Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says Other OSes Should Imitate UAC

Posted by kdawson on from the bring-'em-down-to-our-level dept.

COA writes "Many Vista adopters find User Account Control irritating, but Microsoft thinks it's an approach other OSes should emulate. Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.' He also believes Microsoft is charting new territory with UAC. 'The most controversial aspect of Watson's comments all center around the idea that Microsoft is a leader with UAC, and that other OSes should follow suit. UAC is a cousin of myriad "superuser" process elevation strategies, of which Mac OS X and all flavors of Linux already enjoy. The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

16 of 493 comments (clear)

  1. Obligatory by gunnk · · Score: 5, Funny

    Microsoft would is trying to make you believe sudo was their idea. Cancel or Allow?

    --
    Life is short: void the warranty.
    1. Re:Obligatory by HomelessInLaJolla · · Score: 5, Funny

      If you click "Cancel" an information box is displayed informing you of a patent pending.

      --
      the NPG electrode was replaced with carbon blac
    2. Re:Obligatory by truthsearch · · Score: 5, Interesting

      It's no joke. They really do believe they invented the idea:

      Patent #6,775,781

      --
      Developers: We can use your help.
  2. Hello Microsoft by The+Anarchist+Avenge · · Score: 5, Funny

    From TFA: "Why should I be letting my normal user be running as system administrator?" Welcome to the 1980s

    --
    Today's lucky number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    1. Re:Hello Microsoft by QuantumRiff · · Score: 5, Insightful

      Because if your a school, textbooks now contain multimedia CD-ROMS, that have Macromedia Authorware software that is a version from the good old windows 95 days, when everyone had Admin priveleges (this includes books that were published December of 06!). Try calling a publisher, and asking why the hell their software tries to copy files to %system32% before it runs. They don't understand why it wouldn't work, they work from home, and it works on the XP home machines they developed it with! Or even newer non Authorware software that feels it needs to write to HKLM in the registry, to store its configuration. Hell, I have a textbook CD that installs Apache and Mysql to do the "interactive stuff" that sets up a local web server running on port 80(without checking if it is already used), uses a few hundred MB of ram (lots of page file swapping!), requires IE, not Firefox, and heaven help you if you use a Proxy server (the publisher of the sofware has never used one, or tested with it.. how many schools use proxies!) Sorry about the rant, just had to let it out... ;) thank god for deep-freeze

      --

      What are we going to do tonight Brain?
    2. Re:Hello Microsoft by toadlife · · Score: 5, Interesting

      I manage several labs and have had to deal with this type of crap software for ages. There are better solutions than giving students admin rights and using expensive band-aides like deepfreeze.

      Repackage those programs into msi installers using wininstall (or admin studio if your boss will spring for it). Set permissions on files/directories with a machine startup script using cacls and set registry permissions via group policy or the command line. You can find out where the programs are trying to write with process monitor by sysinternals.

      Students in my labs log on as guests and all of the crap software they have to run works just fine. It takes a lot of work up front, but once you get a piece of software repackaged and proper permissions script worked out, you can deploy it using GPOs and never have to think about it again. Most of my labs, I have not visited in over a year.

      --
      I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
  3. sudo by Inmatarian · · Score: 5, Funny

    make me a sandwich.

    1. Re:sudo by plams · · Score: 5, Insightful

      Off-topic? Parent was likely referring to this gem

  4. Call Theo! by hahiss · · Score: 5, Funny

    Yeah, it is about time those OpenBSD pikers got off their collective asses and followed the World Leader in Secure Operating Systems: Microsoft.

    --
    "Every decent man is ashamed of the government he lives under." - H.L. Mencken
  5. Agreed, other OS's need to copy UAC by Rosyna · · Score: 5, Insightful

    Other Operating Systems need to put more annoying dialogs that ask for elevation privileges every 5 minutes and don't ask for any credentials.

    Hell, they should make them appear so often people completely ignore their content and just blindly click "OK" or "Allow". Yeah, that's the ticket...

  6. Ironic by Chaymus · · Score: 5, Insightful

    For a company who is reknowned for brutalizing industry standards it's humorous to find them believing the industry would adopt their bastardized version of the existing.

  7. Make me a sandwich! by Falkkin · · Score: 5, Funny

    Why use UAC when a much more intuitive sudo interface has already been developed?

  8. Patently obvious motivation. by Tackhead · · Score: 5, Insightful
    > Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.'

    Translation: "If we can get all the other operating systems to follow our lead, we can claim some sort of patent infringment on 'em."

    > The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

    The fact that Microsoft is late to the party is what makes it a patent trap. If it were just sudo, it wouldn't be patentable. When it's "a method for controlling process elevation, comprised of (sudo) and (a fancy display mechanism) and (extra monitoring)", it becomes patentable.

    Microsoft is setting a trap for future patent lawsuits. Deny or Allow?

  9. Almost right by UnknowingFool · · Score: 5, Insightful

    The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

    I would say (and many here would agree) that UAC is a half-hearted, bad copy of sudo. sudo requires authentication and only for actions that require elevated privileges (like changing key system files). UAC annoying asks the user to verify suspicious behaviors to ensure that is what he or she really wants to do. Really UAC is an attempt at MS to shift the blame the user for their somewhat insecurity architecture. When something does go wrong, MS can blame the user saying it was the user's duty to verify their actions.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  10. Re:news flash by jellomizer · · Score: 5, Funny

    My version of DOS has nothing close, Neither do my versions of Windows 3.1, 95, 98, ME, 2000, or XP. A Ton Of OS's dont have anything even remotly close to UAC.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  11. UAC == *TERRIBLE* Security Idea! by Anonymous Coward · · Score: 5, Insightful

    UAC has far too many false positives to be meaningful. You can't freaking open the Control Panel without a UAC prompt.

    As such, users see the prompts as an unimportant nuisance, but soon realize that things don't work unless you click "Allow." Thus, you're training users in Pavlovian fashion to click "Allow" to any damn box that comes up.

    Now think about this for a second: when 99% of the prompts you get are harmless, and "Allow" is always the right answer, just how many users will actually read it and apply critical thought when they see the 1% of UAC prompts that warns of actual danger? Almost none of them, even the smart ones. Once you get trained to just click allow, you're going to click it just before your realize "Oops! I didn't want to allow THAT one!"

    So if you ask me, UAC is a huge step backwards in terms of security. Microsoft appears to have put almost no thought into it and it's little more than a way of blame-shifting. After all, the USER is the one who didn't click "Deny" the one time in one hundred it would've prevented something bad, so it's *all* their fault. Even though they only did what UAC trained them to do.

    Disable UAC now. It's not security; it's blame-shifting.