OSNews:

OSNews: http://www.osnews.com/story/19620/_Vista_s_UAC_Security_Prompt_Was_Designed_to_Annoy_You_ Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Thu, 09 Jul 2009 20:53:08 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com ideas for future Vista versions http://osnews.com/thread?309240 http://osnews.com/thread?309240 "Hi Billy Mays here for Windows Vista! Am I annoying? Am I annoying?"
"Vista! Apply directly to the forehead! Vista! Apply directly to the forehead! Vista!"
"Here's Bob! Bob is doing well! Very well indeed... That's because not long ago, he heard of Vista, the once-a-day OS for natural male enhancement" Fri, 11 Apr 2008 21:55:00 GMT donotreply@osnews.com (ari-free) Comments first thing to be turned off http://osnews.com/thread?309241 http://osnews.com/thread?309241 First thing to be changed in Vista when I install it. (came preinstalled, but I've still had to re-install it twice since then!)

I love the way it warns you with a dialog box that it's going to request UAC.. then requests UAC.

Trying to move Start menu items around is just amazing.
Prompt - going to show you the uac dialog
prompt - uac dialog
prompt - move or copy
prompt - are you sure/ overwrite?

UAC is to vista what the fecking paperclip was to Office... a PITA and counter productive

so counter productive that you HAVE to disable it in order to be anything useful, thereby negating it's purpose... bit like banks who give you so much "security information" to remember you end up having to write it down somewhere - thus negative the point of security in the first place. Fri, 11 Apr 2008 21:59:00 GMT donotreply@osnews.com (netean) Comments RE: first thing to be turned off http://osnews.com/thread?309242 http://osnews.com/thread?309242

I love the way it warns you with a dialog box that it's going to request UAC.. then requests UAC.

:) Yes I love these UAC "pre-warnings" myself. They way UAC is meant to work effectively is like this:

- Create a standard user account. NON administrative. Give it a password if you wish (optional).

- Create a password for the administrators account

- Use the standard account for doing all your everyday work.

- While working with the standard account, if administrator access is required, Vista is usually smart enough to request (via UAC) for privilege elevation asking at the same time for the PASSWORD you assigned to the administrative account. This makes a lot more sense, and gives you a moment to think what you are about to do rather than clicking an OK button like a monkey

IMHO, this should have been the default behavior. MS is probably getting there - they are just preparing the way with Vista. Probably Seven will have this much more sane system. Fri, 11 Apr 2008 22:13:00 GMT donotreply@osnews.com (sonic2000gr) Comments UAC proved.. http://osnews.com/thread?309244 http://osnews.com/thread?309244 UAC Proved that people don't care that much about security and would rather run as admin.

My Only complaint about UAC is the secure desktop effect (how the screen goes black and can only interact with the dialog box) It just causes too many problems, from getting in the way of what you want to do to crashing video and games when it pops up.

Secure desktop can be disabled keeping UAC mostly intact but it requires a registry edit on home versions of windows. really needs to be an option in the control panel.

the reg key if anyone cares is PromptOnSecureDesktop (change to 0 to disable) located at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ SysteÂm Fri, 11 Apr 2008 22:32:00 GMT donotreply@osnews.com (Square) Comments Not so bad http://osnews.com/thread?309247 http://osnews.com/thread?309247 Sure its going to be annoying... how else are you going to pay attention?

I leave it on, its about as annoying as the root prompt in Linux, if you don't go in there and change admin stuff every hour. I don't see much to complain about, except that it comes up too often on simple tasks -deleting machine-wide program group should only prompt once. Fri, 11 Apr 2008 22:47:00 GMT donotreply@osnews.com (Angel Blue01) Comments RE: ideas for future Vista versions http://osnews.com/thread?309249 http://osnews.com/thread?309249 "HI THERE. MY NAME IS VISTA AND I HAVE A PROPOSITION TO OFFER YOU 250 MILLION DOLLARS. BUT BECAUSE OF FINANCIAL ISSUES, I NEED 400 DOLLARS IN ORDER TO ACCESS THE 250 MILLION. SEND ME THAT AMOUNT AND HALF IS YOURS!" Fri, 11 Apr 2008 22:51:00 GMT donotreply@osnews.com (Frobozz) Comments RE: Not so bad http://osnews.com/thread?309251 http://osnews.com/thread?309251 The thing with Linux asking for the root password is that it's actually secure. Vista is, to be honest, somewhat less secure than Linux. Fri, 11 Apr 2008 22:59:00 GMT donotreply@osnews.com (AndyM103) Comments Better than nothing http://osnews.com/thread?309255 http://osnews.com/thread?309255 I don't know if it's the best implementation, but I prefer UAC/limited account than Administrator/I dare you to hack my machine

UAC is at the bottom of the list of my Vista complaints Fri, 11 Apr 2008 23:25:00 GMT donotreply@osnews.com (dimosd) Comments Design http://osnews.com/thread?309258 http://osnews.com/thread?309258 Of course UAC was going to be annoying. Geez people, most folks using a computer haven't a clue and have been reared on the school of being able to do anything on their systems without thinking of the consequence.

UAC isn't designed for techies, it's designed for them. The ones who need constant reminding that although they can do the following system operation on thier OS, there are consequences that need to be thought of when doing it.

I'd prefer UAC than the current spate of XP spam bots that exist. Turn it off if you want but don't come winging to us when your system gets pwnd by malicious code. For the corporate world there is the sane approach where User accounts can have all UAC requests elevated to Admins. Without passwords this makes it a crap load easier for keeping the system safe from user stuff ups. Same in OS-X and Linux. Fri, 11 Apr 2008 23:35:00 GMT donotreply@osnews.com (blitze) Comments RE: UAC proved.. http://osnews.com/thread?309260 http://osnews.com/thread?309260 I think it secures the desktop so that no other program can choose Allow for you, which kinda makes sense.
(I might be wrong though!)

OTOH, on MacOSX since you are entering the password and not just clicking a button, that behavior is not required. Fri, 11 Apr 2008 23:44:00 GMT donotreply@osnews.com (linumax) Comments RE[2]: first thing to be turned off http://osnews.com/thread?309262 http://osnews.com/thread?309262 people are to darn used to setting up admin accounts on windows. one had to to get anything done in xp or 2k...

at least for anything related to non-office use where the user is the admin...Edited 2008-04-12 00:05 UTC Sat, 12 Apr 2008 00:04:00 GMT donotreply@osnews.com (hobgoblin) Comments Try This... http://osnews.com/thread?309263 http://osnews.com/thread?309263 There's an easy way for experienced users to enable/disable UAC on the fly (without rebooting):

Tweak-UAC
http://www.pcworld.com/downloads/file/fid,67530-order,1-page,1/desc... Sat, 12 Apr 2008 00:08:00 GMT donotreply@osnews.com (tomcat) Comments UAC vs. sudo http://osnews.com/thread?309265 http://osnews.com/thread?309265 The problem is not that UAC stops you from doing things you didn't intend, it's that it stops things happening that you did intend, because it thinks that maybe something else requested it.

It's the user interface equivalent of 'Are you talking to me?' Sat, 12 Apr 2008 00:18:00 GMT donotreply@osnews.com (johnnysaucepn) Comments ...... http://osnews.com/thread?309267 http://osnews.com/thread?309267 They did the job right because it did annoy the hell out of me when I used Vista!

Its not a good all across the board solution I think and somehow could have been graded towards the logged in user's technical ability maybe from something like a MMC snap in. Sat, 12 Apr 2008 02:50:00 GMT donotreply@osnews.com (islander) Comments RE: Not so bad http://osnews.com/thread?309269 http://osnews.com/thread?309269

I leave it on, its about as annoying as the root prompt in Linux, if you don't go in there and change admin stuff every hour.

No, it's much more annoying. And here's why: In linux, I need to enter my root pwd if I install software. That's it. I don't ever see it otherwise.

In vista, I see it all the time, for several reasons. Firstly, software installation and updating is decentralized, so whenever some random crappy app is updated, it has to pop up the UAC prompt. So just from software installs and updates alone, the UAC prompts are far more common than on Linux.
Then there's prompts for completely random actions that I don't even understand what you need it for. Screw around in the start menu? UAC prompt. Go into the performance monitor? UAC.

They tried to bolt on security far too late, and it's going to be really difficult to make it less annoying now. Just the fact that each app on windows has its own updating check means that you will always have far more UAC prompts on Windows than on Linux.Edited 2008-04-12 04:39 UTC Sat, 12 Apr 2008 04:38:00 GMT donotreply@osnews.com (leos) Comments UAC prevents remote login exploits http://osnews.com/thread?309271 http://osnews.com/thread?309271 I am not expert but its main advantage is preventing manupilation on your system by hacker after remote login. Thats why even if hacker gets full admin access (which is possible) he cant do anything without physical presence in front of desktop....
BTW isnt it same as su login? and many modern distros event dont allow root login to begin with. So each time i have to install something i have to go through su route... Sat, 12 Apr 2008 05:52:00 GMT donotreply@osnews.com (rakamaka) Comments RE: Design http://osnews.com/thread?309273 http://osnews.com/thread?309273

UAC isn't designed for techies, it's designed for them. The ones who need constant reminding that although they can do the following system operation on thier OS, there are consequences that need to be thought of when doing it.

Erm...that's a great theory, except UAC doesn't pop up a message saying "are you sure you want to do this? These are the consequences..." It merely annoys with a somewhat generic pop up...

I'd prefer UAC than the current spate of XP spam bots that exist. Turn it off if you want but don't come winging to us when your system gets pwnd by malicious code. For the corporate world there is the sane approach where User accounts can have all UAC requests elevated to Admins. Without passwords this makes it a crap load easier for keeping the system safe from user stuff ups. Same in OS-X and Linux.

...here's hoping you're not a system admin somewhere, because if you believe that your system isn't going to be "pwnd" because of UAC being turned on (which has already proven to be easily turned off), you're clearly mistaken Sat, 12 Apr 2008 06:39:00 GMT donotreply@osnews.com (elektrik) Comments I don't really mind UAC http://osnews.com/thread?309277 http://osnews.com/thread?309277 Personally I don't really mind UAC â" it's certainly better than the no security in XP, if it's annoying this is only a mild irritation compared with Vista's:

slowness
horrible overly wizard driven interface
slowness
running out of memory when opening a small spread sheet etc.
slowness
failure for the mouse to wake up after resume
slowness
The on-off-logout button
Failure to run common MS programs like MS office
Slowness
horrible blue screen
Horrific slowness when connecting to network shares / printers
and slowness Sat, 12 Apr 2008 06:57:00 GMT donotreply@osnews.com (Gone fishing) Comments RE: Not so bad http://osnews.com/thread?309278 http://osnews.com/thread?309278 The difference with Linux is that you get to know your password prompts and work by them, switching XP users or upgraders get annoyed with it because their not used to it.

Fact is Windows should have done this from day one and learn their users to use passwords for admin stuff, it's really that simple. If you learn something from the outset it really becomes a process like everything else but Microsoft like to nanny their users with popups rather than teach them.Edited 2008-04-12 07:16 UTC Sat, 12 Apr 2008 07:14:00 GMT donotreply@osnews.com (SlackerJack) Comments RE: first thing to be turned off http://osnews.com/thread?309281 http://osnews.com/thread?309281 You must be doing something wrong, all of you. I have Vista on a system for over a year now and I don't see UAC often. In fact 90% of the time is when I update definitions for Spybot. I just checked for you how many apps I am running: 54.

What's with arranging icons/entries..? Do you do it on a daily basis? There are people who seem to be tinkering with their wall paper, icons, etc.. all day long. Also, some people had to re-install XP all the time and I guess it is those people who have to reinstall Vista all the time.
Btw, I am a self-declared Vista hater here, but I think you guys have a serious UAC condition

Sat, 12 Apr 2008 08:45:00 GMT donotreply@osnews.com (Googol) Comments disabled vista http://osnews.com/thread?309282 http://osnews.com/thread?309282 I bought a HP 6820s laptop a week ago. I just erased Vista home premium and installed Ubuntu on it. works flawlessly Sat, 12 Apr 2008 09:27:00 GMT donotreply@osnews.com (netpython) Comments RE[2]: Not so bad http://osnews.com/thread?309284 http://osnews.com/thread?309284 How? Sat, 12 Apr 2008 10:26:00 GMT donotreply@osnews.com (Bending Unit) Comments RE[3]: Not so bad http://osnews.com/thread?309285 http://osnews.com/thread?309285 If a hacker was to get into your machine as your user then all they need to do is do what the user does. I can do what I like on my wifes Vista machine.

If a hacker did the same thing on Linux they still would need your root(sudo) password(my wife can't do what she likes on my machine). This also goes for local security as well. Sat, 12 Apr 2008 10:38:00 GMT donotreply@osnews.com (SlackerJack) Comments Th real security http://osnews.com/thread?309290 http://osnews.com/thread?309290 The real security would be being prompted to what services/programs to install at the start of the installation Win95 had that i dont see xp or vista having it.
Having an installed 90 mb xp would prove more secure than a 1 gb xp same goes for vista.
But Vista cant run my favourite win32 programs so i rather switch to reactos if i definitly gotta switch OS some day. Sat, 12 Apr 2008 11:22:00 GMT donotreply@osnews.com (WyldStylist) Comments modding http://osnews.com/thread?309293 http://osnews.com/thread?309293 Who's modding down comments like this?, modding up someone who basically said the same 8 times +. You silly people. Sat, 12 Apr 2008 11:54:00 GMT donotreply@osnews.com (SlackerJack) Comments RE: UAC prevents remote login exploits http://osnews.com/thread?309294 http://osnews.com/thread?309294

I am not expert but its main advantage is preventing manupilation on your system by hacker after remote login. Thats why even if hacker gets full admin access (which is possible) he cant do anything without physical presence in front of desktop....

I think that's an aspect of a growing tendency: Disabling or bypassing means of security to increase individual feelings of comfortability. Please get me right: I don't think it's a good solution to disable UAC, but it should have been implemented more... appealing? It seems that most users of "Vista" get annoyed by the way authorisation requests are performed. So maybe a better selection of where it is needed / recommended and where not would have been welcome.

Spoken by a "Windows" layman: UAC's ability to prevent the system from remote login exploits would be present if UAC wouldn't look at local interventions, wouldn't it? So it would be less annoying to the user?

BTW isnt it same as su login? and many modern distros event dont allow root login to begin with. So each time i have to install something i have to go through su route...

Most Linux distributions come with an application called sudo. It temporary elevates user previleges in order to perform an operation. If sudo is setup correctly, no root password is needed. Any sudo operations are logged. Users who are not present in the sudo database cannot use sudo, so they cannot destroy anything outside their home directory. The su command is mostly used by root to "mulate" an ordinary user; su means "substitute identity". The "plain" BSDs have a more strict concept. Here, it's neccessary for a user to be in a special group in order to do security related tasks (with possibilities for fine differentiations of what can be done - inclusion in different groups, e. g. wheel, operator, mount, dialer enables or disables special abilities, such as mounting media, connecting to network or accessing system files or interfaces). Performing operations does not only include installation of applications, but modification of system files, too. So a sudo-enabled user account with no password would be as dangerous a a password-free root login (if it's allowed). While sudo performs the previlege elevation just for one commmand, su leaves you in administrator mode as long as you wish. To prevent the nasty habit to do everything as root (NB: Comfortablilty feelings!), many distributions do not allow direct root logins or can be configured to do so.

Examples from the UNIX / Linux world:

Ordinary user installs an application system-wide (without password):
% sudo pkg_add -r nmap
% _

Ordinary user removes does stupid things (with password):
% su -
Password:
# rm /etc/fstab
# rm -rf /home/*
# exit
% _

The means of su and sudo, as well as UAC, don't replace a good system administration layout. :-) Sat, 12 Apr 2008 12:00:00 GMT donotreply@osnews.com (Doc Pain) Comments RE[2]: Not so bad http://osnews.com/thread?309296 http://osnews.com/thread?309296

Fact is Windows should have done this from day one and learn their users to use passwords for admin stuff, it's really that simple. If you learn something from the outset it really becomes a process like everything else but Microsoft like to nanny their users with popups rather than teach them.

I hope it does not sound impolite, but... users don't care to learn anything. Furthermore, passwords are too complicated, you need to learn / know them (or at least look them up from the sticker placed beneath the mouse pad). Security is another concept no average user seems to be interested in. Clicking OK buttons does not provoke any intellegence based examination with a certain circumstance, it just starts a kind of "automated mechanism" - clicking the button - to continue what has been intended anyway. And I think the guys at MICROS~1 know about this habit. But I cannot imagine why they didn't get rid of something nobody wants (said UAC) and turned it into something that simply annoys the users... Sat, 12 Apr 2008 12:29:00 GMT donotreply@osnews.com (Doc Pain) Comments succes http://osnews.com/thread?309298 http://osnews.com/thread?309298 Well I must admit, it really did annoy me.

After turning it of, together with windows defender, auto updater, file search, file indexer and some other annoying services it almost is usable Sat, 12 Apr 2008 12:39:00 GMT donotreply@osnews.com (gfx1) Comments security isn't all that important http://osnews.com/thread?309303 http://osnews.com/thread?309303 to the average user, they don't care. Sure they dont' want to get virii and spyware and malware etc, but for most people this doesn't happen as they have firewalls, anti-virus and anti-spy/malware. UAC doesn't remove the need for these, and for most people, just doesn't seem to do anything except annoy people.

Myself, I have my user account (like most ppl it's the only account on my machine) - I'm set up as an administrator and I've turned UAC...

I've NEVER ever been infeced by a virus. and I don't know anyone that has. Do we really need UAC at all? Sat, 12 Apr 2008 13:24:00 GMT donotreply@osnews.com (netean) Comments RE[2]: UAC prevents remote login exploits http://osnews.com/thread?309304 http://osnews.com/thread?309304 I agree. UAC comes up so often in Vista simply because people are still running XP programs which store individual data in the "admin" area instead of userland. Vista is almost completely unusable when run in user mode because of this. Sat, 12 Apr 2008 13:26:00 GMT donotreply@osnews.com (Robocoastie) Comments RE: security isn't all that important http://osnews.com/thread?309306 http://osnews.com/thread?309306 Niether have I, or any of my friends, but you have to remember, we probably know alot more about what we are doing than most people out there.. I never get viruses, but the people who own the computers I work on, nearly always do, because they click on anything that occupies time. where as someone like you and me, may research for whats the best trusted program/activity to occupy our time.. example...

I wanna play online poker, and that banner on my favorite warez site that im downloading porn from is waving it right in my face. Click. virus

whereas we.. would be downloading only the finest pr0n and hitting up the legit sites... or ... something like that..

people wont be bothered to do anything reasonably intelligent, because thier computer is suppost to be intelligent for them. and it probably wont change ever, so software developers will keep trying to dummy up things as much as they can to protect the user from him/herself. It hurts us geeks, but we are a minority in the buying market, and they know we could figure out how to disable it anyways.

Its a painful process to go through, but for the sake of joe.user we will suffer. But... lets hope they keep failing, because I sure do looove making insane amounts of money doing something I love because someone else cant be bothered.. I know enough not visit sites that are mischevous, close my firewall up, shut down unsafe services, but them not knowing pays oh so well. Sat, 12 Apr 2008 14:25:00 GMT donotreply@osnews.com (hollovoid) Comments Vista Was Designed to Annoy You http://osnews.com/thread?309310 http://osnews.com/thread?309310 .. i thought so Sat, 12 Apr 2008 15:21:00 GMT donotreply@osnews.com (MysterMask) Comments su needs use of Terminal on GUI friendly linux?? http://osnews.com/thread?309311 http://osnews.com/thread?309311 So called user friendly linux distros(eg u**) have disabled root logins. Fine. It improves security. Then I enter sudo or su in "Terminal Window" and then install software from terminal???? This is completely opposite of user friendly gui based linux.
And on KDE many times entering su or sudo from terminal window, never allows to install programs from GUI or use file manager as super user..
that is also as annoying as UAC to install programs from Terminal in modern distros... Sat, 12 Apr 2008 15:37:00 GMT donotreply@osnews.com (rakamaka) Comments RE[4]: Not so bad http://osnews.com/thread?309312 http://osnews.com/thread?309312 Sounds like your wife has an administrator account on the Vista box. Try giving her a less-privileged account. Sat, 12 Apr 2008 16:02:00 GMT donotreply@osnews.com (iain.dalton) Comments Tobias? http://osnews.com/thread?309313 http://osnews.com/thread?309313 David Cross? I didn't know he worked for Microsoft!

http://en.wikipedia.org/wiki/David_Cross Sat, 12 Apr 2008 16:08:00 GMT donotreply@osnews.com (maydaytx) Comments Legacy problem. http://osnews.com/thread?309314 http://osnews.com/thread?309314 I don't really envy Microsoft on the administrator_vs_unpriviledged_user issue. They had been pushing systems running by default with administrator priviledges for decades and with Vista they funally realized it's thing of a past.

Unfortunately, dozens of apps were using stuff they shouldn't so they designed UAC to force vendors to cooperate, while still mantainig backwars compatibility. Unfortunately it was to be carried otu by user, which of course started to complain (and also damage the reputation of a whole OS).

But at least it was step into the right direction, it's still better to ask the user than to allow a program to mess with the system by default.

Unix was at least built with the priviledge isolation from the beginning, so apps were never designed to have root level access to the system. Howevers problems turned out, and are still happening with SELinux, where various root-priviledge programs are/were not fully adjusted to limitations (or selinux policies were not accurate). Btw. UAC-style interface for Linux exists, it's PolicyKit. Sat, 12 Apr 2008 16:27:00 GMT donotreply@osnews.com (siki_miki) Comments RE[2]: UAC proved.. http://osnews.com/thread?309318 http://osnews.com/thread?309318 It's also done for the opposite reason: so that no program can read data entered into the UAC Consent password box. I don't know anything about the OS X input/windowing architecture, so maybe this ability for one app to read/write to the windows tree of another app is not something Apple has to worry about. Sat, 12 Apr 2008 17:04:00 GMT donotreply@osnews.com (PlatformAgnostic) Comments RE[2]: Not so bad http://osnews.com/thread?309322 http://osnews.com/thread?309322 Screwing around with the Start Menu engenders UAC prompts because large parts of the start menu are stored on a system-wide basis. I did a thought experiment about how one would implement this on a per-user basis with a shared system view, but I couldn't think of anything great because you'd have to merge any changes to the global start menu groups into a potentially changed set of per-use groups. I just tend to use the start menu search feature and igore the particulars of my start menu's organization.

On the reliability and perf monitor, I think it should require admin access because the program needs information about the specific Disk, CPU, and Network activity of everything on the system. Allowing untrusted users to see this information would be classiied as an Information Disclosure Vulnerability. Sat, 12 Apr 2008 17:13:00 GMT donotreply@osnews.com (PlatformAgnostic) Comments Strong security without passwords is possible. http://osnews.com/thread?309327 http://osnews.com/thread?309327 The Bitfrost security model from the OLPC does not need any kind of passwords. Instead, it is assumed that the person with physical access to the laptop is its owner (other measures are taken against robbery) and the system makes sure that malware can't forge physical access. And the fact that you are running a program does *not* mean is has the same rights as you have as a user, in this system.

http://cups.cs.cmu.edu/soups/2007/proceedings/p132_krstic.pdf Sat, 12 Apr 2008 17:35:00 GMT donotreply@osnews.com (wannabe geek) Comments LOL http://osnews.com/thread?309330 http://osnews.com/thread?309330 I have already switched to Linux (ubuntu)

I absolutely refuse to fix broken windows machine. I just tell other to install linux or forget it - I ain't wasting any more time on fixing windows.

I have wasted a lot of my productive time of my life fixing windows (virus, spyware, annoying updates) and getting it to just work. Its just a PITA.

I am just TIRED of this shit.

I havent had a single problem with ubuntu since last many months other than sometimes firefox crashing - which can easily be ignored with the restore session feature.

Who the heck gives a crap about microsoft anymore. Bye from my side forever. Sat, 12 Apr 2008 18:03:00 GMT donotreply@osnews.com (linuxdude) Comments RE: su needs use of Terminal on GUI friendly linux?? http://osnews.com/thread?309332 http://osnews.com/thread?309332

Then I enter sudo or su in "Terminal Window" and then install software from terminal???? This is completely opposite of user friendly gui based linux.

I think you're wrong here. Maybe you didn't know this - I'm not assuming that you posted in order to spread nonsense - but most modern Linux distributions feature an application installation subsystem, including tools to install, remove and update programs. It's common to include a GUI frontend here which helps you to find, automatically download and then install the application you want. There's no need to "get hands dirty" in a terminal window except you're intending to do something very special, for example, apply patches to a program and generate it from source. But as you surely will agree, that's not what average Linux users are doing.

And on KDE many times entering su or sudo from terminal window, never allows to install programs from GUI or use file manager as super user..

I think that's what kdesu is intended to, and, as far as I know, KDE's Konqueror is able to be switched into root mode. But please check this yourself or ask for a confirmation. I'm no KDE user so I can't tell for sure. Of course, using a terminal window is not involved here, except you're choosing to do "strange" stuff like this:

% su -
Password:
# setenv DISPLAY :0.0
# konqueror &
# exit
% exit

But as I mentioned before, that's not what average Linux users are doing. Many advanced Linux users will agree that the example I gave looks quite strange. But please, check KDE's abilities and use the recommended means.

that is also as annoying as UAC to install programs from Terminal in modern distros...

Then stop trying to install applications using the terminal window and use the recommended tools. Yes, it is that easy. Sat, 12 Apr 2008 18:13:00 GMT donotreply@osnews.com (Doc Pain) Comments RE[2]: security isn't all that important http://osnews.com/thread?309334 http://osnews.com/thread?309334

people wont be bothered to do anything reasonably intelligent, because thier computer is suppost to be intelligent for them. and it probably wont change ever, [...]

You're frightening me! :-)

[...] so software developers will keep trying to dummy up things as much as they can to protect the user from him/herself.

But then, why doesn't it work? Why is more than 90% of the email amount travelling the Internet just spam? Why are home PCs so often compromized and then working as storage points for illegal file sharing software?

Please get me right: I'd say it's okay to annoy the people you've described above if it would help to protect the Internet and its users from crap like viruses, trojans and spam.

But... lets hope they keep failing, because I sure do looove making insane amounts of money doing something I love because someone else cant be bothered.. I know enough not visit sites that are mischevous, close my firewall up, shut down unsafe services, but them not knowing pays oh so well.

Hehe. :-) Sat, 12 Apr 2008 18:20:00 GMT donotreply@osnews.com (Doc Pain) Comments RE: Tobias? http://osnews.com/thread?309335 http://osnews.com/thread?309335

David Cross? I didn't know he worked for Microsoft!

http://en.wikipedia.org/wiki/David_Cross

Lol..he had one of the funniest stand up acts I have ever seen, a clip here - http://youtube.com/watch?v=jrvtHYCP-LM

Best thing about it, this is an actual book you can get. So with that, I hope you all have a good pu*** day Sat, 12 Apr 2008 18:42:00 GMT donotreply@osnews.com (ssa2204) Comments Well, They succeeded then http://osnews.com/thread?309336 http://osnews.com/thread?309336 If they set out to be annoying then it worked - congratulations team.
Like most people I do not mind a box appearing asking me to confirm some action, I do mind the way that the entire user interface is suspended complete with sluggish and pointless visual effects whenever this happens.
Its like 'roll up, roll up for the windows security show'
Maybe they should have added in a drumroll sound and an animated 'security clown' to complete the effect.
Still it is a definite improvement on the previous 'download and run it without even telling you' approach to malware. Sat, 12 Apr 2008 19:18:00 GMT donotreply@osnews.com (alban) Comments RE[2]: first thing to be turned off http://osnews.com/thread?309337 http://osnews.com/thread?309337 I did not know until today, that Vista is THAT bad. I have zero experience with Vista, and always thought that it now has a clean seperation between users and admin, similar to the UNIX-like systems.

For example, if I wanted to move the START button or change the desktop background, this is an action which only affects one user, naturally admin rights are not required.

I can understand that some 3rd party software might constantly ask for privilege escalation if implemented uncleanly, but that Vista itself is inconsistent is something I did not expect.
Although I have the same order of buttons in the task bar and the same desktop background for years, I would be annoyed by this unnecessary behaviour.
Especially as it does not enhance the security, since something that constantly cries "wolf" all the time tends to get ignored after a while. Sat, 12 Apr 2008 20:24:00 GMT donotreply@osnews.com (gustl) Comments RE[2]: Not so bad http://osnews.com/thread?309338 http://osnews.com/thread?309338 I would not call Vista per se less secure than Linux, as security is not inherently given in an operating system, it is a PROCESS. And Microsoft has gotten much better at providing patches during the last few years of contantly being beaten up by the crackers.

But one thing is for sure: The ratio of annoyance vs. system security is still MUCH better at all of the UNIX-like systems than with Windows. Sat, 12 Apr 2008 20:34:00 GMT donotreply@osnews.com (gustl) Comments RE[4]: Not so bad http://osnews.com/thread?309340 http://osnews.com/thread?309340 That's not necessarily true. Linux is a kernel not an OS. I'll keep saying that 'til people listen.

In Ubuntu, for example, you only need the user's password. And in some configurations of sudo, once you've entered the password you can sudo freely for fifteen minutes or more before it's needed again.

Exactly how exploitable these facts are is debatable. But a system is only as secure as it's sysadmin makes it, and most home desktops don't really have a sysadmin. The Linux distros don't always take this fact into account. Sat, 12 Apr 2008 20:44:00 GMT donotreply@osnews.com (Michael) Comments RE[3]: Not so bad http://osnews.com/thread?309341 http://osnews.com/thread?309341

I did a thought experiment about how one would implement this on a per-user basis with a shared system view, but I couldn't think of anything great ...

Well, how about how the Linux desktops do it (Gnome as well as KDE). They are TWO different desktops and manage to have the same menu entries no matter if you log into a Gnome session or a KDE session.
Additionally there are system-wide setings for the Start menu (changeable by root) and user-specific changes to that system-wide settings.

Therefore, when root installs a new program, the entry is made to the system-wide settings, and as no modification entry is in the user-specific setting, the new program is displayed.
It is very easy and works well. The same is done with mime-type settings (which kind of file to be opened with which application).

On the reliability and perf monitor, I think it should require admin access because the program needs information about the specific Disk, CPU, and Network activity of everything on the system. Allowing untrusted users to see this information would be classiied as an Information Disclosure Vulnerability.

Quite the opposite is the reality. In the company I work for we calculate stresses and safety factors of engine parts with FiniteElement software. We need to know which machine is under which load when we start another number-crunching job. Needing admin rights just to get the information is ridiculus. I agree that priority enhancing ones process or priority changes to an other users process require admin rights, but not for getting information. Security by obscurity does not work, so why even try that approach. If the system becomes insecure when somebody finds out about it's load, network, memory and disk status, it's security is not worth much. Sat, 12 Apr 2008 20:56:00 GMT donotreply@osnews.com (gustl) Comments RE: su needs use of Terminal on GUI friendly linux?? http://osnews.com/thread?309342 http://osnews.com/thread?309342 User friendly linux distros like Suse, Fedora, *buntu and many others do indeed disable root logins, mostly because many converts who come from the Windows world think that in order to have a well working system, one simply NEEDS to log in as root.

Debian, for example allows root login into KDE.

But administrating these first mentioned userfriendly distros is not the same as UAC in Windows.

With Mandriva for example you have a very god system management application, when you start it as a user, you get asked the password ONCE, and then can create/modify partitions, install/uninstall software, set up a http/ftp/smb/ssh server and many other stuff. It is not even remotely as annoying as UAC seems to be. Sat, 12 Apr 2008 21:11:00 GMT donotreply@osnews.com (gustl) Comments RE: su needs use of Terminal on GUI friendly linux?? http://osnews.com/thread?309343 http://osnews.com/thread?309343 So called user friendly linux distros(eg u**) have disabled root logins. Fine. It improves security. Then I enter sudo or su in "Terminal Window" and then install software from terminal???? This is completely opposite of user friendly gui based linux.

I just have to wonder what distro have you been using :O The distro I use (Mandriva) does have this thing to install and/or remove software, and it is fully GUI based. I CAN drop to terminal and install apps from there if I wish but this far I haven't done so at all. Sat, 12 Apr 2008 21:21:00 GMT donotreply@osnews.com (WereCatf) Comments RE[5]: Not so bad - hear hear http://osnews.com/thread?309344 http://osnews.com/thread?309344 Linux is only the kernel. oh how i'd love too see people recognize the individuality of disto instead of one commodity part. Sat, 12 Apr 2008 21:27:00 GMT donotreply@osnews.com (jabbotts) Comments Just a Vista comment http://osnews.com/thread?309347 http://osnews.com/thread?309347 Well, hasn't the whole of Vista been designed to annoy you?! Sat, 12 Apr 2008 23:49:00 GMT donotreply@osnews.com (weterings) Comments RE[2]: Design http://osnews.com/thread?309349 http://osnews.com/thread?309349 If I was to admin outside of the home environment I would be utilising user accounts and admin accounts with the systems users being just that, users.

Biggest problem with UAC is that many apps still require installing in Program Files (x86) which MS seamed to require Admin access. If you change the install path to another area with User Security privileges, then UAC will not bug you as much. Vista will also not bug you as much (at least not so annoyingly) if you restrict the main User Account and setup an Admin Account. Why it doesn't install this way as default, god only knows why.

Maybe the miraculeous Windows 7 will fix all as so many seem to be hoping for (that or Linux really does gain traction). Still, when it comes to everyday computing and user experience, Linux and Windows are on the same level of being a right PITA. Sun, 13 Apr 2008 00:38:00 GMT donotreply@osnews.com (blitze) Comments RE[5]: Not so bad http://osnews.com/thread?309351 http://osnews.com/thread?309351 Except you missed the part that when people say "Linux" they mean "Linux Distribution". You aren't proving anything here except that you are a very annoying pedant, like so many "Linux is a kernel" and "GNU/Linux" dorks. It's really annoying. Please stop. Do something useful instead. Sun, 13 Apr 2008 00:41:00 GMT donotreply@osnews.com (siride) Comments RE: LOL http://osnews.com/thread?309357 http://osnews.com/thread?309357

I have wasted a lot of my productive time of my life fixing windows (virus, spyware, annoying updates) and getting it to just work.

Fixing it for yourself or others? Because for my own systems (those that still have Windows as opposed to Linux or OS X), I just install the free version of Grisoft's antivirus package and Spybot. I find that with those two running the only virus I get is if I do something stupid (like the time I got Netsky from an email attachment I knew was infected but wanted to test my setup).

As for repairing other systems for people, strangely I find that a number of people in the area are well versed in how to protect their system. Its gotten to the point I haven't repaired a system overtaken with viruses in over a year or so. And most of those users have Windows XP without UAC. Sun, 13 Apr 2008 01:02:00 GMT donotreply@osnews.com (Frobozz) Comments RE[6]: Not so bad http://osnews.com/thread?309359 http://osnews.com/thread?309359 Er, no. How sudo is set up varies between distributions. Therefore, when you say "In Linux sudo does...", it really does matter which Linux distro you're referring to. Type "man sudoers" for more information.

People often say "Linux" when saying things which are true for all or most distros. That's fine. But Linux supporters often apply all the good qualities from the various different distros into one imaginary Super Distro and call this "Linux". Whereas Windows, Mac OSX, Solaris, FreeBSD, et al each stand and fall on their own merits, "Linux" shifts in definition according to argumentative convenience.

This is far from always true. People who know what they're talking about (of whom there are many at OSNews) know when to make the distinction.

By the way, replacing "Linux" with "Linux Distribution" wouldn't make any sense. Replacing it with a specific distro is exactly what I'm saying he should have done. In this case, what he said was false for one of the most popular desktop distributions.

But you are right about one thing. I am pedantic. Sun, 13 Apr 2008 01:09:00 GMT donotreply@osnews.com (Michael) Comments not necessary http://osnews.com/thread?309363 http://osnews.com/thread?309363 They didn't have to go to that much trouble to annoy me. Sun, 13 Apr 2008 02:51:00 GMT donotreply@osnews.com (backdoc) Comments LOL http://osnews.com/thread?309364 http://osnews.com/thread?309364 You get what you pay for. In this case, an expensive POS that was designed to annoy you by Bill and his team of marketing billionaires. Sun, 13 Apr 2008 04:50:00 GMT donotreply@osnews.com (mind!dagger) Comments RE: Th real security http://osnews.com/thread?309367 http://osnews.com/thread?309367 "But Vista cant run my favourite win32 programs so i rather switch to reactos if i definitly gotta switch OS some day."

Which programs by any chance? I have yet to find a program that does not run under Vista that ran under XP. I have "read" about that happening, but have not seen one myself. Please expound on it... Sun, 13 Apr 2008 06:25:00 GMT donotreply@osnews.com (DrillSgt) Comments RE[2]: Th real security http://osnews.com/thread?309369 http://osnews.com/thread?309369 Nomachine NX Client consistently locks up after 1 - 2 minutes of use under Vista. Works fine on XP and Linux. That's the only Windows app my customers absolutely require. And it doesn't work with Vista. Sun, 13 Apr 2008 11:47:00 GMT donotreply@osnews.com (sbergman27) Comments RE[3]: Not so bad http://osnews.com/thread?309370 http://osnews.com/thread?309370 Thanks for describing some few of the severe system design and implementation faults Microsoft has had for more than 10 years.

Explaining why isn't an excuse. They should have just fixed this crap years ago. Sun, 13 Apr 2008 15:00:00 GMT donotreply@osnews.com (bnolsen) Comments RE[7]: Not so bad http://osnews.com/thread?309371 http://osnews.com/thread?309371 I'm really sorry that people aren't 100% exact and precise in their speech every second of the day.

Did you know that Linux as a kernel actually refers to multiple versions and releases, which may vary in functionality in bugs? Why can't people just say "Linux kernel 2.6.25-fedora-build-3075.34-i686"?

Some people are ridiculous... Sun, 13 Apr 2008 15:01:00 GMT donotreply@osnews.com (siride) Comments RE[6]: Not so bad http://osnews.com/thread?309372 http://osnews.com/thread?309372 it was a short two line agreement with the previous person so I'm not really seeing what your issue is since I didn't drone on and one.

However, since you couldn't leave well enough alone and let a pleasent agrement in passing be just that:

"Linux" meaning the whole OS and greater Linux based OS ecosystem leads to people ignoring the differences between distrobutions; you know.. the actual usable OS including user space. Someone see's one bad distribution and think that anything based on the Linux kernel must be crap because some obscure "Linux" they saw once was crap.

There is also the "but there's too much choice, it scares users so" crap. "Linux" meaning everything is very overwelming. It confuses a very simple thing. By focusing on different distributions instead of "Linux" there is less confusion. They all use the Linux kernel but Debian != Red Hat != Mandriva != Ubuntu. They are seporate distributions and have seporate personality attributes.

Recognizing that "Linux" is only a commodity part and instead focusing on the different distributions that happen to use Linux at there core does not premote confusion and seek to scare away anyone who may be interested. Sure, the elitist pricks loose out on seeing that look of dread and confusion on noob's faces but they can always feel special using LFS or whatever gives them a "better than you" feeling.

While it was a pleasent agreement in passing that could have simply been left at that. The unspoken points behind it are well known to all those anoying "Linux is a kernel" people. There are very good reasons for clarifying and focusing on distribution brands instead of a small part of the greater system.

So, no, I will not keep quiet. I will continue to agree with people publicly. I will continue to do it pleasently in passing except for where someone such as yourself needs a long winded clarification.

On a website dedicated to OS geeks, I don't see that being all that out of place. Even if pundit's such as yourself dislike it.

Other than that, have a great day. I know I will. Sun, 13 Apr 2008 16:23:00 GMT donotreply@osnews.com (jabbotts) Comments UAC means? http://osnews.com/thread?309373 http://osnews.com/thread?309373 UAC => Useless Annoying Crap! Sun, 13 Apr 2008 16:32:00 GMT donotreply@osnews.com (Invalid User) Comments RE[3]: Th real security http://osnews.com/thread?309377 http://osnews.com/thread?309377 "Nomachine NX Client consistently locks up after 1 - 2 minutes of use under Vista."

Thanks for actually posting an app. That is something I don't use so would not see. I would report that to the software vendor, since Vista is claimed to be supported under version 3.2. Granted that was just released April 8 though, so you may not have had time to know that yet. Sun, 13 Apr 2008 18:10:00 GMT donotreply@osnews.com (DrillSgt) Comments If my math is correct http://osnews.com/thread?309380 http://osnews.com/thread?309380 If my math is correct, Microsoft designed this to annoy users, then provided a business program that will allow developers to pay a fee, which will let them bypass the annoyance for their signed apps.

In Ubuntu, the app will either fail if gksudo is not invoked, or is canceled (or whatever), or will install in the user directory, and you either avoid all manner of popups, or get only one that you can't simply yes to death (and is easy to dismiss, and usually still get what you want). OSX seems to work in a similar unintrusive way.

I often wondered why MS didn't simply emulate what had worked for damn near everyone else, so well, for so long. Well, now we know - they wanted another revenue stream.

It's crap like this, why I switched to Linux (Ubuntu ATM), and will not go back. Sun, 13 Apr 2008 18:23:00 GMT donotreply@osnews.com (Touvan) Comments RE[2]: first thing to be turned off http://osnews.com/thread?309407 http://osnews.com/thread?309407 That is absolutely the way to do it, but here are two "additions" ;-)

On win 2k8, the Administrator account has no UAC prompts at all. This makes sense, because if you are logged in as administrator, you damn well be knowing what you are doing and why you are doing it. This app http://www.tweakuac.com/ will squelch the grey overlay prompts for administrative users, while not touching the elevation prompts for normal users.

Second tip is something I got used to in Linux a long time ago, change your admin account background to something like a bright orange/red. This helps to remind you where you are, and to do what you gotta do then get out again. I also turn off aero for the admin account on vista for the same reason. Sun, 13 Apr 2008 20:42:00 GMT donotreply@osnews.com (google_ninja) Comments RE[3]: Not so bad http://osnews.com/thread?309409 http://osnews.com/thread?309409

On Vista Business, maybe, on Server 2k8, definately. But Vista Home/Ultimate? Sun, 13 Apr 2008 21:00:00 GMT donotreply@osnews.com (google_ninja) Comments UAC? http://osnews.com/thread?309418 http://osnews.com/thread?309418 I have not seen the uac yet but when I went to radio shack I was able to pull up msconfig and leave the system looking like windows 2000. What does uac tell in terms of what services a program is trying to access. Sun, 13 Apr 2008 22:38:00 GMT donotreply@osnews.com (matthekc) Comments Vista limits productivity & wastes time http://osnews.com/thread?309422 http://osnews.com/thread?309422 The Computer is supposed to be a tool one utilizes in order to achieve a goal - be that goal gaming, business application oriented, artistic, email, etc.

A person does not need to know how to work on a car to drive a car, they do not need to know how to work on an airplane to fly and they do not need to know how to work on a television in order to watch a program. So why do the elitists, microsofties, et al, insist that the enduser know all about the services running on their system? Technical information that is not really relevant to their goal - which is to use a tool to achieve a goal.

The original concept behind the windows style operating system was that one could install applications and hardware with minimal driver conflict issues. (those who have worked in Dos or pre-dos remember how cryptic running applications and installing new components was pre-windows).
Windows promised to make the process more efficient - thus we put up with the middle man software (frustrating though it was trying to figure out if the problem was the component, the application or windows once that additional layer was applied).

To make the operating system annoying is not only against the basic foundational concept of Windows it is not a good business acumen. To frustrate customers is not the best strategy to take unless one wishes to push the customers away to another market. Why do the elitists insist that a simple tool become a complicated process?

Why don't we just skip out on Windows and go back to Dos like applications so that we do not have to worry about the inefficient, whiney middle man micro-managing our systems?

One of the pleasures of working with a PC vs an Apple is that the PC has been, until Vista, less annoying and more flexible - due to the windows vs mac o/s's. If you take that away from the enduser - they have no reason to remain with Windows, they can just move entirely away from windows and go with an operating system that gives warm fuzzies in its limitations.

The UAC is a dumbing down and irrating aspect of Vista. It does not teach - it wastes time, evokes fear of being hacked or ruining the computer, is frustrating and is irritating. Even when disabled it instills fear in many users with its incessant nags.

It is apparent their are quite a few Microsofties on this forum. Instead of blindly pushing your agenda - why not look at what the consumer has to say? If you want people to buy your product - make it more appealing rather than less appealing.

If you want to run yourself out of business - continue in the arrogant, elitist, authoritarian manner with which you are treating your customers. Continue making your product more time consuming, more expensive and more annoying. Sun, 13 Apr 2008 23:11:00 GMT donotreply@osnews.com (Dolphie) Comments RE[4]: Not so bad http://osnews.com/thread?309449 http://osnews.com/thread?309449 I agree that there are some reasonable scenarios where you'd want someone who's non-admin to be able to access performance statistics. Thus there exist two built-in groups on my Vista Business installation: "Performance Log Users" and "Performance Monitor Users." I haven't tested those myself, but based on their names and description strings I believe that these groups give you what you want: the ability to grant non-admin users the right to view perf data for the whole machine. Mon, 14 Apr 2008 06:44:00 GMT donotreply@osnews.com (PlatformAgnostic) Comments RE[4]: Not so bad http://osnews.com/thread?309450 http://osnews.com/thread?309450 First of all, I don't exactly see what you consider to be a flaw (or how you'd design it differently). Second, I don't see your implementation of a time machine that I could use to fix flaws 10 years ago before apps took reasonable dependencies on whatever design decision you're complaining about. Mon, 14 Apr 2008 06:49:00 GMT donotreply@osnews.com (PlatformAgnostic) Comments RE[4]: Not so bad http://osnews.com/thread?309451 http://osnews.com/thread?309451 If you want to grant people that right, there are ways (see my earlier response).

On the Home vs. Business distinction, I think it's general practice to keep the SKUs of an OS as similar in shared configuration as possible so that it's clear what should happen when you move from one SKU to the other (like through Windows Anytime Upgrade).

Maybe the people who own that MMC snap-in will make some tweaks to make it accessible securely to less-privileged users, but that was apparently not a priority so far (it's far more important to have something which you can later tweak given the feedback of the first version than to not have that thing at all). Mon, 14 Apr 2008 06:55:00 GMT donotreply@osnews.com (PlatformAgnostic) Comments yes, but... http://osnews.com/thread?309487 http://osnews.com/thread?309487 This does not explain why Windows has been annoying since Windows 95! Mon, 14 Apr 2008 15:37:00 GMT donotreply@osnews.com (StychoKiller) Comments RE: Design http://osnews.com/thread?309498 http://osnews.com/thread?309498 Exactly, the real purpose of UAC is to get PROGRAMMERS to stop writing programs with sloppy security and just telling you to "run as admin" to make it go away. Mac and Linux have always been that way so programmers write safely so as not to annoy the user. Windows programmers basically refused to update from the Win98 days of do whatever for far too long. Mon, 14 Apr 2008 17:37:00 GMT donotreply@osnews.com (mabhatter) Comments RE: Vista Was Designed to Annoy You http://osnews.com/thread?309519 http://osnews.com/thread?309519 NOW let's see people say that Microsoft can't engineer what they set out to engineer. Mon, 14 Apr 2008 19:57:00 GMT donotreply@osnews.com (diskinetic) Comments