Slashdot Mirror
Details on Refining Vista's User Control
borgboy writes "Windows Vista has gotten a lot of negative press recently following the release of the latest beta, especially regarding excessive prompting for privilege escalation for seemingly common activities. On his blog, Steve Hiskey, the Lead Program Manager for User Account Control in the Windows Security Core group, details what the issues with the excessive prompting are, what the design goals of the feature are, and how they plan to achieve them. Briefly - they know the excessive prompting is a royal pain, they know that have to reduce it to an absolute minimum to be both productive AND an effective security risk mitigation measure, and they want as much feedback as they can get on the beta."
If I'm getting what I want from my OS already, why bother upgrading from Mandriva?
So what's to stop malware from affirming the prompt? It isn't even a hurdle.
Just a few clicks away& size=o
http://www.flickr.com/photo_zoom.gne?id=151250154
Mac uses have gotten used to the authorization of petty procedures by now but it was a real nuisance in the beginning, some five years ago. Software developers have gotten used to it also and have written better installers that don't require multiple instances of authorization, or any at all, installers that installs in non restricted areas and so forth. I think these issues will pass with time for Vista users too. In the mean time, they really shoud take joy in the fact that malware will be increasingly scarce on the platform.
- Henrik
- when the Shadows descend -
Of course if the j-o-b foists it on us anyway, at least there will be the necessary hardware upgrade at long last...
If brevity is the soul of wit, then how does one explain Twitter?
This "excessive prompting" is never complained about with OS X, or within Linux. What's the big deal about being asked for credentials when doing an installation or when performing privileged executions? Is not "excessive prompting" exactly what keeps malicious code from auto-executing and essentially is the primary reason there has been no self-replicating OS X worms to date?
I recall that recent "Mac Virus" which masqueraded as an image - however, if you clicked on it it would ask you for your password which set off alarms immediately. Had Apple decided that it was too much of a hassle for the user to enter their username everytime they needed to install a piece of software, this virus may very well have been successful.
I think the reason it's going to seem "excessive" is simply because of the lack of virtually ANY prompting in previous versions of Windows.
It's all relative, I would think.
Now, requiring Vista to play certain games however, that's excessively lame and nonsensical.
--
Music should be free
My Computer Music Tutorial Videos
It appears that you are trying to post a comment to Slashdot.
Please enter your Windows username and password to continue.
Username:
Password:
This guy's the limit!
This is a sad attempt by windows to increase the security of there lacking security in previous OS's. Well thats no surprise. Just a little interesting information, instead of using the Windows Network operating systems that they produce, NT, 2000, etc, there MSN server main host terminal, the connection for the whole network itself to the net past LAN, is a FreeBSD server. A blatant way of them saying, not even we trust or software to be safe.
"Some people think these questions are hard...
Tough crowd here at Slashdot. We all know it's going to suck, but at least let them release it first before you criticize. Seriously though, it is just a beta and not the end result. They're looking for feedback to make improvements and thats a good thing.
http://religiousfreaks.com/I just read this article last night and remember reading about having to keep entering the admin password.
Why can't they set it up so when you open control panel, you have to enter the root password (like opening yast as a non-root user in suse and the like) and then you're essentially su'd until you close control panel, or I suppose you could time it out, so after 10 minutes even if the CP is open, you will have to re-enter the password if you click on a little icon in there.
From reading the article, I did follow the link to the article, putting in your password that many times will drive someone insane.
That which does not kill me only postpones the inevitable.
Border fortifications are good for keeping criminals and others from fleeing the country, too. The USSR did this with great success.
Reminds me of talking cars. Users ask for an easy to use operating system without it getting in the way. Users complain about security issues. Users ask for a more secure operating system. Users complain about the OS getting in the way. Microsoft's response? You can't have your cake and eat it too. It sounds to me like their security implementation isn't half assed and that they realize that the closest you get to a totally secure machine is one that isn't turned on and has never been used. Their implementation therefore is going to cause some "Yes You Can Do That" "yes" "yes" "yes you can" headaches.
All I have read are bad reviews of Microsoft's next operating system upgrade. Are there really any reasons (yet) for an average user to pay the money to upgrade from Microsoft Windows XP Pro to Microsoft Windows Vista?
Btw, there was free software called Vista produced by the U.S. government for administering veterans' health care. Some time after Microsoft announced its desired name for its software, the U.S. government began calling Vista (so named since 1996), VistA. Now they have even gone so far as to call it VistA (note the obnoxious bold) on its own website. I guess the U.S. government really wanted to help Microsoft out with its trademark application.
It's the greatest feature in vista.
This ensures ALL users and majority of services are running UNPRIVILEGED, which means viruses/malware/etc can't do jack shit to the system.
This is great - try going to c:\windows and creating a file there or a new folder. Boom, UAC dialog. Why? Because normal users don't need to do anythign in C:\windows! But, you say, what about when apps are installed? Well, I went and installed Office 2007 Beta2.
The privilege dialog came up TWICE. Once at beginning install and another time a few seconds later. That wasn't much bother at all. And now I can go back to running it as a unprivileged user.
When vista final is released, it will be the most secure windows release to date.
this post up. Exemplified by feel obligated to encountered while fucking 4ercent of hobbyist dilettante suffering *BSD series of exploding I know it sux0rs, to die. I will jam
I agree with you; a system like linux uses does seem to be the best way to keep security... what I don't understand is how MS's system is fundamentally different from what linux does. You need to be what is the functional equivalent of root to install or change settings; but just for normal use I bet it wouldn't ask you that much. For me MS is doing the right thing here
...don't get me wrong I won't be moving from linux (which has many other advantages of windows)
*''I can't believe it's not a hyperlink.''
Regarding the link posted by parent, the problem is: why the Hell doesn't this file (a shortcut), which actually seems to be on the main user's desktop, BELONG to the corresponding user?? Why does it belong to "SYSTEM"? I can't understand how Microsoft succeeds in screwing up things so much each and every time. It's not like there aren't easier, working and well-thought security models (look at UNIX's perms simplicity and efficiency, and they can be completed with a more thorough ACL system).
Those who don't understand Unix are condemned to reinvent it, poorly
what the design goals of the feature are
Yeah, now everything is a "feature" with "goals". Give me a break.
However, that means that malware, running as a Standard User, can download an administrative application, and send keystrokes through Windows to simulate the user invoking the application. As a result, Windows cannot tell if YOU launched the application or if malware launched the application.
How about if you add something extra to make sure no "malware" lands up on my system? Can you do that?
LOL ASSbuntu!
Anytime you install a program, it has to change the registry. You want to see a video encoded in a new format? Ah, you have to register the format and the codec - and there ya go, you have to change the registry. You want to associate a new filetype with a program? There ya go, you have to change the registry.
Sometimes I wonder - rootkits use stealth techniques to intercept registry calls. Why doesn't microsoft use the same rootkit approach to "cage" the registry into the directories used by the programs you install, and let the programs only use their caged registry? That way programs would only need access to their own caged directory and maybe a temporary or data directory.
IMHO, the registry was the worst idea Microsoft could have come up with.
It's too late to change the design once you've made it to Beta. Beta testing is about finding the obvious bugs in the system so they don't end up in the final version. If they tried to fix all their design errors after beta they'd never release anything.
there's still some core OS UI that's not UAC-enabled, though. for example, you can't fully configure network connection settings without running running explorer.exe elevated.
So they're *still* designing insecurity into the system because they place a higher priority on the "extensibility" that lets applications do things the user isn't expecting them to do.
And they're still relying on Grandma logged into her AOL account as the last line of defense.
Have they learned nothing?
Sorry, that was rhetorical.
"[...] they want as much feedback as they can get on the beta."
Translation: Microsoft can't decide what it should do, and doesn't want to spend the money figuring it out, so they'd rather get the tech-savvy people who'd be willing to try out a beta to tell them how it should behave.
I pity the foo that isn't metasyntactic
For me MS is doing the right thing here
I'm not saying what they're doing is bad. I'm saying they went a little extreme. With as many times, I believe the article I cited said 17 times, it should have a do not show again. Personally, I do not believe in caching passwords, but for that many times...
I actually commend them for doing this, but it needs to be more practical.
That which does not kill me only postpones the inevitable.
What im getting at is that microsoft is making Vista with all the security precautions in place because their prior operating systems lack so fully in the department its pathetic. And as an example of how sad they truly are when it comes to trusting the security of their own product, I felt the need to point out that the server for MSN that scans all incoming and outgoing data and connects the server itself is a FreeBSD server. Its just a blatant fact that even microsoft knows that their products are crap for security. Total cost of ownership of the MSN properity is not the issue here, its simply the fact that Windows in itself is almost always a rushed to production peice of software filled with bugs, glitches, and holes. Hence, the necessity for continual service packs and security updates. You wanna know when you update FreeBSD, when a new release is out and you dont have a custom kernel.
"Some people think these questions are hard...
Isn't excessive prompts, it's a feature that can let the user stop a certain process from running. How many regenerating virii and rootkits rely of automatically running an executable the second a dodgy process is closed to make it tricky to remove? If you could identify a malicious process and prevent windows from running it in the future. Removing virii that are running, even in safemode is a complete nightmare. A password protected feature that can prevent a process being run again the second it's closed would make the majority of agressive malware next to useless and far easier to remove. Although knowing microsoft they'll leave a security hole in and hackers will start doing things like disabling explorer.exe...
Brad Jesness FAQ 7.0
Brad Jesness FAQ last updated January 12, 2006.
Disclaimer: The Brad Jesness FAQ is being hosted by the owner of WilHelp.Com, Taylor Jimenez. This FAQ is about a USENET abuser and Internet stalker named Brad Jesness. He achieved initial notoriety by abusing the newsgroup sci.psychology.psychotherapy, but has expanded his abuse to many other groups, including, ironically, groups devoted to discussions of Internet abuse. This FAQ was not created by the current host and there are many individual contributors who have provided information in the hope that the more people know about Brad Jesness, the greater the likelihood that he will realize his internet abuse is not achieving the desired result. Make no mistake: If you publicly (on the Internet) confront Brad Jesness without some measure of anonymity, Brad Jesness will not hesitate to call your employer or even law enforcement to harass you. As time goes on and this FAQ is seen by more and more people, Brad Jesness will become less and less a threat. But vigilance must be maintained. Brad Jesness has shown for many years that he becomes utterly obsessed with anyone who dares confront him in public. His obsession is well documented. By the time you finish this FAQ you should have all the information you need to protect yourself from a genuinely dangerous person.
Brad Jesness has claimed to have worked in the psychology field yet it is not clear exactly what it was that he did. From 1995 to the present Brad Jesness has attempted to represent himself as a reputable authority in the field of psychology. At one point Brad Jesness had claimed he was a "certified professional" but was forced to retract such claims. The Minnesota State Board of Psychology, the Minnesota Board of Teaching, Post-Secondary Education and Higher Education boards/agencies all say that Brad is neither licensed nor certified by them.
Brad Jesness has redefined internet stalking for the 21st century. He has attempted to bully, extort, threaten and harass people who dare speak out against his failed logic or outright, dangerous advice. With over 1078 known aliases and his abuse of anonymous remailers, Brad Jesness has managed to become a one man harassment army. Never in the history of the internet has there been such an arrogant and shameless abuser. Several thousand USENET postings over an almost ten year period can be attributed to Brad Jesness or his "supporters". Almost 100% of those posts were mean spirited and/or defamatory.
Many in the field of psychology believe Brad Jesness suffers from acute Narcissistic Personality Disorder (NPD). Brad Jesness' demonstrated method of internet abuse would support such a theory. Brad Jesness' intense hatred and distrust of most psychologists will unfortunately prevent him from getting the help he so desperately needs. Apparently Brad Jesness has developed some kind of home-grown, half-baked theories regarding psychology. At the heart of this snake oil is the notion that conventional psychology is completely wrong and only Brad Jesness' radical approach is valid. This type of belief structure and worldview are consistent with most people who suffer NPD. This is really unfortunate for the internet community because Brad Jesness believes he is normal and will never seek help on his own.
The typical M.O. of Brad Jesness is to enlist the help of a "Supporter Of Brad", (SOB) to actually post the offensive material. These posts always speak of Brad Jesness in the third person and are written in such a way that Brad Jesness could perhaps try to deny his authorship. The interesting thing about these posts is that the SOB author frequently has really positive things to say about Brad Jesness. To date, no one other than Brad Jesness has been identified as an SOB and Brad Jesness has offered no hard evidence that any other people are responsible for the SOB abuse of USENET. Posting anonymously cuts both ways. The mechanism that provides his deniability (anonymous remailers) also makes it impossible for him to prov
One solution is for developers to write applications that don't need to be installed, nor run as, the Administrator user. Of course, that is if Vista was designed to allow applications to run properly as non-admin.
I read the article's justifications. And I don't doubt that the number of elevation prompts seen in 'normal' usage will decrease as the betas roll on, to a number that most people will just learn to live with.
But I can't shake the feeling that their idea of increased security is, "WE decide, case by case, what operations are safe for you to do on your computer." Especially with sentences like this: "The hope here is that the user won't need to launch many administrative applications." Or, "Why can't my child run the anti-virus checker?" "They're not supposed to."
Sounds to me like by the time Vista goes gold, Microsoft will have successfully determined what set of operations we should be allowed to do with our computers to make the system somewhat usable by MOST users, MOST of the time.
Does that sound scary to anybody else? PC's with Microsoft OS's are becoming more and more like appliances with just a fixed set of day-in, day-out tasks, e.g. media center, gaming box, office productivity tool.
Fine, then. If that's all people want, I guess they should have an OS that conditions them not to do stupid things. The good result of this might be that Microsoft OS's will be even less desirable for people who still want to use a PC as a tool for exploration, research, and hacking. The bad result will be that, if M$ stays ubiquitous, fewer and fewer young people will even realize that that's what PC's at their best can be.
just build a GNU/Linux distro instead :p
Politics is Treachery, Religion is Brainwashing
You're kidding right?
This "excessive prompting" is never complained about with OS X, or within Linux.
Uhh, that's because it works right? Clearly you don't use either because you'll find there is no prompting for normal user activity.
Is not "excessive prompting" exactly...
Uh, no. Again, if you used either one you'd see they take care of the problem the right way as opposed to Microsoft's cluster fsck.
I'm guessing you are trolling for Microsoft. If not, please switch to linux or OSX and you'll see what everyone is talking about.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
If it can search and index file contents, then it has full access to my data. If access to that index or search feature is insecure then it's taking control of my data out of my hands and giving it freely to others. Why should applications need to access files that I created but which I haven't explicitly opened for their use?
Will the security be in place in both the API and data storage files so that instant search won't just become a new way for malware to quickly focus on the data it wants (e.g. Credit Card or Social Security Numbers)?
While Microsoft has everyone screaming bloody murder about all these security prompts - keep this in mind: It's probably an intentional distraction.
Very few folks seem to be analyzing and criticizing the other 99% of this operating system. Keep focusing on this security-prompt-red-herring, and we'll fail to uncover the real turds before it's too late.
- The Kessel run is for nerf herders. I can circumnavigate the entire Central Finite Curve in a lot less than 12 parse
The point of UAC is to make sure the user has to authorize any actions that need administrative privileges. So address the authorization instead of the actions. Do what my Debian box does when programs need root privileges. When I run a program like that from my normal user account, a wrapper prompts me to enter the root password or abort the operation. If I enter the password and it's correct, root credentials are added to my keyring temporarily and the program can run as root. As long as those credentials are on my keyring, any other programs that need root access can run without prompting. If the credentials remain unused for more than a short time, they're removed from my keyring and any programs after that that need root privs will cause a prompt again. This makes sure I have to manually authorize root access, but that I don't have to keep answering repetitive prompts. It doesn't require any fancy tuning of which actions prompt and which don't, at most it only needs tuning of how long root credentials remain on the keyring which is a lot simpler.
Typical Microsoft, crafting the most complicated solution to the problem.
I got into it with a(nother?) Microsoftie on this a few weeks ago.
4 07442
4 08915
I predicted there was no clear path with their access control plan.
http://slashdot.org/comments.pl?sid=186700&cid=15
The microsoftie claiming just because I had never used it, I shouldn't criticize and masterfully dropped a few personal insults too.
I fired back that I didn't see it happening.
http://slashdot.org/comments.pl?sid=186700&cid=15
Funny how I was right...
Today's Lesson: Run away from Longwait and don't look back.
Unless of course you are like me and are paid to babysit them. I'm confident there will be plenty of work.
Please Microsoft, just pay me to promote Longwait. It will be much easier on you.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Because the Windows control panel, unlike, say the Preferences menu in GNOME, is a mishmash of user preferences and systems administration functions. IMHO, they should just remove all of the the system admin functions out of control panel, and have a new Start Menu shortcut that opens the 'Manage...' window you get when right-clicking on computer.
My blog
This kind of security model has always been present in OS X, and other various unix-like flavors, so applications written for these operating systems have always expected to explicitly request super-user authorization before doing any system-level configuration.
The situation on Windows is completely different. Microsoft is retrofitting Windows with this security model, but it must still support the vast catalog of existing software that was written assuming the traditional Windows security model. So, instead of an application or installer explicitly requesting authorization, Windows watches all processes for what amounts to security violations, halts the process and prompts the user for elevation. And now they're talking about writing shims for specific problematic applications. Yikes!
To call this over-engineering is an understatement, to say the least, but what else can they do? The value of Windows has always been in its backward compatibility, and Microsoft cannot give that up without risking their dominance in the market. But this is precisely why OS X has surpassed Windows in terms of the rate of development within the last few years (also an understatement).
ENDUT! HOCH HECH!
I'm not sure why you have to say "uh" when posting. There is plenty of time to form cogent arguments without stalling for time.
At any rate, I actually do use OS X and Linux. But yes, my primary desktop is Windows. Frankly I find OS X to be overhyped and Linux is just not a great desktop. Don't get me wrong, I *heart* linux deeply and use exclusively LAMP at work.
And I do find the prompting in OS X to be excessive at times. When running software updates I must enter my password for each update.
Even from the terminal, even if I am logged in as root I still need to sudo rm -R and then enter my password to remove a directory and it's contents. It's for the best, of course, but it seems that I shouldn't have to enter my password again once I've logged in as "root the all powerful". Darwin is a weird unix-like.
Now, lastly - I'm not looking forward to Vista. I use windows pretty much because it runs my games and has the added advantage of being able to browse and process words. But I am by no means a die-hard fan. I simply have the opinion that it's a good thing that Windows is prompting more often. I am not implying that this indicates that Windows is by any means now "fixed" because of it. Microsoft needs to leave their current architecture behind - Vista should (and it seems will) be the last of the NTs.
--
Music should be free
My Computer Music Tutorial Videos
-- "I never gave these stories much credence." - HAL 9000
The real problem is: the icon belongs to the system, not the user. So the user shouldn't try to delete it, since it will affect other accounts, too.
Of course, that means the user can't get rid of the icon at all, which is a bug in the way desktop displays icons. It should either:
1) display only the user's icons, or
2) allow the user to "hide" system icons.
Same problem with the Start menu, by the way.
Freedesktop.org's menu standard is much better. (At least, the way KDE works - I assume that other DEs support this, too). The user can create a local shortcut with the same name, and it will override the system icon. The shortcut can be marked as "hidden", which will effectively delete the system one for the current user.
nt
spoonerize "magic trackpad"
They've had how many years and an unbelievable amount of people/money thrown at the problem and this is the best they've got?
4 47596
My previous post on the subject covers it pretty well:
http://slashdot.org/comments.pl?sid=187221&cid=15
It's funny that it's moderated 30% Interesting 40% Troll 30% Underrated
Just pay me and I'll promote Longwait.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
I used to deal with UAC before. :)
Does anyone else see this as being a metaphor for (or at least, highly parallel to) the huge beaurocracy of the NSA: an organization designed to have the appearance of being "tough on security", but actually being costly and inconvenient while affecting real security very little?
My gut feeling is this is another Microsoftie doing damage control.
the optimal number of steps
Is one. Just one. On my kde desktop, I right-click the icon, select delete. Apple's desktop is similar.
In both instances, there's a robust security model underneath my desktop that does not require an extra "are you sure?" button on my desktop to work right.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
i have dealt with some difficult customers, but this slashdot crowd right now is just utterly ridiculous. there are a few that are willing to go against the grain and give vista a chance before dismissing it entirely, but the vast majority of the slashdotters lately are as close-minded and biased as any group i have ever seen. if MS adds a feature that you all love from another OS or application, they are copying. if they don't add it, they are behind the times. if MS tries to beef up security, they are doing too little too late, and it probably won't be effective anyway. if they don't try to beef up security... well i think you know what you all think of that. if MS releases a patch for IE, it is yet more proof that their software was flawed in the first place. if they don't release the patch, they are too slow to react to security threats, and are failing their users. this is the best one, and it happened just like this, a few posts up... if they open up to a beta group and ask for suggestions, they are skimping out on doing actual work and getting us, the computer elite, to do their design for them. if they don't open up to a beta and take suggestions, they are ignoring their users. i could go on, but i think you catch the drift. i get it, you guys hate MS. i thought this was a forum for open-minded people to share ideas and learn from each other, but if you want to just sit around and play target practice on a company that you have decided a long time ago that you will hate for life, then i might just have to give up on getting any more actual insight from reading the comments on slashdot, particularly on MS related stories.
I know Vista is in Beta but when I beta tested Windows 2000, there were alot of bugs in that beta.
I emailed Microsoft with problems with Windows 2000. It was a really nice, long email.
They sent me a nice email back saying that they will look into the problems that I had found out,
And guess what they never fixed them. The same issues were in the final release that were in the beta.
the Lead Program Manager
Program Manager? I thought we got rid of that thing after 3.11?
Well, I think I've heard enough.
Slashdot = -1 Redundant, Asperger, kdawson FUD, Libertarian, and Linux
The only thing those links show is that you're a ignormaous flamer that doesn't know how to use linebreaks. And that you managed to hook a "microsoftie" with your low-wait slashbot-style trolling. It's pretty pathetic that you are bragging about that little exchange, because it shows you in an extremely poor light.
Whenever I hear the word 'Innovation', I reach for my pistol.
I'm sorry mpapet, but I don't see the personal insults. You appear to come off attacking Vista without detailing any knowledge of actually using the product.
What do you expect when using terms such as "Longwait"????
Another post shows the several steps it takes to delete an icon on your desktop.
Are you sure you want to delete this thing on your desktop?
Yes, because It's my fsking desktop! Not root, not another account, mine!
going to c:\windows and creating a file there or a new folder
As a system administrator I can tell you nearly all users don't want to go anywhere near c:\windows. XP solved it enough for these users. OSX and Linux have a security model that Microsoft will only dream about.
So, they've created another complicated system on top of an OS not designed with security from the kernel upward.
Switch to OSX or Linux. It works right.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Not to mention that the entire reason the trash can exists is so that you don't have to have an "are you sure" prompt because if you "delete" something by accident you can just grab it out of the trash!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
In Windows, even simple actions require accessing TONS of DLLs. I imagine that MS simply set up Vista to ask for "authorization" EVERY TIME a "privileged" DLL needs to be accessed. Obviously, that gets out of control.
They need to figure out a way to make it so that you authorize certain ACTIVITIES, instead of every individual executable that activity requires.
Of course, that's damn hard, because of the way Windows is designed.
Personally, I don't find the dialogs that bad, and if it can keep people from doing STUPID stuff, I'm all for it.
While your view is correct, there are some reasons why a confirmation-on-delete can still be beneficial, especially for novice users.
Say a novice user (think grandma) is trying to click on Rename and accidently hits delete without evening noticing that delete was an option. If the shortcut disappears, they would be thoroughly confused. They would not know to look in the recycle bin.
Also, remember, this confirmation *can* be turned off in Vista (just like in XP.) So, you can have it the way you like it if you decide to use Vista. However, I support the decision to default this feature to on.
Because everyone was demanding that they fix the security problems as their number one priority and they -finally- listened. So they did fix them, which broke some poorly behaved apps, and they got screamed at for breaking apps. You can't have it both ways.
Tell that to a paralyzed person who controls the computer with his/her voice. Because the voice recognition program needs to send keystrokes to Windows.
But nice to see you were moderated +5 insightful, despite blatantly ignoring the words accessibility extensions .
From the blog:
The problem with marking Windows binaries to "silently elevate" is that we feel it will lead to "worms" or self propagating malware.
Marking "silent elevator" should require administrative privilege, so what's the problem?
Unix has this for years, that is called "setuid root". This is extremely useful.
Also, it's very easy to have a knob to allow all signed applications to do silent elevation. Much cleaner than developing hacky shims.
Any form of user control in Vista would be a nice improvement from Windows XP.
I don't want Vista to succeed. I like that when people use GNU/Linux, they're reminded that it feels good to share and collaborate. I like that it also makes people start questioning patents, excessive copyright, fair use circumventions, etc. So even if people end up liking Vista, that would feel like a step backward for me because it moves people further away from open-source software.
I wonder when I became an idealist...
At the risk of sounding like a broken record, I really really wish people would stop acting like the beta is finished code, and complaining about it. A simple "Sheesh, I hope they change / fix that!" turns into " Omfg look at that crap they put in there! were all doomed!"
I really need to stop trying to play the devil's advocate around here, fucking holier then thou zealots are going to kill my karma.
Windows has more viruses because linux has more virus coders.
From the link:
:)
"For example, when the application attempts to write to a file in the program files directory, Windows Vista gives the application its own private copy of the file in the user's profile so the application will function properly."
My idea is not to cage the user, but the APP. Caging the user still won't work. It's like closing down the cage with you and the bengala tiger inside. OK ok... they give you a whip. Happy?
If we cage the APPLICATIONS, every app will run on its own sandbox, without affecting the rest of the system.
If Spinal Tap wrote software...the result = Windows Vista
Why on earth would any sane person knowingly allow a computer program to impersonate themselves or others? My gut feeling is that MS and other software mfg want more control of MY and YOUR computer without us knowing it. It wouldn't surprise me if elements of the Vista allow MS to search your computer for bogus copies of MS software and software from other companies without us knowing it. MS could sell this service to other companies (i.e. music industry, publishing industry with e-books). And how about marketing companies want to know your buying habits. Remember that the OS has unrestricted to your drives - and the Internet. This becomes a serious concern as more home users become hard wired to the Internet 24/7 with fixed IPs. Think about it. Why would a home user need all this sophistication? And forget about worrying about a family member (i.e. kids) updating windows. Most family members who are online have their own PC - $700 is all it cost and no one has to fight for a turn on the Internet.
they actually have this feature. You right click on explorer and click run as. Then type in my computer on top. any thing you do from that window edit/run will be done as who ever you "ran as".
This feature probably will not work on vista because after I installed the new ie 7 i could no longer goto my computer from the browser.
I am a big linux fan, but I still would not recomend it to anyone who doesn't know what assembly is. Linux needs to learn from windows' trials and errors. Come on fokes, all I am looking for a distro backed by linux, where I can give the cd to my brother and it will install as easy as windows. Meaning for compatibility issues, make a wrapper that reads windows' driver files. I have no clue how you can do this, but if you can do it, I promise you windows would dissapear from most computers.
Teasing the nobles, and rightfully so!
What everyone seems to miss is that the fundamental flaw, which the blog author alludes to, is Microsoft's desire to allow applications to masquerade as the user and send messages via the Windows message pump (via SendMessage() etc).
The real flaw is that MS is maintaining a design decision that was made back in the days of Win3.1: there shall be one method for structured message passing (the message pump) which will cover user input, application IPC, system notifications, clipboard copying, window redraw requests, etc. This message pump is built into the core threading model for the OS (many other windowing systems have this too, it isn't just Windows).
Since there is only one front door, user input uses the same facility as everything else, and it becomes impossible to tell if the user pressed the "A" key or if an application sent a KEYPRESS message.
One solution is to have OS-enforced segregation between these types of input, and force multiple input channels. The mouse and keyboard (and other legitimate devices) get to use the "user input" channel, and other apps get to use a different channel.
But Microsoft doesn't want to do this because they want to enable Bob-style guided interactions with applications, where the target application can be automated/scripted without its knowledge. Changing this also has huge backward-compatibility issues---basically anything built for pre-Vista windows must be modified and rebuilt.
So MS is talking security, but this is a case where market footprint and backward compatibility are fighting with security---and ease of use is caught in the crossfire. A first for MS.
Premature optimization is the root of all evil
What we need is not 100 dialogs verifying if we really really really want to delete or execute something. What is needed here is an internationally recognized license to operate a computer. That is right, a license to operate a computer, just like we need licenses to operate a vehicle. Damage done by improper use of a computer nowadays is pretty extensive. A license would filter out part of the core problem allowing them to focus on fixing the other part, making the actual OS secure and not just slapping these dialog hacks. I'm only half joking.
[alk]
Where do want microsoft me drag today?
This guy is clearly cracking under the pressure. I never understood people like that. Steve, if you read this, just tell Gates he is a Fscking crook and a moron in front of a room full of people and stroll out proudly. Every gasp you hear will be a gasp of respect.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
...a new Start Menu shortcut that opens the 'Manage...' window you get when right-clicking on computer.
They have one. It's called "Computer Management" under Start/Programs/Administrative Tools.
Post-rock/Ambient/Drone and other noise.
Hang on, Isn't this place over-ran by Linux fanboys? Isn't this just the windows version of 'SUDO'? I run Fedora and it often prompts me for the root passwd to do things. How is this different?
What they are doing beats running as non-admin on Windows XP. Which is basically the only way to be secure as the Windows core was engineered correctly while the apps were not.
Most Microsoft apps actually run correctly when you are not an admin because Microsoft sells to large companies which are mostly locked down, but 3rd party apps are horrible. There's no way a regular user could set up all his apps to run as that involves a lot of command line fun with CACLS on XP Home.
The part of Windows that was not designed correctly is the All Users account. If you install an app that's supposed to be available to all users then, for example, it's desktop icon is installed in the All Users/Desktop dir instead of being added to each user's Desktop dir. And to change anything for All Users you need admin priviledges, which is why Windows requires priviledge escalation for simple tasks like removing an icon from your desktop.
Dejan
Im probably inviting a lynching from the zealots but... Linux aint much better! I have been messing with linux in one form or another (started with slack in the mid 90's but have since moved to ubuntu and suse 10.1) and it is still messy to get things done in the gui environments without logging as root (note: I didnt say it CANT be done, its just easier as root)! I anticipate Vista to have the same hangups I have come to find annoying with linux... the need to punch in my loooong root password every time I want to do something as simple as install an app or navigate my own system freely. I just want it to be simple, the same as everyone else. I also want it to be secure enough that i dont constantly have to visit my friends and relatives without having to bring along my antivirus and antispyware kit. It easy for everyone to knock it but I dont see many people actually offering any helpful solutions. Who cares wether its Windows, Linux, OSX, BeOS, *nix or any other OS. As long as it gets the job done with a minimum of fuss.
Quidquid latine dictum sit, altum sonatur.
Noted
It will have the familiar ring of Debian but will colorfully convey how this new and improved O/S interacts with the 'end' user
GJ
Some years ago, to play an animation or watch a picture, you could just put it in the floppy disk with the application required to view it.
Today, you can't embed the codec in the CD-ROM, you have to register it. I just wonder... WHY??? Why do you have to INSTALL the codec instead of JUST RUNNING it?
Is it just me that thinks that this won't help a bit, because inexperienced PC users will get annoyed by the dialogs very fast and start pressing 'Permit' automatically every time it pops up? If so, this feature will be of no use at all.
That's a design problem.
Any serious desktop should have a global "undo" button, that you need to learn about, before you sit at the computer. Then you could delete any file you wanted, even by accident, and then get it back.
The whole problem is that it's difficult to implement a global "undo" function that works _everywhere_. It's very difficult. It's not impossible, though.
About your saying that it can be turned off, that's nonsense. Interfaces that need configuration to work are badly designed interfaces. The application should be judged with its default configuration, because that is what is available everywhere.
Slashdot isn't tough on Microsoft at all. They just hate Microsoft for no good reason and they lack social skills in the real world.
Most people on here don't really code anything and they have no idea what it takes and what Beta actually means. They just know that Microsoft sucks because their friends say so, so it must be true.
In the long run, slashdot kids really don't amount to anything big.
The default configuration should be designed for what will please the majority of users. Then, there should be configuration options so that the minorities can have it their way too.
Your comment is true: Interfaces that need configuration to work are badly designed interfaces.
However, obviously, asking for a confirmation on file delete still *works*, it's just not your personal preference (you prefer to delete first and undo after). Which is fine, but you're the minority. You'll have to check a box to make Windows act this way.
Since when was the OSS community interested in helping M$ improve its game? M$ has declared open warfare on OSS many time so isn't it about time we told them to just **** off? Tell them it's great just as it is then, hopefully, it will die the death it should do.
TO START
PRESS ANY KEY
Where's the 'ANY' key? I see Esk, Kitarl, and Pig-Up...
Prompts are not an effective security feature for the average user.
Many users will simply click the "Proceed" button without giving it much thought -- particularly if:
(1) They see the same prompt dozens of times each week, or,
(2) The web-site that they downloaded the file from tells them that it's safe to click the "Proceed" button.
Vista seems to have based their new security model on the user prompt. It will result in a small reduction in malware, but it will not be a significant reduction.
What it ought to do is pop up one of those little non-modal balloon help things from the recycle bin the first couple of times, telling the user that the file was just moved there (as opposed to a modal dialog telling the user that the file is about to be moved there).
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
No, there's no reliable way to close multiple apps at exactly the same time. There would always be a race condition such that it wouldn't work.
What you really want to do is suspend the offending processes (break into them with a debugger). Once they're all suspended, you can have your way with them. The only time this doesn't work is when they've got a DLL in some important process (like winlogon) that you can't suspend completely. In that case you have to figure out which thread is causing the spawning and just suspend it (use Procexp from Sysinternals for this) until the next reboot where hopefully it won't start up again.
dom
However, obviously, asking for a confirmation on file delete still *works*, it's just not your personal preference (you prefer to delete first and undo after). Which is fine, but you're the minority. You'll have to check a box to make Windows act this way.
It doesn't work.
New people need two clicks to perform an action that could require just one click. By any measure, it'almost a 100% inefficiency. But at least it has some safety, it could keep them from erasing something.
For users that get accustomed to it, it's even worse. The two-click operation becomes a single gesture, and now any safety it was supposed to give you is just lost. The delete operation becomes a single gesture, and reverting it is not only far from effortless, but it is not always possible.
I would describe the situation as "barely working".
I understand that they can't change their interface into one that actually does work, becuae it could need some retraining for some people, but that doesn't take anything away from the fact that the interfaces they can supply, with the premise of not changing much, are retarded.
As of me, I'm not clicking any freaking checkbox. Ubuntu (with Gnome, of course) works the way I like out of the box, thank you very much. It doesn't have the undo function I want, but I believe it could evolve into that.