Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Designed UAC to Annoy Users

Posted by ScuttleMonkey on from the at-least-they-are-being-honest dept.

I Don't Believe in Imaginary Property writes "At the 2008 RSA security conference, Microsoft's David Cross was quoted as saying, 'The reason we put UAC into the platform was 'to annoy users. I'm serious.' The logic behind this statement is that it should encourage application vendors to eliminate as many unnecessary privilege escalations as possible by causing users to complain about all the UAC 'Cancel or Allow' prompts. Of course, they probably didn't expect that Microsoft would instead get most of the complaints for training users to ignore meaningless security warnings."

5 of 571 comments (clear)

  1. Re:If this is true... by Shihar · · Score: 5, Interesting

    I don't think that is what he really meant. What MS is trying to do is actually the right thing. MS wants to make it access privileges more like Linux. It wants to make it so that random programs can't run a muck with admin privileges. This is MS's attempt to get application makers to stop requesting privileges that they don't need because they are too lazy to program it the right way.

    Look, I'll be the first to decry Vista as a piece of shit, but despite all of Vista's flaws, trying to restrict access of programs is a good thing.

    Personally, I think that MS is slowly learning. MS is in no danger of losing its business division so long as companies demand backwards compatibility, but in personal computing it is getting kicked around. MS looks old and faded while Apple has a solid product combined with a marketing machine of d00m (Microsoft always sucked at marketing). MS needs to make changes or else it is going to get run over by Apple. Lock in isn't going to last forever in the face of a comparable, if not outright better, product and vastly superior branding and marketing.

    I mean hell, what do you think of when you think of Apple? Shinny plastic with a hipster in a coffee shop. What do you think of when you think of MS? A moldy office.

  2. Re:If this is true... by MRiGnS · · Score: 5, Interesting

    MS needs to make changes or else it is going to get run over by Apple. Lock in isn't going to last forever in the face of a comparable, if not outright better, product and vastly superior branding and marketing. I'm pretty sure MS isn't as afraid of Apple as they are of Linux. You might be able to buy/bribe/whatever stock holders, but almost impossible to buy out GNU/Linux. Even if they would get Linus on their side, there would be some nerds releasing GNU/Xunil (That's the point where you might laugh) just a couple of minutes after the announcement. The only thing they may fear is in fact FOSS reaching critical mass.

    MS is in no danger of losing its business division so long as companies demand backwards compatibility, but in personal computing it is getting kicked around. I wonder what happens as windows7 is supposed to break the binary compatibility
  3. Re:And Microsoft was the biggest offender. by Jurily · · Score: 5, Interesting

    Yes, it forces coders.

    However, if you're a windows user, and you just upgraded to vista, you see these warnings/questions. What's your first response?

    1. Man, I wish these crappy coders would learn when to require root access
    2. Stupid Vista... I should go back to XP

    Upgrading the security model from a non-visible one to one that requires user attention can be a bitch. MS has a lot of difficult decisions to make these days.

    Just see http://www.joelonsoftware.com/items/2008/03/17.html.

    (Now, if only someone could show me how to embed nice links here... :) )

    P.S. I use Gentoo.

  4. Re:If this is true... by LO0G · · Score: 5, Interesting

    But not with UAC. The normal integrity level application can't sniff anything about the UAC elevation. And the elevation password dialog runs on a separate secured desktop so the malware can't access it.

    Windows is not *nix, the Windows developers learned from the mistakes of sudo.

  5. Re:And Microsoft was the biggest offender. by TheRaven64 · · Score: 5, Interesting
    ACLs aren't a problem in themselves. Having fine-grained security is a good decision for a kernel, because it allows you to build other security models on top easily. It's much easier to implement the UNIX security model on Windows than the other way around.

    The problem is the user interface. As the OpenBSD people keep telling us, sane defaults are the most important thing in security. If you default to insecure, or you default to secure, but so irritating people turn off the security, then your system is not secure.

    With respect to your specific problem, requiring elevated privileges for debugging actually does make sense, and I consider it a bug in other operating systems that it's not the case. A process that attaches to another as a debugger can inspect all of that process's memory, and even the contents of registers. If the process is something like your password manager, then it doesn't matter that it stores all of your passwords encrypted on disk and doesn't release them without a pass-phrase if the first piece of malware that gets on to your system can poke around in its memory and read them. Ideally, you would be able to simply flag regions of memory as off-limits to a debugger, but the next best thing is to require elevated privilege. Starting with 10.5, I believe OS X allows a process to set a flag preventing debuggers from attaching, but I've never tried it.

    --
    I am TheRaven on Soylent News