One year in, most big applications have updated to support limited users. And apparently only ~12% of users turn off UAC. It seems to be working.
I agree the burden of app compat on Windows is a major roadblock to having a clean OS, but this burden is enforced by the market, not just made up by Microsoft. And clearly UAC avoids an unecessarily abrupt break in app compat. Outside of Slashdot, where valid technical concerns exist around DRM, perf, and other areas, the biggest complaints around Vista in the main stream relate to application and driver compatibility issues. If Vista is a disaster now, it clearly would have been an epic disaster if they opted against UAC and instead broke all compatibility without workarounds.
You really think that the better approach would be to switch people to limited user, and let the majority of windows apps fail? Seriously? If people complain about UAC this vocally, they'd certainly complain that nothing runs at all. Or am I misunderstanding your point?
The goal here is to push windows apps to finally run as limited user. I think with UAC they found a fairly ingenious middle ground -- everyone runs as limited user, but elevating to administrator is very simple (but annoying). Whatever version of windows is around in 5-10 years will likely not need UAC, because the windows app ecosystem will finally be limited user friendly.
Vista is still prone to viruses and Trojans in no small part because M$ still lets it run as root and not need physical password entry to install or run a program.
Actually no, even if you are in the administrator group, all your processes are running without administrator privileges. That's the whole point of UAC. The little 'confirm/deny' dialog is essentially the kernel asking whether the particular process that's about to run can be launched with Administrator privileges enabled. IE takes this mechanism even farther, by running in a stripped priviledge mode where it cannot modify anything on the system other than the temp folder, effectively blocking drive-by rooting.
Of course, if someone is 'confirm' happy on the UAC prompts they'll get infected, but I guess that's the next challenge. Plus, in those cases you can set them up as limited users, and not give them admin passwords. The good think about UAC is that by making administrators run in this mode, it forces all application to support limited mode execution. Have you ever tried running limited in XP or before? It's doable, but my god it's a nightmare of app compatibility. In Vista there's no such problem.
I guarantee you that experience is due to all the half-compatible junk pre-loaded by HP. Extract the current key for your Vista OS, download and burn yourself a Vista ISO (since I doubt HP actually provides you with media for the OS you just purchased), flatten that machine and install just Vista. You'll be shocked at the difference.
If it's also vulnerable on IE7 + Vista, luckily IE7 runs with such limited privileges that the code execution won't be able to do anything other than writing to the internet temp folder. That is, if you haven't turned off UAC.
OEM's don't have a lot of incentive for selling $250 computers, as the profit margins are very tight in such a low price ranges (even without MS tax). It's not like 06's $700 desktop can't be built today for $250, or '05's $700 destop couldn't be build for $250 in '06, and so on. As hardware prices fall, OEMs simply up the specs of their base systems so that they maintain their profit sweet spot.
How often does MS sue smaller companies for petent infringement, compared to how often Microsoft is sued? I think software patents for the most part are bullocks, but given the system exists it would seem smart for any company to try to patent as much as they can to protect themselves, Microsoft included.
The betas are to test the gameplay (particularly wrt to multiplayer, new weapons). I would be extremely surprised if the released game doesn't look significantly different than the betas. It makes sense to keep the 'wow' factor as secret as possible until the release. Otherwise game reviewers will won't have much new to praise before release.
The real cost of a OEM system isn't much linked to the MS tax. In reality it comes down to how often the soccer mom user will pick up that phone and call in to OEM support because something isn't working right. The quesstion is, will the Ubuntu systems carry a much higher price tag than their window counterpart in this respect...
This is what IE7 does on Vista. Even though with UAC enabled it's always running as a limited user, it goes one step further and strips itself of access to the system -- it can only read from and write to the temporary cache folder. It's a interesting approach that makes fly-by installs through vulnerabilities much less likely.
Microsoft is bigger than ever, makes more money than ever (with a consistent double digit growth every quarter), and has its hads in more areas of peoples lives than ever before (PCs, business [large, midsize, small], gaming, mobile devices, cars, television, movies, etc...). At the same time, their marketing team for years has been working on making their company seem more 'friendly', not the beheamoth aggressive cut-throat company of times past, but a kinder, gentler, trustworthy Microsoft. This might not have a huge effect on real techie crowds like Slashdot, but you can see their effects on the general populous, where Microsoft shows up in near the top of the country's most trusted companies.
It would be a mistake for any company to think that Microsfot is dead.
I've never bought this argument, that more dual boot mac folks leads to more OSX software being created. I think the opposite is much more logical -- now there's no reason to develop OSX software, since mac users can simply boot into windows.
What's more likely, that Vista perf QA did not test file copy speeds, or that this issue has something to do with specific users' setup (i.e. a combination of hardware, drivers, software environment, etc...), something that would be hard to find even after you test on hundreds of systems?
During the first stage of setup, Vista actually hits windows update for security patches. This will avoid the isses you describe in your 'challange', which did plague Windows (before SP2, anyway).
I don't have a Vista key handy but lets assume it's 15 characters (or longer, win2k3 is 15 characters). Correct me if I'm wrong, but that would mean that there are 35 (26 letters + 9 numbers) ^ 15 possible combinations, or 144,884,079,282,928,466,796,875? Even if you could test a million keys a second, it would still take 4 billion years to try them all. The product key UI usually takes at least a second to validate the key.
The brute force approach is fundamentally impossible, unless you are the luckiest person in the world. The same thing applies for any long user password, which is why rainbow tables are often used to bring down the possible combinations.
The security model in BSD and Windows are the fundamentally same. Resources on the system are protected by access lists defined for users/groups. Administrators/Root have full access to change anything in the system, absolutely no way around that. Windows screwed the pooch because in its migration from Win98 (single-user, no security) to the Win2k/XP platform (already mature user and ACL implementation) they had to keep app compat or lose the market (computers were not powerful enough to get virtualization in the picture yet). So, applications expect administrator privileges, and hell even parts of the OS are guilty of this (i.e. - double click on the taskbar's clock as limited user in XP).
With this as background, their task in Vista is huge. You can't keep users running as Administrator and be secure, period. The same thing would be true of linux if everyone ran as root. But the biggest selling point for Windows is app compat. So we have a middle ground to affect a transition between a Admin and a non-Admin world -- UAC. People are still administrator, but under most circumstances (before the UAC prompt) everything runs as limited user. App compat issues are partly fixed with virtualization that allows admin apps to run as limited, but most are solved by simply asking for admin access, but just for these applications. Slowly the whole application ecosystem moves to limited user supprt, and UAC prompts are fewer and far between. I would expect that in the next windows UAC will be much different, if non existent.
In either case, like MS says, UAC is not a security boundary per-se (although it can be used as such). Common sense should dictate that if you get a prompt out of the blue, green or non-green, you should cancel.
Sorry for missing that part of your question. It is my understanding that Vista will fall back to the basic UI if you have 512MB, because the perf rating on your machine will not be high enough to trigger Aero (pulled down to a 1 by your memory). But assuming you have a video card with a WDDM driver, you can flip a registry entry and force Aero on. http://www.tweakvista.com/article39008.aspx
Aero is nice and all, and I think it will get much better as apps take advantage of WPF, but at least for the time being I wouldn't exactly call it the reason to run Vista. Although I have to admit goign back to an XP machine is painful these days. For me huge wins are being able to finally run as non-Administrator with applications working (I did this in XP but the experience was somewhat broken), Windows DVD Maker (which makes it seamless to burn donwloaded movies, with awesome menus to boot), and Media Center streaming to my XBox 360.
1 Gig is more than enough for Aero -- dwm only really takes up around 40-60mb of RAM, it's mostly about the video card.
I'm not going to lie, Vista obviously take up more resources that XP. And I do think the platform could have used some tightening up resource wise before ship. That said, it is quite snappy at 1 Gb. Don't let taskmanager's 'physical memory in use' measures fool you, it conflates app RAM usage with OS memory allocation to fully take advantage of the resources available. If an app needs extra memory, the RAM used for caching/superfetch is trivially reallocated with little perf impact. It is sad that 512mb is the baseline, but RAM is cheap so I can live with it.
Slashdot Mirror
One year in, most big applications have updated to support limited users. And apparently only ~12% of users turn off UAC. It seems to be working.
I agree the burden of app compat on Windows is a major roadblock to having a clean OS, but this burden is enforced by the market, not just made up by Microsoft. And clearly UAC avoids an unecessarily abrupt break in app compat. Outside of Slashdot, where valid technical concerns exist around DRM, perf, and other areas, the biggest complaints around Vista in the main stream relate to application and driver compatibility issues. If Vista is a disaster now, it clearly would have been an epic disaster if they opted against UAC and instead broke all compatibility without workarounds.
You really think that the better approach would be to switch people to limited user, and let the majority of windows apps fail? Seriously? If people complain about UAC this vocally, they'd certainly complain that nothing runs at all. Or am I misunderstanding your point?
The goal here is to push windows apps to finally run as limited user. I think with UAC they found a fairly ingenious middle ground -- everyone runs as limited user, but elevating to administrator is very simple (but annoying). Whatever version of windows is around in 5-10 years will likely not need UAC, because the windows app ecosystem will finally be limited user friendly.
Vista is still prone to viruses and Trojans in no small part because M$ still lets it run as root and not need physical password entry to install or run a program.
Actually no, even if you are in the administrator group, all your processes are running without administrator privileges. That's the whole point of UAC. The little 'confirm/deny' dialog is essentially the kernel asking whether the particular process that's about to run can be launched with Administrator privileges enabled. IE takes this mechanism even farther, by running in a stripped priviledge mode where it cannot modify anything on the system other than the temp folder, effectively blocking drive-by rooting.
Of course, if someone is 'confirm' happy on the UAC prompts they'll get infected, but I guess that's the next challenge. Plus, in those cases you can set them up as limited users, and not give them admin passwords. The good think about UAC is that by making administrators run in this mode, it forces all application to support limited mode execution. Have you ever tried running limited in XP or before? It's doable, but my god it's a nightmare of app compatibility. In Vista there's no such problem.
I guarantee you that experience is due to all the half-compatible junk pre-loaded by HP. Extract the current key for your Vista OS, download and burn yourself a Vista ISO (since I doubt HP actually provides you with media for the OS you just purchased), flatten that machine and install just Vista. You'll be shocked at the difference.
(A) Windows should be secure.
(B) Windows should be 100% compatible with legacy applications.
Pick one.
If it's also vulnerable on IE7 + Vista, luckily IE7 runs with such limited privileges that the code execution won't be able to do anything other than writing to the internet temp folder. That is, if you haven't turned off UAC.
OEM's don't have a lot of incentive for selling $250 computers, as the profit margins are very tight in such a low price ranges (even without MS tax). It's not like 06's $700 desktop can't be built today for $250, or '05's $700 destop couldn't be build for $250 in '06, and so on. As hardware prices fall, OEMs simply up the specs of their base systems so that they maintain their profit sweet spot.
Definitely. Other than selling 60 million licenses up to this point, Vista is a complete failure.
How often does MS sue smaller companies for petent infringement, compared to how often Microsoft is sued? I think software patents for the most part are bullocks, but given the system exists it would seem smart for any company to try to patent as much as they can to protect themselves, Microsoft included.
Anyone here planning on picking up one of the linux pre-installed machines when they go on sale? I'm legitimately curious.
The betas are to test the gameplay (particularly wrt to multiplayer, new weapons). I would be extremely surprised if the released game doesn't look significantly different than the betas. It makes sense to keep the 'wow' factor as secret as possible until the release. Otherwise game reviewers will won't have much new to praise before release.
The real cost of a OEM system isn't much linked to the MS tax. In reality it comes down to how often the soccer mom user will pick up that phone and call in to OEM support because something isn't working right. The quesstion is, will the Ubuntu systems carry a much higher price tag than their window counterpart in this respect...
This is what IE7 does on Vista. Even though with UAC enabled it's always running as a limited user, it goes one step further and strips itself of access to the system -- it can only read from and write to the temporary cache folder. It's a interesting approach that makes fly-by installs through vulnerabilities much less likely.
Xbox Live (for the 360) has been selling HD movies and TV shows for quite a while, in WMV format.
Microsoft is bigger than ever, makes more money than ever (with a consistent double digit growth every quarter), and has its hads in more areas of peoples lives than ever before (PCs, business [large, midsize, small], gaming, mobile devices, cars, television, movies, etc...). At the same time, their marketing team for years has been working on making their company seem more 'friendly', not the beheamoth aggressive cut-throat company of times past, but a kinder, gentler, trustworthy Microsoft. This might not have a huge effect on real techie crowds like Slashdot, but you can see their effects on the general populous, where Microsoft shows up in near the top of the country's most trusted companies.
It would be a mistake for any company to think that Microsfot is dead.
...enough to do things like boot up the machine using alternate media, then the battle is essentially lost, no?
I've never bought this argument, that more dual boot mac folks leads to more OSX software being created. I think the opposite is much more logical -- now there's no reason to develop OSX software, since mac users can simply boot into windows.
I don't see why MS should be concerned... Every Mac user that boots into Windows is a new license. PC manufacturers should be affraid.
What's more likely, that Vista perf QA did not test file copy speeds, or that this issue has something to do with specific users' setup (i.e. a combination of hardware, drivers, software environment, etc...), something that would be hard to find even after you test on hundreds of systems?
During the first stage of setup, Vista actually hits windows update for security patches. This will avoid the isses you describe in your 'challange', which did plague Windows (before SP2, anyway).
Yeah forgot the zero. :)
I don't have a Vista key handy but lets assume it's 15 characters (or longer, win2k3 is 15 characters). Correct me if I'm wrong, but that would mean that there are 35 (26 letters + 9 numbers) ^ 15 possible combinations, or 144,884,079,282,928,466,796,875? Even if you could test a million keys a second, it would still take 4 billion years to try them all. The product key UI usually takes at least a second to validate the key.
The brute force approach is fundamentally impossible, unless you are the luckiest person in the world. The same thing applies for any long user password, which is why rainbow tables are often used to bring down the possible combinations.
The security model in BSD and Windows are the fundamentally same. Resources on the system are protected by access lists defined for users/groups. Administrators/Root have full access to change anything in the system, absolutely no way around that. Windows screwed the pooch because in its migration from Win98 (single-user, no security) to the Win2k/XP platform (already mature user and ACL implementation) they had to keep app compat or lose the market (computers were not powerful enough to get virtualization in the picture yet). So, applications expect administrator privileges, and hell even parts of the OS are guilty of this (i.e. - double click on the taskbar's clock as limited user in XP).
With this as background, their task in Vista is huge. You can't keep users running as Administrator and be secure, period. The same thing would be true of linux if everyone ran as root. But the biggest selling point for Windows is app compat. So we have a middle ground to affect a transition between a Admin and a non-Admin world -- UAC. People are still administrator, but under most circumstances (before the UAC prompt) everything runs as limited user. App compat issues are partly fixed with virtualization that allows admin apps to run as limited, but most are solved by simply asking for admin access, but just for these applications. Slowly the whole application ecosystem moves to limited user supprt, and UAC prompts are fewer and far between. I would expect that in the next windows UAC will be much different, if non existent.
In either case, like MS says, UAC is not a security boundary per-se (although it can be used as such). Common sense should dictate that if you get a prompt out of the blue, green or non-green, you should cancel.
Sorry for missing that part of your question. It is my understanding that Vista will fall back to the basic UI if you have 512MB, because the perf rating on your machine will not be high enough to trigger Aero (pulled down to a 1 by your memory). But assuming you have a video card with a WDDM driver, you can flip a registry entry and force Aero on. http://www.tweakvista.com/article39008.aspx
Aero is nice and all, and I think it will get much better as apps take advantage of WPF, but at least for the time being I wouldn't exactly call it the reason to run Vista. Although I have to admit goign back to an XP machine is painful these days. For me huge wins are being able to finally run as non-Administrator with applications working (I did this in XP but the experience was somewhat broken), Windows DVD Maker (which makes it seamless to burn donwloaded movies, with awesome menus to boot), and Media Center streaming to my XBox 360.
1 Gig is more than enough for Aero -- dwm only really takes up around 40-60mb of RAM, it's mostly about the video card.
I'm not going to lie, Vista obviously take up more resources that XP. And I do think the platform could have used some tightening up resource wise before ship. That said, it is quite snappy at 1 Gb. Don't let taskmanager's 'physical memory in use' measures fool you, it conflates app RAM usage with OS memory allocation to fully take advantage of the resources available. If an app needs extra memory, the RAM used for caching/superfetch is trivially reallocated with little perf impact. It is sad that 512mb is the baseline, but RAM is cheap so I can live with it.