Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says Other OSes Should Imitate UAC

Posted by kdawson on from the bring-'em-down-to-our-level dept.

COA writes "Many Vista adopters find User Account Control irritating, but Microsoft thinks it's an approach other OSes should emulate. Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.' He also believes Microsoft is charting new territory with UAC. 'The most controversial aspect of Watson's comments all center around the idea that Microsoft is a leader with UAC, and that other OSes should follow suit. UAC is a cousin of myriad "superuser" process elevation strategies, of which Mac OS X and all flavors of Linux already enjoy. The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

42 of 493 comments (clear)

  1. Obligatory by gunnk · · Score: 5, Funny

    Microsoft would is trying to make you believe sudo was their idea. Cancel or Allow?

    --
    Life is short: void the warranty.
    1. Re:Obligatory by HomelessInLaJolla · · Score: 5, Funny

      If you click "Cancel" an information box is displayed informing you of a patent pending.

      --
      the NPG electrode was replaced with carbon blac
    2. Re:Obligatory by truthsearch · · Score: 5, Interesting

      It's no joke. They really do believe they invented the idea:

      Patent #6,775,781

      --
      Developers: We can use your help.
    3. Re:Obligatory by jkrise · · Score: 4, Insightful

      Vista is Microsoft's proof that whatever they make, the users will just buy, the news agencies will simply extol, and the market will slowly adopt and adapt to. But with UAC, Microsoft went one step further and called everyone else IDIOTS.

      And now it wants everyone to imitate them?

      --
      If you keep throwing chairs, one day you'll break windows....
    4. Re:Obligatory by ShieldW0lf · · Score: 4, Insightful

      The interesting bit of the article was the part where it suggests that this will lead application developers for windows to start writing programs that don't need escalated privileges. Long term, such pressures are good for the "software ecosystem".

      Remains to be seen if Vista will ever achieve enough market penetration to apply such pressures effectively, but still...

      --
      -1 Uncomfortable Truth
    5. Re:Obligatory by GweeDo · · Score: 4, Funny

      As sad as this is...the patent is coming from a Mister Gang Wang...you just have to love that!

      Wang; Gang (Issaquah, WA)

      --
      Unstable Apps: Our Android Apps Don't Suck
    6. Re:Obligatory by Necron69 · · Score: 4, Informative

      Gee, that's funny. My 1989 copy of the "UNIX System Administration Handbook" has a lovely section on the usage of sudo on page 32.

      Evi Nemeth herself beat the use of sudo into my head during the Sysadmin Workshop class I took from her in '90. I used to hate it, but now I realize the old bird was right about sudo.

      The UNIX world has this crap beat by more than a decade, with plenty of published prior art.

      - Necron69

    7. Re:Obligatory by Dan+Ost · · Score: 4, Informative

      That's what the ctrl-alt-del combo is supposed to foil. A uncontentious user would remain safe by observing this, but the typical user wouldn't care (assuming they even noticed).

      --

      *sigh* back to work...
    8. Re:Obligatory by IWannaBeAnAC · · Score: 4, Interesting

      Right, but that is not why Microsoft have the patent. There is no way they would bother trying to enforce it, they wanted it because it gives them one more patent to say "Linux infringes on N+1 Microsoft patents. It isn't legally safe to use Linux."... And then demonstrate how benevolent they are by choosing not to sue you.

      Aside: what makes you think 'sudo' dates from 1989? Isn't it more like 30 years' prior art?

    9. Re:Obligatory by Hijacked+Public · · Score: 4, Interesting

      I certainly hope so. If this is the direction security needs to go it will have to stop being so annoying.

      I have a collegue (photographer) who bought a new machine with Vista. Had it about a month and called me because he couldn't get Photoshop CS3 to install. We figured out that the problem was that CS3 wants Firefox.exe to close before it will install, which is annoying in the first place because I can't imagine a really good reason a photo editor needs to make modifications to your web browser.

      Anyway, despite shutting down FF and even rebooting CS3 always told him it was running. Turns out he had some variant of a Poison Ivy trojan than resulted in a persistant Firefox.exe process. While he may well have clicked past a UAC prompt in the process of letting this trojan get in Vista still didn't stop it, his AV software didn't detect it, and neither did Windows Defender. While it took a CS3 install to alert him to a problem the very fact that most bits of Windows software all want to modify your registry, play with your browser settings, etc., is why he let it infect him in the first place.

      If you can't stop that stuff with 3 layers of software and who knows how many user prompts then something has to change. It isn't going to be the user.

      --
      "Sacrifice for the good of The State" - The State
    10. Re:Obligatory by SL+Baur · · Score: 4, Informative

      You didn't read the patent. They describe sudo in it as clear prior art, then go on to describe why their system is different and better.

      The patent is for a heirarchical security model where there are multiple levels of access not the all or nothing of sudo. Only the most privileged is like sudo, the other intermediate levels have some level of system access, but not all. It's kind of like capabilities, but a lot more limited since each higher level of security has access to all the lower levels. Fascinating and I can see why the patent was granted (I hope there's clear prior art in an MLS system of the day or even VMS, SYSPRV and SETPRV are close, but I'm not sure).

    11. Re:Obligatory by C0rinthian · · Score: 4, Funny

      I dunno, I defintiely think that UAC is an good idea 'Gong Wong'

  2. Or not? by Sparr0 · · Score: 4, Insightful

    How about UAC starts imitating better designed privilege escalation mechanisms from Linux or OS X? Of course, that would require a sensible architecture in which software can be installed by users, for themselves, without superuser permissions. And, unfortunately, it would need secure software as a basis to avoid needing unnecessary privileges to accomplish mundane tasks in insecure applications. Sorry Microsoft, you missed the boat on this one. The majority of Vista users have UAC turned off, and the majority of those who dont will turn it off as soon as they figure out how.

    1. Re:Or not? by frankie · · Score: 4, Interesting

      How about UAC starts imitating better designed privilege escalation mechanisms from Linux or OS X?

      I'm a card-carrying Mac cultist, but I really can't agree that the root password prompt in OS X is well designed. It could easily be severalfold better if they tried. For starters, it's all or nothing, with insufficient information. The little detail dropdown arrow should open up to an elegantly indented list of what privileged actions the app intends to do. Copy a plugin into /Library/foo? Install a kernel extension? Delete all user documents?

      Also, if memory serves, there are still situations where an installer app is allowed to simply take root access for itself without asking. Only Lord Steve knows why no one has abused that yet. And MAC on Mac awaits its Leopardly debut...

    2. Re:Or not? by Drizzt+Do'Urden · · Score: 4, Insightful

      Like Apple is still selling MacOS 9 on Performas..

      These errors are long gone. In fact, they are gone since the introduction of MacOS X.. in 2000!

      And it's not like the hexadecimal code in a blue screen was that helpful. Yeah, you know it's a driver that caused it.. so what? I knew that before the bsod!

      --
      Menzoberranzan Networks
    3. Re:Or not? by jedidiah · · Score: 4, Informative

      Sudo is just fine for everyday users. Ubuntu uses it extensively to great effect. Of course it isn't implemented as a "crude command line utility" as your message implies. Sudo hasn't been restricted to that for a long time. There have likely been gui wrappers for it for as long as it's been around (through things like tcl/tk and such).

      If you think sudo requires a "black desktop", then your knowledge of Linux is at least 10 years out of date.

      --
      A Pirate and a Puritan look the same on a balance sheet.
  3. Hello Microsoft by The+Anarchist+Avenge · · Score: 5, Funny

    From TFA: "Why should I be letting my normal user be running as system administrator?" Welcome to the 1980s

    --
    Today's lucky number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    1. Re:Hello Microsoft by QuantumRiff · · Score: 5, Insightful

      Because if your a school, textbooks now contain multimedia CD-ROMS, that have Macromedia Authorware software that is a version from the good old windows 95 days, when everyone had Admin priveleges (this includes books that were published December of 06!). Try calling a publisher, and asking why the hell their software tries to copy files to %system32% before it runs. They don't understand why it wouldn't work, they work from home, and it works on the XP home machines they developed it with! Or even newer non Authorware software that feels it needs to write to HKLM in the registry, to store its configuration. Hell, I have a textbook CD that installs Apache and Mysql to do the "interactive stuff" that sets up a local web server running on port 80(without checking if it is already used), uses a few hundred MB of ram (lots of page file swapping!), requires IE, not Firefox, and heaven help you if you use a Proxy server (the publisher of the sofware has never used one, or tested with it.. how many schools use proxies!) Sorry about the rant, just had to let it out... ;) thank god for deep-freeze

      --

      What are we going to do tonight Brain?
    2. Re:Hello Microsoft by toadlife · · Score: 5, Interesting

      I manage several labs and have had to deal with this type of crap software for ages. There are better solutions than giving students admin rights and using expensive band-aides like deepfreeze.

      Repackage those programs into msi installers using wininstall (or admin studio if your boss will spring for it). Set permissions on files/directories with a machine startup script using cacls and set registry permissions via group policy or the command line. You can find out where the programs are trying to write with process monitor by sysinternals.

      Students in my labs log on as guests and all of the crap software they have to run works just fine. It takes a lot of work up front, but once you get a piece of software repackaged and proper permissions script worked out, you can deploy it using GPOs and never have to think about it again. Most of my labs, I have not visited in over a year.

      --
      I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
  4. sudo by Inmatarian · · Score: 5, Funny

    make me a sandwich.

    1. Re:sudo by sconeu · · Score: 4, Funny

      $ make me a sandwich
      make: *** No rule to make target `me'. Stop.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    2. Re:sudo by plams · · Score: 5, Insightful

      Off-topic? Parent was likely referring to this gem

  5. Call Theo! by hahiss · · Score: 5, Funny

    Yeah, it is about time those OpenBSD pikers got off their collective asses and followed the World Leader in Secure Operating Systems: Microsoft.

    --
    "Every decent man is ashamed of the government he lives under." - H.L. Mencken
  6. news flash by brunascle · · Score: 4, Insightful

    nearly all OSes already have something similar, but superior, to UAC.

    1. Re:news flash by jellomizer · · Score: 5, Funny

      My version of DOS has nothing close, Neither do my versions of Windows 3.1, 95, 98, ME, 2000, or XP. A Ton Of OS's dont have anything even remotly close to UAC.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  7. Microsoftened? by HTH+NE1 · · Score: 4, Insightful

    "The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"
    Patent pending?
    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  8. Agreed, other OS's need to copy UAC by Rosyna · · Score: 5, Insightful

    Other Operating Systems need to put more annoying dialogs that ask for elevation privileges every 5 minutes and don't ask for any credentials.

    Hell, they should make them appear so often people completely ignore their content and just blindly click "OK" or "Allow". Yeah, that's the ticket...

    1. Re:Agreed, other OS's need to copy UAC by grassy_knoll · · Score: 4, Insightful

      Other Operating Systems need to put more annoying dialogs that ask for elevation privileges every 5 minutes and don't ask for any credentials.

      Hell, they should make them appear so often people completely ignore their content and just blindly click "OK" or "Allow". Yeah, that's the ticket...


      Exactly.

      I translated the microsoft speak as "We suck... so everyone else should too! Cancel or Allow?"
      --
      A Human Right
  9. Ironic by Chaymus · · Score: 5, Insightful

    For a company who is reknowned for brutalizing industry standards it's humorous to find them believing the industry would adopt their bastardized version of the existing.

  10. Translation of story title... by brennanw · · Score: 4, Insightful

    "Microsoft says other OSes should annoy the crap of its userbase more."

    --
    Eviscerati.Org: All Hail the Eviscerati
  11. Make me a sandwich! by Falkkin · · Score: 5, Funny

    Why use UAC when a much more intuitive sudo interface has already been developed?

  12. Patently obvious motivation. by Tackhead · · Score: 5, Insightful
    > Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.'

    Translation: "If we can get all the other operating systems to follow our lead, we can claim some sort of patent infringment on 'em."

    > The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

    The fact that Microsoft is late to the party is what makes it a patent trap. If it were just sudo, it wouldn't be patentable. When it's "a method for controlling process elevation, comprised of (sudo) and (a fancy display mechanism) and (extra monitoring)", it becomes patentable.

    Microsoft is setting a trap for future patent lawsuits. Deny or Allow?

  13. You can tell your locked down DRM laden OS... by A+beautiful+mind · · Score: 4, Insightful

    ...what to do, but keep your grubby hands off the real operating systems that don't base their security on feel-good measures, but sound design and actually fixing things.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
  14. Almost right by UnknowingFool · · Score: 5, Insightful

    The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

    I would say (and many here would agree) that UAC is a half-hearted, bad copy of sudo. sudo requires authentication and only for actions that require elevated privileges (like changing key system files). UAC annoying asks the user to verify suspicious behaviors to ensure that is what he or she really wants to do. Really UAC is an attempt at MS to shift the blame the user for their somewhat insecurity architecture. When something does go wrong, MS can blame the user saying it was the user's duty to verify their actions.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  15. UAC isn't a bad idea, just one taken waaay to far. by Vellmont · · Score: 4, Insightful

    I don't think it's such a bad idea to have some extra means of making sure a user REALLY wants to do a special action. Ubuntu and Fedora handle this by asking a user to authenticate whenever an action requiring elevated rights occurs. It's actually done quite well and is only required for doing things like adding or deleting software, and the rights stick around for a while so you're not constantly typing in passwords.

    The problem of course is that Microsoft went crazy and decided to lock down EVERYTHING. To the point where it's just plain annoying running the OS with it on. I tried it for a couple weeks just to see if I could get used to it. There's a tendency for people to crave the old way of doing something not because it's better, but just because that's what they're used to. I did eventually decide UAC was more trouble than it's worth, and disabled it.

    I guess I tend to agree with the theory that UAC wasn't really real security, but about putting the blame more on the user. Microsoft can just claim "Well, you DID disable UAC didn't you?, so it's not our problem."

    --
    AccountKiller
  16. I'd Read the Article, but... by filesiteguy · · Score: 4, Funny

    ...my browser keeps asking me to allow or deny arstechnica...

    --
    The Kai's Semi-Updated Website Thingy
  17. Special Reset Switch for that by Kadin2048 · · Score: 4, Funny

    We implemented a special switch which allows these functions. It's located inside the computer's power supply, near the big thing marked "1000uF 250V".

    In order for the setting to take effect, you have to make sure to press the switch while the computer is running. We've found that using a steel coat-hanger wire (be sure to sand the paint off, first, you don't want it getting into your computer!) passed in through the vent holes in back works well.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    1. Re:Special Reset Switch for that by MightyYar · · Score: 4, Funny
      For Mac users, the process is much simpler:
      1. Unwrap your iHanger. Don't worry about the paint - it is pre-stripped.
      2. Insert the iHanger directly into the wall outlet.
      3. There is no step 3!
      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  18. Microsoft Says Other OSes Should Imitate UAC... by MarkByers · · Score: 4, Funny

    ... and then they will sue them for patent infringement.

    You can't win.

    --
    I'll probably be modded down for this...
  19. UAC == *TERRIBLE* Security Idea! by Anonymous Coward · · Score: 5, Insightful

    UAC has far too many false positives to be meaningful. You can't freaking open the Control Panel without a UAC prompt.

    As such, users see the prompts as an unimportant nuisance, but soon realize that things don't work unless you click "Allow." Thus, you're training users in Pavlovian fashion to click "Allow" to any damn box that comes up.

    Now think about this for a second: when 99% of the prompts you get are harmless, and "Allow" is always the right answer, just how many users will actually read it and apply critical thought when they see the 1% of UAC prompts that warns of actual danger? Almost none of them, even the smart ones. Once you get trained to just click allow, you're going to click it just before your realize "Oops! I didn't want to allow THAT one!"

    So if you ask me, UAC is a huge step backwards in terms of security. Microsoft appears to have put almost no thought into it and it's little more than a way of blame-shifting. After all, the USER is the one who didn't click "Deny" the one time in one hundred it would've prevented something bad, so it's *all* their fault. Even though they only did what UAC trained them to do.

    Disable UAC now. It's not security; it's blame-shifting.

    1. Re:UAC == *TERRIBLE* Security Idea! by h2_plus_O · · Score: 4, Insightful

      You can't freaking open the Control Panel without a UAC prompt.
      Actually, you can. ...but that wasn't your point.

      Your point is that people are too dumb to make security decisions, so it's a bad design to require them to make them. Of course, the flip-side of this argument is that unless users are given the opportunity to make a choice, what's available is the same as no choice.
      The notion that users can't make good security choices may have some merit, but the idea that disabling UAC is somehow good security advice is backwards- disabling UAC (and therefore running with a full token) is exactly the same as clicking every prompt that comes your way indiscriminately. Ironically, your advice is worse than the problem you're complaining about. OK OK, you *really* just want something better than UAC. Welcome to the club, we all want magical better security.

      Security in a world of users who are trained to think that security somehow doesn't involve them will never work. Microsoft helped create that illusion, and it's bitten them hard. You might see this as blame-shifting, but I see it differently: it's pain-shifting. And it's about time. People (and the folks who write their software) have to start being responsible for their own security, and annoying tho it might be, UAC is a step in the right direction. Let's hope we start seeing software designs that don't require elevated privileges, let's look forward to users with a clue about what executing code means. Let's let Microsoft choke a little bit on how much their legacy of interoperability-over-security has cost them. ...and let's see how it goes. Will users revolt, and switch to linux en masse? Will there be much rejoicing? Or will the next version be better? Or will users get it?
      --
      If there's one thing I won't stand for, it's intolerance.
  20. We should go beyond sudo by TheLink · · Score: 4, Interesting

    A modern OS should be having something that's much better than sudo.

    Modern desktop class OSes should have sandbox _templates_, with apps being allowed to "suggest" a template.

    Then if an app claims to be a "plain old screen saver", it only gets "plain old screen saver" rights - which means no network access, no access to the user's files etc.

    If it claimed to be a "standard network game" then it gets different sort of access - file system access to its own "app specific data folder" in the user's home directory, access to full-screen graphics, sound _playback_ (not recording[1]), limited network access (as per requested).

    If some flash applet "game" somehow requires "full administrative system privileges", go figure...

    [1] Only a few apps should be allowed to record sound - stuff like skype, voice chat app for games. Your word processor should not be recording sound. The O/S should handle the voice control stuff if you like that sort of crap. And by default you may not wish to allow an app to record sound while backgrounded or just sitting in the "systray".

    --