Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
Thread beginning with comment 351877
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: That's just crazy talk
by Morph on Thu 5th Mar 2009 21:00 UTC in reply to "That's just crazy talk"
Morph
Member since:
2007-08-20

I don't mind typing in a password but I do mind a uber-modal dialog blocking everything but the UAC window asking permissions

The `uber-modality' is by design, and it has a very important reason. Only the true UAC can create such a window, no other app can grey out the screen, etc. This means that malicious apps cannot create a replica UAC window in an attempt to fool the user, like phishing. If you ever get a UAC prompt that's not `uber-modal' then you know it's a fake.

This is the same reason some systems require you to press ctrl+alt+delete to open a login window; no regular app can capture ctrl+alt+delete because it is handled specially by the hardware and keyboard drivers. So when a login window appears as a result of you pressing ctrl+alt+del, you know it must be genuine.

Reply Parent Score: 2

jabbotts Member since:
2007-09-06

The screen is simply an image. I don't see why an app could not be written to fake the UAC overbearing parent aproach. I would like to think it's a unique effect to grey the screen and post a message box over it.. then I remember changing the window theme.. greyed until done.. shutting down.. greyed until shutdown method is selected...

Three finger solute to login? My login prompt is a third party app that waits for a finger print scanner input or, accepts crtl-alt-del and rolls over to the windows login prompt. My remote software provides a command to send crtl-alt-del to a remote session so the key sequence can be generated by software; this being the Windows remote desktop and rdesktop on other platforms. Here, I actually just wish it was easier to implement in a non AD setup. Getting the login prompt without crtl-alt-del and finding the previous username left in place unless you do some reg editing sucks.

I do see the reason for both functions though. UAC locks out the rest of the screen so the user knows it's authentic (assuming the user is aware enough to realize that), and I always figured it was to keep the user from clicking on other windows while the system was waiting for the privileged elevation.

Reply Parent Score: 2