This is exactly how Microsoft has it setup. The problem is that a lot of application developers are lazy. They don't want to write software for how Microsoft wants it to be written. This has, essentially been how Microsoft has intended software to be written for years. C:\Documents and Settings\User\Application Data has only been around since the Windows 2000 days.
Actually, per-user Registry Hives and filesystem locations were introduced in one of the last versions of Windows 95, IIRC - and they were _definitely_ in Windows 98 (and all versions of NT).
It's been a decade since a Windows developer has had any excuse whatsoever (let alone a good one) for releasing software that wasn't "multiuser friendly".
If malware can turn off UAC without prompting the user, and can therefore subsequently do whatever it wants without any further prompts (as UAC is disabled), what protection is it offering me?
Yes. You're missing the part that the malware cannot run in the first place unless the user has authorised it to.
I can see the reasoning behind their argument, and it is sound. However, I don't agree with the conclusion because it assumes the average user confronted with a security question will make an educated, rational and correct decision - when they almost invariably will not.
Generic mouse drivers are already installed. I have plugged in at least 5 mice to my laptop and have never once been prompted by UAC.
I'm not quite sure I see your point. The automatic installation of drivers (eg: for plug & play of mice) is handled by system-level processes that are already running. Again, if you can manipulate these in some fashion, you've already attained a high enough privilege level that faking user input to UAC prompts is unnecessary.
If it's possible for malware to do this on your machine, then somehow it's already gotten past UAC, whether by some other hole, or by the user allowing it. What, exactly, do you suppose UAC is supposed to do in that case?
It's a matter of defense-in-depth.
UAC should not be able to be disabled (or have its configuration changed) easily, and under no circumstances should this be able to happen programmatically, without user interaction. However, incessant whining from the kinds of people who frequent Slashdot about how annoying UAC is, means both of the above are now possible, rendering UAC basically worthless.
I predict that within 12 months, developers will be shipping their software with installers that either disable/reconfigure UAC, or tell the user to do so, just so they don't have to do the hard work of modifying their crappily-written software (that they should have done a decade ago) to work properly in on a multiuser platform.
Is this really a problem? Can't the malware just install a mouse driver and get that to send the necessary mouse click so Windows thinks it's a physical mouse button being pressed?
If the malware already has access high enough to install hardware drivers, a need to click on UAC prompts seems a bit superfluous, no ?
No it doesn't. If you install Vista with all the defaults then you are a member of the Administrators group. You still have to go out of your way if you want to start out with a plain old unprivileged user.
"Administrator" in Vista is not the same as "Administrator" in earlier versions. It is akin to be being an 'admin' in OS X or Ubuntu - it just means you can elevate your privileges if required, not that you can do whatever you please.
Prompting the user when this setting is altered is quite worthless - if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning".
You mean apart from the inability of your script to interact with the separate Desktop that UAC prompts occur on ?
So you don't know why it stops working with Vista; but you are sure it is nothing to do with DRM.
I am sure the Protected Path isn't active unless you have DRM-encumbered content. Whether or not you have DRM-encumbered content, I can't say since you refuse to give even a basic description of a) what you're trying to do and b) what doesn't work.
You claim companies like GE ands E-Merge do not know how to write proper code.
We have the displeasure of a hundred-odd Radworks machines in our environment, most definitely I "claim" that.
And yet it is video software like PACS and Medical Records that I am talking about.
You haven't talked about anything with any sort of specificity.
You are clueless, yet you talk like an authority. Very good.
Pretty funny coming from the guy blaming the DRM boogeyman for a problem it almost certainly cannot be responsible for.
Let me guess, you read Gutmann's little FUD-fest, saw his (incorrect, inaccurate, and dishonest) example of medical imaging, and think it's true ?
Why else would video software that worked with XP suddenly stops working with Vista?
With no more information that "video software" and "stops working", it's impossible to say.
The fact is, however, that if you don't have DRM-encumbered content and a DRM-capable playback tool, the Protected Path is not active. That's just how the system works. No DRM-encumbered input, no DRM-encumbered output.
Is PACS video DRM encumbered?
I can't imagine so, but only the vendor would know for sure.
Why should software vendors be compelled to keep rewriting their code everytime Microsoft releases a new driver model, concept or Operating System?
For the same reason they are "compelled" to keep "rewriting their code" each time every other OS vendor releases major OS updates.
In reality, if their code had been written properly in the first place, it wouldn't have needed "rewriting" at all for Vista.
The Protected Video Path has introduced several problems with pre-existing software that deals with video and works perfectly with XP but fails in Vista.
Given the Protected Path is not even active unless you're using DRM-encumbered media, I think you need some evidence to back that up.
I do not agree with everything RMS/FSF has to say, but in terms of proprietary versus free-libre licensing, they are spot on.
Your complaints above are not about the licensing, but the cost (albeit in an indirect fashion). If you are prepared to pay for an appropriate Windows license, all of your complaints are addressed.
That's not how capitalism works. Competition drives prices down unless they are artificially inflated due to monopoly status.
Which has what, exactly, to do with my comment ? You might want to consider what you mean by "screwing you" and come up with some sort of definition, before you continue.
Hardware and software are two completely different things. It doesn't take more R&D to turn on features that already exist.
So CPUs with different clock speeds (to pick but one obvious example of a typically artificial hardware restriction) don't exist in your world ?
If that's the case isn't it unecessary to have 5 additional versions?
Apparently not.
Just sell Home Premium and Business. It worked pretty well before as Home/Professional.
I'm sure, if Microsoft's business analysts think they'll make more money that way, they will.
That is not not the principle being discussed. You are oversimplifying it to suit your argument.
Then please explain what "the principle" is, because from the arguments given thus far it sure as hell doesn't seem to be any more complicated.
Wow. I don't know what planet you came from but US culture is not inherently right-wing. The governement may be but the culture certainly isn't.
Yes, yes it is. Gun control, health care, corporate regulation - these are just a few things where the general attitudes of the people are far more right-wing in the US than pretty much anywhere else in the First World. This is before even going into cultural attitudes towards sex, violence, religion (or lack thereof), and the like.
Indeed, I'm struggling to think of a single place I've been to in the Western World where even "somewhat liberal" American attitudes wouldn't be considered socially conservative/right-wing.
If you transplanted the average centre-right political party from Australia, New Zealand, Canada, the UK, or just about anywhere in Europe into US politics, they would likely be considered somewhat to the left of the Democrats (or at best equivalent to them).
I was orginally just making the point that there is a huge difference between the Workstation/Server options when installing Linux and the current selection of Windows builds.
And I was trying to point out that there are also significant differences in commercial Linux pricing, although that segmentation is generally built around support contracts rather than features.
The principal, however, is the same.
Commercial Linux vendors manage to get this right but Microsoft is only looking at profit.
All companies are only looking at profit. Don't kid yourself otherwise.
Ultimately people want a solution that is customer oriented not profit oriented.
Of course they do. And ultimately all companies want to be able to charge the customer a fortune without having to do any work. So we work under the princpal that this inevitable and unending tug of war will produce a system that has reasonable outcomes for both sides.
I can probably guess what planet he comes from: Europe. Europe is so off-the-charts liberal, pretty much the entire rest of the world is right-wing to them.
Actually it's Australia (although I am currently living in Switzerland). We (and based on my experiences in the US, UK, Canada, and a reasonable chunk of Europe, pretty much every other part of the First World) consider even US centre-left parties to be (at most) centre-right. If a centre-left party from pretty much anywhere outside the US suddenly materialised in US politics, they'd be considered raging socialist extremists, if not flat-out communists.
The Finnish system is so simple that you can't really make it any better. You get a piece of paper, with a circle designating where to write your number. A line shows which way is down.
Heh. Now that's an interesting little cultural difference. As an Australian I would expect an arrow like that to be showing which way is up.:)
Your analogy is fatally flawed. You need the service packs, but if there's nothing you want in a new mac OS, you're still getting all your security updates, all your software updates (iTunes, Quicktime, etc) and your machine keeps getting better with age, like smelly, smelly cheese.
You get 7-10 years of support, patches, updates, and the like, from Microsoft for a given OS release.
I think most of the commenters here would prefer it if MS said, "We're planning on sending out 1 RC for sure, more if needed." The idea of "one and only 1 RC regardless of what turns up" is what they're objecting to.
This is Slashdot. Most of the commentators here are going to say it sucks regardless of how good it is.
Meh. Red Hat's next-gen virtualization stack (libvirt+kvm+oVirt) supports all that (yes, including the live migration), without paying the big bucks for VMotion on top of the already-hefty ESX pricetag. The oVirt embedded distro+UI isn't all there yet -- but I'm doing QA automation and care far more about how flexible and scriptable everything is than what kind of pretty frontends are on top out-of-the-box.
I certainly hope it's better than the current implementation in RHEL/CentOS 5 with Xen, which has been flaky, at best.
Despite all the hype, there's been no real workflow improvements in any version of Windows since W2K.
The updated Start Menu in XP, then the search box in Vista, were both significant improvements in "workflow".
The breadcrumb trail in Vista's Explorer is a significant improvement in "workflow".
The per-application grouping of buttons in the Taskbar is a "workflow" improvement. Personally I don't like the collapsing-all-buttons-into-one aspect of that and "disable" it by setting the collapse threshold extremely high, but some people think it's great.
Those are just off the top of my head. I'm sure I could find more if I wanted to waste time doing an in-depth comparison.
Author is specifically referring to enterprise client/server apps. That some dweebs, a few years ago, decided that web front-ends for such apps would be a "good thing" is tragic. Stand-alone, platform-specific front-end applications are infinitely superior in such an environment.
Right. Because if there's one thing telecommuters and remote workers love, it's a fat-client architecture.
If you need that kind of performance why not just get a desktop for work and another for home, move your working files between the two and have dramatically better performance for the same money?
Because keeping two environments synchronised properly is a massive PITA.
GPO's are broken like that. They do work, for decreasingly low values of work. However, it does stop the casual "I dunno what Im doing so Im going to surf the Web" users.
What's funny is that if someone was making exactly the same complaint about an identical policy in Linux, the answer would be 'well of course it only blocks access to the filesystem via "My Computer" that's all you told it to do'.
GPOs do an excellent job at what they are supposed to do. That doesn't mean they do an excellent job at what you might think they are supposed to do.
This is exactly how Microsoft has it setup. The problem is that a lot of application developers are lazy. They don't want to write software for how Microsoft wants it to be written. This has, essentially been how Microsoft has intended software to be written for years. C:\Documents and Settings\User\Application Data has only been around since the Windows 2000 days.
Actually, per-user Registry Hives and filesystem locations were introduced in one of the last versions of Windows 95, IIRC - and they were _definitely_ in Windows 98 (and all versions of NT).
It's been a decade since a Windows developer has had any excuse whatsoever (let alone a good one) for releasing software that wasn't "multiuser friendly".
Am I missing something?
If malware can turn off UAC without prompting the user, and can therefore subsequently do whatever it wants without any further prompts (as UAC is disabled), what protection is it offering me?
Yes. You're missing the part that the malware cannot run in the first place unless the user has authorised it to.
I can see the reasoning behind their argument, and it is sound. However, I don't agree with the conclusion because it assumes the average user confronted with a security question will make an educated, rational and correct decision - when they almost invariably will not.
Generic mouse drivers are already installed. I have plugged in at least 5 mice to my laptop and have never once been prompted by UAC.
I'm not quite sure I see your point. The automatic installation of drivers (eg: for plug & play of mice) is handled by system-level processes that are already running. Again, if you can manipulate these in some fashion, you've already attained a high enough privilege level that faking user input to UAC prompts is unnecessary.
If it's possible for malware to do this on your machine, then somehow it's already gotten past UAC, whether by some other hole, or by the user allowing it. What, exactly, do you suppose UAC is supposed to do in that case?
It's a matter of defense-in-depth.
UAC should not be able to be disabled (or have its configuration changed) easily, and under no circumstances should this be able to happen programmatically, without user interaction. However, incessant whining from the kinds of people who frequent Slashdot about how annoying UAC is, means both of the above are now possible, rendering UAC basically worthless.
I predict that within 12 months, developers will be shipping their software with installers that either disable/reconfigure UAC, or tell the user to do so, just so they don't have to do the hard work of modifying their crappily-written software (that they should have done a decade ago) to work properly in on a multiuser platform.
Is this really a problem? Can't the malware just install a mouse driver and get that to send the necessary mouse click so Windows thinks it's a physical mouse button being pressed?
If the malware already has access high enough to install hardware drivers, a need to click on UAC prompts seems a bit superfluous, no ?
No it doesn't. If you install Vista with all the defaults then you are a member of the Administrators group. You still have to go out of your way if you want to start out with a plain old unprivileged user.
"Administrator" in Vista is not the same as "Administrator" in earlier versions. It is akin to be being an 'admin' in OS X or Ubuntu - it just means you can elevate your privileges if required, not that you can do whatever you please.
And only when Microsoft change this will Windows be half way towards being secure.
Which was done with Vista.
Prompting the user when this setting is altered is quite worthless - if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning".
You mean apart from the inability of your script to interact with the separate Desktop that UAC prompts occur on ?
So you don't know why it stops working with Vista; but you are sure it is nothing to do with DRM.
I am sure the Protected Path isn't active unless you have DRM-encumbered content. Whether or not you have DRM-encumbered content, I can't say since you refuse to give even a basic description of a) what you're trying to do and b) what doesn't work.
You claim companies like GE ands E-Merge do not know how to write proper code.
We have the displeasure of a hundred-odd Radworks machines in our environment, most definitely I "claim" that.
And yet it is video software like PACS and Medical Records that I am talking about.
You haven't talked about anything with any sort of specificity.
You are clueless, yet you talk like an authority. Very good.
Pretty funny coming from the guy blaming the DRM boogeyman for a problem it almost certainly cannot be responsible for.
Let me guess, you read Gutmann's little FUD-fest, saw his (incorrect, inaccurate, and dishonest) example of medical imaging, and think it's true ?
Why else would video software that worked with XP suddenly stops working with Vista?
With no more information that "video software" and "stops working", it's impossible to say.
The fact is, however, that if you don't have DRM-encumbered content and a DRM-capable playback tool, the Protected Path is not active. That's just how the system works. No DRM-encumbered input, no DRM-encumbered output.
Is PACS video DRM encumbered?
I can't imagine so, but only the vendor would know for sure.
Why should software vendors be compelled to keep rewriting their code everytime Microsoft releases a new driver model, concept or Operating System?
For the same reason they are "compelled" to keep "rewriting their code" each time every other OS vendor releases major OS updates.
In reality, if their code had been written properly in the first place, it wouldn't have needed "rewriting" at all for Vista.
Who cares when it will be released. Windows Se7en will still require the outlandish hardware that Vista does.
And by "outlandish" you mean "sub-$500 PC", right ?
Heck, even when Vista was released, a PC that could run it well was only about $800.
The Protected Video Path has introduced several problems with pre-existing software that deals with video and works perfectly with XP but fails in Vista.
Given the Protected Path is not even active unless you're using DRM-encumbered media, I think you need some evidence to back that up.
I do not agree with everything RMS/FSF has to say, but in terms of proprietary versus free-libre licensing, they are spot on.
Your complaints above are not about the licensing, but the cost (albeit in an indirect fashion). If you are prepared to pay for an appropriate Windows license, all of your complaints are addressed.
That's not how capitalism works. Competition drives prices down unless they are artificially inflated due to monopoly status.
Which has what, exactly, to do with my comment ? You might want to consider what you mean by "screwing you" and come up with some sort of definition, before you continue.
Hardware and software are two completely different things. It doesn't take more R&D to turn on features that already exist.
So CPUs with different clock speeds (to pick but one obvious example of a typically artificial hardware restriction) don't exist in your world ?
If that's the case isn't it unecessary to have 5 additional versions?
Apparently not.
Just sell Home Premium and Business. It worked pretty well before as Home/Professional.
I'm sure, if Microsoft's business analysts think they'll make more money that way, they will.
That is not not the principle being discussed. You are oversimplifying it to suit your argument.
Then please explain what "the principle" is, because from the arguments given thus far it sure as hell doesn't seem to be any more complicated.
Wow. I don't know what planet you came from but US culture is not inherently right-wing. The governement may be but the culture certainly isn't.
Yes, yes it is. Gun control, health care, corporate regulation - these are just a few things where the general attitudes of the people are far more right-wing in the US than pretty much anywhere else in the First World. This is before even going into cultural attitudes towards sex, violence, religion (or lack thereof), and the like.
Indeed, I'm struggling to think of a single place I've been to in the Western World where even "somewhat liberal" American attitudes wouldn't be considered socially conservative/right-wing.
If you transplanted the average centre-right political party from Australia, New Zealand, Canada, the UK, or just about anywhere in Europe into US politics, they would likely be considered somewhat to the left of the Democrats (or at best equivalent to them).
I was orginally just making the point that there is a huge difference between the Workstation/Server options when installing Linux and the current selection of Windows builds.
And I was trying to point out that there are also significant differences in commercial Linux pricing, although that segmentation is generally built around support contracts rather than features.
The principal, however, is the same.
Commercial Linux vendors manage to get this right but Microsoft is only looking at profit.
All companies are only looking at profit. Don't kid yourself otherwise.
Ultimately people want a solution that is customer oriented not profit oriented.
Of course they do. And ultimately all companies want to be able to charge the customer a fortune without having to do any work. So we work under the princpal that this inevitable and unending tug of war will produce a system that has reasonable outcomes for both sides.
I can probably guess what planet he comes from: Europe. Europe is so off-the-charts liberal, pretty much the entire rest of the world is right-wing to them.
Actually it's Australia (although I am currently living in Switzerland). We (and based on my experiences in the US, UK, Canada, and a reasonable chunk of Europe, pretty much every other part of the First World) consider even US centre-left parties to be (at most) centre-right. If a centre-left party from pretty much anywhere outside the US suddenly materialised in US politics, they'd be considered raging socialist extremists, if not flat-out communists.
The Finnish system is so simple that you can't really make it any better. You get a piece of paper, with a circle designating where to write your number. A line shows which way is down.
Heh. Now that's an interesting little cultural difference. As an Australian I would expect an arrow like that to be showing which way is up. :)
Your analogy is fatally flawed. You need the service packs, but if there's nothing you want in a new mac OS, you're still getting all your security updates, all your software updates (iTunes, Quicktime, etc) and your machine keeps getting better with age, like smelly, smelly cheese.
You get 7-10 years of support, patches, updates, and the like, from Microsoft for a given OS release.
From Apple, you're lucky to get half that.
I think most of the commenters here would prefer it if MS said, "We're planning on sending out 1 RC for sure, more if needed." The idea of "one and only 1 RC regardless of what turns up" is what they're objecting to.
This is Slashdot. Most of the commentators here are going to say it sucks regardless of how good it is.
Meh. Red Hat's next-gen virtualization stack (libvirt+kvm+oVirt) supports all that (yes, including the live migration), without paying the big bucks for VMotion on top of the already-hefty ESX pricetag. The oVirt embedded distro+UI isn't all there yet -- but I'm doing QA automation and care far more about how flexible and scriptable everything is than what kind of pretty frontends are on top out-of-the-box.
I certainly hope it's better than the current implementation in RHEL/CentOS 5 with Xen, which has been flaky, at best.
Despite all the hype, there's been no real workflow improvements in any version of Windows since W2K.
The updated Start Menu in XP, then the search box in Vista, were both significant improvements in "workflow".
The breadcrumb trail in Vista's Explorer is a significant improvement in "workflow".
The per-application grouping of buttons in the Taskbar is a "workflow" improvement. Personally I don't like the collapsing-all-buttons-into-one aspect of that and "disable" it by setting the collapse threshold extremely high, but some people think it's great.
Those are just off the top of my head. I'm sure I could find more if I wanted to waste time doing an in-depth comparison.
Bruce Schneier is right; security is a process, not a product. The internal threats are just as great, if not greater, than the external ones.
Internal threats are easily greater than external threats.
The only saving grace is that internal threats are generally less likely to be malicious.
Author is specifically referring to enterprise client/server apps. That some dweebs, a few years ago, decided that web front-ends for such apps would be a "good thing" is tragic. Stand-alone, platform-specific front-end applications are infinitely superior in such an environment.
Right. Because if there's one thing telecommuters and remote workers love, it's a fat-client architecture.
If you need that kind of performance why not just get a desktop for work and another for home, move your working files between the two and have dramatically better performance for the same money?
Because keeping two environments synchronised properly is a massive PITA.
You forgot Perl 6.
Perl is an abomination, wrapped in a nightmare, surrounded by chaos. I have zero interest in seeing it continue. :)
GPO's are broken like that. They do work, for decreasingly low values of work. However, it does stop the casual "I dunno what Im doing so Im going to surf the Web" users.
What's funny is that if someone was making exactly the same complaint about an identical policy in Linux, the answer would be 'well of course it only blocks access to the filesystem via "My Computer" that's all you told it to do'.
GPOs do an excellent job at what they are supposed to do. That doesn't mean they do an excellent job at what you might think they are supposed to do.