"Here, Jon Schwartz, UAC Architect, and Chris Corio, UAC Technical Program Manager, discuss, in detail, the history of UAC, the architecture and design of UAC, the new security model of Vista (we are all standard users, gone are the days of running as admin by default on Windows), what happens when a UAC security dialog is invoked, how UAC impacts developers, how UAC will evolve, etc."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-06-29
Read his post. He never said anything to the contrary he only mentioned that they're cleaning up a mess and it's going to be a pain in the neck until ISV's get used to doing things properly in a multi-user system.
In my not-well-informed opinion UAC is doing some ugly things. The video talked about adding in "shunts" that basically make exceptions: It's the ISV's problem to fix their code and reissue binaries, stop pandering to them it's their mistake. I see these "shunts" as potential back doors: Look for ways to make your exe look like it's "xyz cyber ubernator deluxe" and you might get to privy up without a dialog. Not to mention the massive amount of work: It's always a sign for me that if I'm doing a lot of busy work something is wrong.
I like the idea of UAC. But this video has shaken my confidence in Microsoft's design. I'm not convinced they've addressed the UI part of it well either. Example.
In Mac (sorry guys, I don't mean to flame bait) the privy dialogs are associated with the application that made them happen, so when they are in focus you get the menu for the program that made them: So you know what program asked, for sure; there's no if, ands or lies about it (assuming their internal design is secure).
Why didn't Windows do something similar? (and I admit I have limited experience with UAC, for some reason it won't come on on my Parallels install, maybe cause I haven't activated yet?). They already darken the screen except the dialog, why not pull the windows to the front for the requesting program and half-shade them so you can tell which program is asking, easily?
Maybe their design is too low-level and they can't really find this out consistently?
As for legacy support I say forget it, it's destroying any chance Windows has at being a reliable system. I've tried to run two old games in Vista and neither worked anyway. So let's forget the insane compatibility moves and just make developers write some new code, rebuild and reship. I know, it sounds awful, but I don't think I'd mind...
Of course, you'd probably have to hold off major Vista sales for a few months while the big ISV's get their builds ready.
Member since:2005-07-06
They can't really do what you are suggesting because what that darkened screen is, is a completely separate secure account (separate from your account) and what you see is just a picture of what was on your account.
As far as not automatically bringing it to the front, I imagine they did this because of the problems they've had with apps stealing window focus (and subsequently pissing off the user). Perhaps just trying to stay away from this?
Member since:2006-01-02
The shunts basically see what's going on and then relaunch the application in privileged mode. There is no hole in the privilege system because that is handled at a lower layer than UAC...
The other sorts of shunts they have added is virtualization of resources. If you want to write to the registry and you're not an installer, you'll run as a standard user and your writes will go to a per-user virtual registry tree. Same with writes to program files. (Try using emule in its default config in vista... enjoy spelunking around for where the downloaded files actually go... it's not in an obvious place!).
Member since:2005-10-14
<quote>
watch the Video, the goal of UAC is no prompts for normal every day use. If an app or function is prompting you is the apps fault.
</quote>
It's amazing that for some people it's *never* Microsoft's fault!
Ummm... to point out the obvious - the OS provides the framework for applications - i.e. on unix user applications are put into /bin and admin apps are put into /sbin.
Simple, easy and has worked well for about 35 years - you would not have an internet if it hadn't.
Windows could provide a decent framework for apps - a plan on how to upgrade DLL's etc seamlessly - a DB of all installed software, automatic checking of apps correctness, sandboxing etc etc etc - even decent UAC of they were any good at writing an OS. But they're not.
Windows is getting more unix features year after year but they are implemented badly.
Remember;
Those who do not understand UNIX are condemned to reinvent it, poorly. -- Henry Spencer
Member since:2005-07-06
Ummm... to point out the obvious - the OS provides the framework for applications - i.e. on unix user applications are put into /bin and admin apps are put into /sbin.
Complex applications are usually stored in their own /usr/local/ path, the same way they do (program files) on Windows. Small apps can be put inside %systemroot%, or their own directory. I can't see how a specific directory ierarchy is a "framework for applications".
Windows could provide a decent framework for apps - a plan on how to upgrade DLL's etc seamlessly - a DB of all installed software, automatic checking of apps correctness, sandboxing etc etc etc
That's not an UNIX features, but a package manager. Package managers for Windows do exist (for instance win-get).
Windows is getting more unix features year after year but they are implemented badly.
Wrong, Windows is getting more it's own features, and they are perfectly implemented.
Member since:2005-07-06
Member since:2005-07-28
"the problem is more the sloppyness of windows apps and the way there written."
I guess you include Microsoft applications. Why does Visual Studio 2005 Sp1 (the very latest!) require to be run as administrator?
As Windows was never design with security as the first priority, it is extremely difficult to fix it now. I also think UAC implementation as a long way to go before it is "usable".
Member since:2006-01-02
Um, VS 2005 SP1 complains that it won't run properly as non-admin, but what happens when you run it?? It works just fine at compiling your programs and debugging things running under your user account.
Why does it pop up the warning??? Because in certain scenarios, like debugging a program running as a differen user (e.g. an ASP.NET server instance), it will not have the correct privileges. This is a sensible security restriction, but it represents a break with the past of what VS2005 was able to do. Debugging processes belonging to other users is indeed a task that should require root access because it is trivial to escalate privileges when you can do this.
Member since:
2005-07-06
watch the Video, the goal of UAC is no prompts for normal every day use. If an app or function is prompting you is the apps fault.
and functions should be for admin only types of stuff.
and the Logic on UAC is a very low level proccess. it excutes during the create proccess function before a thread or proccess is created. the over all goals and design plan of UAC is decent. the problem is more the sloppyness of windows apps and the way there written.
_Nex6