Posted on 04/11/2008 9:56:44 PM PDT by dayglored
The User Account Control in Windows Vista improves security by reducing application privileges from administrative to standard levels, but UAC has been widely criticized for the nagging alerts it generates. According to oneMicrosoft (NSDQ: MSFT) executive, the annoyance factor was actually part of the plan.
In a Thursday presentation at RSA 2008 in San Francisco, David Cross, a product unit manager at Microsoft who was part of the team that developed UAC, admitted that Microsoft's strategy with UAC was to irritate users and ISVs in order to get them to change their behavior.
"The reason we put UAC into the platform was to annoy users. I'm serious," said Cross.
Microsoft not only wanted to get users to stop running as administrators, which exacerbates the effects of attacks, but also wanted to convince ISVs to stop building applications that require administrative privileges to install and run, Cross explained.
"We needed to change the ecosystem, and we needed a heavy hammer to do it," Cross said.
(Excerpt) Read more at crn.com ...
I strongly recommend that you run as a "Power User", not as an Administrator. Elevate yourself to admin priv only when you need to (e.g. use the "RunAs" option). Especially if you plan to turn UAC off.
You're just asking to get stung, if you run with admin priv, and without warnings.
That said, if you have excellent A/V and anti-spy software installed and up-to-date, AND if you are extraordinarily careful (read: PARANOID) all the time, and never ever EVER click on links on webpages without first checking what the target really is in the status line, and never ever EVER visit social networking or porn sites, and never ever EVER click on links in email, even if they appear to come from people you know... then maybe you'll be okay.
Yes, I'm completely serious. That's basically how I run, under XP. Though, to be fair, I do most of my work on a Mac or on a Linux box. I use Windows only when I have to.
Yep, I agree.
Nobody is accusing Microsoft of being overly smart about Vista. They've not only shot their foot off, they've worked their way up to the knee with a machete, and are apparently planning to poke their own eyes out by killing XP on all but trivial machines like Eee-PC.
So did they step on their own d!cks with UAC? You betcha.
bump for later
That comment from Microsoft tells you a lot about how they think. They think Windows is THE WORLD.
Ummm, wrong, guys. It's a piece of software, and not a very good one either, despite its wide use.
He has a point. Microsoft’s architecture has pretty much invited and required developers to write their applications to need elevated privileges for many years, and that’s what triggers UAC. It’s going to take developers a while to get used to the non-Microsoft way of doing things, which is writing your applications with only the privileges they need. Maybe the second generation of written-for-Vista apps will finally cut the number of UAC prompts down.
So, the plethora of UAC’s isn’t necessarily Vista’s fault, it’s mostly Microsoft’s fault pre-Vista.
You're right, I grant.
But Vista was SUPPOSED to have fixed that. The original specs for Longhorn called for major rewrite, even a codebase change. One of the things I recall hearing about was the much-anticipated, "Users will be able to run apps without admin priv", which we all took to mean, "Vista will REQUIRE that the applications NOT require admin priv, except to install."
Instead, we have this debacle.
And worse, things like WindowsLive OneCare, which (I say this as a mostly-content user) requires that training the firewall be done with admin priv (correct) BUT it doesn't give the user a way to elevate themselves during the blocked connection -- they just see that the app failed for no apparent reason. The next time an admin LOGS IN, then up come the dialogs to allow the connection.
STUPID, STUPID, STUPID. And all at the feet of Microsoft, by design.
So while the apps developers are surely not innocent, Microsoft had the opportunity to fix this in Vista and other recent MS software, and has refused to do so.
I think they've been infiltrated by Apple moles. It's the only explanation for how often they screw up Windows. ;-)
Cool. I just read up on it at http://www.tweak-uac.com/ and will download it for possible future use when I have a user who argues that he wants to turn UAC off entirely.
Thanks!
You can also turn it off using Vista. I think you go to the control panel "System" and look for security settings. It will give you about 3 warnings before it lets you. Then it will bug you with a red task bar icon that you have to close. I found a way to get rid of that, too, but I don't remember how.
So far, no problems, but you should know how to be careful before turning it off. By the way, I bought 2 GB of RAM (2 1GB sticks) from Fry's yesterday for $14.99.
With golf shoes, AFAIC.
The red don’t-you-like-my-annoying-features icons in the taskbar often are from “services” (they should have call them “disservices”). So go to My Computer / Manage / Services, and look through the list till you find the one with the name that sounds right, and disable it.
Who'd-a thunk it???
There's another side to the UAC that I didn't see mentioned. It is actually Microsoft's get-out-of-jail-free card. You see, the UAC was purposely designed to annoy (as has been admitted). Most users will eventually turn the damn thing off so it will stop annoying them. The next week, the user gets a virus that the UAC might have warned the user about. Now, Microsoft can point to the fact that the user had turned the UAC off and say "not our problem... user error".
YOW! MY EYES!
But yes, that's exactly right.
We Have A Winner! Yep, you got it.
OUCH!
As a network/security admin for my company, I'm all for this.
As the director of system/network admin for -my- company, I couldn't possibly agree more!
They just left off the rest of the sentence, "...once everybody rewrites their apps to work with the new security model."
STUPID, STUPID, STUPID. And all at the feet of Microsoft, by design.
I read an article way back about the group that designed the dumb sleep/shut down/hibernate/etc menu. It's apparent that Microsoft's mismanagement and ponderous corporate structure with strained and slow communications are also largely to blame, not necessarily the programmers, and not necessarily by intentional design.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.