For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
To read all comments associated with this story, please click here.
Member since:2007-09-06
Member since:2008-07-15
Agreed. And I don't see many OS X users complaining they need to enter their password to confirm an administrator action. It, well, makes sense. Also, I like OS X's concept of an admin account, it simply means that you're in the sudoers file and have elevated access to a few folders. For Ubuntu users, this is the same concept Ubuntu uses for their "administer the system" privilege. It doesn't give you the power to do whatever you want without prompting--you can still do whatever you want, but you usually have to enter your password before you can do something really foolish. If you're not an admin account in OS X, and you try to do something that requires one, you need to enter both an admin account and password to temporarily escolate yourself.
People complain that average users don't know or care about system security. I don't see many Mac users, many of whom are the same average 'john doe" type of users, complaining overly much about this on that platform, and it does force them to slow down a bit and think about what they're doing. An ok button, as in UAC, by contrast is a reflex action. I suppose that was inevitable with UAC, though, given that it was designed primarily to annoy developers rather than actually secure the system against wreckless users.
Member since:2006-02-05
If all you see is an Ok button, your user is running in the administrators group, which is the equivilent of running as the administrative user on osx, or running as root on ubuntu. Running as a non admin on vista will make a credential box pop up where you enter the username and password of the user you want to execute the action as.
Member since:2005-08-27
I set up my UAC to always prompt for admin password on Vista and Windows 7 betas. This way, even if I somehow leave my desktop unlocked, I would expect the prompt to pop up for anyone or thing trying to access privileged resources. It really is close to the MAC or Ubuntu way of using a graphical password pop-up.
Member since:2008-07-15
The point being this should be the default behavior, not that you can't set it up this way. How many "Joe Users" do you know who know how to do this, or care? Security needs to be imposed on Windows users at this point, not be made optional for them, and the ok or continue button does not count, as it quickly becomes a reflex to just click it regardless of the reason why.
Member since:2007-10-09
They support x86-64 and IA64 too, so it ain't all bad. Besides, don't forget the XBox 360 (PPC-based) and WinCE. So I'm sure they aren't as stuck in the mud as you think. (Who knows what they're doing in secret ... like Apple did with OS X on x86.)
Member since:2005-06-29
The XBox machines do NOT run Windows - contrary to what many think. It runs a custom kernel with Windows bits on top.
Member since:
2005-07-06
To me, UAC is not enough. After a while, users just click OK. I think there should be a clean separation of the Administrator and the normal user. If an application tries to do something that needs Administrator privileges, pop up a dialog and require the user to enter the Administrator password. If they do not know the Administrator password (such as on a business network), then they can't do it. Sure people would whine at first, but it is the right thing to do.
Also, I agree that the NT kernel is a good kernel. I just wish they had continued the MIPS/Alpha ports. I think it may really come to bite Microsoft in the booty some day that they are x86 only.