Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
Thread beginning with comment 351813
To read all comments associated with this story, please click here.
Run as...
by fretinator on Thu 5th Mar 2009 15:00 UTC
fretinator
Member since:
2005-07-06

To me, UAC is not enough. After a while, users just click OK. I think there should be a clean separation of the Administrator and the normal user. If an application tries to do something that needs Administrator privileges, pop up a dialog and require the user to enter the Administrator password. If they do not know the Administrator password (such as on a business network), then they can't do it. Sure people would whine at first, but it is the right thing to do.

Also, I agree that the NT kernel is a good kernel. I just wish they had continued the MIPS/Alpha ports. I think it may really come to bite Microsoft in the booty some day that they are x86 only.

Reply Score: 3

RE: Run as... - use it daily
by jabbotts on Thu 5th Mar 2009 16:05 in reply to "Run as..."
jabbotts Member since:
2007-09-06

I use Runas daily, it's almost like having su/sudo available and saves me having to ask users to log off for something I can do in two seconds through ad admin cli shell.

Reply Parent Score: 3

RE: Run as...
by darknexus on Thu 5th Mar 2009 16:09 in reply to "Run as..."
darknexus Member since:
2008-07-15

Agreed. And I don't see many OS X users complaining they need to enter their password to confirm an administrator action. It, well, makes sense. Also, I like OS X's concept of an admin account, it simply means that you're in the sudoers file and have elevated access to a few folders. For Ubuntu users, this is the same concept Ubuntu uses for their "administer the system" privilege. It doesn't give you the power to do whatever you want without prompting--you can still do whatever you want, but you usually have to enter your password before you can do something really foolish. If you're not an admin account in OS X, and you try to do something that requires one, you need to enter both an admin account and password to temporarily escolate yourself.
People complain that average users don't know or care about system security. I don't see many Mac users, many of whom are the same average 'john doe" type of users, complaining overly much about this on that platform, and it does force them to slow down a bit and think about what they're doing. An ok button, as in UAC, by contrast is a reflex action. I suppose that was inevitable with UAC, though, given that it was designed primarily to annoy developers rather than actually secure the system against wreckless users.

Reply Parent Score: 3

RE[2]: Run as...
by google_ninja on Fri 6th Mar 2009 14:00 in reply to "RE: Run as..."
google_ninja Member since:
2006-02-05

If all you see is an Ok button, your user is running in the administrators group, which is the equivilent of running as the administrative user on osx, or running as root on ubuntu. Running as a non admin on vista will make a credential box pop up where you enter the username and password of the user you want to execute the action as.

Reply Parent Score: 2

RE: Run as...
by libray on Thu 5th Mar 2009 18:19 in reply to "Run as..."
libray Member since:
2005-08-27

I set up my UAC to always prompt for admin password on Vista and Windows 7 betas. This way, even if I somehow leave my desktop unlocked, I would expect the prompt to pop up for anyone or thing trying to access privileged resources. It really is close to the MAC or Ubuntu way of using a graphical password pop-up.

Reply Parent Score: 2

RE[2]: Run as...
by darknexus on Thu 5th Mar 2009 19:59 in reply to "RE: Run as..."
darknexus Member since:
2008-07-15

The point being this should be the default behavior, not that you can't set it up this way. How many "Joe Users" do you know who know how to do this, or care? Security needs to be imposed on Windows users at this point, not be made optional for them, and the ok or continue button does not count, as it quickly becomes a reflex to just click it regardless of the reason why.

Reply Parent Score: 2

RE: Run as...
by Rugxulo on Fri 6th Mar 2009 09:16 in reply to "Run as..."
Rugxulo Member since:
2007-10-09

Also, I agree that the NT kernel is a good kernel. I just wish they had continued the MIPS/Alpha ports. I think it may really come to bite Microsoft in the booty some day that they are x86 only.


They support x86-64 and IA64 too, so it ain't all bad. Besides, don't forget the XBox 360 (PPC-based) and WinCE. So I'm sure they aren't as stuck in the mud as you think. (Who knows what they're doing in secret ... like Apple did with OS X on x86.)

Reply Parent Score: 2

RE[2]: Run as...
by Thom_Holwerda on Fri 6th Mar 2009 09:17 in reply to "RE: Run as..."
Thom_Holwerda Member since:
2005-06-29

They support x86-64 and IA64 too, so it ain't all bad. Besides, don't forget the XBox 360 (PPC-based) and WinCE. So I'm sure they aren't as stuck in the mud as you think. (Who knows what they're doing in secret ... like Apple did with OS X on x86.)


The XBox machines do NOT run Windows - contrary to what many think. It runs a custom kernel with Windows bits on top.

Reply Parent Score: 1