Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
Thread beginning with comment 351816
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Security OR usability?
by gustl on Thu 5th Mar 2009 15:08 UTC in reply to "RE: Security OR usability?"
gustl
Member since:
2006-01-19

Well, if the NT kernel already has all that, why did Microsoft decide against bringing it to userland?

I less and less understand Microsoft's behaviour. It is like:
- Do we have one shovel? YES!
- Do we have a 1000 working excavators? YES!
- OK guys, take the shovel and digg the new panama channel, because today I don't really feel excavatorish.

With today's computers and a virtual machine with a fully-blown XP or Vista on it, I really don't see a reason why NOT to pull this off.

Reply Parent Score: 3

jabbotts Member since:
2007-09-06

Someone with a very nice suite earned a huge bonus that year by saving Microsoft the expense of developing the product beyond the point of "good enough to fool consumers".

(I have a reoccurring dream where MS competes based on product quality and fair market practices.. then I wake and remember that MS is a corporation who's primary product is shareholder equities; software is just the retail product they use towards that end goal.)

Reply Parent Score: 4

google_ninja Member since:
2006-02-05

Permissions are a kernel/file system thing. The only thing in userland which deals with them is icacls on the command line and the security tab in the file properties gui dialog.

Reply Parent Score: 1

Laurence Member since:
2007-03-26

Well, if the NT kernel already has all that, why did Microsoft decide against bringing it to userland?


It is in userland.

* In device manager you can map devices to a path instead of drive letters
* User accounts are not admins by default in Vista, but even prior to Vista this was possible when users were set up via aministrator tools.
* Paths can't use "/" simply because command parameters use the same slash (this was the very reason DOS adopted the reverse slash to UNIX when DOS first supported directories)
* Windows already has a graphical shell environment. That's what Explorer.exe is - Windows' shell.
If you mean a graphical command prompt, then there's cmd.exe for the old school and Powershell for those wanting something more modern.

True, Windows has many flaws, but somehow you've managed to miss them all and instead, post a list of items Windows _DOES_ support!

Reply Parent Score: 5

RE[4]: Security OR usability?
by gustl on Mon 9th Mar 2009 15:15 in reply to "RE[3]: Security OR usability?"
gustl Member since:
2006-01-19

* In device manager you can map devices to a path instead of drive letters


I didn't know this. Somehow Microsoft failed at propagating this feature. The issue here seems to be more a: What is the default setting?
In all those years I had to use Windows at my workplace, and had to keep unmounting and remounting network drives because I ran out of drive letters, I never was given the choice of getting rid of them altogether.

* User accounts are not admins by default in Vista, but even prior to Vista this was possible when users were set up via aministrator tools.


Well, I ALWAYS had admin previleges, because the software I worked with required it. That is bad coding style of the application programmers, I know. But nevertheless, Microsoft should go the hard route and ask for an admin password EVERY time admin access has to be granted. Maybe application programmers finally do what is right and let Microsoft close one huge security risk once and for all.

* Paths can't use "/" simply because command parameters use the same slash (this was the very reason DOS adopted the reverse slash to UNIX when DOS first supported directories)


One more reason to abandon the old cruft, and go for something completely new ;) .
No, I can see the reason why they went with it, and that abandoning it is extremely difficult. On a german keyboard it is not nice however.

* Windows already has a graphical shell environment. That's what Explorer.exe is - Windows' shell.
If you mean a graphical command prompt, then there's cmd.exe for the old school and Powershell for those wanting something more modern.


I meant the graphical command prompt ;) .
Please don't get me wrong, but cmd.exe (at least as it is in XP) is not really a graphical command prompt. It is a text command prompt stuffed into a window frame.
A graphical command prompt is resizable ON THE FLY, with the number of columns changing as you resize the window, it is also presenting multiple prompts in tabs. Also copy and paste is no problem in a graphical command prompt, somehow in cmd.exe it just produces funny characters ( ^C] or somthing like this) for me.
I know nothing of Powershell, maybe this is better.

True, Windows has many flaws, but somehow you've managed to miss them all and instead, post a list of items Windows _DOES_ support!


Well, I just posted what I was missing, coming from a Linux/UNIX experience. Those things I mentioned seem to be available according to your list, but somehow are never advanced beyond the very basic 0.1 state. They are a "last way out, if nothing else works", but no power tools I can use to do my daily work with.

Reply Parent Score: 2