Slashdot Mirror
Details on Refining Vista's User Control
borgboy writes "Windows Vista has gotten a lot of negative press recently following the release of the latest beta, especially regarding excessive prompting for privilege escalation for seemingly common activities. On his blog, Steve Hiskey, the Lead Program Manager for User Account Control in the Windows Security Core group, details what the issues with the excessive prompting are, what the design goals of the feature are, and how they plan to achieve them. Briefly - they know the excessive prompting is a royal pain, they know that have to reduce it to an absolute minimum to be both productive AND an effective security risk mitigation measure, and they want as much feedback as they can get on the beta."
So what's to stop malware from affirming the prompt? It isn't even a hurdle.
Just a few clicks away& size=o
http://www.flickr.com/photo_zoom.gne?id=151250154
Tough crowd here at Slashdot. We all know it's going to suck, but at least let them release it first before you criticize. Seriously though, it is just a beta and not the end result. They're looking for feedback to make improvements and thats a good thing.
http://religiousfreaks.com/I am a mac user, and have been using it since osX's early days, and the tasks they request authorization for are not "petty".
on the other hand, I have gotten those prompts in osX for microsoft and real built applications which were trying to do things which they had no business doing.
all the open source players i have installed on osX (I have 2 or 3) have never required root authorization for anything, yet wmp and real wanted to access my root files, why? This hints at how invasive the programs are, what are they doing monkeying around at that level on my system.
The user prompting you are seeing in windows is not necessarily excessive, it may arise from genuine security concerns because of how invasive microsoft is to their users, as reported in previous years consistently with hidden logs, spyware bundling, and surruptitious installation of DRM modules. (I have office 2004 on my mac, was prompted for a root pass, and immediately hunted down where the change was.. it turns out it snuck a drm bundle into my web browser!)
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
It appears that you are trying to post a comment to Slashdot.
Please enter your Windows username and password to continue.
Username:
Password:
You forgot the buttons:
[OK] [Continue] [Cancel]
Continue will let you carry on regardless...
Summation 2
I kind of disagree. For me, it was more of a parabola. I hated Windows 3.1, hated 95 less, 98 even less, 98SE I had contempt for, and then the peak is Windows 2000, which was the most Stable and least-resource hungry. Then ME and XP were released... XP maintains some of the stability but they wonked up a ton of little things. And it looks like Vista is just stacking more 'stuff' on top to annoy me.
I think why I liked 2000 so much was that it was NT done right, a well written and stable OS without a lot of clutter. I think that if Vista really was a new OS, not just enhancements to their existing codebase, then we'd be okay with it.
I think we'll have a 2000-like resurgence in a good Windows when a Windows OS is released as a managed code OS. until then I'll keep dreaming.
Reason, free market capitalism, and individualism
Anytime you install a program, it has to change the registry. You want to see a video encoded in a new format? Ah, you have to register the format and the codec - and there ya go, you have to change the registry. You want to associate a new filetype with a program? There ya go, you have to change the registry.
Sometimes I wonder - rootkits use stealth techniques to intercept registry calls. Why doesn't microsoft use the same rootkit approach to "cage" the registry into the directories used by the programs you install, and let the programs only use their caged registry? That way programs would only need access to their own caged directory and maybe a temporary or data directory.
IMHO, the registry was the worst idea Microsoft could have come up with.
Three reasons:
1. You can save your game in solitaire
2. You can save your game in freecell
3. It includes a super pretty chess game!
How about if you add something extra to make sure no "malware" lands up on my system? Can you do that?
In a word, no. How is the OS supposed to know that that cute little systray weather forecast app you downloaded and installed is actually a trojan?
As long as a user can download and install/run software, the system is vulnerable, and there's nothing it can do about it.
It's official. Most of you are morons.
there's still some core OS UI that's not UAC-enabled, though. for example, you can't fully configure network connection settings without running running explorer.exe elevated.
So they're *still* designing insecurity into the system because they place a higher priority on the "extensibility" that lets applications do things the user isn't expecting them to do.
And they're still relying on Grandma logged into her AOL account as the last line of defense.
Have they learned nothing?
Sorry, that was rhetorical.
No, this isn't even close to be the same. Vista asks you for confirmation of nearly everything you can possible do on the computer. At no point did OS X do this. While *installation* of applications have always asked for confirmation, and access to your Keychain has also, pretty much nothing else does. Vista, on the other hand, is about a gnat's hair away from asking you to confirm "Did you really want to click?"
I've used the beta. It's awful. The usability of the file "explorer" is atrociously convoluded. It makes it even more complicated to know what's going on that XP did. And, to keep this on topic-- the security measures are astoundingly invasive. Vista seemingly asks you to confirm the same type of function, triggered in the same way, but by different applications. Look, if I want port 80 HTTP requests to go through, I want them to go through all the frickin' time. Don't make me repeat myself. (Yes, this is only an example but it's indicative of the process you'll go through time and time again.)
Maybe it's the horrible presentation of the dialogs that does it? They offer ZERO information about what *application* (in English instead of seemingly random strings of letters and numbers!!!!) wants your attention. It also offers no real understanding of what is being asked of you. Microsoft, for all they did correctly with the xbox 360 interface, needs to learn how to design a dialog. Here's a fine example:
I open a jpeg file or some other seemingly harmless thing. I get a security alert box that unnecessarily shares the shit out of me with it's inappropriate use of iconography. It says something incomprehensible like this:
Application gobbleygook.exe is attempting to access suckit.dll. Do you want to want to allow this? (This is considered a minor threat.)
Oh. Great. So some EXE with a name I don't recognize wants access to a DLL (what's that-- hahaha?) that I also don't recognize. Now that I'm completely lost, Windows tells me this is not that much of a threat and I can probably click "allow" for the application I don't know to open the dll I don't know to do some task that I have no clue to what it's purpose is. Super.
I'm trying to make a point by being a bit funny about this-- but Microsoft really needs MAJOR improvement to this process. First, don't assume everything is a threat and scare a user into confirming something that is not needed. Second, improve the presentation. Third, figure out how to discen between Malware and your own software!
"Politicians find new names for institutions which under old names have become odious to the people."
Well, Apple required everyone to rebuild their applications for OS X, and when they did so, they fixed all the stupid single-user assumptions. Which is great so long as your apps were ported to OS X.
Windows, on the other hand, has hundreds of thousands of apps that expect to be administrator. The software companies don't want to fix them, and Microsoft doesn't want to break them.
So MS defined a middle ground -- annoying prompts which you can't get rid of. Since there isn't a special security level which hides the prompts. presumably people will complain to the software authors and the software authors will fix the apps. And if they don't fix the apps, at least the programs will still run.
Whenever I hear the word 'Innovation', I reach for my pistol.
Wow, talk about holding Microsoft to a different standard than other software companies. Last time I checked, in the OSS pit that is Slashdot, getting feedback about functionality from your potential users is a good thing.
If it can search and index file contents, then it has full access to my data. If access to that index or search feature is insecure then it's taking control of my data out of my hands and giving it freely to others. Why should applications need to access files that I created but which I haven't explicitly opened for their use?
Will the security be in place in both the API and data storage files so that instant search won't just become a new way for malware to quickly focus on the data it wants (e.g. Credit Card or Social Security Numbers)?
i have dealt with some difficult customers, but this slashdot crowd right now is just utterly ridiculous. there are a few that are willing to go against the grain and give vista a chance before dismissing it entirely, but the vast majority of the slashdotters lately are as close-minded and biased as any group i have ever seen. if MS adds a feature that you all love from another OS or application, they are copying. if they don't add it, they are behind the times. if MS tries to beef up security, they are doing too little too late, and it probably won't be effective anyway. if they don't try to beef up security... well i think you know what you all think of that. if MS releases a patch for IE, it is yet more proof that their software was flawed in the first place. if they don't release the patch, they are too slow to react to security threats, and are failing their users. this is the best one, and it happened just like this, a few posts up... if they open up to a beta group and ask for suggestions, they are skimping out on doing actual work and getting us, the computer elite, to do their design for them. if they don't open up to a beta and take suggestions, they are ignoring their users. i could go on, but i think you catch the drift. i get it, you guys hate MS. i thought this was a forum for open-minded people to share ideas and learn from each other, but if you want to just sit around and play target practice on a company that you have decided a long time ago that you will hate for life, then i might just have to give up on getting any more actual insight from reading the comments on slashdot, particularly on MS related stories.
What everyone seems to miss is that the fundamental flaw, which the blog author alludes to, is Microsoft's desire to allow applications to masquerade as the user and send messages via the Windows message pump (via SendMessage() etc).
The real flaw is that MS is maintaining a design decision that was made back in the days of Win3.1: there shall be one method for structured message passing (the message pump) which will cover user input, application IPC, system notifications, clipboard copying, window redraw requests, etc. This message pump is built into the core threading model for the OS (many other windowing systems have this too, it isn't just Windows).
Since there is only one front door, user input uses the same facility as everything else, and it becomes impossible to tell if the user pressed the "A" key or if an application sent a KEYPRESS message.
One solution is to have OS-enforced segregation between these types of input, and force multiple input channels. The mouse and keyboard (and other legitimate devices) get to use the "user input" channel, and other apps get to use a different channel.
But Microsoft doesn't want to do this because they want to enable Bob-style guided interactions with applications, where the target application can be automated/scripted without its knowledge. Changing this also has huge backward-compatibility issues---basically anything built for pre-Vista windows must be modified and rebuilt.
So MS is talking security, but this is a case where market footprint and backward compatibility are fighting with security---and ease of use is caught in the crossfire. A first for MS.
Premature optimization is the root of all evil