Linked by Thom Holwerda on Sat 31st Jan 2009 10:45 UTC
Privacy, Security, Encryption Yesterday, we reported on the security flaw in Windows 7's UAC slider dialog, and today, Microsoft has given a response to the situation, but it doesn't seem like the company intends to fix it. "This is not a vulnerability. The intent of the default configuration of UAC is that users don't get prompted when making changes to Windows settings. This includes changing the UAC prompting level." I hope this reply came from a marketing drone, because if they intend on keeping this behaviour as-is in Windows 7 RTM, they're going to face a serious shitstorm - and rightfully so. Let's hope the Sinfoskies and Larson-Greens at Microsoft rectify this situation as soon as possible.
Thread beginning with comment 346361
To read all comments associated with this story, please click here.
I don't think it's a flaw either.
by BluenoseJake on Sat 31st Jan 2009 13:25 UTC
BluenoseJake
Member since:
2005-08-11

People complained loudly that UAC is annoying and prompts to often. MS put the control in the users hands, made it adjustable because people made such a big deal over the UAC in Vista. So what do people do now, when UAC is broken by the default settings in Win7? More complaining. It can be changed, you know.

You people made your bed, lie in it.

Reply Score: 0

atsureki Member since:
2006-03-12

You people made your bed, lie in it.


This is a fascinating evolutionary step. We've moved beyond blaming users for going to bad websites, installing unrecognized programs, and not keeping their drivers up to date. Now we're actually blaming users for executive design decisions of the software vendor!

It's disturbing that the first line of the exploit article says it's the tech journalists who cried wolf, when that is precisely what UAC does to get people so annoyed. It's no one's fault but Microsoft's that UAC was designed after Homer Simpson's "everything's fine alarm."

People complained about a severe usability flaw, and Microsoft substituted in a severe security flaw. What lesson would you have us take from this?

Reply Parent Score: 5

jessta Member since:
2005-08-17

...made such a big deal over the UAC in Vista. So what do people do now, when UAC is broken by the default settings in Win7? More complaining. It can be changed, you know.
You people made your bed, lie in it.


So you think there are only two options here? UAC prompts users a lot or UAC doesn't prompt users.
If people are complaining about both options then that should tell you that neither option is a good option.
People want security without having to think about security...that's the problem that needs solving.

Reply Parent Score: 3

obsidian Member since:
2007-05-12


(snip)
People want security without having to think about security...that's the problem that needs solving.


Easy!

Use OpenBSD.... problem solved!

No thinking needed - secure by default. ;)

Edited 2009-02-01 05:52 UTC

Reply Parent Score: 2

Whats That There Member since:
2005-09-21

So what do people do now, when UAC is broken by the default settings in Win7? More complaining. It can be changed, you know.

You people made your bed, lie in it.


It is not broken, it is a feature :p

Reply Parent Score: 3

bornagainenguin Member since:
2005-08-07

BluenoseJake trolled...

People complained loudly that UAC is annoying and prompts to often. MS put the control in the users hands, made it adjustable because people made such a big deal over the UAC in Vista. So what do people do now, when UAC is broken by the default settings in Win7? More complaining. It can be changed, you know.

You people made your bed, lie in it.


Errr...no. What we complained about was the joke UAC was made into, with even Microsoft itself admitting it was made purposely to be annoying not useful. Don't believe me? do a search on this very site, this was where I first saw the article.

Now if UAC had worked like Ubuntu handles accounts, with requiring an administrator password before proceeding then you wouldn't have seen quite as many complaints on here and elsewhere about it. (I don't say you wouldn't have seen any complaints because we both know there are some people who will never be happy with what Microsoft does no matter what it is.) The problem is instead of requiring escalated privileges UAC behaves like Clippy on steroids prompting:

'Are you really sure you want to do that? Are you sure? really reeeeaaaaallllllly sure?'


...and ultimately resulting in absolutely no change in behavior.

Most users turn it off first thing, and the ones who are unable to do so just click through it without reading it, making the problems UAC was supposedly intended to fix worse!

I'm not saying any of this would fix the current problem, but pretending this is a case of people complaining about UAC without merit is simply trolling and you know it.

--bornagainpenguin

Reply Parent Score: 2

Thom_Holwerda Member since:
2005-06-29

Most users turn it off first thing, and the ones who are unable to do so just click through it without reading it, making the problems UAC was supposedly intended to fix worse!


Screenshots or it didn't happen.

UAC was a success, as the number of applications requiring admin privileges has been drastically reduced. THAT was its intended goal, and it succeeded.

Reply Parent Score: 1