Slashdot Mirror
Windows 7 To Dial Down UAC
Barence writes "Engineers working on Windows 7 have admitted Vista's User Account Control was too intrusive, and are promising to tone it down in the forthcoming Windows 7. 'We've heard loud and clear that you are frustrated,' says Microsoft engineer Ben Fathi. 'You find the prompts too frequent, annoying, and confusing. We still want to provide you control over what changes can happen to your system, but we want to provide you a better overall experience.' According to Fathi, when Vista first launched, 775,312 unique applications were producing prompts — so some may be annoyed that it won't be scrapped entirely, but at least Microsoft is listening. The comments echo those of Steve Ballmer, who admitted at a conference in London that 'the biggest trade-off we made was sacrificing security for compatibility. I'm not sure the end-users really appreciated that trade-off.'"
Of course most users are going to just click "OK", but how can the more tech-savvy users(you know, the ones who actually read the boxes) actually know what they're approving when the dialog boxes say such laughingly vague shit like "File operation - continue or cancel?"!
If you started this, or you trust this process, please click OK.
'the biggest trade-off we made was sacrificing security for compatibility. I'm not sure the end-users really appreciated that trade-off.'
Nice sentence to put on a tombstone.
I hate to be the one to say it. But, they're probably saying "hmm, well we should make it more like OSx's"
*DISABLE IT*. http://www.mydigitallife.info/2006/12/19/turn-off-or-disable-user-account-control-uac-in-windows-vista/
(Now, does that now make my Vista SP1 more 'Windows 7ish'?)
Other methods here: http://www.google.com/search?hl=en&safe=off&q=How+to+disable+Vista+UAC
No, don't write secure software, staple on a bunch of dialog boxes to shift the onus onto the user.
Trolling is a art,
It's Security vs. Pain In Your Ass for No Reason that is the problem. If I click Windows Update, why should I then immediately need to allow it? I just clicked on it!
You look at the screen. You open up Firefox. You eat a burger. You have sex(most /.ers wont know this, but it gives a "Stop, are you sure you want to continue and humiliate yourself?" prompt
You breathe too heavily.
You use the restroom.
And then, when you switch to linux,
su gives you a message that says "Its about time you fskin idiot!"
"It's ok, I'm completely secure as long as my iron is off"
Seriously, why doesn't Microsoft spend its considerable resources helping fix UAC for Vista? Do it as part of SP2... Since answering UAC is modal (systemwide), it's not like any user-level apps "depend" on it behaving in a specific way/at specific times, so changing its behavior should have no negative effect on those apps...
Or are they admitting defeat and preparing for the next battle (a.k.a. Windows 7)???
Windows 3.1x calc: 3.11 - 3.10 = 0.00
I couldn't be happier not having experienced the headaches mentioned in this article.
We figured out a long time ago that it's easier to elect seven judges than to elect 132 legislators.
In most Linux distros, if you do something that requires admin access, it asks you for the admin password and holds onto privileges for a little while. That way, if I rearrange a bunch of icons I don't get 100 different prompts. This is simply common sense. It amazes me that the Microsoft developers didn't get fed up with the prompts and do the obvious thing.
... how getting computer users to blindly click through continuous, repetitive, and annoying dialog boxes kept computers more secure in the first place. It would seem under any reasonable analysis to do the opposite.
If someone says he and his monkey have nothing to hide, they almost certainly do.
It would be a much better idea to force every programmer to run under a non-Administrator account (and no Administrators or even Power Users group membership either!) Anyone who complains is obviously writing bad code, since there is absolutely no friggin' reason that a regular application should require administrative privileges. Whatever you set during setup is IT! And, for God's sake, learn to open registry keys in read-only mode!
This problem of imbecilic prompts is directly related to the entire inane history of DOS and then Windows, where all the lessons of multi-user systems learnt decades before were wilfully and sanctimoniously ignored by the resident Microsoft "geniuses". Thus application "developers" were allowed to, and soon came to depend on, access to what in nearly every other OS in existence are "root only" subsystems. Even in editions of Windows which were supposedly multi-user capable, the prevalent lazy practice of majority of "developers" was to depend on system-wide registry keys, administrative privilege level processes and what not to accomplish most mundane of tasks.
And so now the chickens are home to roost, with literally hundreds of thousands of apps written to kindergarten competence levels. And Microsoft is in a bind: secure the OS and either break these stupidly written apps altogether, inundate the user with prompts every time one of them tries something stupid, or give up.
They are scared to death of the implications of the first choice, tried the second, and now seem to be heading toward that last one.
I know you could disable the UAC, but it wasn't as simple as typing 'su' and entering your root password.
If I'm root I want to be able to do ANYTHING with no questions asked. Kill the filesystem with one commandline? Sure. Kill my databases? Sure. Change settings of anything? Sure.
Yet the Administrator accounts in Windows get just as many annoying prompts (if not more) than the standard users. I should be able to configure rights below me easily to allow my standard user to not get bothered by prompts that they can just click through.
br I see it as a huge issue because is faux security with the UAC mostly. It creates warnings basically, but doesn't prevent action (mostly again).
Tibbon
tibbon.com
Right, we're going to pay Microsoft again to fix the garbage they foisted on us.
If you're not installing Vista for enhanced security, why exactly are you installing it?
Because I'm buying or building a new computer other than a subnotebook. Between June 2008 and December 2096, Windows XP is not available on computers other than subnotebooks, and I want to use applications that work better under Windows Vista than under Ubuntu with Wine.
It isn't about security.
It's about blame.
Well YOU were the one that clicked "okay" when the machine WARNED you that it MIGHT be dangerous. (Conveniently ignore the other thousand times when you were "warned" and it was not a threat.) Just a modern take on the old "boy who cried wolf" theme.
Who gives a crap about that? How about dialing down the suckage?
Those who would give up Essential Security to purchase a little Temporary Liberty deserve Microsoft products.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The people that appreciate security aren't windows users? SAY IT AINT SO!
For Vista they had it turned up to 11.
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
After the system, software is setup and running, I hardly run into any UAC prompt, except for one of the bank applications that for unknown requires admin privilege.
If Vista didn't push for that, we will need admin privileges to run Windows, forever, because of the bad design of applications!
There are, definitely, room for improvements, for example, combining the ActiveX Install prompt with UAC, reducing two to one. Combing the warning of running the Internet downloaded .exe and UAC, and allows a Explorer.exe to have the admin token for a while once granted, for those file manipulation operations.
All in all, I love UAC! It's more convenient than typing "sudo ..." for every commands i need to run at root's right.
If Microsoft only allowed products to show any kind of Windows logo if they complied with the security rules, this wouldn't be a problem. Microsoft loosened up on the logo program because developers weren't willing to bother.
This happened to Apple when they went to the PowerPC, and were dumped by many major software vendors. Apple wasn't in a position to order developers around, and they hadn't realized that. It took years to recover from that.
Because XP MCE is an abandoned child, and if you want specific functionality in Windows on a media center you need a windows box.
Is it just my observation, or are there way too many stupid people in the world?
The biggest security problem in Windows is that the design of the HTML control and ActiveX in conjunction with the "security zone" model is inherently insecure. It provides a huge surface are to remote code execution exploits that simply does not exist in any other web browser... or any other software on any other platform that uses HTML and HTTP. The problem is that it's an explicit and deliberate mechanism for an object that should never be trusted... that is to say, a remote website... to request full local application permissions and run unsandboxed code.
Until this model is changed and only explicitly installed applications can run outside the browser's sandbox, Windows is going to remain the poster boy for "insecure systems".
Being able to prevent an already compromised application from performing system administration tasks is laudable, but it's not really all that important to the user. Everything on their computer that they care about isn't owned by the administrator, it's owned by their regular user account. And there's plenty of places owned by the end user that malware can hide to keep being restarted after the computer is rebooted. UAC is a partial sandbox, at best.
Being able to restrict what the web browser can do after it;s been compromised is laudable, but since the browser has to be able to save files for the user, it can still inject an exploit into the users account. So the reduced privilege mode on Vista (and the much touted sandboxes on OS X) are leaky protection at best.
And leaky sandboxes, and partial sandboxes, are more useful in providing a false sense of security to the user than actually keeping malware out.
Getting rid of the "security zones" model and replacing it with hard impermeable sandboxes will cause some disruption. Programs like Windows Update will have to be rewritten to use plugins. ActiveX games will have to be rewritten as flash or modified to run in a full sandbox using something like .NET or a JVM. But this WOULD be a matter of trading off convenience for security. UAC is trading off convenience for the illusion of security. That's not the same thing at all.
"I'm not sure the end-users really appreciated that trade-off.'"
I'm pretty sure Ballmer fails appreciate how little end users appreciate what he thinks they should. If Ballmer appreciated the fact that end users appreciate what they damn well want to in spite of the best efforts at mind control^H^H^H^H marketing hype ^H^H^H^H standardization, we might end up with a Windows that's not unpleasant to use.
OK, I just reread that last line. I had no idea I was on drugs.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
do what i do and go into user accounts in control panel and turn it off... no more hassle
Users are annoyed by UAC and because of their annoyance and the fact that its gives them little or no useful information they almost always just hit continue thereby making UAC even more worthless. There are far better third party solutions for people who want real UAC. We're staying on XP until I can evaluate Windows 7, if it isn't a drastic massive improvement then our migration will be to Linux which is getting to the point of being a useable business workstation if you have an decent IT person.
This seriously dates me, but...
Back in the early days of IBM mainframes, there was a migration from a version of their OS which required the program to specify which tape drive to hang a reel on, to one which picked a drive for you, and thereby managed that resource. One vendor sold an add-on that enabled companies to continue using their old software under the new OS by intercepting those mount messages, which meant supplying it with the text of each one it might encounter. Once the messages were all supplied, the console quieted down and the operator no longer had to deal with programs insisting on a tape drive that was either broken or non-existent.
---
I write pointed political and business short stories at klurgsheld.wordpress.com
Hopefully their is an option to keep it the way it is. I like knowing exactly what is going on. I can't tell you how many times I used it to cancel add-on crap from installing with games.
I've recently upgraded at work from XP to Vista 64 and I really like it. I hate it when I go back to XP now - where's my search?!!! Start button, app title, , it's just ruddy marvellous.
As a developer too UAC makes it much more realistic to develop and test under LUA scenarios.
I don't really get many UAC prompts. What's all this talk about rearranging menu shortcuts? Why the heck would you do that when you can just type the app name and press ENTER using LiveSearch.
I guess I'll be modded down for admitting to liking Vista but am I really alone?
There's an old story about this, as true about the modern age as it was back then.
Engineering is the art of compromise.
Microsoft has a broken security model because they need to be backwards compatible with all previous versions of windows. Why in God's name don't they blow it all up and start over? Sandbox everything legacy, use an emulator that won't allow legacy apps with security holes to f-up the system. If a smaller company like Apple can do it successfully, then why can't Microsoft? Stop sacrificing security for compatibility, and just re-write everything using a *nix foundation. Remember, those who don't understand UNIX are destined to re-create it, poorly.
Ballmer points out something we all missed: The study where an increased number of User prompts results in a more secure system. I imagine this showed the more you tick a user off, the less time windows is physically running because the computer is powered off... thereby increasing overall security.
UAC was, by Microsoft admission, designed to be as annoying as possible. This was a HUGE mistake, because that is precisely how, aside from security holes inherent to Windows' architecture, that spyware got to be so ubiquitous. I have clients who by their own admission will click "yes" to every damn dialog just to get them out of the way and get back to work. One of them said they'll keep having us come back to clean up their computers rather than change their behavior. I know I should be glad for the repeat revenue, but it's damn annoying when I know it could have been designed a lot better.
Why couldn't UAC either:
1. Elevate the user's privileges globally for a period of time, like sudo on *nix, or the analogous mechanism in Apple's OS X desktop environment?
2. Elevate the privileges of that process for a period of time?
3. Just inform the user "You must log in as Administrator to perform that task." and then disable UAC while logged in as Administrator (hey, that would be just like *nix! No nagging "are you sure" B.S. when root!)
4. Ditch backwards compatibility, relegating it (backwards compatibility) to a VirtualPC-sandboxed WinXP environment?
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
It's actually quite easy to increase security in emulation. The application thinks it is getting away with bloody murder but in fact it's ALL just an emulation. The files that it thinks it's overwriting are not overwritten at all. The bogus registry keys it writes are visible only to itself. I could go on but you see what I mean.
$$$ rules the day. If there is money to be made, it will be done. The vendor needs to convince the third party developers that it is worth the $$$, and no ordering is necessary, they will fall in line.
I read the blog. Been a member since it's inception.
Nowhere does it say they *are* going to disable any of the functionality. They intend to make it more intuitive, provide more useful information, and the like, but the main "dailing down" is being done by third-party devs actually *coding* to avoid UAC prompts. (Not requiring admin privs, not installing to protected folders, not accessing protected folders...etc)
On a modern linux installation, the number of times you need to log in as root to do ordinary stuff is ZERO. All of those desktop things that you used to have to do as root is now being done by setuid programs or other such carefully designed gateways.
My wife uses my linux laptop all the time and does all kinds of useful things on it and she does not know the root password.
The central point in the orginal post is:
---
Until this model is changed and only exlicitly installed applications can run outside the browser's sandbox, Windows is going to remain the poster boy for "insecure systems".
---
And this change you are talking about does NOTHING to address that.
Microsoft doesn't write insecure software because they are incapable of doing it. The write it because their definition of "secure" is different from your definition. To them "secure" is from the phrase "secure your revenue flow". They have an explicit aim of being able to extend your OS in ways which probably contradict with your best interests; for example providing advertising or auto-installing future Microsoft codecs.
The dialogs are there for a specific reason. They are designed to get your consent to Microsoft's activities. This is for several reasons including a) this puts legal responsibility on you for things that they do which might be bad for you. b) this enables them to sell to security freaks who know when to say no and will use that to know when to block access.
A good way to think of this is that it's the difference between rape and simulated rape in BDSM which is that BDSM is consensual. Both can be painful and nasty. See some examples on the internet of which kink.com is one of the more socially acceptable. The "only" thing which makes he latter legal and moral is the continued consent of the person involved.
This kind of moderating is a special pet peeve of mine.
UAC is first and foremost a masterful artifice disguised as security. It's a blame shifting mechanism. OS compromise? It's your fault.
Someone within that organization that dreamed up a system that doesn't provide privilege separation in order to *perfectly* shift the blame to the user.
Another part of that organization sold it as sudo-like and some of the moderators probably believe it is. This kind of belief is the unshakable variety, like Intelligent Design.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
(Administrator...) and the other right-click options to choose XP, 2K, etc would have helped. One would think ms would have created vista from scratch, and, as you say, emulate the older systems. Vista in all versions could have and SHOULD have had embedded in them that existing windows emulator.
But, they decided that certain "16-bit" help files code no longer suited their needs. Fortunately for them, it screwed over the help system and broke several Lotus SmartSuite help file functionality. Someone told me that it wasn't microsoft's responsibility to help Lotus run a bad help program. Thing is, EVERYbody used ms' help program in some way, and in some implementation.
But, a windows 98 emulator built into vista would have perpetuated use of "legacy" apps and probably would have delayed uptake in "new" versions ms would have loved to see 3rd parties sell, principally to compel "upgrading" (side-grading) to vista.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
This is the best one I have ever seen - "Windows update needs to update Windows Update so Windows Update can update Windows"
I've turned UAC prompting off entirely. And I don't miss it. Maybe I'll pay the price one day, but I'm taking my chances.
If Windows 7 has a reasonable UAC that actually provides some security without driving the user crazy, maybe I'd turn it on again.
They need to look at what the "consumers" do with their OS, like what eXPerience did with TinyXP.
But instead they will continue to add bloat and intrusion until Windows7 becomes the success that Vista now enjoys.
My firewall comes up and asks "Hey, do you want suchandsuch.exe to have internet access? Just this once? No? Always yes?" Why not do something like that with UAC allowing users to mark a prompt "yes, always alow"?
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
I have to assume Microsoft has not tested (even in Lab conditions) all "According to Fathi, when Vista first launched, 775,312 unique applications were producing prompts" of the applications producing these propmts. Which leads to how was this data collected, was it with user consent and is this mentionned in the EULA? The blog doesn't mention the data collection method. And it leaves out comparison with XP (which doesn't have UAC) but would be interesting to find out if other data is collected when users use XP.
Fine. Disable it. I'm just sick and tired of people making misleading comments and outright LIES about it.
You are on the wrong forum. There's no horse dead enough we can't keep beating on.
I have just disabled it from the very beginning.
I see it for installing software, and occasionally if trying to run an admin tool (on my home PC, less than once per week, at work, less than once per day).
Its a non-issue, those bitching about it can turn it off if its really that bad, but its no different in concept to SUDO or the graphical tools for that. In fact, as far as the end user goes, it's less annoying, because you don't actually need to keep typing in your password; you can be logged in with a user that has admin privs, but still have to approve use of those privs.
I love how so many people have bitched about microsoft doing NOTHING for security in the past (I have been one of them), and yet when they do make an effort the first thing they do is bitch that "waah, i have to click something". ffs....
I'm no blind microsoft fanboy, but given the choice between the pile of shit that is Windows XP, or Vista... well, i'm on vista 64.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
most average users #1 complaint with UAC is the flickering black/gray screen "protected desktop" which sometimes crashes certain display mode apps or has a crazy flickering that bothers their eyes, or stalls their slow computer, etc
if this was handled better I think a lot of complaints would go away
Try running blender (well a blender based game).
You might need to run without Aero as that seemed to really bork blender for me.
Notice, how the framerate is HALF when the window is touching the taskbar, wtf is that about ?
As for search in the startmenu... nice idea, but if I want to go to "d:\" and type it too fast, I launch "dosbox", because it has to search and doesn't realise it's a path... arg! - So I have to type...delay...press enter.
New slashdot poll: UAC ___ On ___ Off It was one of the first things I did after installing Vista, I turned the UAC off completely. One thought to make it less annoying is to have it sense if someone clicked on something or not. It seems to me that if the user clicked on something that was already on their computer chances are they wanted to do that no matter the consequences. I find myself in situations like this because I tend to download a lot of my software (and yes it is all legal) and install it from my hard drive. If I were to leave UAC on it would prompt me 100 times in a week maybe more depending on the week. An adaptive type of UAC could be helpful too. One that learns your tendencies and adjusts itself accordingly.
They needed to hear that AFTER releasing to realise the reaction? They didn't realise that clicking a button to indicate that you really did click on the last button was not only illogical but incredibly, incredibly frustrating? They hadn't realised that one of the worst features Windows has is its insistence on asking you the same questions without ever offering you the option to 'always or never'?
ROTFF, LMFAO. If these people sat down to use their own products for five minutes before shipping they'd be dangerous.
It's OK Bender, there's no such thing as 2.
As a developer I disagree. Call me old fashioned but I should be able to grab everything under C:\Program Files\My App and move that to another machine and run it, finding all my data and settings still intact. Take all your registries, home directories (which are for per-user settings files if absolutely required), etcs, vars and bins and shove 'em. :-p
Honestly though, those are best used to provide frameworks like .NET where all the crap that points my app to the right assemblies needs to be kept separate from my app itself - which in 99.9% of cases is simply going to consist of an executable, a settings and/or data file, and one or more libraries.
It's OK Bender, there's no such thing as 2.
I'd just like to sum up all the other comments I've made in this thread with one more - remember System Restore?
It was going to keep all of our system files safe by providing a place where all important files could be backed up for later. While I'll admit this has saved me some time on occasion since XP came out, it also has another use now which is much more important. System Restore is where viruses go to live in order to be faithfully restored to operation by the system every time it boots.
Carton of beer to the first successful misuse of the UAC sandbox to reinstate malware.
It's OK Bender, there's no such thing as 2.