Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
Thread beginning with comment 351835
To read all comments associated with this story, please click here.
Microsoft, virtualize your users.
by axilmar on Thu 5th Mar 2009 16:21 UTC
Member since:

The only solution for Microsoft is to make the O/S pretend all the files belong to the logged on user. For example, the user can change the windows/system folder. But in reality, the user would only change his copy of the system folder, and thus not sacrifice any security, and without requiring the User Account Control mechanism.

Reply Score: 3

navaraf Member since:

Actually this exists in Windows Vista and newer systems and it's turned on for some applications through a flag in the application compatibility database. It doesn't solve all problems though since the application(s) may depend on some change in the global settings which wouldn't happen when the file/registry access is virtualized.

Reply Parent Score: 1

jabbotts Member since:

Interesting idea. I'd add too it user specific applications. "docs and settings\uname" already exists.. drop a "program files" in the home directory and let apps meant for only one user be installed there rather than in the global "program files" directory. I'd still require admin to install the software but then your not mucking about with permissions in global directories.

I actually do this now with a "ProgramFiles" directory on the admin desktop with a few key portableapps uncompressed into it. Admin has some tools needed from time to time while they remain out of the global app directory and view of non-admin users.

Reply Parent Score: 2