A Fresh Look at Vista's User Account Control

Art Grimm writes to mention a post at Ed Bott's Microsoft Report on ZDNet. There, he talks about Vista's User Account Control, and the issues he sees with the setup as it exists now. From the article: "The UAC prompts I depicted in the first post are those that appear when you install a program, when you run a program that requires access to sensitive locations, or when you configure a Windows setting that affects all users. But as many beta testers have discovered, UAC prompts can also show up when you perform seemingly innocent file operations on drives formatted using NTFS. In this post, I explain why these prompts appear and why some so-called Windows experts miss the obvious reason (and the obvious fix)."

How annoying

[kimvette]

Could they possibly make that "article" any more annoying? They'd have been better-served to turn it into a flash-animated slide show. I'm not going to click all the way through that thing.

Either put it all on one or two pages (interspersed with ads if you must), or put it into a slide show if the article is written as a slide show.

Re:How annoying

[AKAImBatman]

this one is like two sentences, a picture and a "more" button.

I think he was trying to capture the "flavor" of Windows Vista. i.e. You'll be spending 90% of your time clicking...

(Click Next to Continue)

through...

(Click Next to Continue)

the dialog...

(Click Next to Continue)

boxes. Each one of...

(Click Next to Continue)

these boxes...

(Click Next to Continue)

will annoy you with something else...

(Click Next to Continue)

incredibly trivial.

Re:How annoying

[causality]

Sorry guys, I have karma to burn so take your moderator frustrations out on me if you must, but that moderation is bullshit (and damn do mods seem to dislike it when you point this out). Flamebait? What strong belief does it blatently attack in an attempt to start a verbal war? Try reading the FAQ you fucks. Articles like this are shit, and I am also not going to continue viewing this article because I do not wish to knowingly reward shit with ad revenue dollars -- yes, you see, there is a decision to make here involving voting with your feet and whether you wish or do not wish to reward something with real $$. Just think about the kind of traffic the Slashdot Effect generates for a site and its advertisers. Therefore, if anything, kimvette is doing me a favor, and I suspect I am not the only person who can say that. So anyway, it is likely that calling bullshit when I see it, in the only forum in which I can do so (seeing how I do not have mod points right now and there is no section here devoted to discussing this sort of thing) will cost me a few points, but oh well.

Slashdot badly needs a way to moderate articles themselves, and "-1 Conflict of Interest" (for obvious attempts to drive traffic to sites that just happen to be ad-supported and also just happen to be owned by the person who submitted the article) and "-1 Excess Pagination" need to be two of the categories. I'm not even going to mention dupes.

Re:How annoying

[Captain+Splendid]

Kudos and and a hearty Hear hear!

For the clueless editors, here's a good summation: If you're going to throw shit at us, expect some back.

Re:How annoying

[oringo]

You took this wrong, mate. The author is a genius and he's giving you a preview of how annoying the Vista UAC is going to be through a web simulation!

Re:How annoying

[rosewood]

If I had mod points to use, Id try to balance out that bullshit. Here is to hoping I get to do some meta ...

Re:How annoying

[moochfish]

It's web 2.0 in action!

(Click Next to Continue)

We've successfully ported an upcoming feature in Vista

(Click Next to Continue)

to the web!

Re:How annoying

[scumdamn]

I'm replying to this thread because it's at the top. The article says that the reason that you get all of those messages is that the standard user token doesn't have access to the files that you're trying to change. So as soon as you get your Vista system, add your user token to the Program Files folder and stuff so you don't get those damn messages. I'm not sure what implications that has for security since you wouldn't give your user priveledges to the Windows folder where the registry is, but if you're worried about security, it sucks to be you, pretty much.

Re:How annoying

[Elevator_Inspector]

Quick fix for the annoying article. Change the page id in the URL to "all" as in http://blogs.zdnet.com/Bott/?page_id=all

Re:How annoying

[IthnkImParanoid]

Heh, I take it you're familiar with the "Eject Media Wizard" (at least on W2K server)?

Right-Click->Eject Media

Welcome to the eject media wizard!
The media eject wizard allow you to....blah blah blah
[Cancel] [Next]

Finished:Eject Media Wizard
Congratualtions, you've completed the eject medi....blah blah blag
[Cancel] [Finish]

Wizards are intuitive, and FUN! (Almost as fun as stabbing whoever is responsible for that in the face.)

Re:How annoying

[bungo]

Slashdot badly needs a way to moderate articles themselves, and "-1 Conflict of Interest" [...] and "-1 Excess Pagination"

That's a good idea, which many people have expressed before.

In fact, we sort of have the ability to do it - tagging!

Currently, the tags I see are :
  [+] vista, stupid, microsoft, vaporware (tagging beta)

Now, if the article was tagged with something like "RevenueWhore", then everyone would be able to spot it and skip it.

I know that I normally read the comments first before looking at the article, so this would stop me from visiting the site.

This is not a good approach

[jawtheshark]

Franky... Nobody is "Administrator" of the machine anymore? (Administrators Group is not enough) Really? So essentially, they reduced the "Administrators" groups to "Well, you can admin, but you have to know what you do, and we'll annoy the hell out fo you".

The whole point of Administrator is that you know what you do and you can Admin a machine securely. I know Joe Sixpack doesn't know how to, but doing this will put Admins all over the world in the place of "Limited User". In the end our Dear Joe Sixpack will just click and click until the task is done anyway. He will be frustrated and will get spyware anyway.

What we need is the equivalent of a Car Mechanic for administration. You call your mechanic and he'll do the maintenance for a fee. Frankly, it's the only way for home users.

Oh, and those that say that you can't run in Limited User on XP (as in the fine article is stated) are completely ignorant. I'm running Limited right now, and I have no problem. Granted, I have to set the ACLs on both directories and registry settings, but it's never been very hard. The only program I've never been able to run as non-admin is a game called "Children Of The Nile", and I still don't know how to run it as a Limited User. The user that needed it got the "Run As" option checked in the shortcut. Sure she has Admin access that way, but she's my sister and knows that she shouldn't run Admin.

No, all problems are just the cause of the legacy of poor security in the past. Nagging dialogboxes won't help.

Re:This is not a good approach

[kimvette]

And, it's unlikely that Quickbooks will run as Limited User in Vista. See the URL in my sig (it is not my site, just conveniently appropriate for this thread)

Re:This is not a good approach

[jawtheshark]

I have no idea... BUT... If you're running WinXP Pro, go to the folder where it is installed and give "Full" access rights to "Users". If that doesn't work, go into regedit (assuming XP Pro...otherwhise go to regedt32) and look for registry entries in HKEY_LOCAL_MACHINE related to your program. Grant them full access rights to "User" on that part of the tree. 99% of the programs I have encountered will work then. You could say that security is compromised because a normal user could kill the program. That is true, but the application programmers are to blame for that.

If you have XP Home, read up on cacls. Alas, in XP Home it is hard to configure access control on folders.
For example:
C:\> cacls C:\MyFolder\ /T /E /G Users:F

Re:This is not a good approach

[Gnavpot]

Tell me how to get Monsters Inc. Scream Team Training to run on a non-admin account without me manually entering an admin pw into Run As... every time and I'll be unbelievably grateful.

If you are on XP Pro (not XP Home), you should look into the '/savecred' option for the command line version of RunAs.

First time a program is started with 'runas /savecred /user:administrator', you will be prompted for the administrator password. The next time this command is used to start the program, XP will remember that this user is allowed to run the program with administrator priviledges and will not ask for a password. To make things a little more convenient and self-explanatory, you can put the command into a .bat file, make a shortcut to the .bat file and select the program's icon for the shortcut.

It is certainly not a perfect solution, but it can solve some problems.

However, you should not use this solution if you don't trust the user. I am almost certain that the program can be replaced with another program with the same name without revoking the priviledges.

Re:This is not a good approach

[laplandsix]

Right click the shortcut and prepend the following:

C:\WINDOWS\system32\runas.exe /savecred /user:administrator
The first time you run the app it'll prompt you for the admin password (in an UGLY ass dos box) after that it'll run with no prompting. Honestly, this isn't rocket science. Not quite as slick as suid, but it works. Until you change the admin password of course.

Re:This is not a good approach

[Ucklak]

You've just explained how complicated Windows permissions are to use over Mac and *nix.

Re:This is not a good approach

[Talchas]

Alternatively, just reboot into safe mode and the Security tab will magically appear and you can do it just like with pro.

Re:This is not a good approach

[Ucklak]

The part of the comment I was referring to was:

"If that doesn't work, go into regedit (assuming XP Pro...otherwhise go to regedt32) and look for registry entries in HKEY_LOCAL_MACHINE related to your program. Grant them full access rights to "User" on that part of the tree. 99% of the programs"

and

"read up on cacls [microsoft.com]. Alas, in XP Home it is hard to configure access control on folders.
For example:
C:\> cacls C:\MyFolder\ /T /E /G Users:F"

A right-click under KDE or Gnome under Linux would give the user an almost easier to understand matrix of permissions on a particular file or folder.
Command-I under Mac would give easier permissions with the option to delve deeper into *nix type permissions.

Re:This is not a good approach

[CAR912]

Or add the security tab to XP Home without needing to always reboot into safe mode, just follow the advice on this site: http://www.scottxp.com/winxp.php#advuser, scroll down to the "Advanced File Sharing & Security" section, and follow method 3. I did it, and it works well.

Warning: TFA is unreadable

[jeblucas]

I went to the first three pages, which corresponds to about the first 19 words of this "article". He has room for about a sentence and a half and a graphic of the windows he's complaining about before you have to click (more) or Next >>. In fact, I can confidently say

(more)

Re:Warning: TFA is unreadable

[jeblucas]

...that this is the most annoying article I've seen posted in a long time. I even tried the "trick" of looking at the "Print this Article" and "Email This Article" links, which actually want to PRINT SOMETHING (it opens a Print dialog) or email a LINK to one page of the article. Garbage garbage garbage.

Well, it figures

[Giant+Ape+Skeleton]

With more and more people using Firefox, all those popups had to go somewhere...

Re:Well, it figures

[Keith+Russell]

Where were they all before computers started doing popups?

X10 was the big bang.

I wish they would fix XP's account control

[Oldsmobile]

I wish they would work a bit on account control on WinXP, it is a total disaster. I WANT to use my computer as a limited user, but when I need to do something in Administrator, I shouldn't be bothered to switch users. Why oh why can't they just make it so that is asks for the admin password like with every other goddamned OS!?!

Vista is nice and all that, but how about fixing XP first!!!!

Re:I wish they would fix XP's account control

[kansei]

There is no need to switch users.

- You can right-click on any program and select "Run As", type the admin credentials.

- For systems functions, "Run As" IE (as an admin) and change to the Control Panel in the address bar.

- From the command prompt, you can use the "runas" command.

Re:I wish they would fix XP's account control

[jawtheshark]

RunAs does that pretty much for you. For example: I want to run Programs->Administrtive Tools->Computer Management. I navigate to that option, hold down shift and right-click and then I select "Run as". The system asks me my Administrator password and I don't have to log off.

This also works with Internet Explorer, which gives you pretty much access to the full file system... Including ACLs (if you run XP Pro... else you'll need to learn the cacls command on the command line)
You can also invoke runas in the command line by the way...

Re:I wish they would fix XP's account control

[daviddennis]

His complaint is that there are two extremely annoying dialogue boxes you have to go thorugh first.

MacOS X handles this by saying that by running a certain program, you're doing something special, you have to type your administrative password. Simple.

Windows handles this by saying "Here's something a program wants to change. Here's what it is. Shall I continue?"

and then if you do say you want to continue, it asks AGAIN.

And then, from what I gather (I haven't used Vista but have read some reviews of this problem) it will ask you again and again if the program continues trying to do priveliged things; you can't just give the program carte blanche, as you would want to do for an installer, for example. This is why there are reports of Vista beta testers really and truly loathing this feature.

I predict 90% of users will just shut it off, which unfortunately appears to eliminate many of Vista's security advantages.

If Microsoft had simply copied Apple, they would have been doing a much better job for their users.

D

Re:I wish they would fix XP's account control

[afidel]

You can't do this in a network environment because you can only have one set of ACL's between your machine and a server or other workstation. This is a fundamental problem with the way ACL's and GUID's work currently with SMB and the windows workstation client, does anyone know if Vista fixes this?

Didnt like it...

[Virtual+Karma]

I didnt quiet like the dialoge boxes because all of those are jarred on the right and bottom borders, as if someone has tore them off..... oh! wait...

Windows experts?

"I explain why these prompts appear and why some so-called Windows experts miss the obvious reason (and the obvious fix)."

Well, good thing MS targets this OS exclusively to Windows experts. What utter fools we've all been for assuming this would effect our non-expert friends and families!

bitter irony?

[Burlap]

anyone else see the irony in an article talking about annoying click-throughs needing so many bloodly clicks to read?

Re:bitter irony?

[jandrese]

I thought it was genius myself. The Windows Vista experiance on your home machine today!

Re:bitter irony?

[AnyoneEB]

Your comment reminds me of the Penny Arcade comic about Silent Hill .

Just wonderful

[Tibor+the+Hun]

fucking teriffic...
3 series of articles, half a dozen pages each, just to tell me why I have to slow down my workflow when deliting or renaming files.

How innovative.

[C10H14N2]

The 70's called. They want their security model back.

Yawn. ...and yeah, these damned one-paragraph-per-page ad-whoring blog articles suck big time.

The options

[eclectro]

This is the crux from the end of the article;

"How do you work around this annoyance? You have three choices:

        * You can take ownership of the files on the external drive. That gives your account Full Control permissions at all times and prevents other users on the same computer from changing the files unless they do so as an administrator.
        * Or you can change the permissions assigned to the Users group so that members of that group have Write or Full Control permissions. That solution allows everyone with a user account on the computer to manage files without having to OK a consent dialog box."
        * Or you can play a Sony music CD with a rootkit."

Re:The options

[jandrese]

Those sounded like terrible solutions to me. Basically: manually adjust the permissions of every file you create or turn off the security stuff and pray.

I'm hoping that these articles are hyperbole and in fact when you create your own files you are marked as the owner with read/write/execute permissions on them. Granted, administration looks like a total nightmare, but MS has been working for years to make administration as hard as possible so this is no big surprise.

What I think the real fix should be: When you get a dialog box like this, there's a "validate me for X minutes" option that you can check to tell the machine that you're going to be administrating for some minutes and stop showering me with dialog boxes. Sort of like how most modern operating systems work.

Summary...

[MosesJones]

If you made your user "superuser" on a Linux box, the did a kernel upgrade and decided this was stupid so just allowed you to sudo certain commands then you'd have a devil of a time accessing all those files that you created while you were the super user.

Or put more simply

XP didn't have sudo so you were always admin, Vista has sudo, enabled via annoying popups rather than a config file.

Executive Summary:

[darkonc]

The new Windows 'protection' scheme will browbeat the user until they disable the security system (in some way or another).
That way, when the inevitable virus and spyware hits the system, Microsoft can wash their hands and say that it's all the user's fault for making use of their computer bearable.

Soon, Same As It Ever Was

[ausoleil]

Microsoft is trying to make users have good hygiene -- that is, don't run as a super-user unless you need to. Well-meaning and well intended -- and a good idea. Ultimately, however, Aunt Sally is not going to deal with it for long, and you, the unofficial family Helpdesk tech, are not going to like all of the calls you get from apoplectic relatives dismayed that they suddenly can't open this that or the other because they do not understand the paradigm.

What will happen is what always happens: when there is a "problem" someone "fixes" it. In this case, the "problem" is the security model. I suspect that there will be a 3rd party "fix" that blasts through all the well-meaning security and basically restores the user-as-root scenario that Windows has operated in since forever.

Re:Soon, Same As It Ever Was

[dr-suess-fan]

I always thought the best model for Aunt Sally would be a keyswitch on the front of the computer. Similar to those round-key locks that used to prevent boot-up.

If a program wants write access to Program Files, a dialogue box will pop up asking the user to turn the keyswitch to admin mode.

Now, hopefully Sally won't turn the keyswitch unless she knows she's trying to install something.

This is not flamebait, someone mod it back up

[moultano]

When I first clicked on the article, I couldn't even figure out immediately where the rest of it was. It was like 90% crap, a tiny bit of text, and a tiny more link that disappeared amidst all of the crap.

No one says that you cannot.

[khasim]

Oh, and those that say that you can't run in Limited User on XP (as in the fine article is stated) are completely ignorant.

What the article actually said was:

When you use Windows XP, you are almost certainly using an account that belongs to the Administrators group. (The challenges of running as a Limited user in XP are well documented.)

What was that about "ignorant"?

Granted, I have to set the ACLs on both directories and registry settings, but it's never been very hard.

Go ahead and ask 100 people on the street whether they use Windows and whether they know what an ACL is and how to change it.

Running as a Limited User is not impossible.

It just requires spending a LOT of time and effort to LEARN how to do so ...

and that pre-supposes that the person understands the risk of running as Administrator.

So, someone has to already be aware of the threat ...
Then that person has to choose to try to avoid that threat ...
Then, then that person has to spend time becoming further educated ...
Then, then, then that person has to spend time fixing the ACL's and such.

Or just choose to run as Administrator and all those problems go away (and you get new problems, but all your apps run).

Re:No one says that you cannot.

[Mancat]

You can gain access to the "Security" tab in XP Home by installing NT Security Configuration Manager:

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/ tools/scm/SCESP4I.EXE

Run the executable and extract it to a folder, then open the folder. Right-click on "setup.inf," click Install, and restart once it's done. Works with all service pack levels of Home.

Lame article, Lame suggestions

[flakier]

So, in the end he recomends giving Users full control or write access as means to get around the annoyance. Hell, why dont we just chmod -R 777 /* and end all the "annoyances" of my Linux box too while we're at it?

Can't he just suggest that application designers get a clue and write apps that don't write uneccesarily to sensitive areas of the system? Hopefully annoyed end users will "motivate" lax companies when this happens instead of working around the issue.

Two Words

[SuperKendall]

Granted, I have to set the ACLs on both directories and registry settings, but it's never been very hard.

Your Momma.

As in, ask Your Momma to do that.

You see, my mother uses a Mac and is able to install updates herself and keep things running just fine, all without knowing what an ACL is much less how to set it.

Saying the average user needs the equivilent of a car mechanic to deal with computers is just sweeeping the issue under the rug and letting Microsoft off the hook for a half-assed solution to the problem. And also ignoring there are a hell of a lot more people that can fix thier own car problems than computer issues.

Flamebait

[ewhac]

So how is it that running as a "limited user" under Windows is an arcane, difficult process, whereas doing so under UNIX is nearly trivial?

I'm not saying UNIX is "better," since the primary issue here is social, not technical. If UNIX were in Windows' shoes, then third-party applications and slickly packaged malware would be popping up dialogs reading, "This application requires root priviliges to install. Please enter the root password: _____" So UNIX's user model doesn't really solve the base problem. However, I've been using Windows (mostly for gaming) for a while now, and I run with administrative privs all the time, because running as a limited user (in the UNIX sense) just doesn't work. Or, perhaps more precisely, it doesn't Just Work.

So what's the deal?

Schwab

Games -vs- firewalls

[MobyDisk]

I'm curious how this handles applications that constantly modify system settings inappropriately. Does it prompt you every time, or just once? Does it remember the setting? Ex: Most games still save their save files into C:\Program Files. When I save my game, am I booted from my DirectX environment back to the desktop to answer the prompt? If so, does it happen every time I save? Or can it work like a firewall and say "let me do this every time."

Oh No...

[googleaseerch]

The UAC's involved in this now, too? All hell's gonna break loose.

easy to fix

[rcamans]

I got this from somewhere:

        Start an elevated command prompt window, and from that window run secpol.msc.

        Find all the policies that start with "User Account Control" (there are only, like, six of them) and set them to either no prompt or disabled.
That's all there is to it. You'll never need to "run elevated" and you'll never be bothered by those pop-ups again

Thank you, whoever posted this fix.

uh..

[DoctorDyna]

But, if you disable the run elevated functions, wont the popup be replaced with a dialog that says "This program needs administrator priveleges to run. Unfortunatly, you disallowed elevating you, dumbass. please log on using an account capable of running this."

SHGetFolderPath()

[tepples]

Most games still save their save files into C:\Program Files.

Games certified to run on Windows Vista don't. Instead, they'd use SHGetFolderPath() to look up the current user's My Documents folder and end up saving to e.g. C:\Documents and Settings\Pinocchio Poppins\My Documents\GTA Hot Coffee\ or something like that.

Problem/Issue is obvious if you understand Unix

[fortinbras47]

Windows is continuing its transition to the Unix user/security model, but your average user (and many IT people) neither understand the user/admin distinction nor permissions.

As I understand the article, EVERYONE in Vista is a normal user. Administrators have the ability though to take administrator actions on a case by case basis after supplying credentials.

To me, this sounds exactly like "sudo" under unix/linux or the "Authenticate: blahblah requires that you type your password" under Mac OS X. This model is more secure and works great, but there are some legacy transition issues.

For you unix people, the problem the article describes is, "what if you mount an old drive, the drive has restrictive permissions, and the file owner UIDs don't match the new system?" (your user account doesn't have permission to do anything on the drive)

NTFS has file permissions, but they rarely came up in practice because everyone in Windows was doing everything as the Unix equivalent of root. In Unix, the obvious fix is to do a sudo chown -R newuser /mnt/olddrive (or an ultraghetto sudo chmod -R o+rwx /mnt/olddrive) . The user/permission concept is totally foreign to your average windows user though, and hence the problem.

Re:Problem/Issue is obvious if you understand Unix

[value_added]

NTFS has file permissions, but they rarely came up in practice because everyone in Windows was doing everything as the Unix equivalent of root. In Unix, the obvious fix is to do a sudo chown -R newuser /mnt/olddrive (or an ultraghetto sudo chmod -R o+rwx /mnt/olddrive) . The user/permission concept is totally foreign to your average windows user though, and hence the problem.

Foreign is the right word, but the problem is more extensive and pervasive than familiarity or experience. First there is that mess called the registry and its tortured permission structure. Then there is an incoherent file system hierarchy where anything can be just about everywhere, except for what's supposted to in SYSTEMROOT or system32, which is where everything gets dumped anyway to avoid creating a path that's a mile long. Then there's Windows bizarre concept of file ownership. I create a file, but some other group owns it instead, but it's almost always executable by everyone, so no worries, right? Executable JPGs and GIFs and text files. LOL. Short of right-clicking one's way through the registry and file system, I doubt anyone knows and or manages anything, Microsoft included. And then, of course, there's all those services ...

Sorry, but Microsoft will have to reinvent themselves a few more times before they discover Unix and these problems go away. These perennial discussions of "running as Administrator" vs. "running as a member of the Administrator's Group" vs. "running with limited privileges" obscure the real problems, and New and Improved Changes by Microsoft only mitigate the existing chaos. Get a typical home user to run with low privileges? Woohoo. That takes care of everything, doesn't it?

DOS-style attributes in combination with an overcomplex ACL/policy-based system and a nutty bunch of default user and group acounts (SYSTEM, anyone?) is painful enough without the embarassing lack of tools. I give it a few more years before they get round to giving us a terminal window in which perms and ownership are clear and visible, using chmod and chown become standard practice, and an appropriate umask can be defined. Should I hold my breath, I wonder?

lol..

[DoctorDyna]

Windows experts explain how to disable security features, how quaint. Honestly, the whole time i was using Vista it never occured to me to turn this "feature" off.

Anybody who needs instructions on how to disable something using gpedit has no business running a beta operating system that was intended for a serious testing audience.

Come to think of it, having a meaningful conversation about an un-finished product is also quite silly. Ok, so in the light of this, I offer this comparison / excersize.

Test 1.) In Windows Vista, make a shortcut to a program you know needs admin to run. Time this part Click the icon, then click the resulting dialog as quickly as you normally would to grant it permission.

Test 2.) In Linux (for argument, lets say Ubuntu) pop open a term. Think in your head the name of an app or process / shell script that needs root or super user to run. Time this part type sudo then the name of the program or command.

Did clicking the box take longer than typing SUDO? meh. what a shame were wasting so much of slashdot's disk space on a coversation over a few milliseconds.

Re:Get a Mac.

[jacksonj04]

Vista has the potential to turn around the eternity of warning boxes. I would consider myself a computing professional, and sometimes even I've automatically clicked OK before going "Oh shit, what exactly did that just say?"

Vista's security model doesn't seem to ask for credentials in stupid places, unless the article writer believes that modifying the system folder should be the perogative of every user. What it does (Especially when running user apps) is show just how much applications rely on priveledged accounts. If the developers can get the program to work as expected without relying on admin rights, it will make users stop and think "Woah, why is this asking me for the admin password? What is it trying to do?"

I have no objection to being prompted every time something wants to mess with a system file. I object to being prompted every time something wants to mess with a system file because the application is piss-poorly designed.

Obvious choices

[Smorkin'+Labbit]

I like the options "Continue" / "Skip" / "Cancel". Very obvious for a normal user what the difference between Skip & Cancel is ;-)

It's worse than that actually

[apankrat]

What's worse is that there is no way to distiguish between authentic "User Account Control" dialog and a fake one that is poped up by a malicious application trying to collect admin credentials.

Unless Vista allows customizing generic "UAC" dialog (with an image or a text) or easily authenticate it in some other way, UAC being ON appears to pose a greater risk to a system security then when it is OFF.

Re:It's worse than that actually

[apankrat]

Here's what they say (it's a bit long, but it's worth reading) -

The Secure Desktop's primary difference from the User Desktop is that only trusted processes running as SYSTEM are allowed to run here (i.e. nothing running as the User's privilege level) and the path to get to the Secure Desktop from the User Desktop must also be trusted through the entire chain.

So what does this experience look like? When you click on a UAC shielded control, your user desktop will appear to dim and the window that caused the elevation request - typically the window you were most recently using - and the elevation UI will be made more prominent. This is to provide you with the highest level of context possible when interacting with the elevation dialog.....

So - again - how exactly are they planning to prevent arbitrary application from mimicing this behaviour ?

It will not need to bother with "Secure Desktop", but rather just make a copy of a screen, dim it, show in a topmost window covering entire screen and then superimposing fake, but otherwise OK looking UAC dialog.

Terrifying

[bcmm]

I really cannot think of a scarier idea than Microsoft working with the Union Aerospace Corporation.

Quick question

[martinultima]

“and the obvious fix”

If it's so obvious, why can't they just make it a built-in part of the operating system anyway? I'm sure that there's got to be some sort of secure way of doing so. I know that if I were Microsoft, I'd want to provide all the "obvious fixes" as part of the default install, no stupid tweaking involved.