Slashdot Mirror
Microsoft Designed UAC to Annoy Users
I Don't Believe in Imaginary Property writes "At the 2008 RSA security conference, Microsoft's David Cross was quoted as saying, 'The reason we put UAC into the platform was 'to annoy users. I'm serious.' The logic behind this statement is that it should encourage application vendors to eliminate as many unnecessary privilege escalations as possible by causing users to complain about all the UAC 'Cancel or Allow' prompts. Of course, they probably didn't expect that Microsoft would instead get most of the complaints for training users to ignore meaningless security warnings."
If they'd done this from the start, no one would be complaining. In Linux or UNIX, if a program wants elevated privileges, it requires user intervention. The result is that programs don't expect to have superuser privileges if they don't actually need them, and everyone is happy because the only things that have to be done as root are things you'd expect to require root access.
Mac OSX has prompts for authorization also. It doesn't bother me like Vista does. Why not? I didn't really catch it... until I realized that I could ignore the dialog box and get something done before allowing an update/reboot or whatever. Something that simple and the whole problem goes away!
It is an idiotic approach. Vista is the one being annoying....how could someone predict that end users would blame the applications and not the os that's to blame? Not to mention the whole issue of purposely designing a ui to annoy paying customers, to pressure 3rd parties to change.
Bad idea all around if this was their intention at design.
I'll believe in corporations having personhood when Texas executes one... - advocate_one
It appears you are trying to make a snide comment.
[Cancel] [Allow]
I'd rather have someone respond than be modded up.
It Worked!
You cannot force someone else to follow a particular coding practice when your coders do not do so themselves.
whatcouldpossiblygowrong
134340: I am not a number. I am a free planet!
I think there is going to be quite a bit of criticism of MS for this but basically you see UAC prompts where you would have to do a su or sudo to get the job done as a starndard user in Linux/Unix. The reason you don't have to do those all the time in Linux is that the application writers do not write their apps to require constant root priviledge escalations. There is one app that I couldn't get working properly in Fedora 8 without running it with a sudo - Nero Linux - and it annoyed me quite a bit.
MS needs to drag both its users and those who write windows applications along to the limited security model we all need each other to be using for the good of the internet. It was always going to be painful.
The one criticism that I have of the system/model in practice is the start menu - and that is all MS! I try to organize my start menu and I see several dialogs. I would be much more on-board with only one Cancel or Allow for an operation like that...
No they didn't design UAC to annoy users. This was a crass statement made by a Microsoft employee. No company would design something to annoy users. This was a poor use of self-deprecating rhetoric that will be exploited to the extreme. It's a dumb statement for a Microsoftie to make, and really dumb for the media to exploit.
"Stupid is as stupid does", somebody once said.
I'm not MS's biggest fan. But this isn't the worst strategy ever.
It's actually pretty logical that if you make running these retarded apps annoying, you can force the vendors to fix them.
But MS faces a big obstacle in that strategy--the fact that moving back to XP fixes the problem as well, from the user's perspective. And of course, the fact that doing so also makes today's computers 3x more responsive.
It's a shame... I would love a world where Vista caught on but UAC didn't have to pop up ever unless something truly administrator-ish were really going on. Then all my users could be Users.
This approach could have worked. But if they really meant for it to work, then developers would have been required to embed usable contact information in the application. When the UAC prompt came up it would explain that this was a result of an action taken by the application, and that if it seemed unnecessary to you, you should click a button and send feedback to the developer.
It would also identify and tag the particular circumstances so that there could be a option, "don't warn me about this again."
This latter option would have been particularly useful during the beta phase.
After a couple of years, Microsoft might then assume that developers had been given adequate warning and adequate feedback, and the option to ignore warnings could have been retracted.
What Microsoft did doesn't sound as if they serously wanted the approach to work. They just wanted to be able to say that users "didn't want" security, just the way Detroit said for decades that car buyers "didn't want" safety.
"How to Do Nothing," kids activities, back in print!
It does make sense, when you think about it, since they've found step 2 and patented a frustration detection system.
I have to steal this comment from one of the posts from that story, but...
Step 1: Make frustration and annoying software
Step 2: Patent frustration detection system
Step 3: Profit.
Oh, Redmond has jumped the shark in a big way.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
than the banks blaming the customers and making them jump through hoops because the banks' own lame security practices. The banks and Microsoft, Apple, etc should be held responsible. The customers need to demand it.
What?
"Be light, stinging, insolent and melancholy"
Wow! Microsoft thinks of its users as pawns in a pissing match between them and developers? Why not? They think of them as pawns in their pissing match with the DOJ, their vendors, the conquest of the world... Fuck you, Microsoft!
This reminds me of the c:\program files\ as a default install folder. I think it started with Windows 95. I read somewhere, years after the launch, that it was specifically chosen to force programmers to handle long file names properly.
Funny, even now, I usually create a c:\programs\ directory for everything that doesn't have a proper installer. 10 years and counting.
IMO, the UAC did not have to be as annoying as it is. All they needed was a "allow admin stuff to happen for 5 minutes" dialog so that installing a program would only take one prompt. Too smart for their own good...
This is incorrect. The registry key in question is protected by permissions and by default requires you to be running as Administrator in order to make changes. If UAC is on, then to get a command prompt, regedit, etc running with Admin rights requires UAC approval somewhere along the line.
UAC is not about confirming specific actions like changing registry keys. It is about giving Windows permissions to use admin-level privileges. For example, once you allow a command prompt to run with your admin token, it can then launch admin-level tasks without any new prompts.
Microsoft added spaces in system directories to annoy users too I'm sure and specially neglected to make links to network folders work with spaces and left it like that for the past 13 years, to ensure that you cannot copy and paste a spacy network path from Windows Explorer into Outlook and email it to someone else in the company. All that only to annoy their users...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Why not just tell the application vendors to "eliminate as many unnecessary privilege escalations as possible"? It would be an easier way to solve the problem, plus less people would hate their operating system.
I'm sad to hear that. This was the most logical explanation of UAC's existence I have heard. If you are correct that means MS actually had a different object/goal in mind for UAC, that they actually thought it would improve security, that they actually thought that it WASN'T annoying, that this thing got passed off on multiple levels throughout the dev process as being a) useful, b) a desirable feature, c) accomplished a purpose.
UAC does none of those things in the real world. It is a horrible security mechanism, it slows down every day usage of most PCs, it causes endless annoyance to users. If this feature was designed solely for the purpose of alerting 3rd party devs to the numerous unnecessary privilege escalations they are using, it almost would be worth it/make sense. If not, it is proof that MS has absolutely no clue what users want, need, or what is a good feature.
Not true.
I can disable UAC using regedit, using msconfig, gpedict.msc, User Account applet. Each and every method raises a UAC consent prompt.
Microsoft is right. Most applications should never have administrator privileges, not even during installation. It's way past time to tighten the screws.
umm, are you here for/from damage control?
Politics is Treachery, Religion is Brainwashing
The basic idea's sound. The problem is that, given the implementation, users view the problem as being UAC and/or Vista, not the apps. After all, the apps work just fine if you turn those annoying dialogs off or go back to XP. If the users don't view the app as the cause of the problem, they won't pressure the app vendor to do anything about it. Idea fails.
I prefer the Unix approach. The OS doesn't pop up any dialog, or offer the user any choice. If an app does something it doesn't have privileges for, it gets an ENOPRIV returned from that call and isn't allowed to do that. How the app handles it from there is up to the app, but there's no easy way to make the errors go away at the system level (most modern Unixes are set up to make it inconvenient to log in or run programs as root, and only root can install a program setuid-root).
Microsoft Designed UAC to Annoy Slashdot Users.
There. All better.
Sig this!
Aha! They annoyed me so much that I actually switched to linux. /success
Most of the time, when people talk about bad coding practices in the context of UAC, they're talking about programs which assume that the user will be running as Administrator, and thus they stomp all over areas which should remain protected (both on the filesystem and in the registry.)
Aside from annoying users, UAC ostensibly exists to keep privilege escalation from occuring. If a program really needs the privileges, it can get them granted by the user. If it doesn't, the user can deny them. In practice, one has to question how effective this really is (does the user know when it's a program or a privilege escalation attempt?)
When the developers of shitty software that needs root just to run or to do something that shouldn't it annoys the end users who then in turn complain to their software company reps who then figures out a bunch of people hate how annoying their software is in vista and then they dictate to the developers to fix it, thus annoying the developers. /runonsentence
The teardrop attack was a DoS attack that exploited a TCP stack bug. It had nothing to do with local privilege escalation. Perhaps you should have "googled the rest of the details" before posting.
Aside from that, privilege escalation vulnerabilities have nothing to do with "good coding practices" mentioned by the parent poster.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Because it's much easier to sit on Slashdot and make up bullshit and lies about Microsoft because it's trendy to hate them.
If some blank paper is in the printer, and a program writes to it without authorization from the owner of the paper, the paper becomes unusable.
But do you have to enter your root password every time you print? I think not.
Visual IRC: Fast. Powerful. Free.
As somebody posted in a previous article "Gartner Analysts Warn That Windows Is Collapsing"; UAC would be more worthwhile if it was more Linux-like (had password authentication as oppossed to Allow-Deny options). It's a step in the right direction IMHO. I don't think M$ designed this for ill effects :) In the long run I think it is good to "force" or persuade developers to get on the bandwagon. Security is always difficult; windows has traditionally had poor security. Let there be a "learning curve". In the long run I think it's worth a bit of inconvenience.
Microsoft has always been traditionally lax on security to make things easier for users, now that M$ is making security a priority people are bitching. No shit, and not surprising. Give M$ Kudos for going in the right direction.
I remember many CD recording programs requiring root access of some kind or another to work correctly. I think that things have changed in the last few years, and you no longer require root access to burn a CD, but I specifically remember having to launch xcdroast as root in order to burn CDs.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
As others have commented, you could not be more wrong about the teardrop attack. Teardrop worked by fragmenting a tcp packet such that when your tcp/ip stack reassembled it, it would buffer overflow and usually just crash the system.
I had LOTS of fun with this back in '96 - (pre-google) I'd search for sites using the "powered by backoffice" image, which made certain that it was vulnerable to this.
Once upon a time, application writers tried to make users do the right thing by making them confirm any significant operation. What it led to was users who just hit the "y" key automatically whenever they got a confirmation request. They stopped reading the message. It is unclear if Vista's system will produce a different result - either through the user confirming blindly or by the application dummying the signal. Either way, it ceases to have any real value.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
UAC is not a bad idea. True, they could have gone the gksudo way and allow a window of time before asking for permission again. And then they could ask for a password instead of getting people in the habit of clicking away past warning windows. But still, it's not a bad thing.
They also had to stop programs from storing settings and user stuff under the write-restricted "Program Files" folder.
Now, annoying users intentionally to exert pressure on software vendors is just twisted.
UNIX/Linux users may want to have a little thought about what things would be like without the SUID facility ('ping', anyone?), and, on the other hand, the security implications of SUID. I was shocked when I read the example at page 249 of the UNIX Haters' Handbook, which illustrates the problem of blindly trusting your PATH with a simple example in which you can trick your system administrator into providing you with a root shell binary. Tried it. It works.
Not that this has prevented me from ditching Windows Vista in favour of Ubuntu on my laptop (desktop to follow when Ubuntu 8.04 is released).
The state you are in while your HEAD is detached... - wait, what?
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
So nope, I really doubt if I would succeed in a company like Microsoft. Quite frankly most interviews I get with Human Resource Professionals and Recruiters I observe bad grammar, like for example; HR types asking about my verbal abilities when they really mean my oral abilities. I see the same shit with technical questions asked by Managers. People have bad assumptions and knowledge, and if you don't speak on their same level (however condescending that may appear) they will assume you are stupid.
Clearly, you don't have teenage children. It is not only normal common practice, but it is in fact essential to force them to follow all kinds of practices that you yourself do not follow.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
Sure. Authorization happens now automagically in any semi modern distro. There's a lot of infrastructure that was developed to handle those situations---and many more, of course.
Uograde to Vista, Cancel or Allow. Cancel.
UAC does none of those things in the real world. It is a horrible security mechanism, it slows down every day usage of most PCs, it causes endless annoyance to users.
This kind of statement has been puzzling to me since I installed Vista on one of my machines, since I don't see UAC pop-ups unless:
1) I'm installing something new.
2) I'm running some executable I just downloaded through my web browser, or
3) I'm running something written in the 90's.
The first two cases being times I'm glad the prompt is there and the third being more or less acceptable to me since we're talking about 9+ year old software. Often I'll go weeks at a time withotu seeing a UAC prompt.
John
Then why K3B, an application that is superior to Nero in all imaginable ways, does not have this problem?
Contrary to the popular belief, there indeed is no God.
UAC is totally ineffective as as its one of the first things nearly everyone turns off because its so damned annoying.
You, Sir, are a Prick.
Damn. You've got me
As much fun as it is to bash MS, they have some very difficult problems to deal with.
One reason for their success is that they never say: you need a certain version of glibc to run this app, or you need some outdated rpm chain of dependencies that conflict with the new version (may god have mercy on my karma.) If it's a Windows program it will run on Windows (sometimes.) I'd say 90% of the badness and kludginess of Windows is because of their desire to not break apps that people have been running since the 3.1/95 days.
With the kind of resources they have they should be doing a much better job, but I think anyone who's tried to provide backward compatibility in software even in trivial cases will agree that it quickly becomes an unmanageable clusterfuck.
... also, I can kill you with my brain.
The problem was that he misspoke, and that lead to misinterpretation. It isn't designed to annoy users, not at all. Users will be annoyed as collateral damage. It's designed to annoy -developers-, and if that means bugging users into bugging developers, or forcing the developers themselves to endure UAC dialog after UAC dialog because their program does things the wrong way, then so be it.
But it's mainly to annoy developers, not users.
The best thing you can do as a user to ensure your user experience is good and will remain good?
Run as a standard user, on Vista and beyond.
Vista has done a lot to boost that demographic, but unless users start realize that Vista has nearly equalized the Administrator and Standard User scenarios, and start running as standard users, developers will find a new way to screw it up for standard users.
Key mistakes developers make:
'de-elevate' - the right way to do this is to keep a parent executable around, relative to the one from which you wish to 'de-elevate'. That parent executable itself may or may not have been 'elevated'.
'HKCR' - HKCR is there for compatability with win16. Stop using it already.
Interacting with the virtualstore - unless you are writing a module specifically designed to perform a one-time migration to address a virtualization issue with an older revision of your app, there's no reason to do this explicitly.
Interacting with the virtualstore from an 'elevated' app - wrong from conception. In UAC, if you elevate, you elevate to potentially another user entirely, and virtual stores are per-user. Ergo, this is never right.
'it's just a prompt'. It's not just a prompt. It's a stressed person running as a standard user in an enterprise who has to go ask help-desk to answer the UAC prompt.
I have been asked and wondering why Microsoft has such a bad track record in security and user access control especially since recent Windows have been built on NT which comes from OS/2 and VMX. According to me it's fairly simple: group permissions. Look at a default Linux/Unix-style installation, you have about 20 groups to start out with. If you're a desktop user, usually you're a member of audio, video, games, cdrom and user. On a Windows machine you're either a User or an Administrator. The way the Linux kernel and it's modules are built, if you need direct access to hardware, you can either be root (not good) or you can access it through it's /dev entry which has group permissions.
So if you want to play music, you can access the hardware (albeit through a kernel module) by making yourself member of the group audio. In Windows however, if you need direct access, you can either use DirectX or a process (daemon) or become an Administrator so you can get to the kernel. There is no group Audio that has only access to the Audio-part of the kernel. As soon as you need direct access for real-time anything, you can't really add yourself to any group to do so.
This of course goes way back before desktops were running NT versions (like 2000 or XP). Before, Windows was running on top of DOS, developers could just code directly into the hardware (just load dos4gw), there is no access control in DOS. DOS was also not meant to be running any services or be connected to a network that's where the whole thing with virusses got started, anything that was running could simply request a hook into the BIOS, under the hood, protected memory was regulated with emm386 while Windows 95-ME all used the faster, less secure himem.sys. Microsoft merged together the NT and DOS and made it into 2000 and XP. There were no extra permissions added for desktop users, the pure server model was coded around to allow for desktop speed and real-time access to hardware, never giving any thought that actually running all services that hook into hardware as Administrator would give problems.
Custom electronics and digital signage for your business: www.evcircuits.com
Or to delegate that approval. Once.
Hello... clippy?
Well, I guess they really blue that one.
"Our opponent is an alien starship packed with atomic bombs. We have a protractor."
The parent is incorrect (as has been pointed out by other posters).
FYI run a muck is wrong. There is no muck. It's run amok.
"If a program really needs the privileges, it can get them granted by the user [...] one has to question how effective this really is"
As with *nix the user can only excalate to their own level of access, if they don't have admin rights they can't hand them out. If this is effective in *nix to stop random users running as root (and it is) then it should also be just as effective in windows.
It's fine to blame "windows programmers" for the pop-ups that plague vista but in my experience (20yrs) most proffesional developers are also "*nix programmers". Conditional compilation and a lot more testing is the price one pays for supporting a diverse range of O/S's.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Comment removed based on user account deletion
Snide Schwab has a different thought: Microsoft's legal department foresaw the day when the license "agreement" would be revealed for the fiction it always has been, and the clause disclaiming liability for product faults would be held invalid.
Windows "security" has been laughable since forever, and Microsoft's perennial incompetence in this regard is directly responsible for the millions of compromised computers all over the world spewing spam and attacking servers. It is entirely probable that, if the right lawsuit came along, Microsoft could be held liable for their long-standing incompetence -- unless they could claim they did something about it.
Enter UAC. "There. We did something about it. If the users disable it, or make bad decisions, well, we can't do anything about that." It obviously was the most childish, petulant "solution" that could be conceived to the problem, but that didn't matter, because it was never intended to actually solve the problem. It was supposed to be there to show to a judge that Microsoft wasn't negligent, and therefore not liable.
This is all, of course, entirely speculation on my part...
Schwab
Editor, A1-AAA AmeriCaptions
I don't know about that. Personally I didn't start hating them until I migrated to the IBM PC in the early 80's. Before that they were just another software vendor.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
I think you underestimate the depth of feeling that Microsoft has engendered in much of the technical community.
If you're a company that makes a product that the majority use, your customers don't just start to hate you, it's something you have to work at for years. It's our nature to become emotionally attached to something that's such a big part of our lives, and the fact that Microsoft has squandered such an opportunity for loyalty and created ill-feelings instead is something that future generations of business students and corporate psychologists will study for centuries to come.
You are welcome on my lawn.
What they didn't anticipate though, is people screening out the warnings. Yes, it's important for you, the developer. No, it's not important for the user, who only wants to Get Stuff Done (tm).
If the same yes/no question pops up every 10 minutes, don't expect a different answer when it says "Do you want to install spyware, adware, a couple of trojans, and [whatever they actually wanted to install]?".
Remember, users don't read. Not because they're incapable, they have more important things to do.
2) Sell new software with less annoyance
3) Profit!
There are better ways to implement UAC, it seems pretty clear that their sloppy implementation was designed to get users to complain to their vendors to update their shit to the new paradigm. Problem is, this new paradigm was not fully adopted within the walls of microsoft.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
And, AC, tell me which part of my sentence(s) you consider "incoherent". If you can't understand simple English then I will try to help you.
One last comment. Are you a Human Resources Professional? ... Your comments are trollish like I would expect from such types. You are sad and pathetic.
The amount of times UAC prompts me is not when running other applications, but pieces that ship as part of Vista. I want to turn off wireless to preserve power, or go on a plane. Prompt. I want to copy a file. Prompt. I want to do anything of any real use. Prompt.
As for changing the "was" to "is" anyone notice that Office 2007 isn't completely Vista compatible? Anyone notice that Microsoft Hardware was really slow on coming out with drivers for Vista. Due to the class action lawsuit we now know why. They are not eating what they are offering and as a programmer I'm leary of implementing Microsoft's latest fad, just for them to deprecate it again. From their security record in Vista so far it's obvious that these things aren't a thing of the past. Heck UAC being annoying is proof enough that they don't really care about security, because it doesn't take a genius to figure out that if you are having to click something all the time, you are going to stop reading it, completely defeating the point of the prompt in the first place and in the process making Vista less secure than XP. Not to even mention their creative accounting on how many security problems have actually been found in Vista, they only count what they've publically disclosed.
Microsoft, Apple, Google, Amazon what's the difference? All steal money from devs and control with walled gardens.
They chose a great comedian to deliver that line!
...why I'm typing this on Firefox in Mandriva.
Duh! That was so 90's.
There, fixed it for you.
In fact, now I come to think of it, Microsoft designed all of Windows to annoy users. I use it and man, I'm annoyed as hell right now.
Once I was a four stone apology. Now I am two separate gorillas.
HP driver annoyances (their shitty home(/SMB) devices are notorious for this and end up even in larger setups cause of ignorant buyers) can be usually quite easily fixed by searching the registry by device name or ID and giving users group more control over those subtrees. Be aware of security considerations and give only minimal level of extra rights that are neccessary.
Msconfig is your friend when disabling unneeded startup items. I especially loathe the auto-updaters that get installed by default if you don't know specific installer parameters. Sun java is class A example of that crap, it informs limited users about updates and recommends them to upgrade - only halfway through it throws error message.
My UID is prime. Hah!
I think that Microsoft first have to learn to avoid pissing users off and then design a system from that.
I agree that there are far too many cases where administrator access is required, and that those cases must be dealt with, but this is the wrong way. The basic design of Windows also makes it very hard for a user/program to quickly request and escalate privilege rights. You have the "Run As..." functionality, but that's not really useful since users normally doesn't have a secondary account.
In effect - they have made a historical error. If they had been more competent and compared their notes with functionality of other operating systems they would have understood that there are options and methods to improve the security.
In comparing with other operating systems I not only refer to *NIX as is but also features provided by MLS *NIX:es and OpenVMS. Uses of ACL:s or similar, privilege flags as in OpenVMS (which allows for an account to have potential for admin rights but not have it right away and is changed with the "SET PROC/PRIV=..." command). Of course it should be designed differently. And that even as an administrator it would be necessary to escalate privileges. This latest feature would have been a good reminder for those writing stupid accesses to really optimize their requirements. And if a software was to require privileges when executed that should be a feature that had to be enabled at installation of the software and not during runtime.
And then there are some programs that are REALLY stupid - they need to be installed as the user "Administrator". That's really annoying.
Remember that users are really stupid when using your program, but allow functionality to inform the advanced users to be informed about what has gone wrong. Don't be afraid of detailed application dumps - if they are verbose they can actually tell a developer a lot - and even a system administrator may be able to pick up what's wrong. A message like "Insufficient Access" and no more information is likely to piss people off. A binary hex dump that only could be interpreted by a secret program is likewise. Sometimes I miss the several pages of symbolic stack dumps that may happen on the OpenVMS system if something was going out the window... The *NIX core files are also very useful. Both have their share of lack of information but usually you get the general idea about what was wrong. The windows way of doing it is to just provide the user with a message stating that something went wrong and that it was an illegal operation, but not the history behind it like a human readable stack dump.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
So, in other words, it's designed to annoy users? You do realize that "bugging" is a synonym for "annoying", don't you? If it were designed to annoy developers, then why wouldn't they go directly to the developers? Annoying users in order to annoy developers is still annoying users.
... and then they built the supercollider.
Damn straight. If anybody ever wants me to adopt a paradigm, I'll punch them in the fucking mouth. I already pay enough in child support.
... and then they built the supercollider.
Microsoft sometimes have good ideas but rarely implement them consistantly.
To this day I find the programs that save their data in their directory the best, I just Xcopy them when I move my computers. It's always a fight to find where programs save their info, is it \documents and settings\localdata and appdata right away? How about in all users\appdata instead? Or maybe in my registry... friggin stupid and now MS punishes devs to have the data in the program folder with UAC.
And please don't accuse anyone on slashdot of being trendy.
Professor Karmadillo Songs of Science
I don't get it really. Microsoft's software is so pervasive and I've spent ages using Windows, writing Windows applications and drivers, even if I mostly do embedded code.
I've used lots of other OSs too, and I really don't see what's so bad about Microsoft. Even their aggressive businesses are quite useful since I know if I knock up quick Windows application with Visual C++ I can reach 90% of the market. You can do pretty much anything you want in userland with Win32 and in kernel mode with WDM. Basically their stuff works fine for me. I don't know why other technical people have such problems with it.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Because even if it works 'fine' for you, there is a better option out there, and by using windows, you are forced to pay, and are locked in. I don't know about everyone else, but I have a problem with the fact everyone in the world is paying for something which is worse than something they could get for free (and if everyone did run it, it'd become better in every way overnight (hardware manufacturers making drivers, etc...).
-- Lattyware (www.lattyware.co.uk)
The alternative is people will just turn off UAC altogether. I'm sorry but I would hit those stupid warnings 20 or 30 times a day. In the absence of a way to train the system, I prefer to disable it altogether.
I tried for months to get Windows NT4 to operate as a webserver and a DNS server with an uptime > 2-3 days. Couldn't do it with a (then pretty decent) Pentium-100 with 32 MB of RAM.
Then, a year or two later, I discovered Linux, and tried it out on an old junker AM486/100. With 16 MB of ram, and a 500 MB HDD, and X-Windows/KDE 1.x running on the super-long VLB video card, it managed to host a web server, a DNS server, telnetd, ntpd, postgres, php, AND ssh reliably, 24x7 for MONTHS before I learned enough of what's going on to see that it was actually doing all that!
That was RedHat 5.1. It's what sold me on Linux, because, for all its many warts, it actually did the job reliably. And now, some 9 years later, it's still "doing it" (Now CentOS 4) and I'm still loving it, 24x7!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
If UAC dialogs are annoying and unnecessary, they're really just behaving like other Windows alerts. There's a whole mentality on the platform for being irritating and bothering users with pointless information.
Still, this was a new class of alert, to be taken seriously. Microsoft had a chance to break with "tradition" and put real thought into what would make a useful dialog, such as (only) information critical for making a good decision and prompting no more than necessary. But instead, we have self-congratulatory "aren't you glad we're looking out for your computer" text, a lot of color, and "abcapqyt.exe" as the only thing distinguishing one UAC dialog from the next. The dialogs therefore essentially read as "You have no idea WTF is running. [OK]" to most people.
I compare this to legalese. Microsoft is taking the "throw 400 pages of crap in the user's face, make them entirely responsible for understanding the ramifications, if they click OK they're responsible" approach to security. When I see legal documents, I *really* appreciate companies who go to the effort to "humanize" what they present. In about a paragraph of extremely readable English, they say hey, this is what we're talking about here, and this is why we have this agreement. Why *couldn't* UAC dialogs do the security equivalent of this deciphering for users, so "abcapqyt.exe" is not my only clue?
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
This "laptop" also booted to OS/2, which could run X11 as a separate GUI simultaneously with the Win3.1 and OS/2 GUIs and a bunch of virtual DOS machines. One of the DOS VMs often ran the GEM GUI because I used GEM Draw quite a lot in those days. It also had OS/2's NFS client+server. Four different GUIs with multitasked applications and daemons, all snappy enough in 14MB RAM with a 100MB disk.
Bloat Sucks. Windows seems always to have had more of it than the alternatives.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
No, the purpose is not to annoy users. The purpose is to annoy developers. If, through a chain of causality you can annoy developers by annoying users, then yes, it is "designed to annoy users." But that's not the goal, that's merely the means to an end. The goal is to annoy developers about using more permissions than they need.
If their goal was to annoy users, there are myriad ways they could accomplish that without achieving any goal at all. And in some respects, they've succeeded in annoying users with no foreseeable goal.
But saying that they intended to annoy users is really, really awful. A slip that shouldn't have been made and now will be misinterpreted ad nauseum. This is like saying the goal of the new Office Ribbon menu was designed to annoy users. No, it just -happened- to annoy users. But what it also did was reduce the number of clicks do do even complex actions in Office. It vastly reduced the number of clicks, and it made it incredibly easy to find hotkeys. (Hold down alt while you're in Office 2007 and -be amazed-. It's the best hotkey system ever.) Annoying users just happened to be a side effect. I'm sure they'd rather have been able to implement the Ribbon without annoying users, just as I'm sure they'd like to get developers not use admin permissions without annoying users. Alas, that's hard to do, as people are (a.) stubborn and (b.) don't understand that they should blame the app programmers and not Microsoft programmers for permission problems.
*nix can allow normal users to escalate privileges using sudo. UAC is basically a poor re-implementation of sudo.
In Vista you can stop users from escalating privileges by not making them a member of the administrators group, which is much the same as not making them a member of the wheel group in *nix. In this case, Vista will ask for a username/password of an administrator group member before it will "allow".
Whatever the purpose, the result is totally fucked up, and does annoy users. Does Microsoft ever think about the consequences of its actions?
... and then they built the supercollider.
Look in the comments, we have people getting multiple requests for renaming/moving files.
Well, this Microsoft system is better than nothing. At least I've seen on some forum awhile ago (read: not true) that some user got promt like "Are you sure you want to run trojan.exe?" and so the malware was eventually caught and disabled.
A far better solution vould be to require the sw vendors to obey the security model to get the Windows approwal stamp...
and hunt any vendor down if they put an approwal mark without obeing the security model.
UAC is annoying people into uninstalling Vista and switching to Linux and OS X. So, it's working: UAC really is improving PC security.
For the next release, however, maybe Microsoft should be more straightforward and simply boot into a display that says "please go to www.ubuntu.com to upgrade your OS and applications".
Try running Vista as a real standard user, and you'll see it asks you to authenticate as an admin, with password.
It should. Because I clearly remember that (after having amusedly stared at the 3/4 screenfuls of possible privileges that could be given to your process (and wondering: which are the right ones?), everybody used to type:is changed with the "SET PROC/PRIV=..." command). Of course it should be designed differently.
SET PROC/PRIV=ALL
Instant root.
alf
Yet more hidden costs for software developers. The added burden of support staff, development etc...
Now is the time to move your product to OSX or Linux.
Microsoft would be better off doing what Apple did, obsoleting the old system and redesigning from scratch. Run old Windows apps under a VM or something.
UAC is actually very bad from a security viewpoint. By annoying users more than necessary (more later), all it does it makes most users turn UAC off.
From a cynical POV, I think all UAC is for is to allow Microsoft to blame users for security problems (ah you turned UAC off - so it's YOUR fault).
If Microsoft was really interested in security they would have done more and better sandboxing of applications.
My suggestion is to have a manageable number of default templates for sandboxing applications. If the app is unsigned by a user-trusted entity, the user gets a pop up which tells the user what type of sandbox the application wants to run in.
It would be far easier to train Joe Schmoe to not run a "flash game" which asks for "Full User Privileges" or even "Full System Privileges" (with all the scary warnings etc) and to only run a "flash game" that asks for a "Guest Game" sandbox. After all there is no need for most legitimate flash games to access "My Documents" or your web browser bookmarks, or even your microphone/webcam.
The idea is even if a program wanted to do something nasty, if it is running in a sandbox, it can't, and if a program requests an unusual sandbox so that it can do something nasty, it is easier for a user to know something strange is going on.
This would also be a lot less work than UAC. Don't need to make 10 decisions one after another when you run the app.
There could be custom sandbox templates that are validated and signed by a mutually trusted authority. So that new apps that require fancy privileges can run in fancy sandboxes without annoying prompts that bother Joe Schmoe.
As for Linux and OSX, they aren't really more secure than Windows, with both these OSes if Joe Schmoe is about to run something new, he doesn't even know what the program is really going to do till he runs it. It is like expecting Joe Schmoe to solve the halting problem and without him being able to read the source code either - "Is this program going to halt, or is it going to take over my computer?". So my suggestions are just as applicable to them.
So? They want a prize for creating something that works as planned?
UAC really shines in low rights mode. under XP if something needed elevated privileges, the app would just bomb. Under vista, if you need to elevate, you get a prompt for admin level credentials.
In some respects, this is a good design. There is a clear separation of policy and mechanism, for example. The kernel provides the mechanism for elevating privilege and sudo provides the policy. The down side is that sudo violates the principle of minimum privilege - in order to be able to switch between two very low-privileged users you need to go via a highly-privileged user (root), and a few privilege escalation vulnerabilities in sudo have shown that this is a slight problem.
I am TheRaven on Soylent News
The real WTF is that so much Linux and UNIX software still requires root permission and mucking around with system directories.
Hal,
You're right. I use Windows XP every day of my life and it's a very good product.
I want to like Microsoft, really I do. I was so happy with XP in fact, that I tried Windows Vista when it came out and I got ripped off for a few hundred bucks because it was so awful I had to remove it from my new computer and go buy another copy of XP. In fact, I wish I could recoup some of my losses by selling my Vista to another sucker, but Microsoft won't let me do that.
My dad bought Chevrolets every 4 years for all his adult life. Was it any better than a Ford or Chrysler? How could Microsoft have squandered the possibility for brand loyalty the way they have?
Now, they only stay alive by sheer force of size.
You are welcome on my lawn.
LOL don't any of you DARE start trying to bag people's coding skills just because they write windows programs.... I could almost pick OSS projects at random and give you examples of horrible coding. you don't want to start that argument believe me.
If you mod me down, I will become more powerful than you can imagine....
Windows XP has a feature called the Limited Account. The problem with it is that it's a bit flakey. The "Run As" option works fine. All Microsoft had to do was improve on Limited Accounts by making them more flexible. Instead they went berzerk and created a whole new security feature that wasn't necessary and that's what annoys people.
What you mention is exactly what is desired.
UAC nags you for every little piece of rubbish. 99.999% of those requests are ok. Well, not ok, if programmers would not require godmode for every stupid little setup change... but they're not harmful. It's the other 0.001% that matter.
Now, the average user turns off UAC. For a simple reason: Imagine some tool you don't know much besides operating it asks you "The futzgrabber in the argamajig wants to mirfl. Cancel or allow?" What do you do? After some try and error, you learn that the thing does what you want when you click allow. You start wondering why the heck you have to click allow. And the next logic step is to turn the pointless thing off altogether.
And here's where the tool works as designed. Because if you get infected, MS can just shrug and say "Hey, we gave you the tool to avoid it. See, UAC would have told you this wants to do something bad, but you turned UAC off. Your fault."
Instead of finding a way to give the user a secure system, MS just shifted the blame. You can't blame Windows now anymore if you get infected. It has a tool that would have told you you're going to get infected, but you turned it off. Shift the blame for the infection to the user, away from the system. That's all UAC is about.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The biggest privilege level violation problem in Windows is the fact that there's even a mechanism to allow privilege elevation in the HTML control.
If Microsoft wants to eliminate privilege elevation, they need to start by scrapping ActiveX.
Please note, K3b (using distro defaults, generally) does not require you to run as root to burn a CD/DVD.
I can only hope I didn't detect the sarcasm in your post.
Just like Apple, Microsoft should be smart for the following version of Windows. If they want to break with previous versions anyway, they should just pick an existing *nix foundations and write their won GUI on top of that. It would really make the world much better IMHO.
You frankly, just don't get the purpose of all of this.
The goal here is to mitigate security risks because developers got used to admin privileges.
Mod parent down: Ignorant. From here:
... THIS ... IS ... NEWSWORTHY.
... wait for it, wait for it ... ) Microsoft. How the hell are they going to encourage 3rd party developers to clean up their act when they can't even build good code in house?
David Cross, a product unit manager at Microsoft, was the group program manager in charge of designing User Account Control (UAC).
There. Credentials established. He was in charge of designing it.
"The reason we put UAC into the (Vista) platform was to annoy users--I'm serious".
There. Intent established.
The media aren't exploiting it. They are reporting it. When the company with world's dominant desktop OS and dominant desktop productivity suite puts a group program manager on stage at a public event with press in attendance, and he specifically reveals that the reason for particular piece of so-called security software is to "annoy users"
The Gump quote is the only piece of your post I agree with. Speaking of which, his comments included the following stats:
- 80% of the warnings were generated by 10 apps
- Some undisclosed number of those 10 apps were from (
More:
- 66% of sessions now run without prompts. (means chance of annoying prompt = 34%)
- 88% of users have not turned off UAC. (means 12% are so fed up they switch it off)
- 7% of UAC permission dialog boxes get a "No" click. (means that 93% of sheeple^h^h^h^h^h users automagically click "Yes". Alternate explanation: Those 7% are too afraid of "Yes", and click "No" by default.)
I prefer rogues to imbeciles because they sometimes take a rest.
It's fine to blame "windows programmers" for the pop-ups that plague vista but in my experience (20yrs) most proffesional developers are also "*nix programmers". Conditional compilation and a lot more testing is the price one pays for supporting a diverse range of O/S's.
And still it doesn't help. Doom 3, available for both Windows and Linux, ostensibly needs to run as Administrator in Windows.
Why does it need to run as Administrator ? Simply because it attempts to write to a config file located in the %PROGRAMFILES%\Doom 3 directory. Make that one file (which shouldn't even be there in the first place) r/w and Doom 3 works fine from a regular user account.
since they can't figure out how to actually do a good job at locking down the system, they've decided it's a good idea to put spike-strips all over the place to slow down those running around. And they want the user to help do the work of clearing the spike-strips.
I can't wait until someone figures out how to automate the "ok" clicking of any and all UAC dialogs.
This is just going to further desensitize Windows users to informational dialog boxes. Most noob Windows users I've seen just click OK without reading what the box says. They already don't understand 90% of what they are doing so clicking OK seems to make them feel like they are doing the right thing.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
MSKB 260151 has details. I particularly like this gem from that KB article: Microsoft Photo Editor is a minor auxiliary application that does not meet the requirements of the Windows 2000 Logo compliant program. Core Microsoft Office applications do not depend on this application for their functionality. In other words, Office fails the Windows 2000 Logo requirements, but Microsoft gave it approval anyway. One nice thing about being the one making the rules is that one can also make your own exceptions.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
The UAC API is a horrible piece of junk. Here's what happened one day when I tried writing a Vista sudo for Cygwin, once upon a time...
Backstory first:
I was used to running Cygwin on XP, which I like very much (and think is a great combination for getting stuff done). When I got a laptop with Vista, I found that a lot of the GNU tools on Cygwin simply wouldn't work if UAC was on; they simply returned an error, something like, "Permission denied." I wouldn't have minded if the programs had triggered a UAC elevation; I'd have seen that as akin to sudo. But instead, they just flat-out failed.
It seems that programs on Vista do not automatically raise UAC when they attempt to do something that requires elevated privileges. So I asked, "Can I make a program -- I'll call it 'sudo' -- that triggers UAC and then runs another program with the elevated privileges?"
It turns out that the answer is "not really." (I know scripts exist that people call 'sudo for Vista,' but they don't do quite what I wanted; I'll get to that in a second). (EDIT: it may actually be possible, through a somewhat convoluted process involving a number of different EXEs and DLLs with appropriate manifests. I'll get to that at the end. But it's certainly not something provided in any sane way by the API.)
The best way to explain my goals for a Cygwin 'sudo' is with a simple example:
Suppose I attempted the following:
cd /cygdrive/c/Program\ Files/ # Some protected directory
mv a.txt b.txt
Error: Permission Denied
I would want to be able to instead do,
cd /cygdrive/c/Program\ Files/ # Some protected directory
sudo mv a.txt b.txt
#***Vista UAC Prompt pops up; I click OK.***
# (file has been successfully moved)
This seems useful, no? It would be a way to keep UAC, yet also use the commandline tools it currently cripples.
Now, as I mentioned before, there do exist various scripts calling themselves 'sudo for Vista,' but none of them really achieve the above. Here's why: Rather than running mv in the same terminal, they pop up another terminal on top running mv. This sort of does what you want, but not quite -- and subtly breaks a lot of things: For a simple-if-not-compelling example, it's impossible with this scheme to run one program with "sudo" and pipe its output to an un-elevated program (one run without sudo).
At the heart of the problem is the fact that, at the end of the day, there is only one nice way to get UAC out of Vista, and it is a most inflexible one: The ShellExecuteEx() function -- essentially, this is what gets called when you double-click on something in Explorer.
That's a slight oversimplification: There are some other obnoxious hoops you can jump through to get UAC [changing manifests (What's up with that? Tell me how to do that with gcc.), some COM garbage, or simply -- and this is a little silly -- including the word 'setup' or 'install' in your executable's filename], but as far as I could tell they all take you to roughly the same place.
(EDIT: It turns out that there might be just enough wiggle-room to get slightly different results from these different approaches.)
Eventually, frustrated, I gave up.
My conclusion was that the Vista UAC API was a horrible piece of garbage, as this sort of thing is not terribly difficult to achieve on Linux.
EDIT: It seems that, since that day, someone else may have succeeded where I failed. I'll need to try out his solution myself before I can be completely sure that it's what I want, but what I see looks very good. If so, then the author -- Thomas Hruska -- deserves kudos for figuring out a very clever workaround. But I think the very fact that such a workaround is necessary at all merely reinforces my original point that the UAC API is a steaming mess.
UAC does seem to allow for some sudo-like functionality with UAC. If an unprivileged account tries to do something, they get prompted for credentials (username/password). An admin can then elevate that operation to a privileged account, without having to explicitly start a separate session with RUNAS. Too bad that's not available in XP, because I'm not moving to Vista any time soon.
Mark Russinovich, of SysInternals fame, wrote a really good article on how UAC actually works internally. Recommended for those interested. "Inside Windows Vista User Account Control", TechNet.
As far as the user experience goes, I liken it to the way Ubuntu does things: The account you use for normal operations prompts you before performing system actions. They're just implemented totally different. In Ubuntu, you run with a regular *nix user account, and it uses sudo-to-root for the system actions. The root account is nominally not used for interactive logon.
I find the *nix method cleaner. But then, Microsoft is trying to provide backwards compatibility. I'd might be willing to buy that as an excuse, except for the fact that Vista broke so much other stuff. Clearly, backwards compatibility is only sometimes important to Microsoft.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Now it annoys me by warning that I turned it off.
But that's far less annoying than pissing me off every time I try to do something. I also turned off the special effects and Windows Defender. I XP-ified my new laptop as much as possible and it makes Vista usable. It's a lot slower in acquiring a wifi connection than XP.
"You'll get nothing, and you'll like it!"
Comment removed based on user account deletion
for yet another demonstration of just how backwards your logic really is
Comment removed based on user account deletion
That is not my understanding. In my experience UAC does not ask for a password at all. It is simply a "cancel or allow" dialog. You don't enter a password or in any other way "grant" higher permissions, it isn't like the "run as..." command that has been around since windows 2000.
At least that has been my experience/understanding of UAC.
that is the default behavior for users with admin privileges. When the user that's being prompted isnt an admin, then UAC prompts for admin privileges. its actully RunAs 2.0. WithGPO you can turn off UAC, set it to silently elevate for admins, Allow/Deny, or require credentials. But then again, I've just been labbing all this before i certify vista on my network. you can try this you self with an standard user, or read the docs http://technet2.microsoft.com/WindowsVista/en/library/00d04415-2b2f-422c-b70e-b18ff918c2811033.mspx?mfr=true
Look in the comments, we have people getting multiple requests for renaming/moving files.
If I move/rename a file under Program Files I get asked once. Otherwise... no.
Let's compare. In HTML:
And in BBCode:
It saves you a grand total of three characters. It is arguably more intuitive, at the expense of meaning that someone coming from BBCode won't necessarily understand HTML -- and HTML is actually a web standard. And the fact that every forum seems to use its own markup makes it even worse.
You know what I think? I think BBCode was invented because at some point, someone found it easier to create a parser of something entirely different (and escape out anything HTML-ish) than to simply enforce a subset of HTML. The fact that the second link from Google (after Wikipedia) on a search for bbcode takes me to phpbb is kind of a dead giveaway that it was some lazy PHP coding.
Besides, there are even simpler syntaxes out there, if ease of use or ease of typing was the goal. There's WYSIWYG editors for HTML, there's Markdown, Haml, and more. If I wanted to save people from the horrible complexity of HTML, bbcode would be about dead last on my list.
Don't thank God, thank a doctor!
And that's the fallacy that doesn't make sense to me. Don't MS have some sort of first level support? Do they ever listen to those guys?
Everyone who ever sat in 1st level support had at the very least one of these calls:
"What System do you use?"
"Word (alternatively 'Excel')"
People don't even think of there being a distinction between the operating system and programs. Their computer is a thingamajig box that does what it should (hopefully. If not, call support). And just like they expect a calculator to add and subtract, a microwave to heat stuff fast, they expect their computer to be a word processor. Or a CAD tool. Or a SAP frontend. Or whatever else they work with. That their system is from Microsoft and their SAP frontend from, well, SAP? "Don't pester me with technical details, I just work with the damn thing!"
So what does the average user see?
1. His old computer "worked".
2. His new computer nags him.
Who's the culprit? The computer. So he asks his admin, if he's so inquisitive at all, where that nagging screen comes from, and his admin will tell him it's the new security feature from MS. Who's the culprit for the user? MS. Because MS did something so his computer doesn't "work" anymore.
3rd party computer companies won't care about UAC nagging as long as users blame MS. And users will blame MS since they changed something and not for the better, at least from their point of view. Since the application programmer didn't change anything, MS is the bad guy here.
At least from the perspective of the user.
Didn't it ever occur to MS? Ask anyone who ever worked in 1st level support for longer than a month, and he would have told you that!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Yeah, but those things are there to be annoying. Actually companies outdo each other in inventing such pesky little devices that are more annoying than the others. I recently heard of one that, if you put it to snooze, starts to walk away from the bed and nags you out of reach. How much masochism does it take to voluntarily buy something like that!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
From what I can tell:
#1 is fine and acceptable.
#2 is a bad thing to encourage. Package managers are generally a more secure and more efficient system than ad-hoc downloads. But you would stil get a prompt.
#3 seems like a case for using another OS, as there's nothing written in the past 9+ years that would have me using Windows as a primary OS. Games, maybe, but those can be run in a VM, and are still not a reason to run anything but the game on Windows. (Which is good for Windows, actually -- the Windows installations that I put nothing but games on are much faster and more reliable than the ones I actually use.)
Don't thank God, thank a doctor!
So were you just making up random words in the hope of sounding informed? Or did you just get a little confused.
The teardrop attack has absolutely nothing to do with what you're talking about.
I think what you were probably trying to reference was a Shatter Attack.
Even this wasnt quite as simple or prevalant as you describe. And the whole class of attacks of which the Shatter Attack was one is eliminated in Vista by core changes to the windowing system.
Please make sure you're fully educated and knowledgeable about a subject before coming in here and spouting off as if you know what you were talking about.
Except that goal is not achieved. If anything, it makes security worse, because people automatically click "allow" without reading or thinking about the dialog.
... and then they built the supercollider.
You got me there... well said.
By the same token, given that some of the older virus hits still work in XP, with minor updates, even though there was an "architecture change", leads me to wonder if a slight modification to such a virus would not make it "vista compatible" ? Hell, Sub7 still works today. That's either a technical feat on the part of the sub7 crowd, or it is a total and dysmal failure of the windows people to keep up with vulns, especially the kind that would be critical if implemented by a hostile individual in a critical IT environment (banking, military, research, hospitals, etc?).
If anything, I recall that MS has a tendency to not even really fix things when their customers are hurting... there's a reason I gave up on IT work. I valued my sanity. That and I don't like lying to customers that their problem is someone else's fault. Its their fault for buying products aimed at the lowest common denominator of user ability and intelligence.
At this point I don't have to worry anymore and use some bullshit excuse like "its those evil virus writers' fault" or "Microsoft will fix it soon"... or "you probably weren't up to date on patches".
The main flaws of Windows, is that they were operating systems marketed to the lowest common denominator in intellect, and fairly high end hardware that was affordable at the time. If it had not been for the gaming and hardware geeks (think the last generation of hardware overclockers, back when dip switches on boards were still common), and for the hard core gamers, I'm willing to believe that the hardware race would never have taken off like it did.
Frankly I may well have forgotten what the attack was called, per se, you may be right and so might that wiki entry you pointed to. All I know is that walking away from windows IT has done wonders for my sanity. Lying to customers as a company policy is definitely not the way I prefer to do business, but working for someone else ends up costing dearly when the company line is "windows is good, and you need it". For office work, windows is a joke. For gaming, sure, its great... but gaming is the only reason I would even consider still using windows. Other than gaming, I have no reason to touch it, not even with a ten foot pole. Your mileage, however, may vary.
" What luck for rulers that men do not think" - Adolf Hitler
you are coming to a sad realisation - cancel or allow?
.. paranoid crackpot leftover from the days of Amiga.
Shift the blame for the infection to the user, away from the system. That's all UAC is about.
Yes, and once everybody declares Vista too difficult to use and administer, Microsoft will have an alternative for you.
Since I wrote that essay last year, Office Live has become real(-ish).
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
But people aren't paying for something they could get 'for free'. Windows is a very different thing to Linux. Go read The Old New Thing for why in detail. Raymond Chen describes a mindset - that new releases of the OS should support old software even if it is buggy, that software interfaces are contracts that should not be broken, and that software designers should make choices for their users rather that presenting them with a load of questions they cannot possibly answer. That's completely missing in the 'free software' world. I've installed Linux a couple of times, fiddled around for a couple of weeks until all the bits of my PC more or less work. But they never work as well as they did in Windows. Eventually I end up nuking it and reinstalling Windows because the Linux 'equivalent' of some Windows applications I use all the time is completely amateurish and user hostile.
And they are not paying very much. Suppose I buy a laptop for $1500. It comes with a copy of Windows which costs say $50 to the PC vendor (I read an article somewhere that estimated the cost of Windows to Dell was $50). But the PC vendor will install a load of trialware on it that I need to uninstall. My guess is that they get paid a kickback for doing that because a percentage of people will buy it at the end of the trial. So the effective cost of Windows is probably less. Under $50 every time I buy a new PC every three years is not a lot of money. Hell I'd pay a lot more to avoid the dreaded Linux fault threshold if I had to.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Comment removed based on user account deletion
Did you forget about NT? 3.51 was around during the Win 3.1 days and NT4 was around during the Win95 days. All ran on the same hardware, NT just needed a bit more RAM to work well.
Windows was designed for a PC (Personal Computer) which in the beginning the only network it used was "Sneaker Net" and a floppy. They had no NIC cards so in Microsoft's weak minds there was no need for security except for locking the room the PC was in. Actually what you are looking at Slashdot with is not a PC but a "Network Workstation". Herein lies the problem using an operating system that is designed so that its security depends on a locked physical door on an open network. Open networks go right around the physical door through the wall.
UNIX and all its family (Linux, BSD, OSX, Solaris) were designed from the start to be a networked operating system so ACL's and user controls were built in from the start.
NT was built to be a networked operating system and had a decent security model. Some said that it was too clunky because you had to set user permissions, users where set up as "Users" and not Administrators so in order to Admin the box you had to log out of your user account and log in as Administrator. (Gee what a novel idea!) So in XPee they used the NT kernel and threw away a decent security model for "Ease of Use" so that people that are either to lazy or too stupid to learn how to use a computer can use one.
Yes they built the UAC to annoy users but it has nothing to do with developers and their code. It is to annoy users to the point they turn it off and then the user is responsible and not Microsoft when the machine gets 0wned. A simple fix to a problem. Shift the blame. You have to remember Microsoft's own development application VS compiles dll's to the system directory to where your app must run in "God mode" for you. Developers are not really to blame as much as the platform they are using to develop with.
I'm glad I don't have to put up with such sh_t anymore.
People will do that no matter what, until the end of time. Every example of dangling a carrot, a picture of a bunny or a cute cat in front of a user will result in them doing whatever you ask them to do. Want to see a cute cat picture? Run this program. Or save it and then run it as administrator.
That's always going to be the case until we can cut down on the number of programs requiring this "run as administrator" user intervention. If we can get Windows devs to the point where 99% of programs can run with low rights, and only 1% run only with admin rights, then we get to the point where we can convince non-savvy users that something is up if a program requires administrator anything, or if a dialog pops up. Then we can get to the point where instead of having relatively innocent yellow dialogs, every UAC prompt is a bright red warning sign. The reason they can't do that -now- is because it would intimidate users, the reason they can't recommend against hitting "OK" in the UAC is because it would unnecessarily warn against the majority of applications. That's clearly wrong. We need to change that.
The only way that goal can be reached is by reducing the number of developers who expect admin permissions. That can only be accomplished by punishing them in some way for doing so, by adding loops for users to jump through (we know they will, anyway) and encouraging developers to reduce that. Then, and only then, can we increase the severity of the warning and the wording therein when an application wants admin rights.
I can't help thinking that there's something fundamentally wrong with this whole approach to PC security.
Now, as far as I'm concerned, all my PCs are extensions of my own mind. No one else is going to be using them, and it's MY responsibility to ensure that code I don't permit never runs on them.
This implies several things, all of which are contradictory to 'how it's done' at the moment:
* There should never, ever, be any 'active executables' that must run on the PC as part of net browsing or any other activity. Flash, Java, active agents, dynamic plugins, etc - all are a bad idea. Nothing should come in but passive data, that applications already on the PC (by my permission) parse to display.
* Anything that IS installed on the PC should have full access to all PC resources. I don't set varying 'permission levels' to different parts of my own mind, and shouldn't have to put up with this shit on my PC either. At the moment the brain-computer link is so primitive (keyboard-screen) that the incompatible approaches are still workable. As technology advances, this will cease to be so.
* The whole 'permissions' ideology inevitably leads to the kind of DRM insanity that has started with Vista and 'secure computing/trusted computing', and will only get worse (if Microsoft has anything to do with it.) When one considers the computer as an extension of one's own mind, then such DRM bullshit equates to mind control. Which is probably where Microsoft would like to go next.
* The right security model for personal computing, is something more like a perimeter fence. Anything outside the fence is considered hostile. Anything let through the gate is going to have to undergo a very thorough checking out (such as being required to have all executable code in some plain text interpretable form, that can be scanned for nasties). Once inside the fence and OK'd, it is 'part of you' and has the same access to everything as you do.
* Just as your mind has introspection, a conscience, that monitors what you do, PCs need a hardware means to continuously and invulnerably monitor the computer's activities, and throw an emergency halt if something stupid is happening. Some kind of secondary CPU and firmware that acts a bit like a continuous tracer and profiler, and which can't be corrupted by the main processor's actions.
In other words, dispense with ALL the annoyances of internal security, and rely on perimeter executable exclusion, backups and self-activity monitoring to catch and recover from any hostile or faulty internal code operation.
Note that any kind of DRM management would be impossible in such a model. GOOD!
But that is why TPTB will not develop such an OS.
#3 seems like a case for using another OS, as there's nothing written in the past 9+ years that would have me using Windows as a primary OS. Games, maybe, but those can be run in a VM, and are still not a reason to run anything but the game on Windows.
Ultimately, the nature of my work is such that I'll have at least one Windows machine for the foreseeable future.
Games are mostly it in the 9+ years category, excepting odd business applications that I'm replacing, etc. They could be run in a VM, but generally clicking once that, yes, it's okay to run Diablo I find to be less hassle than firing up a VM.
Diablo, I'd expect to run well under Wine; forget a VM.
I guess I'm just to the point now where, even if I was developing an app for Windows, I would much rather be working with a VM and with Linux.
Don't thank God, thank a doctor!
What a dumb arrogant statement. Microsoft has their own fucking products that don't run correctly under regular user accounts. Dynamics GP is one example. We run Dynamics for our ERP system, and we have to change NTFS permissions on various folders, and permissions on a handful of registry keys to get it to run correctly.
grep -iw skynet
At least from the perspective of the user.
Didn't it ever occur to MS? Ask anyone who ever worked in 1st level support for longer than a month, and he would have told you that! Well, it's a bit of a late reply (for slashdot), but I thought you may be interested.
Funny thing is, is that I did work as a 1st level tech support for longer than a month, and I happened to have worked on the Vista campaign from its initial launch. I'm not there anymore (M$ closed down a lot of their call centres for lack of demand). I can't remember UAC being an issue, or at least not an overbearing issue. In fact I had the impression that most folks who initially bought Vista were already quite familiar with it (like business people and techie types). There were a lot of compatibility issues (the Mac itunes issue came to mind, as I remember trouble-shooting that and other media issues before they became well-known in the media). From my impression much of the issues were drivers and software that just weren't compatible with Vista, and yes M$ does go out of its way to educate and help software developers make their software compatible. I'm no M$-fanboy, but I do think my experiences dealing with M$ first hand gives me a unique perspective. That being said, from the customer service side of things (when dealing with both "Partners" and retail customers), I have had the impression that M$ does listen and they do try to accommodate more than other companies (I've done first level support for quite a few large companies, and in my opinion M$ is one of the best in regards to how much they attempt to accommodate the customer).
Vista does have its problems, but as the person who posted the original comment to which so many people are replying, I must say that this person (David Cross) is speaking through his ass, and does not represent the opinions of anybody in Microsoft.
Best regards,
UTW
Comment removed based on user account deletion