Benefits of Vista's User Access Control?

Abtin Forouzandeh asks: "Having used Vista for a few months, something keeps nagging me about the user account control. For the UAC to be useful, the user needs to have a fair amount of knowledge about: what the UAC is; what application it is blocking; the consequences of blocking the action; and an alternate approach if the blocked action did something useful. Anyone who has ever worked with end-users can tell you that they are generally disinterested in learning anything about computer usage beyond how to use word and make a spreadsheet. Frankly, even as a highly technical user, I nearly always approve the UAC dialog, even if I don't know the consequences. Since users lack knowledge, and Vista keeps asking esoteric/ambiguous questions, then users will always approve UAC dialogs. Since the UAC so clearly fails in its goal of making computing more secure, and substantially increases complexity, why is it common wisdom that turning off UAC is 'not recommended'? For 99% of users, is there any true downside? Has the community come up with ways to make UAC useful?"

Serves it's purpose

[Carter313]

I suppose it's useful from Microsofts point of view, if a lot of security is put into the users hands, it is the users fault when something goes wrong.

Easy answer!

[earthbound+kid]

The benefits? You have to ask? Pssh, it's simple:

With Windows 98 and, to a lesser extent, 2000, we /.ers could smugly mock Microsoft users by making "Blue Screen of Death" jokes. When Windows XP came out, we kept making these jokes, but as time went on, they got less and less funny due in no small part to the fact that the BSoD has become a less frequent part of the Windows experience. Needless to say, this sucks for those of us who use OS X or Linux! What are we gonna rag on?

Well, then Microsoft went and did a big favor to the alternative OS community: UAC. Now, we can all get a big ol' chuckle (and "+5 Funny" mod points) out of saying, "Cancel or Allow?" in any thread whatsoever. It doesn't even have to be a thread about Vista or Microsoft. Apple even made a commercial about it! It's great. It's like Microsoft declared free karma Christmas!

"Mod me +5 Funny: Cancel or Allow?"!

And that's the benefit of UAC.

Having edited the HOSTS file

[RzUpAnmsCwrds]

Vista does make editing the HOSTS file more complex. I've done it five times today on my Vista box (migrating a server and testing before DNS updates). It's kind of a pain. But it's not nearly as bad as the article implies.

My procedure:
Start -> Right click on EMEditor (my text editor, it's pinned to the menu so it's always there) -> Choose "Run as Administrator"
Click "Continue"
File -> Open -> C:\windows\system32\drivers\etc\hosts
Edit File
Save

On XP:
Start -> Run
Type: "notepad C:\windows\system32\drivers\etc\hosts"
Click "OK"
Edit File
Save

Basically, you can't write to the hosts file by default, so you have to elevate an application (text editor, notepad, cmd.exe) to edit it. This is similar to Linux, where you have to use "sudo" or "su", except that there are better/more text-mode editors on Linux (although Vim/Nano/EMACS do run on Windows, you have to install them first).

Now, EMEditor is Vista compatible (certified even), but it would be nice if it could elevate when a write operation fails due to incorrect permissions. Then you could just edit the file as usual, and elevate when you save.

I've said it once, and I'll say it again: UAC is going to get better over time. Lots of applications require elevation now (even some games), but as developers update their programs, we'll see fewer and fewer UAC prompts. VMWare, for example, used to require elevation in the 6.0 betas, but it doesn't anymore. Give it a year or two. Apps will stop requiring elevation except for the things that really do affect the system.

UAC means that software developers will write software that doesn't need elevation. That can only be a good thing in the long run.

Re:Having edited the HOSTS file

[Mortimer82]

Haven't used Vista yet myself, but as someone who has tried in the past to run Windows XP under a normal user account, I believe the objective with Vista's UAC is not so much to help users decide if software is safe, but rather to convince software writers to write their code correct so it doesn't work without administrator access when it doesn't actually need it for a good reason.

What the hell is the point?

[RzUpAnmsCwrds]

What the hell is the point of all of these articles? Linux users aren't going to switch to Vista. Mac users are already convinced that their OS is Job's gift to man. And Windows users are going to switch to Vista when they buy a new computer.

Vista is here. The DRM features don't stop me from playing my MP3s, XVID videos, or from running FairUse4WM. It doesn't bring my modest 1.8GHz single-core Athlon 64 box to its knees, even with the Aero Glass UI (of course, my $40 Radeon X1300 helped that - the GeForce 6100 IGP was kind of sluggish. It hasn't stopped me from installing Ubuntu, ripping DVDs, using Daemon Tools, installing unsigned drivers, or doing anything else that I would do to a Windows system.

UAC hasn't prompted me for anything in the past 4 hours. I see - maybe - 1 or 2 prompts per day. Perhaps that's because I don't go trying to put files in "C:\windows" or screw with system DLLs.

Firefox works. So does Thunderbird, Office 2003, Visual Studio, Paint Shop Pro, VMWare, Virtual PC, Maple, EMEditor, WinSCP, PuTTY, AVG, SmartFTP, Microangelo, iTunes, Quicktime, Daemon Tools, TI Connect, WinRAR, ATITool, SpeedFan, RMClock, PowerStrip, Prime95, Paint.NET, uTorrent, Opera, NSIS, Java, Flash, Adobe Reader, 3DMark, Warcraft III, Steam, and WoW.

Oh, and all of my hardware works. On both of my desktops and my notebook.

So what doesn't work? Display aspect ratio selection doesn't work with NVIDIA's shitty drivers (one reason my desktop has an ATI card now). PDFCreator refuses to work, as does VNC.

Vista is the next version of the OS with the broadest hardware and software compatibility. $109 is a pretty cheap price for that.

Now I finally know

[WetCat]

What was in that large boxes with marking "UAC" in game "DOOM 1".
Looks like it was Vista...

Re:useless but still the right thing

[cornjones]

Mod the parent up
in the long run applications will have to avoid causing UAC prompts and eventually it will be possible to secure the "windows ecosystem" without breaking common programs.

That is the important point here. There is no reason for many of these programs to be asking for 'administrative' access to do any of this shit. MS can't just cut it off b/c it will break most of it's install base. This is a way to guide software companies into writing programs with a thought to security, rather than just doing it the 'easy way'.

DoS

[zebs]

Could malware create a DoS by launching random tasks - each one requiring admin level access. Would this then repeatedly prompt the user for admin permissions?