyone that has. Do we really need UAC at all?

Reply Score: 1

hollovoid Member since:
2005-09-21

Niether have I, or any of my friends, but you have to remember, we probably know alot more about what we are doing than most people out there.. I never get viruses, but the people who own the computers I work on, nearly always do, because they click on anything that occupies time. where as someone like you and me, may research for whats the best trusted program/activity to occupy our time.. example...

I wanna play online poker, and that banner on my favorite warez site that im downloading porn from is waving it right in my face. Click. virus

whereas we.. would be downloading only the finest pr0n and hitting up the legit sites... or ... something like that..

people wont be bothered to do anything reasonably intelligent, because thier computer is suppost to be intelligent for them. and it probably wont change ever, so software developers will keep trying to dummy up things as much as they can to protect the user from him/herself. It hurts us geeks, but we are a minority in the buying market, and they know we could figure out how to disable it anyways.

Its a painful process to go through, but for the sake of joe.user we will suffer. But... lets hope they keep failing, because I sure do looove making insane amounts of money doing something I love because someone else cant be bothered.. I know enough not visit sites that are mischevous, close my firewall up, shut down unsafe services, but them not knowing pays oh so well.

Reply Score: 3

Doc Pain Member since:
2006-10-08

people wont be bothered to do anything reasonably intelligent, because thier computer is suppost to be intelligent for them. and it probably wont change ever, [...]


You're frightening me! :-)

[...] so software developers will keep trying to dummy up things as much as they can to protect the user from him/herself.


But then, why doesn't it work? Why is more than 90% of the email amount travelling the Internet just spam? Why are home PCs so often compromized and then working as storage points for illegal file sharing software?

Please get me right: I'd say it's okay to annoy the people you've described above if it would help to protect the Internet and its users from crap like viruses, trojans and spam.

But... lets hope they keep failing, because I sure do looove making insane amounts of money doing something I love because someone else cant be bothered.. I know enough not visit sites that are mischevous, close my firewall up, shut down unsafe services, but them not knowing pays oh so well.


Hehe. :-)

Reply Score: 3

Vista Was Designed to Annoy You
by MysterMask on Sat 12th Apr 2008 15:21 UTC
MysterMask
Member since:
2005-07-12

.. i thought so

Reply Score: 2

diskinetic Member since:
2005-12-09

NOW let's see people say that Microsoft can't engineer what they set out to engineer.

Reply Score: 2

rakamaka
Member since:
2005-08-12

So called user friendly linux distros(eg u**) have disabled root logins. Fine. It improves security. Then I enter sudo or su in "Terminal Window" and then install software from terminal???? This is completely opposite of user friendly gui based linux.
And on KDE many times entering su or sudo from terminal window, never allows to install programs from GUI or use file manager as super user..
that is also as annoying as UAC to install programs from Terminal in modern distros...

Reply Score: 2

Doc Pain Member since:
2006-10-08

Then I enter sudo or su in "Terminal Window" and then install software from terminal???? This is completely opposite of user friendly gui based linux.


I think you're wrong here. Maybe you didn't know this - I'm not assuming that you posted in order to spread nonsense - but most modern Linux distributions feature an application installation subsystem, including tools to install, remove and update programs. It's common to include a GUI frontend here which helps you to find, automatically download and then install the application you want. There's no need to "get hands dirty" in a terminal window except you're intending to do something very special, for example, apply patches to a program and generate it from source. But as you surely will agree, that's not what average Linux users are doing.

And on KDE many times entering su or sudo from terminal window, never allows to install programs from GUI or use file manager as super user..


I think that's what kdesu is intended to, and, as far as I know, KDE's Konqueror is able to be switched into root mode. But please check this yourself or ask for a confirmation. I'm no KDE user so I can't tell for sure. Of course, using a terminal window is not involved here, except you're choosing to do "strange" stuff like this:

% su -
Password:
# setenv DISPLAY :0.0
# konqueror &
# exit
% exit

But as I mentioned before, that's not what average Linux users are doing. Many advanced Linux users will agree that the example I gave looks quite strange. But please, check KDE's abilities and use the recommended means.

that is also as annoying as UAC to install programs from Terminal in modern distros...


Then stop trying to install applications using the terminal window and use the recommended tools. Yes, it is that easy.

Reply Score: 6

gustl Member since:
2006-01-19

User friendly linux distros like Suse, Fedora, *buntu and many others do indeed disable root logins, mostly because many converts who come from the Windows world think that in order to have a well working system, one simply NEEDS to log in as root.

Debian, for example allows root login into KDE.

But administrating these first mentioned userfriendly distros is not the same as UAC in Windows.

With Mandriva for example you have a very god system management application, when you start it as a user, you get asked the password ONCE, and then can create/modify partitions, install/uninstall software, set up a http/ftp/smb/ssh server and many other stuff. It is not even remotely as annoying as UAC seems to be.

Reply Score: 3

WereCatf Member since:
2006-02-15

So called user friendly linux distros(eg u**) have disabled root logins. Fine. It improves security. Then I enter sudo or su in "Terminal Window" and then install software from terminal???? This is completely opposite of user friendly gui based linux.

I just have to wonder what distro have you been using :O The distro I use (Mandriva) does have this thing to install and/or remove software, and it is fully GUI based. I CAN drop to terminal and install apps from there if I wish but this far I haven't done so at all.

Reply Score: 3

Tobias?
by maydaytx on Sat 12th Apr 2008 16:08 UTC
maydaytx
Member since:
2006-04-17

David Cross? I didn't know he worked for Microsoft!

http://en.wikipedia.org/wiki/David_Cross

Reply Score: 1

RE: Tobias?
by ssa2204 on Sat 12th Apr 2008 18:42 UTC in reply to "Tobias?"
ssa2204 Member since:
2006-04-22

David Cross? I didn't know he worked for Microsoft!

http://en.wikipedia.org/wiki/David_Cross


Lol..he had one of the funniest stand up acts I have ever seen, a clip here - http://youtube.com/watch?v=jrvtHYCP-LM

Best thing about it, this is an actual book you can get. So with that, I hope you all have a good pu*** day

Reply Score: 2

Legacy problem.
by siki_miki on Sat 12th Apr 2008 16:27 UTC
siki_miki
Member since:
2006-01-17

I don't really envy Microsoft on the administrator_vs_unpriviledged_user issue. They had been pushing systems running by default with administrator priviledges for decades and with Vista they funally realized it's thing of a past.

Unfortunately, dozens of apps were using stuff they shouldn't so they designed UAC to force vendors to cooperate, while still mantainig backwars compatibility. Unfortunately it was to be carried otu by user, which of course started to complain (and also damage the reputation of a whole OS).

But at least it was step into the right direction, it's still better to ask the user than to allow a program to mess with the system by default.

Unix was at least built with the priviledge isolation from the beginning, so apps were never designed to have root level access to the system. Howevers problems turned out, and are still happening with SELinux, where various root-priviledge programs are/were not fully adjusted to limitations (or selinux policies were not accurate). Btw. UAC-style interface for Linux exists, it's PolicyKit.

Reply Score: 3

wannabe geek
Member since:
2006-09-27

The Bitfrost security model from the OLPC does not need any kind of passwords. Instead, it is assumed that the person with physical access to the laptop is its owner (other measures are taken against robbery) and the system makes sure that malware can't forge physical access. And the fact that you are running a program does *not* mean is has the same rights as you have as a user, in this system.

http://cups.cs.cmu.edu/soups/2007/proceedings/p132_krstic.pdf

Reply Score: 4

v LOL
by linuxdude on Sat 12th Apr 2008 18:03 UTC
RE: LOL
by Frobozz on Sun 13th Apr 2008 01:02 UTC in reply to "LOL"
Frobozz Member since:
2005-12-04

I have wasted a lot of my productive time of my life fixing windows (virus, spyware, annoying updates) and getting it to just work.

Fixing it for yourself or others? Because for my own systems (those that still have Windows as opposed to Linux or OS X), I just install the free version of Grisoft's antivirus package and Spybot. I find that with those two running the only virus I get is if I do something stupid (like the time I got Netsky from an email attachment I knew was infected but wanted to test my setup).

As for repairing other systems for people, strangely I find that a number of people in the area are well versed in how to protect their system. Its gotten to the point I haven't repaired a system overtaken with viruses in over a year or so. And most of those users have Windows XP without UAC.

Reply Score: 1

Well, They succeeded then
by alban on Sat 12th Apr 2008 19:18 UTC
alban
Member since:
2005-11-15

If they set out to be annoying then it worked - congratulations team.
Like most people I do not mind a box appearing asking me to confirm some action, I do mind the way that the entire user interface is suspended complete with sluggish and pointless visual effects whenever this happens.
Its like 'roll up, roll up for the windows security show'
Maybe they should have added in a drumroll sound and an animated 'security clown' to complete the effect.
Still it is a definite improvement on the previous 'download and run it without even telling you' approach to malware.

Reply Score: 3

Just a Vista comment
by weterings on Sat 12th Apr 2008 23:49 UTC
weterings
Member since:
2008-04-12

Well, hasn't the whole of Vista been designed to annoy you?!

Reply Score: 2

not necessary
by backdoc on Sun 13th Apr 2008 02:51 UTC
backdoc
Member since:
2006-01-14

They didn't have to go to that much trouble to annoy me.

Reply Score: 4

LOL
by mind!dagger on Sun 13th Apr 2008 04:50 UTC
mind!dagger
Member since:
2007-06-26

You get what you pay for. In this case, an expensive POS that was designed to annoy you by Bill and his team of marketing billionaires.

Reply Score: 3

UAC means?
by Invalid User on Sun 13th Apr 2008 16:32 UTC
Invalid User
Member since:
2008-04-13

UAC => Useless Annoying Crap!

Reply Score: 2

If my math is correct
by Touvan on Sun 13th Apr 2008 18:23 UTC
Touvan
Member since:
2006-09-01

If my math is correct, Microsoft designed this to annoy users, then provided a business program that will allow developers to pay a fee, which will let them bypass the annoyance for their signed apps.

In Ubuntu, the app will either fail if gksudo is not invoked, or is canceled (or whatever), or will install in the user directory, and you either avoid all manner of popups, or get only one that you can't simply yes to death (and is easy to dismiss, and usually still get what you want). OSX seems to work in a similar unintrusive way.

I often wondered why MS didn't simply emulate what had worked for damn near everyone else, so well, for so long. Well, now we know - they wanted another revenue stream.

It's crap like this, why I switched to Linux (Ubuntu ATM), and will not go back.

Reply Score: 2

UAC?
by matthekc on Sun 13th Apr 2008 22:38 UTC
matthekc
Member since:
2006-10-28

I have not seen the uac yet but when I went to radio shack I was able to pull up msconfig and leave the system looking like windows 2000. What does uac tell in terms of what services a program is trying to access.

Reply Score: 1

Vista limits productivity & wastes time
by Dolphie on Sun 13th Apr 2008 23:11 UTC
Dolphie
Member since:
2008-04-13

The Computer is supposed to be a tool one utilizes in order to achieve a goal - be that goal gaming, business application oriented, artistic, email, etc.

A person does not need to know how to work on a car to drive a car, they do not need to know how to work on an airplane to fly and they do not need to know how to work on a television in order to watch a program. So why do the elitists, microsofties, et al, insist that the enduser know all about the services running on their system? Technical information that is not really relevant to their goal - which is to use a tool to achieve a goal.

The original concept behind the windows style operating system was that one could install applications and hardware with minimal driver conflict issues. (those who have worked in Dos or pre-dos remember how cryptic running applications and installing new components was pre-windows).
Windows promised to make the process more efficient - thus we put up with the middle man software (frustrating though it was trying to figure out if the problem was the component, the application or windows once that additional layer was applied).

To make the operating system annoying is not only against the basic foundational concept of Windows it is not a good business acumen. To frustrate customers is not the best strategy to take unless one wishes to push the customers away to another market. Why do the elitists insist that a simple tool become a complicated process?

Why don't we just skip out on Windows and go back to Dos like applications so that we do not have to worry about the inefficient, whiney middle man micro-managing our systems?

One of the pleasures of working with a PC vs an Apple is that the PC has been, until Vista, less annoying and more flexible - due to the windows vs mac o/s's. If you take that away from the enduser - they have no reason to remain with Windows, they can just move entirely away from windows and go with an operating system that gives warm fuzzies in its limitations.

The UAC is a dumbing down and irrating aspect of Vista. It does not teach - it wastes time, evokes fear of being hacked or ruining the computer, is frustrating and is irritating. Even when disabled it instills fear in many users with its incessant nags.

It is apparent their are quite a few Microsofties on this forum. Instead of blindly pushing your agenda - why not look at what the consumer has to say? If you want people to buy your product - make it more appealing rather than less appealing.

If you want to run yourself out of business - continue in the arrogant, elitist, authoritarian manner with which you are treating your customers. Continue making your product more time consuming, more expensive and more annoying.

Reply Score: 2

yes, but...
by StychoKiller on Mon 14th Apr 2008 15:37 UTC
StychoKiller
Member since:
2005-09-20

This does not explain why Windows has been annoying since Windows 95!

Reply Score: 2