Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
E-mail Print r 8   · Read More · 93 Comment(s)
Thread beginning with comment 351811
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Security OR usability?
by Thom_Holwerda on Thu 5th Mar 2009 14:54 UTC in reply to "Security OR usability?"
Thom_Holwerda
Member since:
2005-06-29

- No more drive letters.


NT doesn't use drive letters. It was a userland decision to maintain them from Windows 9x-onwards.

UNIX-style permissions.


NT already has that - and more, through for instance ACLs.

- strict seperation of administrator and user, like in UNIX-ish opsyses.


NT already has this. Again, userland decided not to enforce it.

Reply Parent Score: 9

RE[2]: Security OR usability?
by gustl on Thu 5th Mar 2009 15:08 in reply to "RE: Security OR usability?"
gustl Member since:
2006-01-19

Well, if the NT kernel already has all that, why did Microsoft decide against bringing it to userland?

I less and less understand Microsoft's behaviour. It is like:
- Do we have one shovel? YES!
- Do we have a 1000 working excavators? YES!
- OK guys, take the shovel and digg the new panama channel, because today I don't really feel excavatorish.

With today's computers and a virtual machine with a fully-blown XP or Vista on it, I really don't see a reason why NOT to pull this off.

Reply Parent Score: 3

jabbotts Member since:
2007-09-06

Someone with a very nice suite earned a huge bonus that year by saving Microsoft the expense of developing the product beyond the point of "good enough to fool consumers".

(I have a reoccurring dream where MS competes based on product quality and fair market practices.. then I wake and remember that MS is a corporation who's primary product is shareholder equities; software is just the retail product they use towards that end goal.)

Reply Parent Score: 4

google_ninja Member since:
2006-02-05

Permissions are a kernel/file system thing. The only thing in userland which deals with them is icacls on the command line and the security tab in the file properties gui dialog.

Reply Parent Score: 1

Laurence Member since:
2007-03-26

Well, if the NT kernel already has all that, why did Microsoft decide against bringing it to userland?


It is in userland.

* In device manager you can map devices to a path instead of drive letters
* User accounts are not admins by default in Vista, but even prior to Vista this was possible when users were set up via aministrator tools.
* Paths can't use "/" simply because command parameters use the same slash (this was the very reason DOS adopted the reverse slash to UNIX when DOS first supported directories)
* Windows already has a graphical shell environment. That's what Explorer.exe is - Windows' shell.
If you mean a graphical command prompt, then there's cmd.exe for the old school and Powershell for those wanting something more modern.

True, Windows has many flaws, but somehow you've managed to miss them all and instead, post a list of items Windows _DOES_ support!

Reply Parent Score: 5

RE[2]: Security OR usability?
by Piranha on Thu 5th Mar 2009 16:56 in reply to "RE: Security OR usability?"
Piranha Member since:
2008-06-24

NT already has this. Again, userland decided not to enforce it.


Isn't that like saying "My car's engine can push 10lbs of pressure, but the frame, transmission, rings, headers, etc. can't handle it."..

You're only as strong as your weakest link my friend =)

Reply Parent Score: 5