Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
E-mail Print r 8   · Read More · 93 Comment(s)
Thread beginning with comment 351845
To view parent comment, click here.
To read all comments associated with this story, please click here.
by Thom_Holwerda on Thu 5th Mar 2009 17:04 UTC in reply to "UAC "
Member since:

User Account Control shouldn't be used to grant privileges higher than user. It should be used to control programs that try to execute with out the users consent or programs that try to modify the users account setting. If a program needs privileges higher than user then an administrator password should be required. Maybe Microsoft can implement the AAC (Administrator Account Control ie. sudo) to control privilege granting and leave UAC to do what it's name suggests and control the user account and deny unwanted code from executing or changing settings.

...which is exactly what UAC does. Let me explain.

There are two possible user accounts in Windows NT: administrator, and standard user (greatly simplified, in essence you can create an endless amount of different types of users through fine-grained control). If you are a standard user, and you want to perform an action that requires elevated privileges, you need to enter the admin password. This makes UAC exactly like sudo.

However, UAC is more advanced than sudo. If you are an administrator, and you want to perform an action that requires elevated privileges, UAC will know you are an admin, and will only offer a click-through dialog - no password. If you've never seen the password dialog, it means you are running as an administrator.

So what you're asking Microsoft to do is something they've already done.

Edited 2009-03-05 17:05 UTC

Reply Parent Score: 2

RE[2]: UAC
by SterlingNorth on Fri 6th Mar 2009 07:12 in reply to "RE: UAC "
SterlingNorth Member since:

...and to expand on that, Administrators on Vista only start out with the privileges granted to the standard user. To perform an Admin action, you have to confirm it, which is no different from how sudo works in Linux and OS X (clicking a dialog box in a secure window is no less secure than typing a password...). It is actually slightly better given you can't steal the password (and people tend to use the same weak password for everything), and the default for OS X and Linux is to allow sudo a 5 minute grace period, which allows always-on malware to just wait until sudo is called and piggyback on the graceperiod.

Reply Parent Score: 1

RE[2]: UAC "more advanced than sudo"
by jabbotts on Fri 6th Mar 2009 14:08 in reply to "RE: UAC "
jabbotts Member since:

Can I specify a username/command or group/command combination for UAC? When configuring UAC, can I specify an alias for a command then bind that alias to a specific user or group?

It sounds bad but this is an honest question as my understanding was that UAC was more binary. "something is trying to do something; let it happen?" rather than allowing specific users to approve only specific escalation cases.

Reply Parent Score: 2