Slashdot Mirror
Windows 7 To Dial Down UAC
Barence writes "Engineers working on Windows 7 have admitted Vista's User Account Control was too intrusive, and are promising to tone it down in the forthcoming Windows 7. 'We've heard loud and clear that you are frustrated,' says Microsoft engineer Ben Fathi. 'You find the prompts too frequent, annoying, and confusing. We still want to provide you control over what changes can happen to your system, but we want to provide you a better overall experience.' According to Fathi, when Vista first launched, 775,312 unique applications were producing prompts — so some may be annoyed that it won't be scrapped entirely, but at least Microsoft is listening. The comments echo those of Steve Ballmer, who admitted at a conference in London that 'the biggest trade-off we made was sacrificing security for compatibility. I'm not sure the end-users really appreciated that trade-off.'"
Seriously, why doesn't Microsoft spend its considerable resources helping fix UAC for Vista? Do it as part of SP2... Since answering UAC is modal (systemwide), it's not like any user-level apps "depend" on it behaving in a specific way/at specific times, so changing its behavior should have no negative effect on those apps...
Or are they admitting defeat and preparing for the next battle (a.k.a. Windows 7)???
Windows 3.1x calc: 3.11 - 3.10 = 0.00
Please explain HOW that is the best solution. The point of it is to provide a protection that XP didn't have. I don't personally use Vista, but if I did I wouldn't think twice. If you just disable it, say bye bye to virus/malware protection other than whatever virus scanner you have.
The details only tell you what application is requesting access.
It most certainly does not tell you:
What file - well, that's not completely true, it gives you the file name but not the path!
What the file operation is (read? append? replace? delete?)
Anything that might help you make your decision
And when I said it tells you what application it is, I mean it tells you the process name, which is generally something very helpful like "RUNDLL32.EXE".
that is how vista does it. you get a prompt when you delete shortcut icons that are saved in the public\desktop folder because they are shared by all users on the machine. if you are deleting one of your shortcuts (in \users\you\desktop\) then you wont get a prompt
why is this hard for people to understand?
Or maybe they are sometimes vague because the program wanting control of the system is vague itself. I remember being glad the UAC actually worked when browsing a webpage recently. It looked like a completely innocent webpage but all of the sudden the UAC panel comes up with a request for who knows what attached to the website. I still am not sure what it was and why it wasn't picked up by the more robust security systems running on my computer.
Exactly. XP even has the structure for this. You have your OWN documents and settings folder (no need to put everything in program files) and you have your OWN registry hive with HKCU (no need to put everything in HKLM)
Obviously you can read everywhere, but you can't write or modify, which is as it should be.
But it just pisses me off every time I have to (re)install UPS worldship and it throws hissyfits til doomsday til i just give the account Local Admin...
Only it really doesn't provide protection because it pops up so mind-numbingly often that the user is just going to click 'OK' after a while without thinking. It doesn't warn you because a program is bad, it's just warning that you're about to run a program. Better to have a good virus checker and a firewall that warns of attempt to connect the internet from your computer as well as from the outside. I have no need of UAC and have never had a problem of a rogue program or trojan taking over on either my Vista or XP systems.
If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!
If Microsoft only allowed products to show any kind of Windows logo if they complied with the security rules, this wouldn't be a problem. Microsoft loosened up on the logo program because developers weren't willing to bother.
This happened to Apple when they went to the PowerPC, and were dumped by many major software vendors. Apple wasn't in a position to order developers around, and they hadn't realized that. It took years to recover from that.
Awesome, so all malware needs to do is stay resident as the user's process until it detects that the user has elevated privileges. Then BLAMMO, sudo rootme.
I'm not defending Vista, I'm just pointing out that it's not necessarily a good thing that the OS gives you this window. It's useful for interactive tasks, but not so great for processes that want to surreptitiously perform administrative actions--and let's face it, that's the larger problem.
Just as an example, say I download and run an executable. It's a fun little Desktop Buddy or something. It does its thing for a while. Later on, while I'm browsing, Desktop Buddy tries to perform an administrative action. Am I going to let it through? Maybe, but probably not, particularly if I don't connect the UAC dialog with anything I was actively doing.
Now, let's say I go download a different program..say a browser widget of some kind. While downloading the widget, a UAC prompt pops up saying that the widget wants access to perform an administrative action. Of course I click through--it's just another annoying Windows prompt asking if I'm sure that I want to install this program.
The great benefit to UAC is not in stopping the user from doing something. It's in stopping processes from doing something when the user isn't looking or expecting it. Adding a timer for unlimited administrative action completely negates this benefit, so we might as well do without UAC altogether.
I've recently upgraded at work from XP to Vista 64 and I really like it. I hate it when I go back to XP now - where's my search?!!! Start button, app title, , it's just ruddy marvellous.
As a developer too UAC makes it much more realistic to develop and test under LUA scenarios.
I don't really get many UAC prompts. What's all this talk about rearranging menu shortcuts? Why the heck would you do that when you can just type the app name and press ENTER using LiveSearch.
I guess I'll be modded down for admitting to liking Vista but am I really alone?
This might be insightful if it were correct.
Microsoft didn't ignore the history of multiuser systems when they "wrote" DOS or Windows 3.x. They simply didn't have a choice. You forget that until the Intel 286 CPU that x86 lacked hardware protection domains. That means that the OS was completely and totally incapable of enforcing any form of protection over hardware resources. That means that the developers had free reign over the system and there was nothing that could be done to prevent it. Linux, even if it could be adapted to that hardware, couldn't prevent it either.
UAC is just a slightly different implementation of Linux's graphical sudo prompt. If Linux were used by the hordes of ordinary intarweb surfers and other everyday lusers, sudo would annoy them enough to want to turn it off permanently (or just log in as root).
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
Actually they got this right. If you run apps designed for Win95, it creates a virtual directory tree inside the current user's home directory, so when the app tries to write to C:\Program Files, it really writes to this virtual filesystem and you don't get a UAC prompt at all.
It's not Win95 apps that have a problem with UAC, it's WinXP apps.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
>I think it would be better if Microsoft implemented something closer to sudo or su, but I think people would complain about that too.
Its called runas and its been around since the first days of NT. When running as limited user you just right-click on an executable and select runas or you can use the command line.
Not quite. It's not the administrative (or, in Unix/Linux speak root) password that sudo wants, it's your regular password. You see, sudo was originally created to allow specified users to run certain commands that normally took elevated privileges without knowing the root password. Ubuntu is oriented toward users who only want one account on their machine and don't want to remember two passwords, so it uses sudo instead of expecting you to know how to use su to switch to root.
Good, inexpensive web hosting
You don't know what the f* you're talking about.
You don't need anything at all from Microsoft to not get UAC Prompts in an application your'e writing. All you need to do is NOT do shit that requires Administrator Privileges. Period. End of Discussion.
You're right, Win32 API was released after 386 and at that time Microsoft decided to stop supporting earlier CPUs. But that's 1992, 11 years after DOS was released, and there was a large library of existing applications.
There were two choices, run all previous software in a VM, which is what NT did. The problems are two-fold. The overhead of the VM would make any performance sensitive application virtually un-runnable. The second is that in the later years of the DOS era those developers found some interesting ways of squeezing performance out of the metal, and those techniques did not play well in emulation. Current emulators still have problems with some of those programs and they have the luxury of significantly better hardware. Why would people buy the new OS if all of their new shiny games couldn't run on it?
The second choice was to allow the OS to continue to run the old applications natively. That would let the developers to target the improved API while allowing all old applications to run as expected and with similar performance characteristics. But if the OS still permits applications to run against the metal that means that hardware enforcement of protection domains is not possible, and without that no meaningful software level security is achievable.
So yeah, Microsoft could have went with the first choice. Instead they went with both, and wait six years before attempting to finally lock down hardware protection domains on the consumer line of the OS.
Maybe they could have pulled an Apple and simply broke everything all at once. It would have made life easier now, but it was not a wise business decision.
I can see you're a little slow, and don't actually know anything about how computers work.
A program gets an "event" as it's called, something like MouseClick or something. These events can be generated by MORE than than just the mouse... it allows automated GUI testing programs, letting a click on a transparent "top" window be filtered down to a lower one, and so on. Basically, Windows CAN'T know that you're "THE ONE HOLDING THE FUCKING MOUSE" from just that.
What UAC does is it takes control away from ALL programs, and only allows local input devices to generate events, so it CAN be sure that it's you that clicked that button.
It's ok... lots of people yell when they don't know what they're talking about ;)
My blog. Good stuff (when I remember to update it). Read it.
http://blogs.msdn.com/oldnewthing/archive/2007/11/26/6523907.aspx
If that program needs admin rights, yes, even in Ubuntu.
My sig can beat up your sig.
Unfortunately, Runas is mostly crap. My IT Director thought this would be a great idea and forced all sysadmins to loose their special domain Administrator privileges and then make a privileged username_adm account for everyone. So, we have to use the _adm account to do anything with Administrator privileges. Some applications just don't work through Runas, it really screws up your environment, and using it just isn't easy. The solution is that most admins have ditched using their username accounts and just log in interactively with their username_adm accounts now. Fat lot of good that does.
I admin GNU/Linux systems (Debian or Ubuntu), FreeBSD, OS X, and Windows hosts in a multi-site 600+ user environment. Sudo is great. Runas is mostly crap. That's my real-world, I've-used-it opinion.
If it's so trivial that any application run under RunAs behaves exactly as if run after logging in interactively as the same user, why do you have to "understand how the system works"?
The applications/processes dont have to know or care anything about it. The end-user sometimes does because that one process is running under a different account than the desktop. So if that RunAs'd process makes changes to the profile, the end-user will have to understand that it's making changes to the RunAs'd user account profile, NOT the desktop profile. If you want to do that, then you use MakeMeAdmin or similar tools.
I really don't know how RunAs works, but if you think about sudo on unix, it's not quite as simple as that. If you've originally logged in as "foo" and then run a command as user "bar" through sudo, does the application you run get the environment (environment variables such as locale settings, home directory location, etc.) from foo or from bar? Or a part from one and another part from the other.
RunAs isnt equivalent to sudo. It's equivalent to su. And just like su, you can choose whether or not to load the whole profile.
Vista's UAC is more like sudo, at least when run in certain configurations, just not nearly as configurable.
Of course you can make it behave they way that is appropriate for the situation. Perhaps it's the same with RunAs and what you mean by "not understanding" it is exactly that. But "zero difference" between RunAs and an interactive user session may still not quite hold due to such details, and the existence of a magical flag to for applications to detect RunAs is likewise irrelevant.
What I mean is that from the process' (ie, the executable running) perspective, there is zero difference between being RunAs'd as JoeAdmin and running under the JoeAdmin desktop. There can be secondary differences if the process makes changes to the profile, and the end-user doesnt understand that its running under a completely different profile.
So from the process/executable perspective, there is no difference. It doesnt care, and doesnt have to be programmed any differently to take it into account.
From the end-user's perspective, there is a difference, particularly if the thing you want to RunAs changes the user profile.