Well it would seem that Microsoft agrees with you, as even machine administrators by default have to sudo-elevate processes that require admin privileges.
In that kind of circumstance, the warning is probably appropriate. You are asking people to download unsigned, uncommon binaries on the developer's assurance that they are safe. It's probably fair to tell the user this and let them decide.
Yes, user-mode programs should install into %LOCALAPPDATA% unless being installed for all users. Chrome, for example, does this correctly, which is why you do not need admin credentials to install it.
Pretty much any repository based (typically but I suppose not necessarily *nix) operating system, particularly if you use one with an extensive set of packages, will effectively stop you donwloading most malware.
How so? I see a lot of people claiming this, but I don't really understand the reasoning. Is the assumption that it would be impossible/very difficult to install software NOT in the repository? I don't think people would tolerate this level of controlling from Microsoft, unless the requirements to get in the repository are extremely low, in which case, how have you solved the problem?
On the other hand, if you leave the ability to bypass the repository installer, how will that prevent people from bypassing it when told to by a website? You can say they should be conditioned not to bypass the installer, but remember we're talking about people who will click on literally any warning screen to get the software they want.
So how would you envision this working, in a practical sense?
And that is arguably a good thing. I'd say most users would want to be alerted if they were one of the first few people to download some particular executable.
But that's an aside. Your original claim was that *any* free software not digitally signed will be flagged. And that is a gross lie.
Except nowhere on that site does it say that ANY application NOT digitially signed WILL get flagged.
Instead it is saying that digitally signing is ONE way you can HELP get your software NOT flagged. "Reputation" is based on more factors than "digitally signed."
That's not true, and at the very least there is absolutely no reason why it would need administrative privileges just to *tell* the user there is an update, which is what the Java updated does.
Any Free [gnu.org] application that isn't digitally signed with Authenticode will get flagged by IE's "SmartScreen application reputation" filter [msdn.com].
Actually in Vista onwward, you can type "Regedit" directly into the start menu search box and it will run the proper program when you hit enter, so you were right the first time.
Be careful! Unless you are absolutely certain that everything is to code, that switch in the wall doesn't guarantee to cut off power to the fixture, only to break the circuit. That break should be in the hot leg of the circuit - but it isn't always!
This proposal at least has the advantage of not requiring all that much infrastructure replacement, always the biggest hurdle due to sunk costs. Communications should be possible over the existing power lines, with only a single EOPL gateway, so all you'd have to replace is the replaceable bulbs themselves, and optionally the fixture.
The EM radiation, analogous to the airzooka, could theoretically hurt you if it was powerful enough to actually blow you away with wind. But, if it fails to reach that threshold, it does not actually hurt you at all. You could stand in front of it all day without being hurt, just like you can stand in front of an electric fan without being hurt. On the other hand, ionizing radiation is like the rifle. It doesn't hurt you by blowing you away with wind, it hurts you by punching a hole right through you. If it is shot at you and lucky enough to score a hit, it will hurt. The two are different, even though they are both kinds of guns that shoot things at you. No amount of time standing in front of an airzooka would ever equal the damage of being shot in the head once.
Capitalism is not the enemy of progress. It is what creates the surpluses that make spending on progress possible. Nobody is going to spend money on a space elevator if they are worried about having enough food to make it through the winter.
Who mentioned AD? None of what I said requires an AD domain. It is the default "Windows" set-up since Windows 2000. The only gotcha is that the GUI for some of the local security options is omitted from "home" versions of Windows to prevent PEBCAK breakage, though you can still set them via command line.
For the record, administrators in Windows 7 are almost exactly like sudo users, in that they normally run with no administrative privleges. The UAC prompt temporarily elevates a process so it can perform administrative functions.
To the extent that proper process security is an issue on Windows, it is entirely because of poor application support, not OS design flaws.
Guest, by default, has almost no permissions to do anything. It is disabled by default not so much for security reasons but because most people have no desire to allow other anonymous people to even securely use their machine.
Standard users can function "out of the box" just fine, they just can't install systemwide software, and that's a good thing. Win 7 makes it even easier with a user-friendly elevation system. I know this, because I support many such systems. I don't know what you mean by saying standard users can't function.
Everything does not have to go through the system registry and system files. There is a user registry. There is a user application directory. You can pretty easily grant write privileges to the user registry and not the system registry, and all but very badly-behaved programs will run fine. I can confirm that Office runs perfectly.
It is not a systematiaclly poor deisgn. Everything does not have to go through one central repository. Everything can be "parceled out" as much as a developer wishes. A program can easily use.conf files if it wants to.
You can easily say "no system registry for you" and the only thing you can't do is install or modify system components.
I will grant you that some very old Windows software is poorly designed and fails to use secure locations properly, but that's not a design flaw in Windows, and it is easily worked around.
Slashdot Mirror
Well it would seem that Microsoft agrees with you, as even machine administrators by default have to sudo-elevate processes that require admin privileges.
In that kind of circumstance, the warning is probably appropriate. You are asking people to download unsigned, uncommon binaries on the developer's assurance that they are safe. It's probably fair to tell the user this and let them decide.
Yes, user-mode programs should install into %LOCALAPPDATA% unless being installed for all users. Chrome, for example, does this correctly, which is why you do not need admin credentials to install it.
Now also:
WINKEY
event (or similar)
ENTER
Pretty much any repository based (typically but I suppose not necessarily *nix) operating system, particularly if you use one with an extensive set of packages, will effectively stop you donwloading most malware.
How so? I see a lot of people claiming this, but I don't really understand the reasoning. Is the assumption that it would be impossible/very difficult to install software NOT in the repository? I don't think people would tolerate this level of controlling from Microsoft, unless the requirements to get in the repository are extremely low, in which case, how have you solved the problem?
On the other hand, if you leave the ability to bypass the repository installer, how will that prevent people from bypassing it when told to by a website? You can say they should be conditioned not to bypass the installer, but remember we're talking about people who will click on literally any warning screen to get the software they want.
So how would you envision this working, in a practical sense?
And that is arguably a good thing. I'd say most users would want to be alerted if they were one of the first few people to download some particular executable.
But that's an aside. Your original claim was that *any* free software not digitally signed will be flagged. And that is a gross lie.
The whole fact that windows logging is displayed in a GUI pretty much shows the braindeadedness.
How so?
Except nowhere on that site does it say that ANY application NOT digitially signed WILL get flagged.
Instead it is saying that digitally signing is ONE way you can HELP get your software NOT flagged. "Reputation" is based on more factors than "digitally signed."
That's not true, and at the very least there is absolutely no reason why it would need administrative privileges just to *tell* the user there is an update, which is what the Java updated does.
At some point the user needs root access, don't you think? Unless you're ready to just give up all control over your system.
Any Free [gnu.org] application that isn't digitally signed with Authenticode will get flagged by IE's "SmartScreen application reputation" filter [msdn.com].
What is your source for this claim?
Actually in Vista onwward, you can type "Regedit" directly into the start menu search box and it will run the proper program when you hit enter, so you were right the first time.
This one made me chuckle, if only because of Microsoft's having talked about how much HUMAN TESTING they do on their user interfaces!
Uh...you know Amazon doesn't actually pay your sales taxes, right?
Has Ms made assurances of any kind?
Yes.
http://www.microsoft.com/interop/cp/default.mspx
Note this does not cover their proprietary frameworks like Windows Forms or ASP.NET, but it is most of the framework.
Be careful! Unless you are absolutely certain that everything is to code, that switch in the wall doesn't guarantee to cut off power to the fixture, only to break the circuit. That break should be in the hot leg of the circuit - but it isn't always!
This proposal at least has the advantage of not requiring all that much infrastructure replacement, always the biggest hurdle due to sunk costs. Communications should be possible over the existing power lines, with only a single EOPL gateway, so all you'd have to replace is the replaceable bulbs themselves, and optionally the fixture.
Ha! Make you're neighbor's house start doing this:
http://www.youtube.com/watch?v=rmgf60CI_ks
That's actually a really good analogy.
The EM radiation, analogous to the airzooka, could theoretically hurt you if it was powerful enough to actually blow you away with wind. But, if it fails to reach that threshold, it does not actually hurt you at all. You could stand in front of it all day without being hurt, just like you can stand in front of an electric fan without being hurt. On the other hand, ionizing radiation is like the rifle. It doesn't hurt you by blowing you away with wind, it hurts you by punching a hole right through you. If it is shot at you and lucky enough to score a hit, it will hurt. The two are different, even though they are both kinds of guns that shoot things at you. No amount of time standing in front of an airzooka would ever equal the damage of being shot in the head once.
Why not just buy Falcon 9 launches for a little bit more, and get the entire spacecraft AND operations?
Ted Greason explains it very well:
http://www.youtube.com/watch?v=m8PlzDgFQMM
Capitalism is not the enemy of progress. It is what creates the surpluses that make spending on progress possible. Nobody is going to spend money on a space elevator if they are worried about having enough food to make it through the winter.
Who mentioned AD? None of what I said requires an AD domain. It is the default "Windows" set-up since Windows 2000. The only gotcha is that the GUI for some of the local security options is omitted from "home" versions of Windows to prevent PEBCAK breakage, though you can still set them via command line.
For the record, administrators in Windows 7 are almost exactly like sudo users, in that they normally run with no administrative privleges. The UAC prompt temporarily elevates a process so it can perform administrative functions.
To the extent that proper process security is an issue on Windows, it is entirely because of poor application support, not OS design flaws.
Of course third-party applications can use the logging facility! Wow. You are a Windows admin and you didn't know this?
Scripts can use it too:
http://technet.microsoft.com/en-us/library/ee176682.aspx
Almost everything you said was wrong.
Guest, by default, has almost no permissions to do anything. It is disabled by default not so much for security reasons but because most people have no desire to allow other anonymous people to even securely use their machine.
Standard users can function "out of the box" just fine, they just can't install systemwide software, and that's a good thing. Win 7 makes it even easier with a user-friendly elevation system. I know this, because I support many such systems. I don't know what you mean by saying standard users can't function.
Everything does not have to go through the system registry and system files. There is a user registry. There is a user application directory. You can pretty easily grant write privileges to the user registry and not the system registry, and all but very badly-behaved programs will run fine. I can confirm that Office runs perfectly.
It is not a systematiaclly poor deisgn. Everything does not have to go through one central repository. Everything can be "parceled out" as much as a developer wishes. A program can easily use .conf files if it wants to.
You can easily say "no system registry for you" and the only thing you can't do is install or modify system components.
I will grant you that some very old Windows software is poorly designed and fails to use secure locations properly, but that's not a design flaw in Windows, and it is easily worked around.