“Here, Jon Schwartz, UAC Architect, and Chris Corio, UAC Technical Program Manager, discuss, in detail, the history of UAC, the architecture and design of UAC, the new security model of Vista (we are all standard users, gone are the days of running as admin by default on Windows), what happens when a UAC security dialog is invoked, how UAC impacts developers, how UAC will evolve, etc.”
Let the iteroperability begins.
The secret to permissions is to grant the least amount possible to get the job done. MS is going backwards to fix the open doors to windows. So naturally it is a mess of prompt boxes galore. In a Linux distro you are prompted only for config, apt-get or yum, or system stuff. Windows Vista is prompting for anything it is out of control.
watch the Video, the goal of UAC is no prompts for normal every day use. If an app or function is prompting you is the apps fault.
and functions should be for admin only types of stuff.
and the Logic on UAC is a very low level proccess. it excutes during the create proccess function before a thread or proccess is created. the over all goals and design plan of UAC is decent. the problem is more the sloppyness of windows apps and the way there written.
_Nex6
Read his post. He never said anything to the contrary he only mentioned that they’re cleaning up a mess and it’s going to be a pain in the neck until ISV’s get used to doing things properly in a multi-user system.
In my not-well-informed opinion UAC is doing some ugly things. The video talked about adding in “shunts” that basically make exceptions: It’s the ISV’s problem to fix their code and reissue binaries, stop pandering to them it’s their mistake. I see these “shunts” as potential back doors: Look for ways to make your exe look like it’s “xyz cyber ubernator deluxe” and you might get to privy up without a dialog. Not to mention the massive amount of work: It’s always a sign for me that if I’m doing a lot of busy work something is wrong.
I like the idea of UAC. But this video has shaken my confidence in Microsoft’s design. I’m not convinced they’ve addressed the UI part of it well either. Example.
In Mac (sorry guys, I don’t mean to flame bait) the privy dialogs are associated with the application that made them happen, so when they are in focus you get the menu for the program that made them: So you know what program asked, for sure; there’s no if, ands or lies about it (assuming their internal design is secure).
Why didn’t Windows do something similar? (and I admit I have limited experience with UAC, for some reason it won’t come on on my Parallels install, maybe cause I haven’t activated yet?). They already darken the screen except the dialog, why not pull the windows to the front for the requesting program and half-shade them so you can tell which program is asking, easily?
Maybe their design is too low-level and they can’t really find this out consistently?
As for legacy support I say forget it, it’s destroying any chance Windows has at being a reliable system. I’ve tried to run two old games in Vista and neither worked anyway. So let’s forget the insane compatibility moves and just make developers write some new code, rebuild and reship. I know, it sounds awful, but I don’t think I’d mind…
Of course, you’d probably have to hold off major Vista sales for a few months while the big ISV’s get their builds ready.
They can’t really do what you are suggesting because what that darkened screen is, is a completely separate secure account (separate from your account) and what you see is just a picture of what was on your account.
As far as not automatically bringing it to the front, I imagine they did this because of the problems they’ve had with apps stealing window focus (and subsequently pissing off the user). Perhaps just trying to stay away from this?
It’s a composited desktop… You take the images of the application and composite them up front, darkened less than the other windows… You don’t have to actually tell the window it’s focused, in fact you probably shouldn’t.
If they can’t do this I think it could be due to problems with UAC’s design. You can’t ignore the social aspect of security.
Edited 2007-03-06 04:36
As far as not automatically bringing it to the front, I imagine they did this because of the problems they’ve had with apps stealing window focus (and subsequently pissing off the user). Perhaps just trying to stay away from this?
Good point I did not even think about this it would be stealing the focus and by the screen dimming down it requires the user to perform an action with the prompt box that popped up. Really it is overkill for it to ask you when changing the screen resolution properties. Really Vista is like Windows ME with UAC…
It’s never asked me for changing screen resolutions.
The shunts basically see what’s going on and then relaunch the application in privileged mode. There is no hole in the privilege system because that is handled at a lower layer than UAC…
The other sorts of shunts they have added is virtualization of resources. If you want to write to the registry and you’re not an installer, you’ll run as a standard user and your writes will go to a per-user virtual registry tree. Same with writes to program files. (Try using emule in its default config in vista… enjoy spelunking around for where the downloaded files actually go… it’s not in an obvious place!).
<quote>
watch the Video, the goal of UAC is no prompts for normal every day use. If an app or function is prompting you is the apps fault.
</quote>
It’s amazing that for some people it’s *never* Microsoft’s fault!
Ummm… to point out the obvious – the OS provides the framework for applications – i.e. on unix user applications are put into /bin and admin apps are put into /sbin.
Simple, easy and has worked well for about 35 years – you would not have an internet if it hadn’t.
Windows could provide a decent framework for apps – a plan on how to upgrade DLL’s etc seamlessly – a DB of all installed software, automatic checking of apps correctness, sandboxing etc etc etc – even decent UAC of they were any good at writing an OS. But they’re not.
Windows is getting more unix features year after year but they are implemented badly.
Remember;
Those who do not understand UNIX are condemned to reinvent it, poorly. — Henry Spencer
Ummm… to point out the obvious – the OS provides the framework for applications – i.e. on unix user applications are put into /bin and admin apps are put into /sbin.
Complex applications are usually stored in their own /usr/local/ path, the same way they do (program files) on Windows. Small apps can be put inside %systemroot%, or their own directory. I can’t see how a specific directory ierarchy is a “framework for applications”.
Windows could provide a decent framework for apps – a plan on how to upgrade DLL’s etc seamlessly – a DB of all installed software, automatic checking of apps correctness, sandboxing etc etc etc
That’s not an UNIX features, but a package manager. Package managers for Windows do exist (for instance win-get).
Windows is getting more unix features year after year but they are implemented badly.
Wrong, Windows is getting more it’s own features, and they are perfectly implemented.
<quote>
Complex applications are usually stored in their own /usr/local/ path, the same way they do (program files) on Windows. Small apps can be put inside %systemroot%, or their own directory. I can’t see how a specific directory ierarchy is a “framework for applications”.
</quote>
ahh bless!
You’re not even on the first rung of understanding unix.
<quote>
That’s not an UNIX features, but a package manager. Package managers for Windows do exist (for instance win-get).
</quote>
win-get? wassat then? nothing on google. OMG – you don’t actually mean winget the ‘download’ manager do you?
<quote>
Wrong, Windows is getting more it’s own features, and they are perfectly implemented.
</quote>
You have to realise that this half-arsed astroturfing just makes us realise how desperate and scared MS has become.
You’re not even on the first rung of understanding unix.
Care to Enlighten us? And no, splashing random haughty quotes from Henry Spencer won’t help you
win-get? wassat then? nothing on google.
Probably you use some different Google.
(hint: google win-get, 6th position is the project page on sourceforge)
You have to realise that this half-arsed astroturfing just makes us realise how desperate and scared MS has become.
Hmm… I fail to understand how your astroturfing “makes us realize how desperate and scared MS has become”
<quote>
Care to Enlighten us? And no, splashing random haughty quotes from Henry Spencer won’t help you
</quote>
So you want me to explain unix to you – in an osnews posting?
<quote>
Probably you use some different Google.
(hint: google win-get, 6th position is the project page on sourceforge)
</quote>
I think you mean windows-get.
Hmmm… let me have a look…
Last release 7th March 2006….
Total number of downloads 14…
And nothing much else happening…
And to quote from the project….
“The ideas for its creation come from apt-get and other related tools for the *nix platforms.”
This is actually getting funny – so you pointed us to a tool which is actually trying to copy a unix tool – and the project is dead – there are no packages.
So windows-get is trying to reinvent apt-get, and is doing it poorly!
Please, someone, pass this on to Henry – this has given me the best laugh I’ve had for a while!
To explain the difference – Debian currently has about 15,180 packages – and windows-get currently has …er …none.
<quote>
Hmm… I fail to understand how your astroturfing “makes us realize how desperate and scared MS has become”
</quote>
Well of you can’t see it when its this obvious then I won’t be able to explain it either.
So you want me to explain unix to you – in an osnews posting?
Well, at least try to explain some strange claims you made in your previous posts
This is actually getting funny – so you pointed us to a tool which is actually trying to copy a unix tool – and the project is dead – there are no packages.
I didn’t said that project is under active development, but merely pointed out the fact that package managers do exists on Windows as well as on Linux.
Their state is another question, pretty much irrelevant. Sorry to stop your attempt to change discussion subject
So windows-get is trying to reinvent apt-get, and is doing it poorly!
Well, I guest it works, it’s just nobody use it, because on Windows there is much better installer tools, such as MSI
Well of you can’t see it when its this obvious then I won’t be able to explain it either.
The problem is what you think is “obvious” is actually plain wrong
I didn’t said that project is under active development, but merely pointed out the fact that package managers do exists on Windows as well as on Linux.
Windows-get is still pretty much just a downloader, just take a look at it’s features.
Well, I guest it works, it’s just nobody use it, because on Windows there is much better installer tools, such as MSI
I won’t argue that MSI is better than windows-get, but it still provides only a small subset of linux’ package managers’ features.
Windows-get is still pretty much just a downloader, just take a look at it’s features.
Maybe. There are other package managers, I’m sure some of them do manage dependencies. Sure none of them arent even close to apt/rpm, since there is not enough demand/infrastructure for such a tools on Windows.
I won’t argue that MSI is better than windows-get, but it still provides only a small subset of linux’ package managers’ features.
Care to name the main features it lacks?
<quote>
Well, I guest it works, it’s just nobody use it, because on Windows there is much better installer tools, such as MSI
</quote>
You are seriously comparing MSI to the Debian apt system?
Sorry, stare, but if you are genuine and not an MS troll/timewaster I have to say that you are commenting on things about which you know nothing.
Please, get a book or go on a course. No offence intended but you’ve a long way to go – however, you might enjoy the journey – bye for now.
You are seriously comparing MSI to the Debian apt system?
Sure. They serve the same purpose: software deployment, versioning and maintenance. MSI doesnt handle dependencies between different products, though, since Windows software infrastucture doesn’t rely on shared libraries as much as OSS does.
Sorry, stare, but if you are genuine and not an MS troll/timewaster I have to say that you are commenting on things about which you know nothing.
So predictable
People who don’t have any knowledge/rational arguments about subject end up with personal attacks. You didn’t last too long 
Please, get a book or go on a course. No offence intended but you’ve a long way to go – however, you might enjoy the journey – bye for now.
Bye-bye
)
Sure. They serve the same purpose: software deployment, versioning and maintenance. MSI doesnt handle dependencies between different products, though, since Windows software infrastucture doesn’t rely on shared libraries as much as OSS does.
It also doesn’t notify the user about updates, doesn’t keep track of what file belongs to what package (as in something you can easilly query), still requires rebooting, uninstallation is still not there regarding cleaness, there’s no database of checksums to verify packages…
It also doesn’t notify the user about updates
That’s upto setup software maker, there are installation tools which include this feature. Windows Installer provide versioning API for that.
still requires rebooting
API itself doesn’t require it. Windows Installer, however, can detect when reboot is needed.
doesn’t keep track of what file belongs to what package (as in something you can easilly query)
Are you kidding? That can be done with the simple WMI script.
uninstallation is still not there regarding cleaness
What’s problem with uninstallation?
there’s no database of checksums to verify packages…
RTFM msidbFileAttributesChecksum in File Table.
That’s upto setup software maker, there are installation tools which include this feature. Windows Installer provide versioning API for that.
It’s up the the software maker only if the installer doesn’t provide that by itself, which linux’ package managers do.
API itself doesn’t require it. Windows Installer, however, can detect when reboot is needed.
You shouldn’t need to reboot.
Are you kidding? That can be done with the simple WMI script.
Simple… ok, so how would you know what package provided c:windowsgofigurewhatisthis.dll with that simple script?
I’d be impressed if that simple wmi script was as simple as equery belongs filename (actually I’d be impressed if it was possible at all).
What’s problem with uninstallation?
What happens with shared libraries?
RTFM msidbFileAttributesChecksum in File Table
RTFP you get those checksums along with the files, probably inside a cab, and as such are as reliable/unrealiable as the rest of the package.
Edited 2007-03-06 21:49
“Package managers for Windows do exist (for instance win-get). ”
winget is a download manager, not package manager.
“Wrong, Windows is getting more it’s own features, and they are perfectly implemented.”
Hallelujah! Preach the good word, brother!
“Package managers for Windows do exist (for instance win-get). ”
winget is a download manager, not package manager.
Sure, winget is a download manager, and win-get is a package manager
When you refer to some insanely obscure software that not even Google can find (no, it can’t, it’s not the 6th hit down. win-get render a whopping 10 hits on a single page) it’s a good idea to include a link to it.
Now, windows-get on the other hand gives us the correct page.
Edited 2007-03-07 02:48
It’s amazing that for some people it’s *never* Microsoft’s fault!
Oh yes, and *anti*-fanboism is a much more enlightened position.
“the problem is more the sloppyness of windows apps and the way there written.”
I guess you include Microsoft applications. Why does Visual Studio 2005 Sp1 (the very latest!) require to be run as administrator?
As Windows was never design with security as the first priority, it is extremely difficult to fix it now. I also think UAC implementation as a long way to go before it is “usable”.
Um, VS 2005 SP1 complains that it won’t run properly as non-admin, but what happens when you run it?? It works just fine at compiling your programs and debugging things running under your user account.
Why does it pop up the warning??? Because in certain scenarios, like debugging a program running as a differen user (e.g. an ASP.NET server instance), it will not have the correct privileges. This is a sensible security restriction, but it represents a break with the past of what VS2005 was able to do. Debugging processes belonging to other users is indeed a task that should require root access because it is trivial to escalate privileges when you can do this.
UAC is flawed, and most people will probably turn it off.
how is it flawed??
once, a PC is setup you should not get prompts. unless something that requires elvated rights. UAC runs at a very low level so it can control what excutes. and I am sure UAC will get better as all the feedback will get pushed back as updates to the UAC logic.
“once, a PC is setup you should not get prompts.” That was the way it was supposed work, but in reality all it does is annoy people with warnings over trivial things. The annoyed people will turn it off, and any extra security it offered will be gone. There is a word for something that does not work: FLAWED.
“That was the way it was supposed work, but in reality all it does is annoy people with warnings over trivial things.”
So, you use Vista do you? Can you please give me some examples of the “trivial things” you are constantly being warned about? Myself I get a UAC prompt when installing new software, and when changing certain system configuration settings that are definitely not trivial.
“So, you use Vista do you?”. No, I have no interest in using the worst OS since Microsoft Bob. I have read many complaints about UAC, and find them quite believable.
Said complaints are from people who just installed the system.
Once you’ve got it all set up you rarely get any prompts.
And on the things that will require a prompt there is a little shield icon that signifies that if you click on that item you will be required to go through UAC.
So let be get this correct; you are whining about UAC and other features and yet, you’ve never actually used the operating system.
Heck, atleast when I give Linux a good thumping, its because I’ve used it for 9 years – you haven’t even installed let alone run Windows and yet you’re coming up with claims over what Windows Vista does and doesn’t.
I can assure you that apart from system related settings that affect all users logged onto the machine and installing software, I haven’t seen UAC pop up in over 2 weeks, I’ve been running Word 2007, Internet Explorer 7, Media Player, pluged and unpluged hardware, connected and disconnected from my network – not a message yet.
“Heck, atleast when I give Linux a good thumping, its because I’ve used it for 9 years”. You don’t have to spend hundreds of dollars to try Linux. Vista is slow, bloated, expensive, DRM infected, and I will never use it.
UAC is NO different from using sudo on Ubuntu.
In Vista, the following things trigger UAC:
– installing new software
– changing system settings
– copying/pasting/editing files which do not belong to my user account.
In Ubuntu, the following things require root priviliges:
– installing new software
– changing system settings
– copying/pasting/editing files which do not belong to my user account.
Vista has many flaws, but despite the hype, UAC is *not* one of them. And this comes from someone who has been using Vista-final for months, not from some no-name with an anti-everything-MS attitude.
“Vista has many flaws, but despite the hype, UAC is *not* one of them.”
Were all the complaints about UAC lies?
“some no-name with an anti-everything-MS attitude”
I want people to have a choice, not be forced to use Vista because a monopolist makes OEM’s install it on ALL computers.
You fail to address my point here. You ignored the accurate comparison between Vista and Ubuntu.
Were all the complaints about UAC lies?
I can give you a rundown of how this “lie”(I’d call it a hype) came to be.
The first people to test Vista were Windows users, people interested in Microsoft products. They moved from a setting where they ran as admin all day, for years on end, without ever having to enter a password to gain root/admin priviliges. Suddenly, they were confronted with UAC, which prompts for the admin/root password in the same instances you’d need root priviliges on a Linux box.
In other words, they went from never having to enter a password, to having to enter a password as often as on a Linux box. And consequently, they complained.
The anti-MS people, who had never used Vista, picked up on this, having found something to bash Microsoft about. You are a prime example of this.
This is how the hype was born. Even though Vista asks for admin priviliges in exactly the same instances a Linux box does.
So, to get back to your question if all the complaints about UAC are lies– well, that depends on if you classify following an unwarrented hype as lying.
I’d say, yes. They are lies.
It sounded to me like UAC is designed in a radically different way than Sudo. Sudo requires applications to be aware that they’re trying to gain new priviledges by explicitly attempting to gain root priviledges. Also, in Unix there’s a very clear line about what a user can access and what he probably won’t be able to access, which presumably makes Sudo an easier thing to make happen.
But it’s good to know that regardless of the arguments others make your credibility as an OSNews admin outvotes their arguments and observations.
I think you have to take a rather liberal view of “arguments” to call that guy’s statements anything of the sort. Look, you can complain about UAC with some credibility if you take some time to understand how it works and maybe do some experiments to see what its limitations are. You can also make some claims of credibility if you take a more questioning attitude and mix in some technical understanding (like you do). For instance, “Linux does it this way, I think Windows does it this way and that way can’t work.”
On the other hand, the parent poster clearly doesn’t understand the first thing about how UAC works, never intends to use it, and would never change his mind about even if he learned that his opinion is wrong. It is not just a matter of not knowing something, this guy was being stridently ignorant. Please don’t defend this behavior because it does nothing for public discourse.
You don’t have to spend hundreds of dollars to try Linux. Vista is slow, bloated, expensive, DRM infected, and I will never use it.
I didn’t have to spend “hundreds of dollars to try” Windows Vista; I simply walked into my local computer store, found a laptop running Windows Vista, with the same specifications and tried some things out.
Regarding DRM – DRM doesn’t affect you if you’re not using DRM media; all the music I’ve ripped with Windows Media Player, I chose not to ‘protect’ it using DRM (the option to toggle that setting is in Tools-Options on the “Rip Music” tab.
As for bloated, again, where is your justification? I’ve got a gig of memory, and when you take out the amount of memory usage for buffering, caching, and so forth, it is no more bloated than Linux, FreeBSD or any other UNIX that is out there.
For me, its been incredibly snappy when it comes to performance, applications load in seconds, when I want to kill an application, unlike Windows XP, I can actually kill it the first time rather than requiring me to reboot.
But like I said, it find it rather comical that you deride Microsoft and Windows Vista and yet you’ve never used it, studied it or look at it from an objective position – you’re as bad as those in the Republican party who bash Muslims and yet, the only source for their information relating to Islam is a couple of nutty evagelical preachers who take quotations of the Qu’ran out of context.
Edited 2007-03-06 20:25
+1 for conciseness
The security guru, Bruce Schneiner, thinks that UAC has a big gaping hole that makes it worthless. From what the article says, I agree with him:
http://www.schneier.com/blog/archives/2007/02/uac_security_ho.html
Also, what problem is UAC trying to solve? It is trying to solve the problem of some applications having application to places they shouldn’t. The correct solution is through a technology called Mandatory Access Control aka MAC. The predominant MAC solution for Linux is SELinux. SELinux is the reason that RHEL5 is getting the LSPP (Labelled Security Protection Profile) support in it’s US DoD EAL4+ Certification Evaluation.
UAC is a bad in that it attempts to solve a problem that it (by design) can not.
We went over this crap 2 weeks ago. UAC is stupid. For one as it’s been shown even by people that work for MS, by default any application asks for full Admin access by default. So if you are the default user of the PC, you get the UAC prompt and you choose ok by default (Doesn’t ask for passwords or anything!) then that installer or what ever is then running as full admin. And if during that time the application runs a secondary program or script then that will run as full admin also.
It’s a mess, complete mess. And a pain in the butt! It’s still prompts you for stuff like shortcuts that are on more then one desktop. So to delete it you get like 3 damn prompts! Good lord. LOL!
Plus the more anoying thing of all is the fact that if you do ANYTHING that causes a UAC prompt you can’t do crap till you answer the UAC prompt. Your PC is useless till you say yes or no. What the heck is up with that. And that blinking black crap on a slow machine makes people think their machine has crashed. LOL! (And a slow machine to Vista is my IMac core 2 duo with 1GB of ram and Ati Radeon card with 256 MB of ram. Runs Mac OS like a dream. Gave me a 2.0 on my Ram in Vista. LOL!)
Vista is cool. Has some better features then XP and some that are not. Still over all Mac OS is better. When the new version comes out I won’t need to go shopping for a new Mac machine that is for sure. I will still be able to use my 6 year old IBook and it will run fine.
I am sure everyone knows but like Windows NT/Windows 2000 & Windows XP Professional line up required you to run as administator to install software or even run certain programs. The ironic fact is Windows ‘NT’ is granular as far as getting down to file level security. However in saying that the biggest problem is having to run as Administrator in order to run programs or even operate the machine. It is amazing why they took something so simple and turned it into a monster with prompt boxes people will get tired of and turn it off.
I know this example has been used before but for instance installing in about any Linux distro for example ‘Red Hat’ network config requires the root passwd and it should. Or for instance opening up a terminal session if you type ‘ifconfig’ it is not found because you are running as a regular user.
bash: ifconfig: command not found Security on any system starts from the moment in time it is being built not an after thought of hey we have a huge mess on our hands lets throw in a few million lines of code that makes the system inoperaterable to the point of just being a pile of junk. Yes Vista is nice looking but looks are only skin deep and the age spots are under the covers I had a laptop with Vista Home Premium blue screen in the store with the famous;
“IRQL NOT LESS OR EQUAL”
This is the same exact blue screen from Windows NT legacy where it is a faulty driver!
Now what has changed with Vista same blue screens cryptic error message with NO SOLUTION OTHER THAN CONTACT SUPPORT OR THE VENDOR!
Um if you’ve got a driver bug, what can you do? Tell the user which line of the source to look at (source for a driver he does not have)?
Sure, if you’ve got a driver bug, it’s still NT underneath and you’ll still get the BugCheck bluescreen.
I’m not well-versed in how UAC is activated, so please correct me if I’m wrong.
If it were possible to trigger UAC remotely, this would be a vector for a denial of service attack.
I assume in normal circumstances the user must perform some action first, but I’m reminded of all of those spyware pushing websites which bombarded the visitor with ActiveX prompts until they either killed the browser process, or as likely gave in and allowed the software to install.
I don’t think I have much of a point with this, other than UAC is only effective if the user is educated as to what is okay to run, and what isn’t. As it is, once malware has a foot in the door, anything goes. If only it were possible to use the computer in a meaningful way, and yet have every app run in a sandbox.
Here’s what I got from watching the video:
1. UAC Prompt will appear (popup) when a program is trying to do administrative tasks such as writing/saving EXE/binary files to certain locations (e.g. Windowssystem32) or writing to a system-wide registry location (HKLM), or other matters that will affect an overall system settings (per user’s preference/settings/files shouldn’t trigger the UAC prompt).
2. So, because of Point 1, lots of users will have no doubt run into the UAC Prompt many times during the “configuration phase” (i.e. The first two weeks or so when you install new drivers, install new codecs, applications, system tuning…etc). This is expected…however (read point 3).
3. After the “configuration phase”, the system should now be in a “productive phase” to act as a tool for the user (as computers are meant to be, not things that needs to be managed/monitor/tune/fix…all the time). By this, it means the amount of installing software, changing system-wide settings, patching EXE…etc should be A LOT less than when the user and the system was in the “configuration phase”, which in turn means the UAC Prompt should occur A LOT less.
4. There, however, even if when the system is in a productive phase, the system will still shows a lot of UAC Prompts on a daily basis. This can be due to two main reasons…1.)The application is not well written (mostly legacy apps) in the sense that every thing that it does seems to be changing system settings, system files…etc (rather than user/personal data/preferences…etc). 2. The user does a lot of administrative tasks on a daily basis (maybe he’s a system programmer, maybe a system administrator, database administrator…etc).
5. Don’t hate UAC, over time, UAC Prompts should occur less and less as your system requires less administration. UAC is meant to alert you when programs are trying to do things out of the ordinary (which you should be aware of).
Personally, I love UAC because it tells me when some apps are trying to change certain system settings or requires access to some system files…etc. I, for one, do like knowing what (programs, scripts, updaters) goes on in the background that change things for me.
Right now, I’m settling into the “Productive phase” where I surf the web, check e-mails, watch videos, listen to MP3s, run VMs, type up documents…etc (the usual), and I hardly see the UAC prompts now, unless it’s like installing an ActiveX because I’m going to a website that I haven’t been to before (such as my company’s Citrix ICA’s ActiveX…). So really, once you’re done with fiddling with the new system/installation, and start using it as a tool, as a “normal” user, things will be fine.
Edited 2007-03-06 16:19
install winpooch on winxp, be happy…
and if you need the fancy gui, go for windowblinds or whatever. should emulate the system hogging of vista even…
I understand the reason behind it, but I do wish it would be a little more intelligent and transparent. A setting to tone it down, a bubble telling me I needed to OK some changes in the Security Panel, would be nice.
Actually what I want is to get a list of stuff trying to run then either give them temp privileges or permanent privileges depending, I think some firewalls already do this for XP. I’d have to enter an admin password to get to the list of course, and this would just be for power users.
Some details are getting lost in the debate about the merits of Windows UAC. Under 2000 and XP installing software as a standard or power user, depending on how the software was written results vary, requires elevating the installation package to run with admin rights. Sometimes this worked and other times this didn’t since some installers would spawn other processes which would fail since the admin rights of the launching program didn’t transfer to the spawned processes. The work around this is to install programs under the administrator account, or temporarily elevated the user to admin if the program doesn’t play nice with multiple users.
The UAC is meant to alleviate this problem. Does it work? Yeah, for the most part. That doesn’t mean it’s not absolutely annoying, and I would like a better solution. Another point is that the crux of this problem is stuff wanting access to the registry, and a reason that OSs without registries don’t have to deal with this. It will take sometime, but eventually programmers will get weaned off of using it.
Under 2000 and XP installing software as a standard or power user, depending on how the software was written results vary, requires elevating the installation package to run with admin rights. Sometimes this worked and other times this didn’t since some installers would spawn other processes which would fail since the admin rights of the launching program didn’t transfer to the spawned processes. The work around this is to install programs under the administrator account, or temporarily elevated the user to admin if the program doesn’t play nice with multiple users.
Another part of the problem is that, in many cases, there’s an obvious overlap between installers that can only be run as admin and installers that don’t work “properly” for a multi-user system. E.g., many installers would only create desktop / start menu shortcuts for the administrator user. And often, the resulting folder in Program Files would have permissions set so that only Admin could access it – so running the newly-installed app as a normal user would require going in as admin and manually changing the folder permissions.
Personally, though, I find UAC to be rather overkill as a solution to those problems. It seems like a band-aid alternative to forcing third-party developers to properly write applications for a multi-user system.
I forgot about that.
MS has been trying to enforce coding standards since XP, but not all software houses went along with them. Quicken, I think, is a good example. They didn’t follow coding standards that MS put out and now none of the older programs work with Vista. The problem is that they store information in some registry keys for other programs to access.
Overall it’s good design for people who have no clue. I’ve seen the horrors of third party firewalls run by clueless users, ZoneAlarm, so it works for them. It doesn’t really work for people who actually know what is going on with their system though; I would like to see a more fine-grained control of it for power users. With that being said, I haven’t played around with it too much, I turned it off as soon as I found the setting to do that. One of these days, I’ll reinstall and find out it’s nuances, but for the moment I just need my machine to work without fuss.
I find the entire windows file system a complete mess. In about any given Linux distro it makes sense and it is easy to navigate around. In Windows command prompt (shell) it is an absolute nightmare in my opinion and getting a program in Windows to run in regular user mode is like trying to lock it down a big mess.
They created this problem and no amount of UAC is going to fix it a rewrite would be the only order to do so.
I know a distro of Linux may have some problems but Vista has a huge hurdle to jump and not only the unknown bugs problems that will cause it to stumble and fall.