PDA

View Full Version : You thought MS couldn't do anything right?


stevenamills
02-05-2009, 02:17 PM
From Slashdot:

"At the 2008 RSA security conference, Microsoft's David Cross was quoted as saying, 'The reason we put UAC into the platform was 'to annoy users."

gunslinger
02-05-2009, 03:00 PM
And the truth comes out at last...lol

TimeCode
02-05-2009, 03:43 PM
"Microsoft not only wanted to get users to stop running as administrators, which exacerbates the effects of attacks, but also wanted to convince ISVs to stop building applications that require administrative privileges to install and run," Cross explained.

Well, please annoy the software manufacturers that require Admin access... Lexis Nexis, are you listening?!?!?

seedubya
02-05-2009, 09:12 PM
I don't find UAC a burden at all really. It's no more irksome than having to su every time I want to do something administrative in Ubuntu.

abe
02-05-2009, 09:54 PM
I don't find UAC a burden at all really. It's no more irksome than having to su every time I want to do something administrative in Ubuntu.

I second that, its only that windows users who didn't have it before find it bothersome.

Abe

Jory
02-06-2009, 06:34 PM
I disagree about using sudo. After using linux for a while you get used to stuff that needs su access and start including the command. With Vista there is no getting used to clicking "Allow" for the same program launching from your desktop 50 times.

Whenever I'm using Vista UAC is the second thing to get disabled. The first is windows defender which is the main reason vista is so freaking slow.

gunslinger
02-06-2009, 08:17 PM
I disagree about using sudo. After using linux for a while you get used to stuff that needs su access and start including the command. With Vista there is no getting used to clicking "Allow" for the same program launching from your desktop 50 times.

Whenever I'm using Vista UAC is the second thing to get disabled. The first is windows defender which is the main reason vista is so freaking slow.


Exactly right. The way things are done in Linux and OS X are nothing like UAC. OS X in particular is much more elegant. The only times you have to enter your admin pass are when updating and when installing new software. With UAC on the other hand it will bug you when you install the new program then it will bug you again every single time you use that same program for the life of the system unless disabled.

As for Windows defender I agree its one of the first things that gets disabled. It is less than useless.

reesk
02-07-2009, 01:13 AM
im running vista premium on a netbook and im not having speed issues and i like uac i prefer to be brought away from what im doing to be alerted of a aplication trying to execute as admin it takes all of 2 second to click allow or deny and if it means i can stop rogue programs from executing then its fine

i only ever find it anoying on slow vista machines as it really crunches down on the machine funninly enough most the machines ive used that were aparentley made for vista are the ones that run it bad case in point my dads dell inspiron 1525 vista rebuild runs slower than my acer aspire one that was meant to be on linux but could run xp but instead has vista and plays niceley with it ive even managed to run high ram programs on hehehehe go figure

seedubya
02-07-2009, 02:35 PM
@Gunslinger and Jory - most of what you're saying re UAC seems incorrect. Can you give some real examples of the problems you're having.

If you re-use the same program requiring root acess 50 times in linux then you'll have to elevate 50 times. The method of elevation may be more elegant but is, in principle, no different. The annoying part about UAC is not UAC itself but that many programs are still requiring an administrator access just to run. That is not a problem with Windows Vista. It's a problem with all the previous versions of Windows allowing such insecure behaviour and an problem of programmers in writing such insecure programs.

Resler
02-07-2009, 02:57 PM
@Gunslinger and Jory - most of what you're saying re UAC seems incorrect. Can you give some real examples of the problems you're having.

If you re-use the same program requiring root acess 50 times in linux then you'll have to elevate 50 times. The method of elevation may be more elegant but is, in principle, no different. The annoying part about UAC is not UAC itself but that many programs are still requiring an administrator access just to run. That is not a problem with Windows Vista. It's a problem with all the previous versions of Windows allowing such insecure behaviour and an problem of programmers in writing such insecure programs.

I'm not so sure its completely the fault of the programs. My understanding of Windows and programming isnt perfect but to me it seems that to modify anything out of the Users account would require admin permission. I know that when you set a user to "Limited" They cannot install programs, so I'd assume that the power to install programs (Meaning both adding files to Root\Program Files and changing the registry) would require "admin" permissions. As I see it in order for a program to install it would need admin power otherwise it would have to be installed for each individual users (i.e. \Docs and Settings\Program Files).

Am I getting this right that Windows is set up to NEED an admin to install programs/ make any non-user based changes?

14049752
02-07-2009, 06:16 PM
With UAC on the other hand it will bug you when you install the new program then it will bug you again every single time you use that same program for the life of the system unless disabled.

That is completely untrue. Stuff like this is why I don't think you really know (completely) what you're talking about when you bash Vista. The only time you're going to get a UAC prompt is when you install a program, or when you're making a change to the system. Running a program normally does not cause Vista to prompt you for anything.

purple_minion
02-07-2009, 08:03 PM
If this is for security then what's to stop the average user from always clicking Allow? Aren't these the same ones that open the stupid email attachments for a dancing keychain or whatnot that get them infected in the first place? The same ones that don't update their AV software or windows, that never do any kind of maintainace whatsoever? I've tried installing firewalls for some people and you feel like they just end up clicking allow to everything because no matter how many different ways I try to explain it they don't get it, so the firewall is useless. No amount of annoying popups will every cure this or social engineering.

stevenamills
02-07-2009, 09:32 PM
Personally, I somewhat equate UAC with some of the ridiculous auditor rules about passwords.

You know - must be at least 11 characters - changed every 30 days - have a combination of letters, numbers and symbols etc. etc. (Personal aside - this is the crap they're screwing with while the MBAs and CPS are stealing trillions!! ...but I digress.)

What happens - the password ends up on a Post-It on the wall. UAC is an irritant - pure and simple and for that reason it won't work. Period.

The required IMHO.

gunslinger
02-08-2009, 02:01 AM
That is completely untrue. Stuff like this is why I don't think you really know (completely) what you're talking about when you bash Vista. The only time you're going to get a UAC prompt is when you install a program, or when you're making a change to the system. Running a program normally does not cause Vista to prompt you for anything.


OH really? Installed Ccleaner on many Vista machines. Every time its used UAC pops up. Installed Spywareblaster on every Vista machine I have worked on, and UAC pops up anytime its clicked on. Installed superantispyware and same thing and the list goes on and on.


@Gunslinger and Jory - most of what you're saying re UAC seems incorrect. Can you give some real examples of the problems you're having.
If you re-use the same program requiring root acess 50 times in linux then you'll have to elevate 50 times.


Not sure about Linux but I only need to type my password one time in OS X and thats when I install the program, after that OS X knows I wanna use that program and all is well from then on.

14049752
02-08-2009, 05:33 AM
OH really? Installed Ccleaner on many Vista machines. Every time its used UAC pops up. Installed Spywareblaster on every Vista machine I have worked on, and UAC pops up anytime its clicked on. Installed superantispyware and same thing and the list goes on and on.


Yeah, there are exceptions. Look at what those do, though. They access the registry, they access system files. Something like regedit, yeah, it prompts for UAC every time you use it, too. Unless you're using regedit like a word processor, it's not a big deal. Bad examples.
Take NORMAL programs; Browsers, Word Processors, Games, E-mail clients, Graphics software, everything else basically. Things that don't need access to system files, they don't prompt. So, yeah....I still say that you're completely wrong.

abe
02-08-2009, 08:39 AM
well it seems as if we won't be hearing about uac anymore with win 7 coming out where you can choose uac levels people are gonna go from xp to win 7 and skip vista.

gunslinger
02-08-2009, 03:21 PM
Yeah, there are exceptions

I gave you 3 examples and you still say I'm completely wrong?....lol If there are exceptions I can't be completely wrong. There are lots of exceptions. I don't know about you but Ccleaner is a program I use every day, as I'm sure lots of others do.

Sounds like you may be in denial.

14049752
02-08-2009, 05:31 PM
I'm not in denial. You're using CCleaner every day because you're a tech. That's not normal use, despite what you may think. A normal user has no reason to do much of anything on a daily basis that would cause UAC to prompt them. To conveniently ignore what the apps do, and then blame Vista because they need to be elevated to administrator rights, is just ridiculous.
Yes, maybe you're not "completely" wrong. Let me rephrase it. You're almost completely wrong. Better?

Rider
02-09-2009, 04:47 PM
I have run across several programs that constantly nag you with the UAC. To get it to stop you have to go to the programs properties and tick off the "Run as Administrator" option. It would be nice if the UAC added an option to "ALWAYS Allow" Some programs ask you if you want to allow and some programs just don't work unless you know to run it as an administrator. That's all good for someone like me who knows how to make it work but most average users just know that thier software doesn't work.

The first time it happened to me I had no idea what was going on, I never got any prompts from the UAC. The software didn't work (Everquest). I reinstalled several times and searched the Sony tech support forums for hours. I finally stumbled upon the "Run as administrator" option and all was well. This is a case where it would have been nice if the UAC prompted me, it would have saved me several hours of troubleshooting.

I won't turn off the UAC as I'm not the only one using that computer. I think the UAC could be a good thing, it just needs alot of work.

gunslinger
02-09-2009, 04:58 PM
Yes, maybe you're not "completely" wrong. Let me rephrase it. You're almost completely wrong. Better?

Much better, thanks :D



It would be nice if the UAC added an option to "ALWAYS Allow"
I think the UAC could be a good thing, it just needs alot of work.

I agree.

TimeCode
02-10-2009, 02:02 PM
It would be nice if the UAC added an option to "ALWAYS Allow".

Definitely! Microsoft, are YOU listening?

seedubya
02-10-2009, 02:19 PM
Definitely! Microsoft, are YOU listening?

Yeah that'd be good.

gunslinger
02-10-2009, 02:47 PM
Thats how it works on a Mac. You allow a program to install by typing your password, and it assumes you actually want to use that program and never asks for it again. Thats how it should be. Again Microsoft is about 5-10 years behind the apple curve.

stevenamills
02-10-2009, 03:02 PM
Definitely! Microsoft, are YOU listening?

Not a prayer. Absolutely the most unresponsive company ever.

I'm sure most of us have been involved in one of their "Betas" and have seen errors pointed out - in huge quantities - for months and months and the gold version then contains all of them. It has happened over and over.

They are strictly a marketing company and the king of pretending their stuff works. A disease which has spread to virtually all software companies, unfortunately.

seedubya
02-10-2009, 03:16 PM
Steve, ALL companies above a certain size are unresponsive. They just CAN'T respond in any reasonable timeframe to customer demands. They can only respond to trends.

stevenamills
02-10-2009, 03:47 PM
Steve, ALL companies above a certain size are unresponsive. They just CAN'T respond in any reasonable timeframe to customer demands. They can only respond to trends.

Seedubya,

I've worked for Arthur Andersen, Mellon Bank etc. I understand unresponsiveness and size. From my perspective, that's not the issue here.

You only have to talk to a product manager a few minutes to realize that quality is the very last thing on their agenda. The VERY last thing.

gunslinger
02-10-2009, 04:14 PM
You only have to talk to a product manager a few minutes to realize that quality is the very last thing on their agenda. The VERY last thing.

This is very true, and with over 90% of the world locked firmly into Windows they really don't seem to care much at this point.

seedubya
02-10-2009, 05:26 PM
Why would they? They probably won't become responsive until they lose serious market share.