Details on Refining Vista's User Control

borgboy writes "Windows Vista has gotten a lot of negative press recently following the release of the latest beta, especially regarding excessive prompting for privilege escalation for seemingly common activities. On his blog, Steve Hiskey, the Lead Program Manager for User Account Control in the Windows Security Core group, details what the issues with the excessive prompting are, what the design goals of the feature are, and how they plan to achieve them. Briefly - they know the excessive prompting is a royal pain, they know that have to reduce it to an absolute minimum to be both productive AND an effective security risk mitigation measure, and they want as much feedback as they can get on the beta."

malware safeguards

[Douglas+Simmons]

As a result, Windows cannot tell if YOU launched the application or if malware launched the application.

So what's to stop malware from affirming the prompt? It isn't even a hurdle.

Re:malware safeguards

[Tim+C]

Presumably the malware won't know your password...

Re:malware safeguards

[spongman]

the prompt appears on a sparate desktop, it's HWND isn't retrievable by any application, and the regular keyboard message pumping mechanism is bypassed.

unfortunately, this breaks the brilliant synergy2 tool temporarily...

Re:malware safeguards

[spongman]

good question. i'm not sure. the built-in narrator works while the UAC dialog is up, though, and while it's not as good as some of the 3rd party readers, it should suffice for the UAC dialog navigation.

maybe they should add an option to enable the build-in reader during UAC elevation...

Re:malware safeguards

[Keeper]

winsta0 is the interactive user's desktop session, not the secure desktop.

Here's how to delete a file on Windows Vista

[ASkGNet]

Just a few clicks away
http://www.flickr.com/photo_zoom.gne?id=151250154& size=o

Re:Here's how to delete a file on Windows Vista

[$RANDOMLUSER]

That's hysterical. I bet it takes fewer clicks to format a hard drive.

Re:Here's how to delete a file on Windows Vista

[deficite]

Perhaps that'll annoy people enough not to delete the system icons. I used to get so mad when I used the family computer and my dad would delete an icon for something on his account and it got deleted on mine too. Another thing about shortcuts I hate: some applications only install them for the account you installed the program with. I had to make shortcuts by hand for every account on the machine or manually copy the shortcut to the shared shortcuts.

Re:Here's how to delete a file on Windows Vista

First, two of his seven steps are just emptying the recycle bin. He says he has to do this "every time he wants to delete a shortcut". He clearly doesn't understand the recycle bin. If he doesn't want its functionality, he can turn it off or shift+delete the file (which bypasses the recycle bin for that operation)

Second, his first step is simply "look at the shortcut." No action was taken.

Third, it's already been publically stated that the UAC will not cover this case in the future. Now we're down to 3 clicks.

Lastly, I'm unsure how he got a shortcut on his desktop that he doesn't own. I've been using Vista for months now (assorted builds) and I haven't run into this situation. This seems like a bug to me.

Assuming this bug gets fixed, we're now down to 2 steps - click delete, confirm delete. This, in my opinion, is the optimal number of steps. A confirmation on delete activities is probably good. Especially since the delete confirmation can be turned off in the recycle bin options for power users.)

Re:Here's how to delete a file on Windows Vista

[Firehed]

Anyone else think it a bit odd that it says "You don't have permission to delete this" (step 4) followed by the prompt to go ahead and do it anyways? Well, I suppose that's how life works - I wonder if Vista will arrest me a short while later?

It's Still In Beta Folks!

[gasmonso]

Tough crowd here at Slashdot. We all know it's going to suck, but at least let them release it first before you criticize. Seriously though, it is just a beta and not the end result. They're looking for feedback to make improvements and thats a good thing.

http://religiousfreaks.com/

Re:It's Still In Beta Folks!

[Tim+C]

I don't think posting "lololololol!!!1! M$ suX0rz, Linux r0ck0rz!!!111!!" to slashdot counts as feedback.

Re:It's Still In Beta Folks!

[starfishsystems]

Yes, it's a tough crowd here at Slashdot.

Some people here still expect beta to mean beta, which is conventionally intended to identify bugs in an otherwise stable product. A beta release is not, as you suggest, an invitation to change the feature set, though that has never prevented Microsoft from bending the rules at its convenience.

To be charitable, I can imagine that with this Vista beta, the codebase might indeed be as stable as what we ordinarily expect from a beta release, and so what we're looking at now is just a matter of tuning the configuration parameters so that it prompts at the right thresholds. And, on the principle of security by default, the system will initially tend toward maximum prompting. However, thinking more soberly, a secure system will have fully addressed these issues at the design level, and prompting will not be excessive but appropriate and meaningful. If it's not, that's a clear sign that the design has deeper problems than can be fixed just by changing the prompting parameters. Pardon my cynicism, but in my experience, that would be entirely typical of Microsoft.

Definition of beta at: Wikipedia.

For usability see: Whitten and Tygar.

Re:It's Still In Beta Folks!

[I'm+Don+Giovanni]

Yes, it's a tough crowd here at Slashdot.

You give yourself too much credit. Slashdot's not a tough crowd at all. Slashdotters generally hate Microsoft, that's all. Those companies that Slashdot favors can put out utter crap and get unqualified praise from slashdotters.

Market Forces?

[PepeGSay]

Reminds me of talking cars. Users ask for an easy to use operating system without it getting in the way. Users complain about security issues. Users ask for a more secure operating system. Users complain about the OS getting in the way. Microsoft's response? You can't have your cake and eat it too. It sounds to me like their security implementation isn't half assed and that they realize that the closest you get to a totally secure machine is one that isn't turned on and has never been used. Their implementation therefore is going to cause some "Yes You Can Do That" "yes" "yes" "yes you can" headaches.

Re:Market Forces?

[evil_tandem]

The dialogues shouldn't really have anything to do with it becoming "more secure". The problem was every user had full admin access to everything, and that all the apps all-tied together, used the same libraries, and had root access themselves.

The average joe user doesn't need to be able to install some app that runs services at boot-time. If he wants to install some word processor, he should be able to do that in some user available folder. If he wants to install some active-x control, and isn't an admin, he should be able to install it in his local space in a place that doesn't affect the system as a whole with minimul fuss.

I realize that this could have the effect on a single user machine of being the same as it is now, just at the user level. First that would be a lot easier to clean up. Create new user, copy files you want, delete old user. Even the most horrid over-run problem solved. Make starting a process at boot-time, or user log-in time a pain in the arse. That way you know the user really wants it. It seems this is the area most abused. Without boot-time access most of the worms/virii would become impotent anyway.

Dialoging common actions, in user space, will have the effect of getting everyone to just ignore the dialogues. Then a serious problem in the system space might be occuring, and we will all be accustmed to clicking "ok".

Think "Are you sure you want to install to C:\Program Files\x\cmd.exe" vs "Are you sure you want to install to C:\Windows\cmd.exe". I bet most wouldn't catch something subtle like that (just an example). One should generate a dialogue, one should not.

For compatability create something like Altiris Software Virtualization tool. It can pretend to let your old software do whatever it wants. When in fact it is just doing these things in a virtual user space. Then I tell windows to zap this program, not ask the program to delete itself (this is also heavily abused). Windows has been tracking everything this program has been doing, shuts down all it's processes, and sucks EVERY file and folder back out that the orginial install and it's children put in.

I think the whole concept that you can protect users from themselves is flawed. Users are going to do dumb things. No matter how many dialogue boxes you throw up little jimmy is going to install Kazaa and all the spyware it comes with. Letting him click "ok" to suddenly give everything the run of the system is just stupid. Make it so dumb things means they break their account, not the system.

Re:SAme as in OSXs early days

[plasmacutter]

I am a mac user, and have been using it since osX's early days, and the tasks they request authorization for are not "petty".

on the other hand, I have gotten those prompts in osX for microsoft and real built applications which were trying to do things which they had no business doing.

all the open source players i have installed on osX (I have 2 or 3) have never required root authorization for anything, yet wmp and real wanted to access my root files, why? This hints at how invasive the programs are, what are they doing monkeying around at that level on my system.

The user prompting you are seeing in windows is not necessarily excessive, it may arise from genuine security concerns because of how invasive microsoft is to their users, as reported in previous years consistently with hidden logs, spyware bundling, and surruptitious installation of DRM modules. (I have office 2004 on my mac, was prompted for a root pass, and immediately hunted down where the change was.. it turns out it snuck a drm bundle into my web browser!)

Broken security model -- AGAIN!

[A.K.A_Magnet]

Regarding the link posted by parent, the problem is: why the Hell doesn't this file (a shortcut), which actually seems to be on the main user's desktop, BELONG to the corresponding user?? Why does it belong to "SYSTEM"? I can't understand how Microsoft succeeds in screwing up things so much each and every time. It's not like there aren't easier, working and well-thought security models (look at UNIX's perms simplicity and efficiency, and they can be completed with a more thorough ACL system).

Those who don't understand Unix are condemned to reinvent it, poorly

Re:Broken security model -- AGAIN!

[A.K.A_Magnet]

And btw, just to make things clear, the default configuration is a part of the security model. Which means a file with wrong permissions, or wrong owner, created by the system installer, shows misunderstandings in the security model chosen. It's like you'd have file belonging to root on your desktop.

Another thing is surprising: how can you do privilege escalation without entering your password/authentification of any kind? How is it more secure if there is no user entry? It's just like a sudoers file with the "NOPASSWD" directive on your user; you can become root as you wish (without entering password), but then, malicious programs can, too. If this is the default configuration on Vista, there won't be any benefit except in corporate networks where admins supposedly know their job (I suppose only the "main user" has the "sudoers" rights, but these people will be the ones who are now admin on their Windows [zombified] computer, and they are a huge part of the problem [think spamming, DdoS'ing, etc..]).

Re:Slashdot on Vista

[Rik+Sweeney]

It appears that you are trying to post a comment to Slashdot.
Please enter your Windows username and password to continue.

Username:
Password:

You forgot the buttons:

[OK] [Continue] [Cancel]

Continue will let you carry on regardless...

Re:Considering

[Richthofen80]

I kind of disagree. For me, it was more of a parabola. I hated Windows 3.1, hated 95 less, 98 even less, 98SE I had contempt for, and then the peak is Windows 2000, which was the most Stable and least-resource hungry. Then ME and XP were released... XP maintains some of the stability but they wonked up a ton of little things. And it looks like Vista is just stacking more 'stuff' on top to annoy me.

I think why I liked 2000 so much was that it was NT done right, a well written and stable OS without a lot of clutter. I think that if Vista really was a new OS, not just enhancements to their existing codebase, then we'd be okay with it.

I think we'll have a 2000-like resurgence in a good Windows when a Windows OS is released as a managed code OS. until then I'll keep dreaming.

It's all about the registry

[Spy+der+Mann]

Anytime you install a program, it has to change the registry. You want to see a video encoded in a new format? Ah, you have to register the format and the codec - and there ya go, you have to change the registry. You want to associate a new filetype with a program? There ya go, you have to change the registry.

Sometimes I wonder - rootkits use stealth techniques to intercept registry calls. Why doesn't microsoft use the same rootkit approach to "cage" the registry into the directories used by the programs you install, and let the programs only use their caged registry? That way programs would only need access to their own caged directory and maybe a temporary or data directory.

IMHO, the registry was the worst idea Microsoft could have come up with.

You don't make design changes in beta.

[ArthurDent]

It's too late to change the design once you've made it to Beta. Beta testing is about finding the obvious bugs in the system so they don't end up in the final version. If they tried to fix all their design errors after beta they'd never release anything.

Re:You don't make design changes in beta.

[heinousjay]

This kind of thing probably counts as a tweak, I would have to assume. They talk about changing the UI, not the mechanism itself. As much as people like to bash Microsoft, they have some really smart people working there.

Of course, it's easy to criticize. If the challenges in pointing out flaws were anywhere near creating something in the first place, Slashdot would have about 3 comments per story.

Re:Why the interest?

[stupidfoo]

Three reasons:
1. You can save your game in solitaire
2. You can save your game in freecell
3. It includes a super pretty chess game!

Re:There you go again

[Tim+C]

How about if you add something extra to make sure no "malware" lands up on my system? Can you do that?

In a word, no. How is the OS supposed to know that that cute little systray weather forecast app you downloaded and installed is actually a trojan?

As long as a user can download and install/run software, the system is vulnerable, and there's nothing it can do about it.

getting there...

[spongman]

beta 2 is much better than previous CTPs which were almost unusable - I had to turn off UAC to preserve what's left of my hair.

there's still some core OS UI that's not UAC-enabled, though. for example, you can't fully configure network connection settings without running running explorer.exe elevated.

Wow. All this time, and it's more of the same.

[Phanatic1a]

The issue here is extensibility of Windows. Windows prides itself it on being pluggable and extendable. For example, to facilitate the accessibility extensions, Windows needs to be able to send keystrokes on the user's behalf so that a Windows user can talk to an input device and have that be translated into keystrokes that drive a dialog or type an email message. This also allows interesting and useful scenarios such as "show me how" buttons inside help dialogs.

However, that means that malware, running as a Standard User, can download an administrative application, and send keystrokes through Windows to simulate the user invoking the application. As a result, Windows cannot tell if YOU launched the application or if malware launched the application.

So they're *still* designing insecurity into the system because they place a higher priority on the "extensibility" that lets applications do things the user isn't expecting them to do.

Once that is true, we can then move to educating the users to know that "good" elevations are ones that they initiated and "bad" elevations are ones that suddenly appear without their explicit action.

And they're still relying on Grandma logged into her AOL account as the last line of defense.

Have they learned nothing?

Sorry, that was rhetorical.

Re:Excessive security?

[Dr.+Max+E.+Ville]

This is NOT security! It's just a bunch of meaningless dialogs, that everybody in the world will learn to click "OK" to, thus making them even more meaningless. When linux asks for permissions, it's for a reason. I used several different shells / desktop environments, and never recived shit for deleting a file in ~/Desktop from any of them.

Re:SAme as in OSXs early days

[Frobozz0]

No, this isn't even close to be the same. Vista asks you for confirmation of nearly everything you can possible do on the computer. At no point did OS X do this. While *installation* of applications have always asked for confirmation, and access to your Keychain has also, pretty much nothing else does. Vista, on the other hand, is about a gnat's hair away from asking you to confirm "Did you really want to click?"

I've used the beta. It's awful. The usability of the file "explorer" is atrociously convoluded. It makes it even more complicated to know what's going on that XP did. And, to keep this on topic-- the security measures are astoundingly invasive. Vista seemingly asks you to confirm the same type of function, triggered in the same way, but by different applications. Look, if I want port 80 HTTP requests to go through, I want them to go through all the frickin' time. Don't make me repeat myself. (Yes, this is only an example but it's indicative of the process you'll go through time and time again.)

Maybe it's the horrible presentation of the dialogs that does it? They offer ZERO information about what *application* (in English instead of seemingly random strings of letters and numbers!!!!) wants your attention. It also offers no real understanding of what is being asked of you. Microsoft, for all they did correctly with the xbox 360 interface, needs to learn how to design a dialog. Here's a fine example:

I open a jpeg file or some other seemingly harmless thing. I get a security alert box that unnecessarily shares the shit out of me with it's inappropriate use of iconography. It says something incomprehensible like this:

Application gobbleygook.exe is attempting to access suckit.dll. Do you want to want to allow this? (This is considered a minor threat.)

Oh. Great. So some EXE with a name I don't recognize wants access to a DLL (what's that-- hahaha?) that I also don't recognize. Now that I'm completely lost, Windows tells me this is not that much of a threat and I can probably click "allow" for the application I don't know to open the dll I don't know to do some task that I have no clue to what it's purpose is. Super.

I'm trying to make a point by being a bit funny about this-- but Microsoft really needs MAJOR improvement to this process. First, don't assume everything is a threat and scare a user into confirming something that is not needed. Second, improve the presentation. Third, figure out how to discen between Malware and your own software!

Re:SAme as in OSXs early days

[NutscrapeSucks]

Well, Apple required everyone to rebuild their applications for OS X, and when they did so, they fixed all the stupid single-user assumptions. Which is great so long as your apps were ported to OS X.

Windows, on the other hand, has hundreds of thousands of apps that expect to be administrator. The software companies don't want to fix them, and Microsoft doesn't want to break them.

So MS defined a middle ground -- annoying prompts which you can't get rid of. Since there isn't a special security level which hides the prompts. presumably people will complain to the software authors and the software authors will fix the apps. And if they don't fix the apps, at least the programs will still run.

Easy fix

One solution is for developers to write applications that don't need to be installed, nor run as, the Administrator user. Of course, that is if Vista was designed to allow applications to run properly as non-admin.

Whose computer is it, anyway?

[hockpatooie]

I read the article's justifications. And I don't doubt that the number of elevation prompts seen in 'normal' usage will decrease as the betas roll on, to a number that most people will just learn to live with.

But I can't shake the feeling that their idea of increased security is, "WE decide, case by case, what operations are safe for you to do on your computer." Especially with sentences like this: "The hope here is that the user won't need to launch many administrative applications." Or, "Why can't my child run the anti-virus checker?" "They're not supposed to."

Sounds to me like by the time Vista goes gold, Microsoft will have successfully determined what set of operations we should be allowed to do with our computers to make the system somewhat usable by MOST users, MOST of the time.

Does that sound scary to anybody else? PC's with Microsoft OS's are becoming more and more like appliances with just a fixed set of day-in, day-out tasks, e.g. media center, gaming box, office productivity tool.

Fine, then. If that's all people want, I guess they should have an OS that conditions them not to do stupid things. The good result of this might be that Microsoft OS's will be even less desirable for people who still want to use a PC as a tool for exploration, research, and hacking. The bad result will be that, if M$ stays ubiquitous, fewer and fewer young people will even realize that that's what PC's at their best can be.

Re:Whose computer is it, anyway?

[I'm+Don+Giovanni]

You do realize that you can turn off UAC (maybe only if you're an admin, I'm not sure), don't you? Or just use Linux (and be sure to run as "root", since you want to be free to do anything and everything at a whim). Be sure to stay away from Macs, though, as OSX also prompts for operations that Apple thinks are dangerous.

Re:Whose computer is it, anyway?

[Eideewt]

That doesn't scare me at all, so long as I can log in as a superuser whenever I need complete control.

A child (or parent) shouldn't be running antivirus. That should be started and run by the system, because it needs those privelages.

There absolutely needs to be a list of things that a regular user can do, and it needs to be short. On a Linux system, that list consists of not much more than reading and writing in your home directory, viewing the contents of some other directories, and accessing some input/output devices. Everyone gets on fine, because nothing else is usually necessary. On an average day I might type, browse the web, and maybe do a little programming, none of which require access to the system's configuration.

An OS doesn't need to prevent users from doing stupid things, but it needs to know when it's a user doing a stupid thing and when it's someone (i.e. malware) pretending to be the user. If the user has full privelages, then so does anyone pretending to be the user, and as we've seen, viruses can infect a system from top to bottom. A simple solution is to limit a user's privelages but allow them to elevate when they need to. It works for *nix sytems and Apple computers.

Re:Feedback?!

[siegecraft4]

Wow, talk about holding Microsoft to a different standard than other software companies. Last time I checked, in the OSS pit that is Slashdot, getting feedback about functionality from your potential users is a good thing.

Re:SAme as in OSXs early days

[bogie]

"Application gobbleygook.exe is attempting to access suckit.dll. Do you want to want to allow this? (This is considered a minor threat.)"

This is the same problem with software firewalls. Unless your an expert user you have jack shit of an idea whether or not to allow xxxxx.exe to connect to xxx.xxx.xxx.xxx port xx.

I just don't see the constant prompting as a better alternative, I honestly hope I'm wrong though. It would be nice if MS finally was able to deliver security to the masses. Personally I am partially looking forward to Vista as new tehcnology to play around with. It is coming afterall no matter how good or bad it turns out to be. Let's hope MS turns things around over the next several months and addresses some very valid complaints with the Vista Beta.

Re:Excessive security?

[futuresheep]

The big difference between the way it's implemented in Vista, and on my KDE desktop, is my KDE desktop isn't completely locked up by the process. I was typing an email last night when I was cut off in mid sentence by the Vista implementation. THAT'S why it sucks. At least in KDE all I get is a password prompt that I can leave in the background if I need to. OSX works the same way I think. I also think that asking for a password instead of just clicking OK is a better way to do it as well, I can just see the first round of viruses finding a way around clicking OK. At least with a password there's some sort of credential involved. You'd think that with the nifty password strength dialouge you see with setting up a user account, that some user education could be added in as well.

I don't mind having to authorize the process, I applaud it. But completely interrupting what the user is doing is a sure way to make people want to learn how to disable it.

Is Indexing a Security Breech?

[buckhead_buddy]

A big feature touted in Vista is the Instant Search feature. Will it become a new security hole?

If it can search and index file contents, then it has full access to my data. If access to that index or search feature is insecure then it's taking control of my data out of my hands and giving it freely to others. Why should applications need to access files that I created but which I haven't explicitly opened for their use?

Will the security be in place in both the API and data storage files so that instant search won't just become a new way for malware to quickly focus on the data it wants (e.g. Credit Card or Social Security Numbers)?

Security Rope-A-Dope

[Spinlock_1977]

While Microsoft has everyone screaming bloody murder about all these security prompts - keep this in mind: It's probably an intentional distraction.

Very few folks seem to be analyzing and criticizing the other 99% of this operating system. Keep focusing on this security-prompt-red-herring, and we'll fail to uncover the real turds before it's too late.

Re:Security Rope-A-Dope

[icepick72]

You work in the Linux marketing department don't you.

Huge Difference

[astrosmash]

This kind of security model has always been present in OS X, and other various unix-like flavors, so applications written for these operating systems have always expected to explicitly request super-user authorization before doing any system-level configuration.

The situation on Windows is completely different. Microsoft is retrofitting Windows with this security model, but it must still support the vast catalog of existing software that was written assuming the traditional Windows security model. So, instead of an application or installer explicitly requesting authorization, Windows watches all processes for what amounts to security violations, halts the process and prompts the user for elevation. And now they're talking about writing shims for specific problematic applications. Yikes!

To call this over-engineering is an understatement, to say the least, but what else can they do? The value of Windows has always been in its backward compatibility, and Microsoft cannot give that up without risking their dominance in the market. But this is precisely why OS X has surpassed Windows in terms of the rate of development within the last few years (also an understatement).

Re:Huge Difference

[astrosmash]

You should read Raymond Chen's blog to get an idea of the completely ridiculous lengths Microsoft has gone, historically, to support backward compatibility in their operating systems. (To their own detriment, IMO)

All zealotry aside, there are things in Windows that are done very well, and there are things in Windows that completely suck, and the things that suck are almost universally due to some sort of backward compatibility concerns.

Re:Huge Difference

[croddy]

The situation on Windows is completely different. Microsoft is retrofitting Windows with this security model, but it must still support the vast catalog of existing software that was written assuming the traditional Windows security model.

Yeah, supporting older applications would be a pain in the ass if your users expect to be able to use the exact same ancient binary image they were using before your OS was conceived. When you willingly give up your right to the source code of the software you use, you're giving up quite a lot.

Until Microsoft finally stands up to its lazy, demanding users and says "enough is enough! take your 8-year-old binary image and shove it!", Windows will forever be a hackneyed patch job of backward compatibility workarounds and security problems.

There's nothing like a clean start.

Re:Huge Difference

[NutscrapeSucks]

Until Microsoft finally stands up to its lazy, demanding users and says "enough is enough! take your 8-year-old binary image and shove it!"

Considering there's only a few million Windows applications, that action would likely crash the world economy. Or at least prevent large swaths of the market from ever upgrading.

Apple has a small and highly loyal group of users, so their upgrade policy works for that ecosystem. But it's also a huge self-limiter on their marketshare, because they throw old users overboard all the time, and no corporation wants to stay on their 2 year cycles.

Just to put it in perspective -- Because of the application investement, there's still a large number of OS/2 seats out there, and everyone knew that was dead 10 years ago.

the real problem

[BerkeleyDude]

The real problem is: the icon belongs to the system, not the user. So the user shouldn't try to delete it, since it will affect other accounts, too.

Of course, that means the user can't get rid of the icon at all, which is a bug in the way desktop displays icons. It should either:
1) display only the user's icons, or
2) allow the user to "hide" system icons.

Same problem with the Start menu, by the way.

Freedesktop.org's menu standard is much better. (At least, the way KDE works - I assume that other DEs support this, too). The user can create a local shortcut with the same name, and it will override the system icon. The shortcut can be marked as "hidden", which will effectively delete the system one for the current user.

Re: click delete, CONFIRM delete?

[mpapet]

My gut feeling is this is another Microsoftie doing damage control.

the optimal number of steps
Is one. Just one. On my kde desktop, I right-click the icon, select delete. Apple's desktop is similar.

In both instances, there's a robust security model underneath my desktop that does not require an extra "are you sure?" button on my desktop to work right.

this crowd is ridiculous

[mrn121]

i have dealt with some difficult customers, but this slashdot crowd right now is just utterly ridiculous. there are a few that are willing to go against the grain and give vista a chance before dismissing it entirely, but the vast majority of the slashdotters lately are as close-minded and biased as any group i have ever seen. if MS adds a feature that you all love from another OS or application, they are copying. if they don't add it, they are behind the times. if MS tries to beef up security, they are doing too little too late, and it probably won't be effective anyway. if they don't try to beef up security... well i think you know what you all think of that. if MS releases a patch for IE, it is yet more proof that their software was flawed in the first place. if they don't release the patch, they are too slow to react to security threats, and are failing their users. this is the best one, and it happened just like this, a few posts up... if they open up to a beta group and ask for suggestions, they are skimping out on doing actual work and getting us, the computer elite, to do their design for them. if they don't open up to a beta and take suggestions, they are ignoring their users. i could go on, but i think you catch the drift. i get it, you guys hate MS. i thought this was a forum for open-minded people to share ideas and learn from each other, but if you want to just sit around and play target practice on a company that you have decided a long time ago that you will hate for life, then i might just have to give up on getting any more actual insight from reading the comments on slashdot, particularly on MS related stories.

Re:this crowd is ridiculous

[I'm+Don+Giovanni]

LOL
Your post is spot-on, but what do you expect from a site that uses a broken windows icon for Windows stories and a Gates-Borg icon for Microsoft stories? These are the only topics on this site whose icons contain editorial spin of any kind (and that spin is derragatory, of course). This site really doesn't have any credibility whatsoever when it comes to Microsoft stories. Sad, but true.

Re:this crowd is ridiculous

[ChicagoDave]

Amen brother.

Sometimes I think /. starts these little wars for traffic. Sort of like the stock market. The brokers hate it when the stock market does nothing. But when there is a downward trend or an upward trend, they're happy. So when MS announces _anything_, it will get spin on /. and twisted immediately to start a flamewar.

I've been using the last two releases of Vista and I also own a Mac-Mini and a Windows XP box. I ran Linux for three years (Debian) before giving up. I agree that there are still irritating aspects to Vista, but overall I would say that it is a sizable step forward. I would also say that as a Windows user, it feels much nicer than OS X has (as opposed to being a regular OS X user). I like OS X, but I get frustrated by the Finder and how apps get installed.

The fact that MS is locking Windows down should bring a huge cheer from all technical people. This of course will make some developers unhappy because (and I include myself in this group) we like to install stuff all the time. We also like to muck with the internals of the OS to see what's going on. This will probably become more cumbersome, but in the end, this is a necessary progression. Most Windows installations are in large corporations where the IT staff has to rigidly control how their PC's are used. With Vista, some of this heat will be taken off of that rigidity. I can see a lot of IT people reading about Vista and salivating at the prospect of lowering their hackable target area.

I think what's missing from the Vista discussion is the application paradigms that will be enabled. I don't think the /. crowd has taken stock in some of the things coming available in Windows, some of which were back-ported to XP. These include the new Presentation API (Windows Presentation Foundation), the new communications API (Windows Communication Foundation), and other things such as Windows Workflow Foundation. These tools will make creating Windows applications a lot easier, a lot more fun, and will give us the ability to create applications that simply don't exist today.

I think everyone needs to take a deep breath and calm down. Microsoft isn't going anywhere. Windows Vista is going to succeed one way or another. If you don't like the company or the product, then don't buy it. If you want to comment on it, try to ask real questions and refrain from simple negative exclamations.

That's my two cents.

Re:this crowd is ridiculous

[99BottlesOfBeerInMyF]

i have dealt with some difficult customers, but this slashdot crowd right now is just utterly ridiculous. there are a few that are willing to go against the grain and give vista a chance before dismissing it entirely, but the vast majority of the slashdotters lately are as close-minded and biased as any group i have ever seen.

What exactly do you think all these Vista articles are about? They are discussions of what MS has done, what they have right and what they've screwed up. If you see a preponderance of what they got wrong, well that is partly human nature and it is partly because MS has gotten a lot wrong lately and not so much right.

if MS adds a feature that you all love from another OS or application, they are copying. if they don't add it, they are behind the times.

Both of the above are true. Are you implying copying is a bad thing?

if MS tries to beef up security, they are doing too little too late, and it probably won't be effective anyway.

What!?! This is a discussion about such a security feature, and one that a lot of people are having problems with, which MS acknowledges and has asked for feedback on. So you think discussing why it has problems is somehow biased? Facts aren't biased, your opinions of them might be. MS implemented more strongly user level security, something other OS's have had for a long time. A lot of it, they have done less well than other OS's which is what is causing a lot of the problems. The alerts are too frequent due to architectural decisions and some poor decisions in the implementation. The UI is terrible and a huge hole in this security. Pointing this out is a good thing and it lets MS know where to start fixing things.

if MS releases a patch for IE, it is yet more proof that their software was flawed in the first place. if they don't release the patch, they are too slow to react to security threats, and are failing their users.

There is a right way to handle vulnerabilities and exploits, but MS neglects it in favor of the most profitable way. They deserve to be taken to task for that.

f they open up to a beta group and ask for suggestions, they are skimping out on doing actual work and getting us, the computer elite, to do their design for them. if they don't open up to a beta and take suggestions, they are ignoring their users.

They certainly should ask for suggestions, but at the same time, due to some of their very unethical business practices, a lot of people would rather not help them. Where's the conflict?

i could go on, but i think you catch the drift.

I do indeed. You claim people here are close minded, but all of your complaints amount to people stating facts as they see them and having different opinions. That sounds like the opposite of close minded to me.

i get it, you guys hate MS.

Most people who love computers have a strong dislike for MS. They have single-handedly done more damage to the industry than anyone would have thought possible. People in the industry see that and are forced to deal with the consequences. That has nothing to do with this discussion of how they implemented a feature, other than whether or not some people are willing to provide them with helpful feedback. If you want to take issue with someone's opinion here, go ahead, but actually address one. Don't whine that people don't have the same opinions as you, or they have unspecified things to say that you don't like.

i thought this was a forum for open-minded people to share ideas and learn from each other, but if you want to just sit around and play target practice on a company that you have decided a long time ago that you will hate for life, then i might just have to give up on getting any more actual insight from reading the comments on slashdot, particularly on MS related stories.

Since you don't seem to have any insightful or even useful opinions about the discussion, maybe we'd all prefer it if you did ta

Re:Excessive security?

[DragonWriter]

This "excessive prompting" is never complained about with OS X, or within Linux.

Plenty of the people who have complained, that I've seen, have been people who have used either OS X or Linux and complained that the Vista beta implementation of the feature was clumsier and more intrusive than the implementation of similar security functionality on those non-Windows platforms.

Being similar in outline is not the same thing as being identical in implementation.

Re: click delete, CONFIRM delete?

[fickerra]

While your view is correct, there are some reasons why a confirmation-on-delete can still be beneficial, especially for novice users.

Say a novice user (think grandma) is trying to click on Rename and accidently hits delete without evening noticing that delete was an option. If the shortcut disappears, they would be thoroughly confused. They would not know to look in the recycle bin.

Also, remember, this confirmation *can* be turned off in Vista (just like in XP.) So, you can have it the way you like it if you decide to use Vista. However, I support the decision to default this feature to on.

silent elevation

[microbee]

From the blog:

The problem with marking Windows binaries to "silently elevate" is that we feel it will lead to "worms" or self propagating malware.

Marking "silent elevator" should require administrative privilege, so what's the problem?

Unix has this for years, that is called "setuid root". This is extremely useful.

Also, it's very easy to have a knob to allow all signed applications to do silent elevation. Much cleaner than developing hacky shims.

Re:SAme as in OSXs early days

[99BottlesOfBeerInMyF]

No, this isn't even close to be the same. Vista asks you for confirmation of nearly everything you can possible do on the computer. At no point did OS X do this.

Agreed, the previous poster overstated this by quite a bit.

Vista seemingly asks you to confirm the same type of function, triggered in the same way, but by different applications. Look, if I want port 80 HTTP requests to go through, I want them to go through all the frickin' time.

Not me. I want my Web browser to be able to get to port 80. I don't want some random script I got in an e-mail to do so.

Maybe it's the horrible presentation of the dialogs that does it? They offer ZERO information about what *application* (in English instead of seemingly random strings of letters and numbers!!!!) wants your attention. It also offers no real understanding of what is being asked of you.

This is the hardest part, making a good, usable UI that explains things in simple English and gives you real choices. It is also something Microsoft has always been abysmal at.

They need readable program names. They need rare instances of this sort of thing. They need to restrict new applications by default, but maybe offer templates to ease the security. The installer should be a standard OS feature and should ask what type of applications something is: internet application, game, online game, office app, system utility, or miscellaneous. It should provide security boxes with real English and buttons that are actions not "Continue/Cancel." Having them all the same will train people to always click the same option, just as it did with "OK/Cancel."

The program Photoshop would like to connect to the internet on port 1080 (stop it from connecting once)(allow it to connect once)(always allow it to connect)(always stop it from connecting)(advanced options).

Further, for each application in the application manager there should be a configuration page listing what files, services, and other programs it is allowed to access.

First, don't assume everything is a threat and scare a user into confirming something that is not needed.

I think all new software should be restricted by default with a template that allows only normal behaviors for that app type. It would not hurt if programs came with a description of all the resources they would need (network ports, directories, dlls, etc.) in human readable form so that it would be easy to approve things at install time and programs could not hide call home features and the like. The default, however, should be to block everything until the user gets a chance to make an informed decision.

Second, improve the presentation.

Yes. Fewer dialogues, plain English, and buttons that are actions specific to each privilege.

Third, figure out how to discen[sic] between Malware and your own software!

Pre-installed software should be pre-configured, but hey this is a beta you're looking at.

Security Hole == Windows Message Pump

[cheezit]

What everyone seems to miss is that the fundamental flaw, which the blog author alludes to, is Microsoft's desire to allow applications to masquerade as the user and send messages via the Windows message pump (via SendMessage() etc).

The real flaw is that MS is maintaining a design decision that was made back in the days of Win3.1: there shall be one method for structured message passing (the message pump) which will cover user input, application IPC, system notifications, clipboard copying, window redraw requests, etc. This message pump is built into the core threading model for the OS (many other windowing systems have this too, it isn't just Windows).

Since there is only one front door, user input uses the same facility as everything else, and it becomes impossible to tell if the user pressed the "A" key or if an application sent a KEYPRESS message.

One solution is to have OS-enforced segregation between these types of input, and force multiple input channels. The mouse and keyboard (and other legitimate devices) get to use the "user input" channel, and other apps get to use a different channel.

But Microsoft doesn't want to do this because they want to enable Bob-style guided interactions with applications, where the target application can be automated/scripted without its knowledge. Changing this also has huge backward-compatibility issues---basically anything built for pre-Vista windows must be modified and rebuilt.

So MS is talking security, but this is a case where market footprint and backward compatibility are fighting with security---and ease of use is caught in the crossfire. A first for MS.

Doesn't Vista does get rid of those promps?

[MojoStan]

Windows, on the other hand, has hundreds of thousands of apps that expect to be administrator. The software companies don't want to fix them, and Microsoft doesn't want to break them.

So MS defined a middle ground -- annoying prompts which you can't get rid of. Since there isn't a special security level which hides the prompts

I haven't been testing Vista personally, but I just read a Paul Thurrott article on User Account Control that seems to indicate that these annoying prompts do go away after installation. From the article:

Under the covers, UAC also provides some interesting features related to backwards compatibility. On a typical Windows XP system, applications are typically granted complete control over the system they are installed to, so it's possible for them to read and write information anywhere in both the Registry and the file system. In Windows Vista, the Registry and file system are locked down, however. So UAC provides Registry and file system virtualization services that silently redirect read and write operations from protected portions of the Registry and file system to unprotected places located with the user's profile. Let's see what this looks like.

Like you, I install various applications and many of them assume they have complete control of the system. One of them is Microsoft's MSN Messenger application. If you navigate to this application's folder (or any other application that assumes it can write to any folder on the system), you'll see a new button appear in the Windows Explorer toolbar called Compatibility Files:

(screenshot illustrating this)

If you click this button, you'll be redirected to a hidden location under your user profile where certain files have been redirected. The file here, ErrorResponse.xml, believes it is located in C:\ Program Files\MSN Messenger. It is, however, really located in D:\Users\Paul\AppData\Local\VirtualStore\Program Files\MSN Messenger.

So all those "apps that expect to be administrator" (writing to "Program Files" and protected parts of the registry) will be "tricked" into actually writing to the user's profile. Doesn't this mean users will no longer need to use "Run as" or mess with user permissions anymore to get rid of the prompts?

Re:Considering

[TheNetAvenger]

Well, most people don't have anywhere to get Windows Server 2003 at something close to a reasonable price for workstation use, other than with BitTorrent and the like (which many people wouldn't dare, or care enough to try). But yeah, Server 2003 is without a doubt the best version of Windows NT 5 around

Just an FYI, if someone really wants to work with Windows 2003 server, there are tons of 120day evaluation versions they can get their hands on, even off the Microsoft Web site.

If you are doing testing or running it in a virtual environment, you can keep re-installing and using it for as long as you need. The 120day version just isn't a good choice for a production environment for long term use, as you would have to recreate all the domain, sharing, services, and user settings every six months, but it is doable...

I also agree that Windows 2003 Server was probably the best 'release' level OS version of Windows for security and stability. When it was first released, it even ran on the desktop faster than WinXP. This is why SP2 of WinXP is important, as it brought a lot of the Windows 2003 code base in the WindowsXP desktop line, more security, faster, etc.

Re: click delete, CONFIRM delete?

[mrchaotica]

What it ought to do is pop up one of those little non-modal balloon help things from the recycle bin the first couple of times, telling the user that the file was just moved there (as opposed to a modal dialog telling the user that the file is about to be moved there).