Slashdot Mirror

← Back to Stories (view on slashdot.org)

Benefits of Vista's User Access Control?

Posted by Cliff on from the what-do-you-really-lose-if-it's-turned-off dept.

Abtin Forouzandeh asks: "Having used Vista for a few months, something keeps nagging me about the user account control. For the UAC to be useful, the user needs to have a fair amount of knowledge about: what the UAC is; what application it is blocking; the consequences of blocking the action; and an alternate approach if the blocked action did something useful. Anyone who has ever worked with end-users can tell you that they are generally disinterested in learning anything about computer usage beyond how to use word and make a spreadsheet. Frankly, even as a highly technical user, I nearly always approve the UAC dialog, even if I don't know the consequences. Since users lack knowledge, and Vista keeps asking esoteric/ambiguous questions, then users will always approve UAC dialogs. Since the UAC so clearly fails in its goal of making computing more secure, and substantially increases complexity, why is it common wisdom that turning off UAC is 'not recommended'? For 99% of users, is there any true downside? Has the community come up with ways to make UAC useful?"

4 of 118 comments (clear)

  1. What the hell is the point? by RzUpAnmsCwrds · · Score: 5, Interesting

    What the hell is the point of all of these articles? Linux users aren't going to switch to Vista. Mac users are already convinced that their OS is Job's gift to man. And Windows users are going to switch to Vista when they buy a new computer.

    Vista is here. The DRM features don't stop me from playing my MP3s, XVID videos, or from running FairUse4WM. It doesn't bring my modest 1.8GHz single-core Athlon 64 box to its knees, even with the Aero Glass UI (of course, my $40 Radeon X1300 helped that - the GeForce 6100 IGP was kind of sluggish. It hasn't stopped me from installing Ubuntu, ripping DVDs, using Daemon Tools, installing unsigned drivers, or doing anything else that I would do to a Windows system.

    UAC hasn't prompted me for anything in the past 4 hours. I see - maybe - 1 or 2 prompts per day. Perhaps that's because I don't go trying to put files in "C:\windows" or screw with system DLLs.

    Firefox works. So does Thunderbird, Office 2003, Visual Studio, Paint Shop Pro, VMWare, Virtual PC, Maple, EMEditor, WinSCP, PuTTY, AVG, SmartFTP, Microangelo, iTunes, Quicktime, Daemon Tools, TI Connect, WinRAR, ATITool, SpeedFan, RMClock, PowerStrip, Prime95, Paint.NET, uTorrent, Opera, NSIS, Java, Flash, Adobe Reader, 3DMark, Warcraft III, Steam, and WoW.

    Oh, and all of my hardware works. On both of my desktops and my notebook.

    So what doesn't work? Display aspect ratio selection doesn't work with NVIDIA's shitty drivers (one reason my desktop has an ATI card now). PDFCreator refuses to work, as does VNC.

    Vista is the next version of the OS with the broadest hardware and software compatibility. $109 is a pretty cheap price for that.

  2. Re:Having edited the HOSTS file by Mortimer82 · · Score: 5, Interesting

    Haven't used Vista yet myself, but as someone who has tried in the past to run Windows XP under a normal user account, I believe the objective with Vista's UAC is not so much to help users decide if software is safe, but rather to convince software writers to write their code correct so it doesn't work without administrator access when it doesn't actually need it for a good reason.

  3. Re:It serves the same purpose... by Anonymous Coward · · Score: 2, Interesting

    Given that most developers haven't made any effort to make their applications LUA-friendly in the preceding decade

    That indeed is a big shame.
    I can understand that Windows programming has attracted a bunch of hobbyist programmers that already are happy when the program they have written performs its (niche) task without logic errors, and do not care about or understand more complex topics like security, error handling, etc.
    However, the same mistakes still appear in "supposedly well written" programs like telebanking applications.

    For example, ABN-AMRO bank distributes an application called "ABN OfficeNet" (for businesses) that is a total piece of crap.
    It does not work correctly in LUA in Windows 2000 or XP. It creates its temporary files in the WINDOWS directory. Its error reporting in case of access problems is a total disaster.
    These people do not understand at all what they are writing and supporting. Their helpdesk losers just state that "you have to have Administrator rights to run this program". Having a company policy that office workers do not get Administrator rights on their WS is just "your problem, not theirs".

    However, now they have found their crap does not work on Vista at all :-) :-)
    We are not running Vista, and are not planning to do so in the near future, but I am anxious to see how they wrestle themselves out of this "problem".
    Hopefully someone fires the hobbyists in their software department and hires someone who understands the matter and the importance of security.

    Of course, those are the same folks who always claim that their computing security is perfect and that every mishap is always the fault of the customer until he can prove that it is the fault of the bank (for which he will not get insight in the sourcecode and technical documentation of their software).

  4. DoS by zebs · · Score: 4, Interesting

    Could malware create a DoS by launching random tasks - each one requiring admin level access. Would this then repeatedly prompt the user for admin permissions?