Slashdot Mirror
Microsoft Says Other OSes Should Imitate UAC
COA writes "Many Vista adopters find User Account Control irritating, but Microsoft thinks it's an approach other OSes should emulate. Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.' He also believes Microsoft is charting new territory with UAC. 'The most controversial aspect of Watson's comments all center around the idea that Microsoft is a leader with UAC, and that other OSes should follow suit. UAC is a cousin of myriad "superuser" process elevation strategies, of which Mac OS X and all flavors of Linux already enjoy. The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"
Gee, that's funny. My 1989 copy of the "UNIX System Administration Handbook" has a lovely section on the usage of sudo on page 32.
Evi Nemeth herself beat the use of sudo into my head during the Sysadmin Workshop class I took from her in '90. I used to hate it, but now I realize the old bird was right about sudo.
The UNIX world has this crap beat by more than a decade, with plenty of published prior art.
- Necron69
That's what the ctrl-alt-del combo is supposed to foil. A uncontentious user would remain safe by observing this, but the typical user wouldn't care (assuming they even noticed).
*sigh* back to work...
Sudo is just fine for everyday users. Ubuntu uses it extensively to great effect. Of course it isn't implemented as a "crude command line utility" as your message implies. Sudo hasn't been restricted to that for a long time. There have likely been gui wrappers for it for as long as it's been around (through things like tcl/tk and such).
If you think sudo requires a "black desktop", then your knowledge of Linux is at least 10 years out of date.
A Pirate and a Puritan look the same on a balance sheet.
Did you actually do any research before posting that rant?
/etc?
First, you can open Control Panel and run most of the applets there without triggering a UAC warning.
Next, the UAC warnings aren't all that common once you have your machine set up and running. The exception there is the power user that actually tinkers with the system at an administrator level quite often, but for the normal user who just runs apps all day - they won't see a UAC prompt at all. If you want to disprove me - just list for me the normal user actions that trigger a UAC prompt, I dare you.
Lastly, how do you figure UAC is actually a bad thing and disabling it will improve your security? The far more reasonable approach is to stop using applications that need the privileges that UAC actually protects. In your world, apparently you should run everything as root on Linux as well because, well, sudo is just far too much of a pain to use when you're tinkering in
Leave UAC enabled. Stop running bad applications (if you must run Vista at all).
Fear: When you see B8 00 4C CD 21 and know what it means
You didn't read the patent. They describe sudo in it as clear prior art, then go on to describe why their system is different and better.
The patent is for a heirarchical security model where there are multiple levels of access not the all or nothing of sudo. Only the most privileged is like sudo, the other intermediate levels have some level of system access, but not all. It's kind of like capabilities, but a lot more limited since each higher level of security has access to all the lower levels. Fascinating and I can see why the patent was granted (I hope there's clear prior art in an MLS system of the day or even VMS, SYSPRV and SETPRV are close, but I'm not sure).
Nice try.
/user:administrator
runas
From the command line.
Let's ding them for their legit flaws, not stuff we make up.