Slashdot Mirror
A Fresh Look at Vista's User Account Control
Art Grimm writes to mention a post at Ed Bott's Microsoft Report on ZDNet. There, he talks about Vista's User Account Control, and the issues he sees with the setup as it exists now. From the article: "The UAC prompts I depicted in the first post are those that appear when you install a program, when you run a program that requires access to sensitive locations, or when you configure a Windows setting that affects all users. But as many beta testers have discovered, UAC prompts can also show up when you perform seemingly innocent file operations on drives formatted using NTFS. In this post, I explain why these prompts appear and why some so-called Windows experts miss the obvious reason (and the obvious fix)."
The whole point of Administrator is that you know what you do and you can Admin a machine securely. I know Joe Sixpack doesn't know how to, but doing this will put Admins all over the world in the place of "Limited User". In the end our Dear Joe Sixpack will just click and click until the task is done anyway. He will be frustrated and will get spyware anyway.
What we need is the equivalent of a Car Mechanic for administration. You call your mechanic and he'll do the maintenance for a fee. Frankly, it's the only way for home users.
Oh, and those that say that you can't run in Limited User on XP (as in the fine article is stated) are completely ignorant. I'm running Limited right now, and I have no problem. Granted, I have to set the ACLs on both directories and registry settings, but it's never been very hard. The only program I've never been able to run as non-admin is a game called "Children Of The Nile", and I still don't know how to run it as a Limited User. The user that needed it got the "Run As" option checked in the shortcut. Sure she has Admin access that way, but she's my sister and knows that she shouldn't run Admin.
No, all problems are just the cause of the legacy of poor security in the past. Nagging dialogboxes won't help.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
I wish they would work a bit on account control on WinXP, it is a total disaster. I WANT to use my computer as a limited user, but when I need to do something in Administrator, I shouldn't be bothered to switch users. Why oh why can't they just make it so that is asks for the admin password like with every other goddamned OS!?!
Vista is nice and all that, but how about fixing XP first!!!!
Some say he is made with ascii, others that he is eyeballed daily by millions. All we know is, he is known as the Sig
anyone else see the irony in an article talking about annoying click-throughs needing so many bloodly clicks to read?
fucking teriffic...
3 series of articles, half a dozen pages each, just to tell me why I have to slow down my workflow when deliting or renaming files.
If you don't know what AltaVista is (was), get off my lawn.
The 70's called. They want their security model back.
Yawn.
If you made your user "superuser" on a Linux box, the did a kernel upgrade and decided this was stupid so just allowed you to sudo certain commands then you'd have a devil of a time accessing all those files that you created while you were the super user.
Or put more simply
XP didn't have sudo so you were always admin, Vista has sudo, enabled via annoying popups rather than a config file.
An Eye for an Eye will make the whole world blind - Gandhi
The new Windows 'protection' scheme will browbeat the user until they disable the security system (in some way or another).
That way, when the inevitable virus and spyware hits the system, Microsoft can wash their hands and say that it's all the user's fault for making use of their computer bearable.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Microsoft is trying to make users have good hygiene -- that is, don't run as a super-user unless you need to. Well-meaning and well intended -- and a good idea. Ultimately, however, Aunt Sally is not going to deal with it for long, and you, the unofficial family Helpdesk tech, are not going to like all of the calls you get from apoplectic relatives dismayed that they suddenly can't open this that or the other because they do not understand the paradigm.
What will happen is what always happens: when there is a "problem" someone "fixes" it. In this case, the "problem" is the security model. I suspect that there will be a 3rd party "fix" that blasts through all the well-meaning security and basically restores the user-as-root scenario that Windows has operated in since forever.
Running as a Limited User is not impossible.
It just requires spending a LOT of time and effort to LEARN how to do so
and that pre-supposes that the person understands the risk of running as Administrator.
So, someone has to already be aware of the threat
Then that person has to choose to try to avoid that threat
Then, then that person has to spend time becoming further educated
Then, then, then that person has to spend time fixing the ACL's and such.
Or just choose to run as Administrator and all those problems go away (and you get new problems, but all your apps run).
So, in the end he recomends giving Users full control or write access as means to get around the annoyance. Hell, why dont we just chmod -R 777 /* and end all the "annoyances" of my Linux box too while we're at it?
Can't he just suggest that application designers get a clue and write apps that don't write uneccesarily to sensitive areas of the system? Hopefully annoyed end users will "motivate" lax companies when this happens instead of working around the issue.
--
Granted, I have to set the ACLs on both directories and registry settings, but it's never been very hard.
Your Momma.
As in, ask Your Momma to do that.
You see, my mother uses a Mac and is able to install updates herself and keep things running just fine, all without knowing what an ACL is much less how to set it.
Saying the average user needs the equivilent of a car mechanic to deal with computers is just sweeeping the issue under the rug and letting Microsoft off the hook for a half-assed solution to the problem. And also ignoring there are a hell of a lot more people that can fix thier own car problems than computer issues.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I'm not saying UNIX is "better," since the primary issue here is social, not technical. If UNIX were in Windows' shoes, then third-party applications and slickly packaged malware would be popping up dialogs reading, "This application requires root priviliges to install. Please enter the root password: _____" So UNIX's user model doesn't really solve the base problem. However, I've been using Windows (mostly for gaming) for a while now, and I run with administrative privs all the time, because running as a limited user (in the UNIX sense) just doesn't work. Or, perhaps more precisely, it doesn't Just Work.
So what's the deal?
Schwab
Editor, A1-AAA AmeriCaptions
Sorry guys, I have karma to burn so take your moderator frustrations out on me if you must, but that moderation is bullshit (and damn do mods seem to dislike it when you point this out). Flamebait? What strong belief does it blatently attack in an attempt to start a verbal war? Try reading the FAQ you fucks. Articles like this are shit, and I am also not going to continue viewing this article because I do not wish to knowingly reward shit with ad revenue dollars -- yes, you see, there is a decision to make here involving voting with your feet and whether you wish or do not wish to reward something with real $$. Just think about the kind of traffic the Slashdot Effect generates for a site and its advertisers. Therefore, if anything, kimvette is doing me a favor, and I suspect I am not the only person who can say that. So anyway, it is likely that calling bullshit when I see it, in the only forum in which I can do so (seeing how I do not have mod points right now and there is no section here devoted to discussing this sort of thing) will cost me a few points, but oh well.
Slashdot badly needs a way to moderate articles themselves, and "-1 Conflict of Interest" (for obvious attempts to drive traffic to sites that just happen to be ad-supported and also just happen to be owned by the person who submitted the article) and "-1 Excess Pagination" need to be two of the categories. I'm not even going to mention dupes.
It is a miracle that curiosity survives formal education. - Einstein
Those sounded like terrible solutions to me. Basically: manually adjust the permissions of every file you create or turn off the security stuff and pray.
I'm hoping that these articles are hyperbole and in fact when you create your own files you are marked as the owner with read/write/execute permissions on them. Granted, administration looks like a total nightmare, but MS has been working for years to make administration as hard as possible so this is no big surprise.
What I think the real fix should be: When you get a dialog box like this, there's a "validate me for X minutes" option that you can check to tell the machine that you're going to be administrating for some minutes and stop showering me with dialog boxes. Sort of like how most modern operating systems work.
I read the internet for the articles.
For the clueless editors, here's a good summation: If you're going to throw shit at us, expect some back.
Linux, you magnificent bastard, I read the fucking manual!
Anybody who needs instructions on how to disable something using gpedit has no business running a beta operating system that was intended for a serious testing audience.
Come to think of it, having a meaningful conversation about an un-finished product is also quite silly. Ok, so in the light of this, I offer this comparison / excersize.
Test 1.) In Windows Vista, make a shortcut to a program you know needs admin to run. Time this part Click the icon, then click the resulting dialog as quickly as you normally would to grant it permission.
Test 2.) In Linux (for argument, lets say Ubuntu) pop open a term. Think in your head the name of an app or process / shell script that needs root or super user to run. Time this part type sudo then the name of the program or command.
Did clicking the box take longer than typing SUDO? meh. what a shame were wasting so much of slashdot's disk space on a coversation over a few milliseconds.
Windows has more viruses because linux has more virus coders.
I like the options "Continue" / "Skip" / "Cancel". Very obvious for a normal user what the difference between Skip & Cancel is ;-)
If it's so obvious, why can't they just make it a built-in part of the operating system anyway? I'm sure that there's got to be some sort of secure way of doing so. I know that if I were Microsoft, I'd want to provide all the "obvious fixes" as part of the default install, no stupid tweaking involved.
Creative misinterpretation is your friend.
Here's what they say (it's a bit long, but it's worth reading) -
The Secure Desktop's primary difference from the User Desktop is that only trusted processes running as SYSTEM are allowed to run here (i.e. nothing running as the User's privilege level) and the path to get to the Secure Desktop from the User Desktop must also be trusted through the entire chain.
So what does this experience look like? When you click on a UAC shielded control, your user desktop will appear to dim and the window that caused the elevation request - typically the window you were most recently using - and the elevation UI will be made more prominent. This is to provide you with the highest level of context possible when interacting with the elevation dialog.....
So - again - how exactly are they planning to prevent arbitrary application from mimicing this behaviour ?
It will not need to bother with "Secure Desktop", but rather just make a copy of a screen, dim it, show in a topmost window covering entire screen and then superimposing fake, but otherwise OK looking UAC dialog.
3.243F6A8885A308D313
Slashdot badly needs a way to moderate articles themselves, and "-1 Conflict of Interest" [...] and "-1 Excess Pagination"
That's a good idea, which many people have expressed before.
In fact, we sort of have the ability to do it - tagging!
Currently, the tags I see are :
[+] vista, stupid, microsoft, vaporware (tagging beta)
Now, if the article was tagged with something like "RevenueWhore", then everyone would be able to spot it and skip it.
I know that I normally read the comments first before looking at the article, so this would stop me from visiting the site.
"The best part? I became an ordained minister while not wearing pants." -- CleverNickName