Windows 7 To Dial Down UAC

← Back to Stories (view on slashdot.org)

Posted by kdawson on Friday October 10, 2008 @06:38AM from the cancel-or-allow dept.

Barence writes "Engineers working on Windows 7 have admitted Vista's User Account Control was too intrusive, and are promising to tone it down in the forthcoming Windows 7. 'We've heard loud and clear that you are frustrated,' says Microsoft engineer Ben Fathi. 'You find the prompts too frequent, annoying, and confusing. We still want to provide you control over what changes can happen to your system, but we want to provide you a better overall experience.' According to Fathi, when Vista first launched, 775,312 unique applications were producing prompts — so some may be annoyed that it won't be scrapped entirely, but at least Microsoft is listening. The comments echo those of Steve Ballmer, who admitted at a conference in London that 'the biggest trade-off we made was sacrificing security for compatibility. I'm not sure the end-users really appreciated that trade-off.'"

91 of 390 comments (clear)

Cancel or allow what?! by Ethanol-fueled · 2008-10-10 06:40 · Score: 5, Insightful

Of course most users are going to just click "OK", but how can the more tech-savvy users(you know, the ones who actually read the boxes) actually know what they're approving when the dialog boxes say such laughingly vague shit like "File operation - continue or cancel?"!
1. Re:Cancel or allow what?! by MobyDisk · 2008-10-10 06:45 · Score: 5, Funny
  
  If only there was some sort of button, or perhaps a downward facing arrow, that would provide additional details about what is happening. That would be awesome.
2. Re:Cancel or allow what?! by SCPRedMage · 2008-10-10 06:48 · Score: 5, Insightful
  
  By the context it comes up in?
  
  Seriously. I run Vista, and I've NEVER seen a UAC prompt come up where I didn't know what it was for.
  
  And if you DON'T know what it is? Freaking hit cancel! What's the worst that'll happen? Something you're trying to do errors out? OH NOES!
  
  --
  My sig can beat up your sig.
3. Re:Cancel or allow what?! by Thelasko · 2008-10-10 06:52 · Score: 4, Insightful
  
  I know most people hate it, but I actually thought UAC was Vista's most redeeming quality. I think it's a shame that Microsoft actually tried to make an OS that was secure by default only to have people immediately disable it.
  
  I think it would be better if Microsoft implemented something closer to sudo or su, but I think people would complain about that too.
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
4. Re:Cancel or allow what?! by Anonymous Coward · 2008-10-10 06:53 · Score: 5, Informative
  
  The details only tell you what application is requesting access.
  It most certainly does not tell you:
  What file - well, that's not completely true, it gives you the file name but not the path!
  What the file operation is (read? append? replace? delete?)
  Anything that might help you make your decision
  And when I said it tells you what application it is, I mean it tells you the process name, which is generally something very helpful like "RUNDLL32.EXE".
5. Re:Cancel or allow what?! by eleuthero · 2008-10-10 06:58 · Score: 5, Informative
  
  Or maybe they are sometimes vague because the program wanting control of the system is vague itself. I remember being glad the UAC actually worked when browsing a webpage recently. It looked like a completely innocent webpage but all of the sudden the UAC panel comes up with a request for who knows what attached to the website. I still am not sure what it was and why it wasn't picked up by the more robust security systems running on my computer.
6. Re:Cancel or allow what?! by Goaway · 2008-10-10 07:05 · Score: 4, Interesting
  
  Actually, their plan was to make it annoying in order to force developers to fix their apps so they don't require so much administrator access.
  It's hard to fault them for their motivation, even if the execution perhaps left something to be desired.
7. Re:Cancel or allow what?! by Carnildo · 2008-10-10 07:06 · Score: 5, Insightful
  
  How do you *know* that it's Apple's software updater that's causing the UAC box to appear, and not an opportunistic bit of malware that's been watching for the software update dialog to show up?
  
  --
  "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
8. Re:Cancel or allow what?! by hansamurai · 2008-10-10 07:11 · Score: 4, Insightful
  
  I use Ubuntu more than I've ever used Vista, but from both experiences, I see sudo/password requests when it makes sense and the UAC dialog when it makes sense.
  
  --
  Reviewing just the first hour of video games.
9. Re:Cancel or allow what?! by PolygamousRanchKid+ · 2008-10-10 07:17 · Score: 2, Funny
  
  If only there was some sort of button, or perhaps a downward facing arrow, that would provide additional details about what is happening. That would be awesome.
  If only there was some sort of button, or perhaps a downward facing arrow, that would downgrade a Vista installation back to good old XP ...
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
10. Re:Cancel or allow what?! by afidel · 2008-10-10 07:21 · Score: 5, Interesting
  
  If you're trying to get permissions correct to eliminate these type of prompts in a corporate environment (or make an app work in a locked down pre-Vista environment) I can't recommend LUA Buglight highly enough. Basically it provides a way to record exactly what rights an application is requesting as you run it. I've used it mostly to get temperamental programs running as locked down users under Citrix but it should work fine to help reduce the amount of UAC messages under Vista.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
11. Re:Cancel or allow what?! by macdaddy357 · 2008-10-10 07:29 · Score: 5, Funny
  
  A left mouse click was detected. Cancel or allow?
  Allow.
  A left mouse click was detected. Cancel or allow?
  Allow.
  A left mouse click was detected. Cancel or allow?
  Allow.
  A left mouse click was detected. Cancel or allow?
  Allow.
  and so on....
  
  --
  How ya like dat?
12. Re:Cancel or allow what?! by not+already+in+use · 2008-10-10 07:49 · Score: 4, Insightful
  
  How do you *know* that it's Apple's software updater that's causing the UAC box to appear, and not an opportunistic bit of malware that's been watching for the software update dialog to show up?
  Apple software update is an opportunistic bit of malware.
  
  --
  Similes are like metaphors
13. Re:Cancel or allow what?! by Profane+MuthaFucka · 2008-10-10 07:52 · Score: 3, Interesting
  
  UAC is as simple as sudo. Except, sudo will remember that you just typed in your password 5 minutes ago so it won't ask again. UAC asks every time.
  But you're right, it's not a pain in the ass, and the people who are bitching about it are whiners. OR, maybe they don't know the trick that I know - set the administration password to a null password. That way, UAC doesn't require you to type anything at all. Just click the box and it's gone. You should know why the box popped up. It's your machine, so you should know the password, so asking for it is pointless. If you click on a UAC message without knowing why it's there, that's your fault.
  And no, a NULL password is not the same as an empty password. You can send me an empty password theoretically with a string containing just a single null terminator. But how do you send me no password at all? That's like going to the mailbox and seeing it's empty, but just then your mom calls and asks if you didn't get the letter she didn't send you, and you reply that yes, you got no letter. Very Zen.
  
  --
  Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
14. Re:Cancel or allow what?! by hairyfeet · 2008-10-10 07:53 · Score: 4, Interesting
  
  Exactly! It is like trying to troubleshoot based on those worthless XP error boxes. You hit details and what do you get? The same rundll32 and NTdll no matter what application crashes. I swear those stupid hex codes they used in the old days were more useful! At least with those you could look up the hex code and get a rough idea which subsystem is screwing up. Now I keep dependency walker,diskmon and filemon just to try to figure out a bug.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
15. Re:Cancel or allow what?! by Thelasko · 2008-10-10 08:03 · Score: 5, Insightful
  
  Really, it's quite like sudo. The problem is that users and developers weren't used to this type of security. They need to adapt, not Micosoft. Microsoft got it right for once.
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
16. Re:Cancel or allow what?! by Tony+Hoyle · 2008-10-10 08:06 · Score: 2, Insightful
  
  No, with UAC all you get is a hit return dialog... it's got nothing to do with whether the admin has a password or not. If you invoke UAC under an unprivileged account (not even power user) then you may get a password, but the default is not to ask for one.
  You learn very quickly to mash return every time you hear the beep.
17. Re:Cancel or allow what?! by nschubach · 2008-10-10 08:15 · Score: 2, Insightful
  
  So what IS it blocking access to? The manager application? A specific file? A folder you don't have native rights to? How could an educated technician change his PC configuration to remove this prompt when "managing" your PC? Maybe he/she would like to advance their rights just enough to be able to shutdown a service without having to authorize it every time. Why do they have to disable the UAC entirely if they only want to disable it for this purpose? What if they wanted to do something silly like defragment a drive from the manage screen but wanted to still be warned if something tries to install device drivers or CDROM rootkit drivers.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
18. Re:Cancel or allow what?! by Rary · 2008-10-10 08:16 · Score: 4, Informative
  
  UAC is just a slightly different implementation of Linux's graphical sudo prompt. If Linux were used by the hordes of ordinary intarweb surfers and other everyday lusers, sudo would annoy them enough to want to turn it off permanently (or just log in as root).
  
  --
  "You cannot simultaneously prevent and prepare for war." -- Albert Einstein
19. Re:Cancel or allow what?! by gad_zuki! · 2008-10-10 08:19 · Score: 4, Informative
  
  >I think it would be better if Microsoft implemented something closer to sudo or su, but I think people would complain about that too.
  Its called runas and its been around since the first days of NT. When running as limited user you just right-click on an executable and select runas or you can use the command line.
20. Re:Cancel or allow what?! by techno-vampire · 2008-10-10 08:20 · Score: 2, Informative
  
  Not quite. It's not the administrative (or, in Unix/Linux speak root) password that sudo wants, it's your regular password. You see, sudo was originally created to allow specified users to run certain commands that normally took elevated privileges without knowing the root password. Ubuntu is oriented toward users who only want one account on their machine and don't want to remember two passwords, so it uses sudo instead of expecting you to know how to use su to switch to root.
  
  --
  Good, inexpensive web hosting
21. Re:Cancel or allow what?! by schwaang · 2008-10-10 08:21 · Score: 3, Funny
  
  That's easy. I distinctly remember that when the "An opportunistic bit of malware wants to be installed. Cancel or Allow?" dialog came up, I hit Cancel.
22. Re:Cancel or allow what?! by sjames · 2008-10-10 08:23 · Score: 2, Insightful
  
  MS is suffering from the decade of 'training' they provided to users and developers alike. They taught their users to not know enough to even understand why a UAC dialog might appear in the first place. They made people think you don't need to know a darned thing about computers to use one. SURPRISE! their users have no idea what this UAC thing is and don't know enough about computers to realise they need something like that.
  On the developer side, amongst other sins, they trained developers that they can just overwrite DLLS and EXEs at will to do updates (I'm looking at YOU Quickbooks) rather than understanding that it will just have to wait for someone with admin privileges (who probably is NOT an accountant and should NOT be launching the app itself) to approve of the update. Refusing to run in the meanwhile is not acceptable.
  UAC might have gone better if there weren't so many apps that COULD have been designed not to need admin privileges but weren't.
23. Re:Cancel or allow what?! by nschubach · 2008-10-10 08:26 · Score: 4, Interesting
  
  You can't really be vague about a file. If I want to gain access to a system file, I pretty much have to do it by name. Also, Windows is blocking it for some reason. Why does that reason have to be hidden?
  "Oh, I see you have peon user rights, but you need power user rights to gain access to c:\winnt\notepad.exe"
  "______ program needs access to a restricted part of the registry to be able to read/write data.
  Cancel/Allow?
  (Click here to more details on the requested operation) >>
  someapp.exe is trying to request access to HKLM\Software\Microsoft\Windows\CurrentVersion\ProductKey"
  And while we are on it... you should at least be able to specify conditional allowance. (Cancel | Allow This | Allow All)
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
24. Re:Cancel or allow what?! by Thelasko · 2008-10-10 08:41 · Score: 2, Insightful
  
  personally I think they got it right with UAC. That won't stop people from complaining though, as we've seen...
  It's not so much that people don't like UAC, they just don't like change. It takes a while for people to realize that they are better off changing.
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
25. Re:Cancel or allow what?! by SEAL · 2008-10-10 09:00 · Score: 5, Insightful
  
  The end result, unfortunately, is even more dangerous. Any product that requires updates to be installed results in a UAC prompt every time. Developers hate that, so they started writing *services* that install on the first run. That way the user gets one UAC prompt, the service installs (probably not telling the user that it is a service), and then that developer can forevermore install anything to his hearts delight, without prompts, by going through the privileged service.
26. Re:Cancel or allow what?! by Ephemeriis · 2008-10-10 09:00 · Score: 4, Insightful
  
  My main complaint with UAC is the lack of granularity. You have to either approve or disapprove fairly broad strokes.
  
  Try right clicking on computer, then selecting 'manage'. That should bring up UAC every time, unless it is turned off.
  Yeah, see, if I do that, I'm pretty sure I'm going to know what the damn UAC prompt is for.
  Fair enough. Trying to run Computer Management is what brought up UAC. But what exactly are you authorizing? Just running the Computer Management screen, or anything and everything you can do in there? Why do I need to authorize it if I just want to look to see if a service is running - not make any changes at all?
  For a more annoying example start up a command prompt without administrative credentials... Then try to do an IPCONFIG /RELEASE... It'll tell you that you can't. And you can't just SUDO it like you would on a Linux box. You have to create a new command prompt with administrative credentials...but now everything you do in that command prompt has administrative credentials, so you've got no added security at all.
  
  --
  "Work is the curse of the drinking classes." -Oscar Wilde
27. Re:Cancel or allow what?! by SCPRedMage · 2008-10-10 09:21 · Score: 2
  
  My main complaint with UAC is the lack of granularity. You have to either approve or disapprove fairly broad strokes.
  Not with applications written to play well with UAC. Look at Vista's Automatic Updates, for example. I can open it up, look at the updates available, but I don't have to actually deal with a UAC prompt until I tell it to INSTALL updates.
  
  Fair enough. Trying to run Computer Management is what brought up UAC. But what exactly are you authorizing? Just running the Computer Management screen, or anything and everything you can do in there? Why do I need to authorize it if I just want to look to see if a service is running - not make any changes at all?
  Since M$ didn't actually UPDATE the Microsoft Management Console (which is the app that provides the Computer Management screen), it isn't UAC-aware, and thus can only get admin rights when you start it. In other words, UAC is completely capable of the behavior you describe, but it's up to the PROGRAMMERS to implement it. Microsoft SHOULD have spent their time making sure that their own apps worked with UAC as best as the could before Vista launched.
  
  For a more annoying example start up a command prompt without administrative credentials... Then try to do an IPCONFIG /RELEASE... It'll tell you that you can't. And you can't just SUDO it like you would on a Linux box. You have to create a new command prompt with administrative credentials...but now everything you do in that command prompt has administrative credentials, so you've got no added security at all.
  Oh, I feel your pain on that one. I would LOVE to see an app that can escalate/de-escalate permissions in a cmd window, and it annoys me that Microsoft didn't provide it.
  
  --
  My sig can beat up your sig.
28. Re:Cancel or allow what?! by WK2 · 2008-10-10 09:38 · Score: 2, Insightful
  
  Microsoft got right the idea of requiring higher privileges for making system-wide changes, but they really borked the implementation. Things like rearranging the Start Menu requires UAC popups. That's dumb. A user should be able to rearrange their own Start Menu without affecting the system. And the Windows installation still does not create a Regular User account by default.
  
  --
  Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
29. Re:Cancel or allow what?! by x2A · 2008-10-10 09:38 · Score: 4, Insightful
  
  "Oh, I feel your pain on that one. I would LOVE to see an app that can escalate/de-escalate permissions in a cmd window, and it annoys me that Microsoft didn't provide it."
  On 2003 (don't have vista to try), runas /?
  RUNAS USAGE:
  RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ] /user: program
  RUNAS [ [/noprofile | /profile] [/env] [/savecred] ] /smartcard [/user:] program /noprofile specifies that the user's profile should not be loaded.
  This causes the application to load more quickly, but
  can cause some applications to malfunction. /profile specifies that the user's profile should be loaded.
  This is the default. /env to use current environment instead of user's. /netonly use if the credentials specified are for remote
  access only. /savecred to use credentials previously saved by the user.
  This option is not available on Windows XP Home Edition
  and will be ignored. /smartcard use if the credentials are to be supplied from a
  smartcard. /user should be in form USER@DOMAIN or DOMAIN\USER
  program command line for EXE. See below for examples
  Examples:
  > runas /noprofile /user:mymachine\administrator cmd
  > runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
  > runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""
  NOTE: Enter user's password only when prompted.
  NOTE: USER@DOMAIN is not compatible with /netonly.
  NOTE: /profile is not compatible with /netonly.
  NOTE: /savecred is not compatible with /smartcard.
  
  --
  The revolution will not be televised... but it will have a page on Wikipedia
30. Re:Cancel or allow what?! by Bin · 2008-10-10 10:03 · Score: 4, Interesting
  
  No, they specifically broke runas in a command prompt window in vista in favor of the right click -> run as administrator (bing UAC) route.
  It was a totally stupid idea. Even going with a runas which then triggered UAC to gain the required privileges would have been a better plan that no runas command.
  Bryn
  
  --
  Or words to that effect ...
31. Re:Cancel or allow what?! by SCPRedMage · 2008-10-10 10:20 · Score: 2, Informative
  
  If that program needs admin rights, yes, even in Ubuntu.
  
  --
  My sig can beat up your sig.
32. Re:Cancel or allow what?! by Sigma+7 · 2008-10-10 10:22 · Score: 3, Insightful
  
  A temporary elevation of rights for a single process (and its children) is the goal here, and it appears UAC only elevates a specific action, not the process containing it.
  On some apps, it's a per application basis. One example is opening a command prompt by right-clicking it and choosing "Run as administrator", which allows you to run any command or activity with elevated permissions.
  With Windows Vista, I do have specific complaints about UAC elevation:
  - It's an automatic prompt on some applications (i.e. anything called Setup.exe triggers UAC even when it isn't required.)
  - If you block UAC on some programs, the program doesn't even attempt to run. In some cases, this is inappropriate since the program in question doesn't require those additional privilages or is semi-capable of running without them.
  - If you run one elevated command, any subprocesses it creates have full access. You can use this to temporarily disable UAC, but...
  - For Windows Explorer, it only does elevation for one task. In some cases, the elevated permissions need to persist a bit more to do what you want.
  - Also in Windows Explorer, it sometimes interprets a file already being in use as a necessity to use UAC (consequently causing the filer operation to fail again.)
  - It bumped the "Run As" prompt, which prevents running applications through other accounts.
  This feature is easily disabled in the control panel. Of course, you might as well login to a Linux box as root.
33. Re:Cancel or allow what?! by lanner · 2008-10-10 15:37 · Score: 2, Informative
  
  Unfortunately, Runas is mostly crap. My IT Director thought this would be a great idea and forced all sysadmins to loose their special domain Administrator privileges and then make a privileged username_adm account for everyone. So, we have to use the _adm account to do anything with Administrator privileges. Some applications just don't work through Runas, it really screws up your environment, and using it just isn't easy. The solution is that most admins have ditched using their username accounts and just log in interactively with their username_adm accounts now. Fat lot of good that does.
  I admin GNU/Linux systems (Debian or Ubuntu), FreeBSD, OS X, and Windows hosts in a multi-site 600+ user environment. Sudo is great. Runas is mostly crap. That's my real-world, I've-used-it opinion.
34. Re:Cancel or allow what?! by Miamicanes · 2008-10-10 16:14 · Score: 5, Insightful
  
  I've said it before, and I'll say it again in the hope that someone from Microsoft might actually see this and have it sink in...
  If a program wants to create a new directory in c:\program files, that's not really a big deal.
  If a program wants to overwrite an existing non-executable file in an EXISTING directory of c:\program files, it's probably worth bothering me about.
  If a program wants to overwrite an existing executable file, dll, or device driver... or change a shortcut to point to a different file... THAT is a very, VERY big deal that merits my full attention.
  What Windows 7 REALLY needs is a way to run untrusted programs (untrusted by ME, not untrusted by Hollywood) in a chroot jail, complete with firewalled network access, spoofed system and registry settings, and parallel-universe copies of system files. Basically, a way to run apps that might be outright trojans in a way that limits the scope of their damage to their own subdirectory tree and phantom system files that are meaningful only to that app.
  Hell, Microsoft OWNS VirtualPC. DO SOMETHING with it. Give me an option that basically works something like, "Spawn a virgin installation of Windows... updated, but crap-free, with Explorer (the file manager) NOT spawned by default, and windows opening up in windows managed by the "real" hypervising-copy of Windows 7... then copy the installer to that instance's chroot jail, and launch it. Going forward, spawn the virtual instance of Windows, then launch the app in it." Think: the long-awaited sequel to WinOS/2... 15 years late, but better late than never ;-)
  The acid test: make it so someone can install a DRM'ed game that's a shameless rootkit (Starforce comes to mind...), emulating Windows well enough with phantom files (any files the program changes are local copies that apply only to the session that spawned them) and spoofed drivers so the Evil App never even realizes it's not screwing up the user's PC. Then be very, VERY anal about warning the user before anything is able to change a "global" (common to all instances of Windows spawned under the hypervisor) setting or file. Big hint... if you don't, Sun or VMware eventually WILL.
35. Re:Cancel or allow what?! by Allador · 2008-10-10 20:21 · Score: 2, Insightful
  
  Seriously, it pulled that nonsense when I was adjusting the clock in the system tray, an action which affects precisely nothing.
  Changing the time can cause all sorts of issues. It can be used to falsify audit logs & event logs. It can be used to attempt to bypass licensing. It can be used to break kerberos and force the machine to fall back to locally cached credentials.
  Changing the time is a system administrator task, not an end-user one. It's arguable that changing the time-zone could be appropriate for end-users, but not the date/time itself.
  
  I can move the sudo window to the side or ignore it for a moment if I'm in the middle of something else. No problem. UAC doesn't allow this -- it completely darkens the screen and stops accepting any input whatsoever, to anything, until you type in the stupid password.
  That functionality is called secure desktop. It's point is to make it impossible for malware to just click the 'Allow' button themselves.
  If you dont like Secure Desktop, then turn it off.
  
  Sudo passwords come up rarely, only when they make sense, require some level of "should I really do this?" pausing, and can be ignored until you're ready to address it.
  UAC prompts come up precisely and exactly when they make sense. It happens when something is trying to access what they dont have rights to. What causes too much UAC prompts is bad 1st part or 3rd party software. There's no magic in UAC to cause this. The logic here is quite straightforward. If Weather bug tries to write to windows\system32, then it SHOULD trigger UAC. Your problem is with weather bug then, not UAC.
36. Re:Cancel or allow what?! by Allador · 2008-10-11 10:25 · Score: 2, Informative
  
  If it's so trivial that any application run under RunAs behaves exactly as if run after logging in interactively as the same user, why do you have to "understand how the system works"?
  The applications/processes dont have to know or care anything about it. The end-user sometimes does because that one process is running under a different account than the desktop. So if that RunAs'd process makes changes to the profile, the end-user will have to understand that it's making changes to the RunAs'd user account profile, NOT the desktop profile. If you want to do that, then you use MakeMeAdmin or similar tools.
  
  I really don't know how RunAs works, but if you think about sudo on unix, it's not quite as simple as that. If you've originally logged in as "foo" and then run a command as user "bar" through sudo, does the application you run get the environment (environment variables such as locale settings, home directory location, etc.) from foo or from bar? Or a part from one and another part from the other.
  RunAs isnt equivalent to sudo. It's equivalent to su. And just like su, you can choose whether or not to load the whole profile.
  Vista's UAC is more like sudo, at least when run in certain configurations, just not nearly as configurable.
  
  Of course you can make it behave they way that is appropriate for the situation. Perhaps it's the same with RunAs and what you mean by "not understanding" it is exactly that. But "zero difference" between RunAs and an interactive user session may still not quite hold due to such details, and the existence of a magical flag to for applications to detect RunAs is likewise irrelevant.
  What I mean is that from the process' (ie, the executable running) perspective, there is zero difference between being RunAs'd as JoeAdmin and running under the JoeAdmin desktop. There can be secondary differences if the process makes changes to the profile, and the end-user doesnt understand that its running under a completely different profile.
  So from the process/executable perspective, there is no difference. It doesnt care, and doesnt have to be programmed any differently to take it into account.
  From the end-user's perspective, there is a difference, particularly if the thing you want to RunAs changes the user profile.
A Comment is Being Added to this Thread by mrbene · 2008-10-10 06:41 · Score: 4, Funny

If you started this, or you trust this process, please click OK.
The best solution is to... by Zymergy · 2008-10-10 06:43 · Score: 2, Interesting

*DISABLE IT*. http://www.mydigitallife.info/2006/12/19/turn-off-or-disable-user-account-control-uac-in-windows-vista/
(Now, does that now make my Vista SP1 more 'Windows 7ish'?)

Other methods here: http://www.google.com/search?hl=en&safe=off&q=How+to+disable+Vista+UAC
1. Re:The best solution is to... by mweather · 2008-10-10 06:48 · Score: 2, Insightful
  
  If you're not installing Vista for enhanced security, why exactly are you installing it?
2. Re:The best solution is to... by penguin_dance · 2008-10-10 07:08 · Score: 2, Informative
  
  Only it really doesn't provide protection because it pops up so mind-numbingly often that the user is just going to click 'OK' after a while without thinking. It doesn't warn you because a program is bad, it's just warning that you're about to run a program. Better to have a good virus checker and a firewall that warns of attempt to connect the internet from your computer as well as from the outside. I have no need of UAC and have never had a problem of a rogue program or trojan taking over on either my Vista or XP systems.
  
  --
  If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!
3. Re:The best solution is to... by BlackSnake112 · 2008-10-10 07:31 · Score: 3, Interesting
  
  I have been forced to use vista (since beta) on my machine at work. UAC comes up:
  when you install software
  when you are getting to the management section (users, groups,etc)
  when you run regedit
  If you add new desktop to the wallpapers folder
  If you run a program that is accessing the 'protected' sections of the computer
  That is it for me. When you first get a computer, you set it up the way you want it. You ARE accessing the protected sections. UAC is doing what is was written to do. Once you are finished setting up the computer how often does UAC come up? It comes up for me now when I am remotely managing someone else's computer or I am putting some new software on. That is it. I have 5 people here that think they are using XP since I change the UI to classic. Which is really sad if you think about it. I had to tell the VP as he was complaining how vista sucked and XP on his desktop worked that his machine that we replaced 7 months ago was vista with the classic UI turned on. I think I might be looking for a new jobs soon.....
4. Re:The best solution is to... by MaxwellEdison · 2008-10-10 08:23 · Score: 3, Funny
  
  Should have just told him its Mojave.
  
  --
  -=Bang Bang=-
5. Re:The best solution is to... by LordLucless · 2008-10-10 13:09 · Score: 2, Insightful
  
  Also: whenever you try and run a poorly-written program.
  
  The program is more a problem with all previous versions of Windows than with Vista. Previous versions lax security allowed developers to do stuff that should only have been allowed to happen under UAC. Because Microsoft allowed the lax security to continue on for so long, there are heaps of programs that assume access to things they shouldn't have, and don't really need.
  
  As other's have pointed out, sudo is a similar mechanism under Linux. The difference is that Linux developers, used to a long-standing robust security model, try to avoid wherever possible occasions which require sudo access. Vista's UAC was a necessary step. It's needed to start retraining developers to write properly. But it's still annoying as hell for the users, and it doesn't really provide any near-term benefits to them. The benefits will be long-term, when developers have wised up and legacy programs have been phased out or re-written. Then UAC will only popup when absolutely necessary, there won't be the click-it-away immediate response, and Windows will be all the more secure for it.
  
  At the moment, MS customers are reaping the consequences of MS' decision to put off the inevitable as long as possible. If they'd bitten the bullet earlier, the poor development techniques would be much less entrenched.
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Dumb by grub · 2008-10-10 06:44 · Score: 4, Insightful

No, don't write secure software, staple on a bunch of dialog boxes to shift the onus onto the user.

--
Trolling is a art,
1. Re:Dumb by Rockoon · 2008-10-10 06:51 · Score: 2, Insightful
  
  You clearly don't know the issue. The issue is that its users want to run application that do things which might break securuty, and this goes to the clear advantages of backward compatability that its users want. The vista method is to allow programs to break security, but only after prompting the user beforehand.
  
  The widespread complaints about UAC is clear proof that backward compatability is of concern to its users because they are running programs which require it.
  
  --
  "His name was James Damore."
2. Re:Dumb by haystor · 2008-10-10 06:58 · Score: 5, Interesting
  
  Does it really have to prompt me every single time? After prompting me to run the same program 5 times, couldn't it just ask me if I want to white list that program until the executable changes?
  
  --
  t
3. Re:Dumb by Goaway · 2008-10-10 07:14 · Score: 4, Insightful
  
  That's because those systems run apps which are designed from the start not to require admin access. Windows doesn't have that luxury.
4. Re:Dumb by 10101001+10101001 · 2008-10-10 08:13 · Score: 3, Insightful
  
  The issue is that its users want to run application that do things which might break securuty, and this goes to the clear advantages of backward compatability that its users want.
  Last I checked, the NT line was supposedly a secure OS. Ie, the OS itself was in control and applications are always subordinate to the OS. What that means is, the OS is always in a position to maintain backward compatability when it comes to applications in a secure fashion.
  
  The vista method is to allow programs to break security, but only after prompting the user beforehand.
  And that's the problem. The Vista method is to turn NT into Windows 9x. The *proper* solution is a combination of virtual machines, specific simulators for needed hardware functions, etc. Of course, the proper solution is exceptionally costly, time prohibitive, and likely very CPU intensive in some edge cases. So, Microsoft went with the easy-out approach because backwards compatability was more important than security.
  Breaking insecure apps or creating a framework to make insecure apps secure might not have great for Microsoft's short-term balance sheet. Doing the right thing in the face of adversity is pretty much the definition of character, and I don't think anyone reasonably believes Microsoft was overflowing with that trait. One could try to blame the free market for this (not that I'm saying you are), and perhaps that's partially true. But, I don't think that justifies trying to defend Microsoft's actions.
  
  --
  Eurohacker European paranoia, gun rights, and h
So how about fixing UAC in Vista??? by BUL2294 · 2008-10-10 06:45 · Score: 4, Informative

Seriously, why doesn't Microsoft spend its considerable resources helping fix UAC for Vista? Do it as part of SP2... Since answering UAC is modal (systemwide), it's not like any user-level apps "depend" on it behaving in a specific way/at specific times, so changing its behavior should have no negative effect on those apps...
Or are they admitting defeat and preparing for the next battle (a.k.a. Windows 7)???

--
Windows 3.1x calc: 3.11 - 3.10 = 0.00
1. Re:So how about fixing UAC in Vista??? by snl2587 · 2008-10-10 06:57 · Score: 2, Insightful
  
  Seriously, why doesn't Microsoft spend its considerable resources helping fix UAC for Vista?
  At this point, why would they when they could just charge people to upgrade? So many people stuck with XP that fixing UAC in Vista wouldn't do anything for them.
  
  Or are they admitting defeat and preparing for the next battle (a.k.a. Windows 7)???
  Not in words, but in actions. I have a feeling that in the future this version of Windows is going to be referred to in much the same way as we refer to Windows Me now.
Wish I could participate... by Corpuscavernosa · 2008-10-10 06:47 · Score: 4, Funny

...but I'm still running my beloved XP which they will have to pry from my cold, dead, outdated hard drive. Or, you know, unless Windows 7 is awesome.
I couldn't be happier not having experienced the headaches mentioned in this article.

--
We figured out a long time ago that it's easier to elect seven judges than to elect 132 legislators.
Linux does it right by MobyDisk · 2008-10-10 06:47 · Score: 4, Insightful

In most Linux distros, if you do something that requires admin access, it asks you for the admin password and holds onto privileges for a little while. That way, if I rearrange a bunch of icons I don't get 100 different prompts. This is simply common sense. It amazes me that the Microsoft developers didn't get fed up with the prompts and do the obvious thing.
1. Re:Linux does it right by MobyDisk · 2008-10-10 07:04 · Score: 5, Insightful
  
  Perhaps I was not clear in my explanation.
  In Vista, if you open the "all users" start menut and re-arrange 10 shortcuts, you get 10 prompts (actually, 20 - moves involve two prompts). In Linux, if you use the KDE/Gnome/whatever tools to reorganize the "start" menu, you get one single prompt when you save the changes.
  In Vista, you also get prompts merely for viewing some information in the control panel. Then you get another prompt when you save/apply it, then another if you apply it again. In Linux, running the appropriate "control panel" tools requires no special privileges until you change something, at which point it prompts you once. And if you change something else without closing that window, you don't get another prompt.
  I am guessing that the underlying difference is that Vista is confirming each particular action (system call?) whereas Linux is prompting for a privilege escalation which then applies to that process.
2. Re:Linux does it right by LehiNephi · 2008-10-10 07:14 · Score: 4, Interesting
  
  Yes, Linux does it right. The problem for Microsoft, however, is this: most programs written to run on Linux are written such that they can run without root-level privileges. Most programs written before the advent of Vista assumed that Administrator privileges were available by default.
  
  That assumption is no longer true. Since the number of programs is so enormous (the 775k mentioned in the summary), it's easier to deal with the privilege-escalation by putting in something like UAC than it is to fix every faulty application. Hopefully, developers have now learned to assume least privileges, so new programs won't require elevated privileges.
  
  I don't think anyone will agree that UAC was the best way to handle the situation, but it sure was the easy way out. As an earlier poster said, better sandboxing could handle the issue better, but it's obvious that the investment (money and potential schedule problems) wasn't worth it from MS's point of view.
  
  --
  Help find a cure for cancer. Join the [H]orde
3. Re:Linux does it right by Sancho · 2008-10-10 07:24 · Score: 2, Informative
  
  Awesome, so all malware needs to do is stay resident as the user's process until it detects that the user has elevated privileges. Then BLAMMO, sudo rootme.
  I'm not defending Vista, I'm just pointing out that it's not necessarily a good thing that the OS gives you this window. It's useful for interactive tasks, but not so great for processes that want to surreptitiously perform administrative actions--and let's face it, that's the larger problem.
  Just as an example, say I download and run an executable. It's a fun little Desktop Buddy or something. It does its thing for a while. Later on, while I'm browsing, Desktop Buddy tries to perform an administrative action. Am I going to let it through? Maybe, but probably not, particularly if I don't connect the UAC dialog with anything I was actively doing.
  Now, let's say I go download a different program..say a browser widget of some kind. While downloading the widget, a UAC prompt pops up saying that the widget wants access to perform an administrative action. Of course I click through--it's just another annoying Windows prompt asking if I'm sure that I want to install this program.
  The great benefit to UAC is not in stopping the user from doing something. It's in stopping processes from doing something when the user isn't looking or expecting it. Adding a timer for unlimited administrative action completely negates this benefit, so we might as well do without UAC altogether.
4. Re:Linux does it right by Thelasko · 2008-10-10 07:54 · Score: 3, Interesting
  
  Really, the big problem is that Windows wasn't setup with security in mind in the first place. When Microsoft started to add security, they discovered that the developers were abusing administrator privileges. Sooner or later this was going to happen.
  
  Between using Windows and Linux, I've noticed that Windows is becoming more Linux/Unix like with every release. With XP the Documents and Settings folder really started to feel like /home. Unfortunately, the occasional program would still try to save user information in Program Files. Now when we make Program Files an administrator only area we have problems.
  
  The UAC issue is an issue that every company has when it does something wrong and tries to fix it. The users and developers get used to doing it the wrong way and it's very difficult to get them to do it right. Microsoft has to go through this pain if it wants to be a serious operating system.
  
  I've seen similar problems in manufacturing. When we try to bring a process under control, the operator at that station will resist and say, "but I've been doing it that way for 20 years!" Then we have to explain that they have been doing it wrong for 20 years. It's very difficult to change your way of doing this after that long. Some companies have tried, but weren't successful. It's painful at the moment, but it will improve. Windows will become a better product because of it.
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
5. Re:Linux does it right by Rary · 2008-10-10 08:05 · Score: 2, Insightful
  
  In Vista, if you open the "all users" start menut and re-arrange 10 shortcuts, you get 10 prompts
  Not if you open it as administrator (note: not the same as logging in as administrator). Then you get prompted once upon launching Explorer, and never again as long as you have that Explorer session open.
  The problem with UAC is that people can't be bothered to learn how it works. Like so many computer-related problems, it's really a user problem.
  For what it's worth, I've been using Vista daily for about a year and have not found the UAC prompts to be even remotely annoying.
  
  --
  "You cannot simultaneously prevent and prepare for war." -- Albert Einstein
6. Re:Linux does it right by Sancho · 2008-10-10 08:51 · Score: 2, Insightful
  
  Except that this was the sneaky Desktop Buddy, just waiting for a distraction.
  I think that's a level of intelligence and sophistication that we're unlikely to see in the near future. Certainly not on a wide scale. The other is far easier to accomplish.
  
  So while Vista's version is more secure, it's not by much, and the convenience of ubuntu's way (plus that it's not needed all the time) makes it an overall win to ubuntu, in my opinion.
  I think it's an overall win for Ubuntu because the user doesn't get so fed up with alerts that they disable the whole thing. I think that Microsoft might be able to win (on the user notification/authorization front) with the appropriate tweaks. For example, the same process is likely to require multiple authorizations--so why not use a timer for that, but require reauthorization if a new process needs privileges? You'll still have attacks when IPC is used with common processes to manage tasks, but it's a start. You could also profile applications, find common sequences of privilege escalation requirements, and code to allow them through with one authorization if they're executed in the same order within a small period of time. There are all sorts of things Microsoft could do to loosen the restrictions (so as not to become a burden on the user) while maintaining security.
7. Re:Linux does it right by jcupitt65 · 2008-10-10 10:18 · Score: 2, Interesting
  
  Awesome, so all malware needs to do is stay resident as the user's process until it detects that the user has elevated privileges. Then BLAMMO, sudo rootme.
  No, that one process gets a temporary elevation, not the user. It's not a security hole.
  Windows dev friends tell me that Windows actually has almost the same thing (you can have a timeout on admin privs), but sadly Explorer is too retarded to use it properly :-( Perhaps this is something win7 can address.
I never understood... by Anita+Coney · 2008-10-10 06:49 · Score: 5, Insightful

... how getting computer users to blindly click through continuous, repetitive, and annoying dialog boxes kept computers more secure in the first place. It would seem under any reasonable analysis to do the opposite.

--
If someone says he and his monkey have nothing to hide, they almost certainly do.
1. Re:I never understood... by TriezGamer · 2008-10-10 08:27 · Score: 2, Funny
  
  I think the problem is that what most users will READ, regardless of the text is this:
  "The computer wants to do something. The computer needs to do things to do what you're trying to do. Allow or cancel?"
How about fixing the developers instead? by Chemisor · 2008-10-10 06:50 · Score: 5, Insightful

It would be a much better idea to force every programmer to run under a non-Administrator account (and no Administrators or even Power Users group membership either!) Anyone who complains is obviously writing bad code, since there is absolutely no friggin' reason that a regular application should require administrative privileges. Whatever you set during setup is IT! And, for God's sake, learn to open registry keys in read-only mode!
1. Re:How about fixing the developers instead? by Volante3192 · 2008-10-10 06:59 · Score: 2, Informative
  
  Exactly. XP even has the structure for this. You have your OWN documents and settings folder (no need to put everything in program files) and you have your OWN registry hive with HKCU (no need to put everything in HKLM)
  Obviously you can read everywhere, but you can't write or modify, which is as it should be.
  But it just pisses me off every time I have to (re)install UPS worldship and it throws hissyfits til doomsday til i just give the account Local Admin...
2. Re:How about fixing the developers instead? by LWATCDR · 2008-10-10 07:39 · Score: 2, Interesting
  
  But..
  And this is the big one. I agree for new code. But the only real strength of Windows is it's legacy of applications.
  It is supposed to run old software. And if you have ever supported average users let me explain why a good program could have problems.
  Lets say you have 10,000 users using your program under Windows 95. You store their files under Program Files, Program name, User
  Now more and more people buy your software and then XP hits. It recomends that you move those data files to My Documents. Well Now you have 50,000 users. Do you make them move them?
  Do you give yourself a support headache buy have some people with files under My Documents and some under Program Files...
  Now comes Vista and it throws a fit if you store a data file under Program files Which if they are none executable I don't see what the problem is.
  So you simply tell people to turn off the UAC.
  Of course your customers start having problems with Sound cards, USB to serial devices, and performance issues with Vista anyway so....
  Your right no new program should have a problem with the UAC. But most programs are not new and may have an established customer base.
  
  --
  See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
3. Re:How about fixing the developers instead? by wumpus188 · 2008-10-10 07:45 · Score: 2, Insightful
  
  I agree... Except that on Vista, Visual Studio 2005 itself requires admin rights to be able debug anything or attach to any process for debugging. And VS2008? Forget about it.. At my place of work, we have VB6 projects that needs to be fixed and supported.
4. Re:How about fixing the developers instead? by Phroggy · 2008-10-10 08:17 · Score: 2, Informative
  
  Actually they got this right. If you run apps designed for Win95, it creates a virtual directory tree inside the current user's home directory, so when the app tries to write to C:\Program Files, it really writes to this virtual filesystem and you don't get a UAC prompt at all.
  It's not Win95 apps that have a problem with UAC, it's WinXP apps.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
5. Re:How about fixing the developers instead? by Chemisor · 2008-10-10 08:41 · Score: 2, Interesting
  
  > Lets say you have 10,000 users using your program under Windows 95.
  > You store their files under Program Files, Program name, User
  In other words, you want to be inconsiderate and make me hunt down my data files under some weird directory name under Program Files, which, by the way, is hidden by default until you tell explorer to show system files or something. There is absolutely no excuse for writing data files in the program directory. Windows 95 supports home directories. Use them.
  > then XP hits. It recomends that you move those data files to My Documents.
  > Well Now you have 50,000 users. Do you make them move them?
  Hell no! That's also inconsiderate. You have the setup program move them and tell the user what it did. No ifs ands or buts. Sure, you'll annoy your 50000 users, but that's just what you deserve for not following standards.
  > Now comes Vista and it throws a fit if you store a data file under Program files
  > Which if they are none executable I don't see what the problem is.
  The problem is that users should never write to Program Files. Period. The permissions should be set to not allow it. This is a very very good idea because it prevents viruses from mucking up your installed programs. And, of course, it prevents the user from accidentally deleting them. Mac users, in particular, tend to think that an app can be uninstalled by deleting its directory.
  > So you simply tell people to turn off the UAC.
  Heck no! There is no way I'm compromising my computer's security just to cover for your bad design. I'll either stop using your program, or implement an inconvenient workaround (which normal users would not be able to do), consisting of manually going to Program Files/Your App and setting permissions on the directories you are foolishly trying to write to. Old games are VERY bad about this. Fortunately, setting permissions on the saved game subdir usually works.
6. Re:How about fixing the developers instead? by cyberdrop · 2008-10-10 10:16 · Score: 2, Informative
  
  http://blogs.msdn.com/oldnewthing/archive/2007/11/26/6523907.aspx
Re:Famous last words by Mr2cents · 2008-10-10 06:51 · Score: 4, Insightful

It's funny that Microsoft is trying to clean up the mess they've been producing for more than a decade (I'm being nice here), just to find themselves locked in just like the rest of us.

--
"It's too bad that stupidity isn't painful." - Anton LaVey
Trade-off my ass... by IgnoramusMaximus · 2008-10-10 06:51 · Score: 5, Insightful

This problem of imbecilic prompts is directly related to the entire inane history of DOS and then Windows, where all the lessons of multi-user systems learnt decades before were wilfully and sanctimoniously ignored by the resident Microsoft "geniuses". Thus application "developers" were allowed to, and soon came to depend on, access to what in nearly every other OS in existence are "root only" subsystems. Even in editions of Windows which were supposedly multi-user capable, the prevalent lazy practice of majority of "developers" was to depend on system-wide registry keys, administrative privilege level processes and what not to accomplish most mundane of tasks.
And so now the chickens are home to roost, with literally hundreds of thousands of apps written to kindergarten competence levels. And Microsoft is in a bind: secure the OS and either break these stupidly written apps altogether, inundate the user with prompts every time one of them tries something stupid, or give up.
They are scared to death of the implications of the first choice, tried the second, and now seem to be heading toward that last one.
1. Re:Trade-off my ass... by IgnoramusMaximus · 2008-10-10 11:19 · Score: 2, Interesting
  
  They simply didn't have a choice. You forget that until the Intel 286 CPU that x86 lacked hardware protection domains. That means that the OS was completely and totally incapable of enforcing any form of protection over hardware resources. That means that the developers had free reign over the system and there was nothing that could be done to prevent it. Linux, even if it could be adapted to that hardware, couldn't prevent it either.
  
  Untrue. Many early multi-user OSes run on hardware which did not have hardware-based memory and process separation. While in such cases the separation of processes cannot be hardware enforced, the discipline of re-entrant, multi-user code which takes care to maintain granularity can (and was) maintained.
  DOS and early Windows had NO facilities whatsoever for even the simplest of process and resource management tasks. Hell, DOS was a single task "OS" (essentially a just a program loader - and with no support for dynamic libraries to boot) which required hacking to get a fake form multi-tasking to be semi-functional, involving essentially a bug which allowed some processes to "terminate" without freeing their memory.
  So your apologetics fall quite flat here.
2. Re:Trade-off my ass... by ion.simon.c · 2008-10-10 13:18 · Score: 2
  
  You are also making some big assumptions.
  Large companies *will* *not* run an unsupported OS.
  Which is worse?
  1) Finding a new app that replaces your old, unsupported one?
  2) Running an unsupported, vulnerable OS?
  3) Getting the source code to your mission critical application in the first damn place, thereby avoiding the whole mess?
Let me type su by TibbonZero · 2008-10-10 06:52 · Score: 2, Interesting

I know you could disable the UAC, but it wasn't as simple as typing 'su' and entering your root password.

If I'm root I want to be able to do ANYTHING with no questions asked. Kill the filesystem with one commandline? Sure. Kill my databases? Sure. Change settings of anything? Sure.

Yet the Administrator accounts in Windows get just as many annoying prompts (if not more) than the standard users. I should be able to configure rights below me easily to allow my standard user to not get bothered by prompts that they can just click through.
br I see it as a huge issue because is faux security with the UAC mostly. It creates warnings basically, but doesn't prevent action (mostly again).

--
Tibbon
tibbon.com
1. Re:Let me type su by Anonymous Coward · 2008-10-10 10:16 · Score: 2, Insightful
  
  The entire point of UAC was to force Administrator to be a standard user, that way bad developers couldn't hide their violation of documented security guidelines by just telling their users to run as Administrator. The only solution was to lock down Administrator so that it is just as constrained as a standard user and require the user to permit actions which extend beyond those of a standard user.
  UAC is more about forcing the developers to acknowledge and follow the documented guidelines than it is to constrain the users. UAC is temporary. Once a critical mass of applications follow the guidelines Microsoft can cut it, default everyone to a standard user and allow Administrator to be Administrator again, although probably hidden from the user until they intentionally elevate.
Because only Vista runs Win32 apps well by tepples · 2008-10-10 06:55 · Score: 2, Interesting

If you're not installing Vista for enhanced security, why exactly are you installing it?
Because I'm buying or building a new computer other than a subnotebook. Between June 2008 and December 2096, Windows XP is not available on computers other than subnotebooks, and I want to use applications that work better under Windows Vista than under Ubuntu with Wine.
To reverse Ben Franklin :) by davidwr · 2008-10-10 07:03 · Score: 4, Funny

Those who would give up Essential Security to purchase a little Temporary Liberty deserve Microsoft products.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I am for one appreciating this function... by sam0737 · 2008-10-10 07:08 · Score: 3, Interesting

After the system, software is setup and running, I hardly run into any UAC prompt, except for one of the bank applications that for unknown requires admin privilege.
If Vista didn't push for that, we will need admin privileges to run Windows, forever, because of the bad design of applications!
There are, definitely, room for improvements, for example, combining the ActiveX Install prompt with UAC, reducing two to one. Combing the warning of running the Internet downloaded .exe and UAC, and allows a Explorer.exe to have the admin token for a while once granted, for those file manipulation operations.
All in all, I love UAC! It's more convenient than typing "sudo ..." for every commands i need to run at root's right.
Microsoft lacks clout with developers. by Animats · 2008-10-10 07:11 · Score: 4, Informative

If Microsoft only allowed products to show any kind of Windows logo if they complied with the security rules, this wouldn't be a problem. Microsoft loosened up on the logo program because developers weren't willing to bother.
This happened to Apple when they went to the PowerPC, and were dumped by many major software vendors. Apple wasn't in a position to order developers around, and they hadn't realized that. It took years to recover from that.
Re:Famous last words by DrLang21 · 2008-10-10 07:17 · Score: 4, Insightful

The answer would have been simple (the implementation not so simple). You make a Legacy Windows emulator that runs inside Vista. This worked well for Apple's OS X. Though I am sure implementing this for Windows would have involved a lot more bloat than Classic did.

--
I see the glass as full with a FoS of 2.
UAC is attacking the wrong problem. by argent · 2008-10-10 07:20 · Score: 5, Insightful

The biggest security problem in Windows is that the design of the HTML control and ActiveX in conjunction with the "security zone" model is inherently insecure. It provides a huge surface are to remote code execution exploits that simply does not exist in any other web browser... or any other software on any other platform that uses HTML and HTTP. The problem is that it's an explicit and deliberate mechanism for an object that should never be trusted... that is to say, a remote website... to request full local application permissions and run unsandboxed code.
Until this model is changed and only explicitly installed applications can run outside the browser's sandbox, Windows is going to remain the poster boy for "insecure systems".
Being able to prevent an already compromised application from performing system administration tasks is laudable, but it's not really all that important to the user. Everything on their computer that they care about isn't owned by the administrator, it's owned by their regular user account. And there's plenty of places owned by the end user that malware can hide to keep being restarted after the computer is rebooted. UAC is a partial sandbox, at best.
Being able to restrict what the web browser can do after it;s been compromised is laudable, but since the browser has to be able to save files for the user, it can still inject an exploit into the users account. So the reduced privilege mode on Vista (and the much touted sandboxes on OS X) are leaky protection at best.
And leaky sandboxes, and partial sandboxes, are more useful in providing a false sense of security to the user than actually keeping malware out.
Getting rid of the "security zones" model and replacing it with hard impermeable sandboxes will cause some disruption. Programs like Windows Update will have to be rewritten to use plugins. ActiveX games will have to be rewritten as flash or modified to run in a full sandbox using something like .NET or a JVM. But this WOULD be a matter of trading off convenience for security. UAC is trading off convenience for the illusion of security. That's not the same thing at all.
1. Re:UAC is attacking the wrong problem. by argent · 2008-10-10 09:41 · Score: 2, Interesting
  
  1. My comment was about "applications like Windows Update", not JUST "Windows Update".
  2. The control panel uses HTML pages and ActiveX controls. I had a user a few years back whose Add/Remove Programs applet stopped working because of a problem with the HTML control. All those control panel applets like Add/Remove Programs that are built on top of the HTML control would ALSO need to be modified if Microsoft fixed the security problems in the HTML control.
I actually like Vista by heffrey · 2008-10-10 07:58 · Score: 3, Informative

I've recently upgraded at work from XP to Vista 64 and I really like it. I hate it when I go back to XP now - where's my search?!!! Start button, app title, , it's just ruddy marvellous.
As a developer too UAC makes it much more realistic to develop and test under LUA scenarios.
I don't really get many UAC prompts. What's all this talk about rearranging menu shortcuts? Why the heck would you do that when you can just type the app name and press ENTER using LiveSearch.
I guess I'll be modded down for admitting to liking Vista but am I really alone?
Re:Famous last words by Bill,+Shooter+of+Bul · 2008-10-10 08:07 · Score: 4, Insightful

I question the insight of the previous comment. Emulation wouldn't help an increase in security. If you emulate the previous lax security, then you haven't increased security. If you haven't emulated the old behavior well enough, its still bugging you with the UAC.

The really interesting thing about this is in the article where the reporter says that they've toned it down a bit , but the Microsoft spokesman only talks about programs changing to fit Vista's security model. Makes sense. Windows programs try doing all sorts of things they really shouldn't sometimes ( especially of the crapware variety).

--
Well.. maybe. Or Maybe not. But Definitely not sort of.
Re:Typical Microsoft.. by bonch · 2008-10-10 08:19 · Score: 2, Insightful

I wonder why it wasn't like OS X in the first place. On OS X, I only see the prompt if I try to install software, install a system update, or click a lock in System Preferences to enable editing of certain preferences. Once in a while I also see it if I'm doing something with a folder I don't have access rights to by default, which is rare.
How UAC could work by kimvette · 2008-10-10 08:25 · Score: 2, Insightful

UAC was, by Microsoft admission, designed to be as annoying as possible. This was a HUGE mistake, because that is precisely how, aside from security holes inherent to Windows' architecture, that spyware got to be so ubiquitous. I have clients who by their own admission will click "yes" to every damn dialog just to get them out of the way and get back to work. One of them said they'll keep having us come back to clean up their computers rather than change their behavior. I know I should be glad for the repeat revenue, but it's damn annoying when I know it could have been designed a lot better.
Why couldn't UAC either:
1. Elevate the user's privileges globally for a period of time, like sudo on *nix, or the analogous mechanism in Apple's OS X desktop environment?
2. Elevate the privileges of that process for a period of time?
3. Just inform the user "You must log in as Administrator to perform that task." and then disable UAC while logged in as Administrator (hey, that would be just like *nix! No nagging "are you sure" B.S. when root!)
4. Ditch backwards compatibility, relegating it (backwards compatibility) to a VirtualPC-sandboxed WinXP environment?

--
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
1. Re:How UAC could work by ShadowRangerRIT · 2008-10-10 08:50 · Score: 2, Insightful
  Possible, but problematic. sudo doesn't modify it globally if I recall, just for apps launched out of the same window. Don't know about Apple's mechanism. If it was actually global, user level malware would just have to wait for a privilege escalation before performing their nastiness.
  
  It does elevate the process and all sub-processes (thus, launching an Admin command prompt will allow you to launch anything else as Admin), but frequently programs are designed so a number of sub-processes perform privileged tasks, while the parent does nothing. Possibly a fix to up the privilege of the process group as well as all child processes might work, but it still opens a hole.
  
  If you like that approach, you can do it via GP. The default behavior has to work for your average home user, while sysadmins can configure it however they like.
  
  Will never happen (barring a complete OS reset, a la the MS Research Singularity/Midori project). People would be complaining a hell of a lot more if their old favorite apps stopped working completely (or worked massively slower under VirtualPC). Clicking through a dialog once per program launch, even a somewhat disruptive one, is better than breaking a program or slowing it down for the entire period of use. And can you imagine the complaints about resources if Vista ran a sandbox VM for every bad program?
  --
  $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
Wrong by FranTaylor · 2008-10-10 09:13 · Score: 4, Insightful

On a modern linux installation, the number of times you need to log in as root to do ordinary stuff is ZERO. All of those desktop things that you used to have to do as root is now being done by setuid programs or other such carefully designed gateways.
My wife uses my linux laptop all the time and does all kinds of useful things on it and she does not know the root password.
Re:Security vs. Compatibility is a fine tradeoff by PitaBred · 2008-10-10 09:50 · Score: 2, Informative

I can see you're a little slow, and don't actually know anything about how computers work.
A program gets an "event" as it's called, something like MouseClick or something. These events can be generated by MORE than than just the mouse... it allows automated GUI testing programs, letting a click on a transparent "top" window be filtered down to a lower one, and so on. Basically, Windows CAN'T know that you're "THE ONE HOLDING THE FUCKING MOUSE" from just that.
What UAC does is it takes control away from ALL programs, and only allows local input devices to generate events, so it CAN be sure that it's you that clicked that button.
It's ok... lots of people yell when they don't know what they're talking about ;)

--
My blog. Good stuff (when I remember to update it). Read it.
Re:Famous last words... I would have thought RunAs by davidsyes · 2008-10-10 09:50 · Score: 2, Interesting

(Administrator...) and the other right-click options to choose XP, 2K, etc would have helped. One would think ms would have created vista from scratch, and, as you say, emulate the older systems. Vista in all versions could have and SHOULD have had embedded in them that existing windows emulator.
But, they decided that certain "16-bit" help files code no longer suited their needs. Fortunately for them, it screwed over the help system and broke several Lotus SmartSuite help file functionality. Someone told me that it wasn't microsoft's responsibility to help Lotus run a bad help program. Thing is, EVERYbody used ms' help program in some way, and in some implementation.
But, a windows 98 emulator built into vista would have perpetuated use of "legacy" apps and probably would have delayed uptake in "new" versions ms would have loved to see 3rd parties sell, principally to compel "upgrading" (side-grading) to vista.

--
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Flogging dead horses never gets old by SL+Baur · 2008-10-10 14:33 · Score: 2, Funny

Fine. Disable it. I'm just sick and tired of people making misleading comments and outright LIES about it.
You are on the wrong forum. There's no horse dead enough we can't keep beating on.