Microsoft plans to make several significant tweaks to the next beta of Windows Vista to make a key security feature less annoying to users. In response to widespread criticisms that the implementation of the UAC (User Account Control) feature triggers too many privilege elevation prompt pop-ups, the software maker will make changes in Windows Vista RC1.
when I say: I sure as hell hope so. Security is great and all, but Vista currently goes overboard on the permissions thing.
Amen!
Besides that, recent Windows versions (2K/XP/2K3) are not _that_ insecure. Just remember firewall, antivirus and common sense.
I think a lot of people are forgetting that. Some even seem to think Windows has no security model and Vista is just hacking one in. To the contrary, NT has very fine-grained security access control.
The trick is getting defaults right and implementing when and when not to ask permission for stuff. OSX seems to have done it well.
Microsoft has to pretty much go through every action and decide whether or not to ask the user. I’m sure it’s a large and long process.
I don’t expect it to be perfect for the final release though.
OS X started with a fairly simple low-granularity security model and has forced applications to comply.
It looks like Microsoft is at its old game of pandering to ISV’s by making exceptions for them and “helping” them put their diapers on.
If I get this correctly, many of the problems are that so many programs are written to assume admin access. They can’t just all ask for admin access when they start.
I don’t see the reason for changing the behaviour so much in Vista. As you say NT has a very fine-grained security model (ACL).
The default behaviour should be to log on with normal user as known from Win2K Pro and Win2K3. I really hated the minimalistic approach in XP Pro (Single User). Only Administrator or Limited User. Most of the fine-grained control known from NT4 and Win2K disappeared for no good reason in XP. Personally I run as limited user, and then use “Run As…” whenever I encounter an application written by a goof.
The default behaviour should be _not_ to ask the user, as long as only the user’s own domain (home folder or equivalent) is affected. If it is outside the user’s own area, it should ask for Administrator password.
You just described what Linux is doing … I can work all day without entering the admin password a single time, but when I want to change the network config, or install an application, or make updates, then I’m asked for a password. The good think, this password can optionally be saved for few minutes. So when I want to tweak the network, I’m asked for a pasword, and when I’m finished and find out that the new settings don’t work or whatever and go back to network settings again, I’m _not_ asked for the password again. I hae thi feature turned on, a password is saved for 2 minutes.
Tom
Ok, I’m sorry but, anti-virus and outbound firewalls are not security measures. You might make an argument for active scanning files when you download them and you could even have a shot in hell of arguing that outbound firewalls are security on large multi-user systems; but: On your home PC, anti-virus and outbound firewalls exist to clean up after security measures have already failed and attempt to limit the damage.
Please don’t confuse proper security with damage control…
Of course, common sense certainly applies to single-user systems.
So you think that “proper security” is to have a single point of failure?
Layering of security measures is an important concept both theoretically and in the real world.
Incorrect. I think proper security is to prevent incursion, not slow its spread.
I think the best security is to prevent incursion and then assume it’s going to happen anyway, so you can limit the damage. There are unknown classes of security bugs being found all the time. You fix one type of issue and crackers just go for the next new thing. It gets harder and harder, yes… but why not make it hard for them to do anything after they’ve made their first discovery of that integer overflow?
There are other valid ways of slowing that.
1.) Using languages that don’t have buffer overflow issues (.net, Java, python, etc).
2.) Randomizing stacks and heaps.
3.) Good permissions systems limiting them once inside. (SELinux is an example of this, as well as ACL’s)
4.) Jails for dangerous applications (servers).
The key thing here is that none of those are wasting huge amounts of cycles trying to clean up completely successful intrusions.
All things Windows already does or Microsoft/Vista is trying to do.
1) .NET, as you said. They’ve been pushing this for a while now
2) Vista is supposed to do this
3) Has already of course
4) Vista will have this and IE will use it
So Vista is going in the right direction for sure.
[quote]Ok, I’m sorry but, anti-virus and outbound firewalls are not security measures. You might make an argument for active scanning files when you download them and you could even have a shot in hell of arguing that outbound firewalls are security on large multi-user systems; but: On your home PC, anti-virus and outbound firewalls exist to clean up after security measures have already failed and attempt to limit the damage. [/quote]
I subscribe to a Yahoo group that sends me emails, some of which come loaded with viruses. My anti-virus program scans incoming email messages and deletes the viruses on sight. How is this not a security measure?
But your right about outbound firewalls .. they’re more about damage control when common sense fails. Fortunately though, common sense has not failed me so far
As for Vista, really the only thing they need to do is get rid of the rootkits and f**king drive-by installs, and it’ll be about as secure as I need it to be.
It is, I mentioned scanning new files as a valid use for anti-virus.
It’s passive disk scanning I think is a gigantic waste of energy, cpu resources, disk wear, and people’s time (when they happen to want to use the computer when their A/V happens to want to scan).
The other thing that irritates me is scanning files everytime you open them, even when they haven’t changed since they were scanned last…
“Besides that, recent Windows versions (2K/XP/2K3) are not _that_ insecure. Just remember firewall, antivirus and common sense.”
I’m not so sure about that. Take a look at this screenshot of the Windows XP Security Center. You’ll see that the Security Center gives false information about the current status of the firewall. I’ve seen the samething happen. Additionally I’ve seen this happen with anti-virus software.
Remembering a firewall and antivirus is all fine and good, but it doesn’t help much when the system is giving false information about the current status of your firewall and antivirus software.
http://www.deviantart.com/view/12005254/
Remembering a firewall and antivirus is all fine and good, but it doesn’t help much when the system is giving false information about the current status of your firewall and antivirus software.
If Norton Internet Security includes a firewall, XP is using that rather than Windows Firewall. If there is no MS or ISV firewall enabled at all, then I’d sespect the bug is in Norton telling the system it is firewalled (via its worm protection as displayed in the screenshot for instance) when it in fact isn’t.
Who said anything about Norton Internet Security? This user is using the Windows Firewall.
I myself use Norton AntiVirus and he Windows Firewall – not Norton Internet Security; not Norton’s Firewall. I’ve had the samething happen with my system.
I hope that UAC functionality will work well with Zero-day vulnerabilities. Otherwise we will have to use 1-Defender tool on Vista also.
The worst thing for security, is a security bolt on.
OS X is never annoying when it comes to administrator privledges. Once to install some kinds of software, and once to unlock certain preferences panels, and that’s it.
“The worst thing for security, is a security bolt on.
OS X is never annoying when it comes to administrator privledges. Once to install some kinds of software, and once to unlock certain preferences panels, and that’s it.”
Here here
OS X has it right. Security is not a problem under X, though like every OS it has weaknesses. OS X keeps security under control while staying unobtrusive. This is actually a part of why I switched to OS X to begin with. With Windows XP there was a period of updating weekly and it was still possible to get your system hijacked.
Agreed. It needs to be well thought out. I used to work at a place that changed the passwords every 2 weeks and ensured that you did not use any of your last 20 passwords and your password had a good mix of alphanumeric and symbols. On the surface, it sounds pretty secure until you realize that the secretaries (who have access to most sensitive info) couldn’t remember their passwords so they wrote them on post-it notes that they placed either under their keyboards (or even common area keyboards) or on their cubical walls.
What many people don’t realize is that security is crucially dependent on usable. If your security measure is unusable or too inconvenient, people will not use it for find ways to bypass it (in the case of windows, they’d log in as admin) and you end up being even more vulnerable than if you had a poor but usable security measure.
Designing a secure but usable system is *hard* and it has to be designed in from the begining if you want to have any hope of succeeding.
I really hope they try and sort this problem out. I downloaded and tried Windows Vista Beta 2, and found the constant pop-ups extremely irratating. It maybe because I am used to configuring everything quickly, setting the IP address on my network, changing compute name, sharing files, etc. I know you can switch the UAC off through group policy, but maybe they should add a popup asking you if you would like this feature or not when you first run Vista.
And slightly off subject, the new networking centre was terrible, what was wrong with the old one. Everytime I boot the computer up, it asks me if my network card is public or private, it then firewalls it, and somehow refuses to connect to the router without first disabling UAC, disabling the firewall, stopping the windows security center, and then finally putting in a static IP address. (DHCP wouldn’t work).
UAC’s annoyances greatly outnumber its usefulness. Once turned off, I found Vista quite a pleasant OS to use.
The number of dialogs is GREATLY reduced once you have your machine setup.
Also, the problem you are having with the network center is a bug.
The number of dialogs is GREATLY reduced once you have your machine setup.
Regular Windows users don’t ever finish “setting up” their machine. The latest and greatest cursors, the new screen saver, cutsie themes and a bajillion shareware tools are constantly installed and removed.
On a corporate environment, this will likely not be a problem. For techies, no problem yet again. For the regular user, problem . . .
No, I don’t think so.
When you first setup your system you are making SOOO many changes. From installing applications to chaning system settings. Once you are basically done with that, you are installing maybe 1 or 2 apps per week, for the most part.
Hell, if it’s annoying enough maybe the dang fools that install the crap all the time will be annoyed enough to just hit cancel.
No matter how annoying UAC is, it is a necessary evil. This feature will greatly reduce virus’ ability to propagate on Windows machines.
Similarly, giving users the option to disable the feature on install is not an ideal solution. Most users will not understand what UAC is, or why they need it.
When given the option of more or less control, they are going to choose more.
No matter how annoying UAC is, it is a necessary evil.
UAC is a great idea that MS caught on to way too late. However, you shouldn’t get 3 seperate dialogs asking for a password in a single software installation. There should be 1 password per action. Simple things like deleting shortcuts from the desktop shouldn’t require a password either.
this is probably because crappy installers launch processes all over the place. Each installer process has to have its own validation.
I think Windows is doing this right now with a known-list of installers, to pop up the UAC dialogs at the right times. For other software, it just lets them think they’re writing where they want to and virtualizing the writes off to some other part of the system. Ah, the pain MS goes to for backcompat. Those old systems should just be broken, in my opinion. Or relegated to a virtual PC sandbox.
I’ve never had more than one elevation prompt while installing an app.
The whole desktop shortcuts elevation prompt only comes into play when those icons are in the “All Users” folder and not your own personal folder.
what i have seen so far is that vista is big. huge amount of files, huge amount of resources are needed.
only good thing is nonadmin on users to force companies create software that can used that way.
(e.g. adobe photoshop needs admin rights to run)
I’ll say – 5Gb for an OS install with no apps is just crazy!
That’s substantially smaller than the barebones OS X and Suse installations I’ve set up on my machines, and Vista comes with what I find to be much superior utilities/applications (Windows Media Player 11, etc.) as well. I’m not too worried about disk space.
Wow – I don’t have any installation/sizing experience with OSX but I the last SUSE I installed certainly didn’t take over 5Gb – and it had multiple office suites and all sorts of additional apps that you’d still have to add to the Vista install.
If SUSE comes on 5 CD’s which are 700Mb each, and assuming a compression ratio of 2:1 (which is on the high side) and that you could install every single byte on those CD’s, that’s still only 7Gb complete – source, every app available and everything.
Are you sure about that 5Gb being substantially smaller than a ‘barebones’ SUSE install?
Fair comment about the disk space though – most drives these days can easily handle the 5Gb base OS install! 🙂
A vanilla Suse10.1 KDE install takes a little under 3GBs, and includes stuff like OOo that Vista doesn’t.
I’m not too worried about disk space, but I am curious about what exactly is taking up so much space. Help files? Sample media files?
Yeah – that’s more along the lines of what I was thinking. (I have an Ubuntu Dapper system and *loads* of extra stuff installed, using about 4.7Gb of a 6Gb root partition – Vista would certainly blow that out!).
I’m not sure what is taking up all that space – I’ve installed it (Vista beta) into a VM session which I don’t start up often because it’s quite slow. I’ll start it up and see what I can find….
Here’s a quick look smitty:
Program Files = 524Mb
Windows = 5.9Gb
Windows folder includes:
Fonts = 288Mb
Winsxs = 2.81Gb (not sure what this is – just loads of DLLs in various folders)
System32 = 2.13Gb (including 800Mb of drivers)
People are annoyed with the beta for excessive prompting on mundane tasks, like deleting a shortcut, and the programmers are talking about letting users install updates without authorizing? This does not sound good. Updating changes system files. If Microsoft programs have a way to do it without permission, that just means there’s a way to do it without permission. That’s the first thing that should get a prompt. And if they mean “removing” as in actually un-patching the system… my mind is boggled.
I don’t understand this too. If I image our company, where we have the same _tested_ software version on all computers – if they could all just update their software as they wish – oh my god.
Tom
OK… I wrote this up on a BB that I use to communicate people I game with, but I will paste it here (all the tirading included), because it is how I feel:
How is it that F’ing retards like this one
http://www.computerworld.com/action/article.do?command=viewArticleB… get paid to right lies like this and if I call them an F’ing moron which is only the truth I won’t get one dime?
Lie #1: The Administrator account is inaccessible in Windows Vista.
This is false. Because, at the moment, the classic login is not available in Windows Vista (although it may reappear in certain versions) he seems to believe that the Administrator account is no longer accessible.
By creating .reg file with the following contents (and then double clicking it) it is possible to get the Administrator Account to appear in the Welcome Screen. Clicking on “User Accounts” in the Control Panel after creating this entry will also allow you to make changes to the Administrator account, and enable it in the event that it is disabled. This is the same registry entry to do the same in Windows XP.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList]
“Administrator”=dword:00000001
Lie #2: User Access Control is an annoying new feature of Windows Vista that cannot be disabled.
This is also untrue. By clicking on “User Accounts” in the Control Panel, and then the “Change security Settings” it is possible to disable UAC.
Mostly Lie #3: User Access Control has a feature to prompt for elevation of permissions, but when it does this it locks you out of the desktop until you respond.
This is true. At least in the default behaviour. If this annoys you to no end, then you can change it by running secpol.msc and choosing Local Policies from the drop down menu on the left, and then Security Options, you should then see several options on the right. Choose the “User Account Control: Switch to the secure desktop when prompting for elevation” and disable it.
Lie #4: Vista Beta 2 has more bugs than ever and is completely unstable.
I don’t believe this is this case. While the number of bugs could easily be more or less, I am finding Vista Beta 2 to be more stable than any of the previous versions. In some previous versions I had unexplainable crashes of Explorer on brand new installs. That is certainly not the case in Beta 2, and in the last several days of using it, I have not had any crashes whatsoever.
A man too retarded to use google should not be writing articles about operating systems
I don’t know why you call them lies, and then say it’s easy just do this adminisrtative task (ones that journalists and regular users won’t know). For you and I this is easy, but for the regular user this is Windows.
I’m a linux sysadmin, but was a Windows sysadmin in my past life. I get asked all sorts of Windows questions by people, but usually get very little to work with. When I ask what version of Windows they are running, they tell me they’re running Microsoft Word.
The target audience of most of these mags are not you and I. The writers should be of about the same skill level, in order to keep the story consistant.
For example what if I wrote an article about the Dell UbberLappie 14″ Core Duo and Linux. I talk about how well it works with wireless and suspend to disk and ram are perfectly supported. You read my article and with the same piece of hardware attempt to install Linux on it and none of your hardware works the way I described it. The purpose of this article was for regular users to get an idea of what Vista currently looks like, not for Administrators. Quite frankly, if you’re getting your administration information from eWeek then you’re the one with the problems.
All that said, let’s address your “lies”:
Lie #1: The Administrator account is inaccessible in Windows Vista.
For regular users, the administrator account is disabled. Face it. It can be re-enabled, but it is inaccessible the same way root is inaccessible on Ubuntu.
Lie #2: User Access Control is an annoying new feature of Windows Vista that cannot be disabled.
Most of the articles I’ve read have said the one good thing about UAC is that it can be disabled. But okay, I’ll give you this one.
Mostly Lie #3: User Access Control has a feature to prompt for elevation of permissions, but when it does this it locks you out of the desktop until you respond.
For regular users this is how Vista works. Just like most Windows user believe that XP’s login screen is the only way to login to XP.
Lie #4: Vista Beta 2 has more bugs than ever and is completely unstable.
It’s too early to tell if this is or isn’t the case. Time will tell who is right.
Well the lead of the UAC team has posted that they are in the process of fixing all of these prompts.
The OS is still in Beta stage. People on here just don’t get that and they don’t read that things are getting fixed as well.
It really just makes me want to leave Osnews and come back when vista is out at the store.
Then again they will bitch about something else as they are already anti-Microsoft and I really shouldn’t expect anything more from them.
Last I checked, the whole point of a (semi-) public beta is precisely so that people bitch about your product. It’s in Microsoft’s best interest that people gripe about UAC and the myriad other annoyances. How else would they know what users want in the final release? If we all fawned over Beta 2, hailing it as the Second Coming, your poor wittle feelings might not be hurt, but the final product would be a PoS.
Don’t be so damn sensitive. This isn’t a tennis match. Nobody’s taking away your right to love Microsoft. If you’re really so insecure in your choice of OS that you can’t operate in a forum not filled with fellow sycophants, perhaps you should look into alternatives. This is OSNews, not MSNews. Stop whining.
User Account Controller is not the only problem in windows; not even viruses or spyware or these infective agents but windows seems to suffer from Application Induced Corruption (AIC) releated mostly to non MS written applications, simply because these developers cannot get access to MS source code to trace the problems they encounter which do not appear to be explainable by IDE returned Errors. When you look at Adobe, Macromedia and Discreet applications you will notice how stable they are under windows in comparison to other applications even regarding their huge sizes and the reason for this is that they have permission from MS to see the code. Besides, the testing machines at MS tend to include all MS products, which will take into the account the compatibility of these applications through to the next OS versions, service Packs, paches or updates.
This problem appears by the time and the most with applications using the hardware subsystems(like audio, video, HDD and networking) excessively.
” User Account Controller is not the only problem in windows; not even viruses or spyware or these infective agents but windows seems to suffer from Application Induced Corruption (AIC) releated mostly to non MS written applications, simply because these developers cannot get access to MS source code to trace the problems they encounter which do not appear to be explainable by IDE returned Errors.”
This doesn’t seem like a reasonable argument. If they shipped software that was erroring with the operating system, then they shipped it defective. That’s knowingly including bugs.
If they wanted to fix it, they would find another way.
I find it funny that some people criticize OS X’s security model for promoting privelege fatigue, yet UAC sounds exponentially worse in that regard.
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; PalmSource/hspr-H102; Blazer/4.0) 16;320×320
“Just remember firewall, antivirus and common sense.”
Common sense would dictate not using Windows to begin with
Yup, but that’s a secret
There is no inovation here.
Neal Saferstein
Just don’t use Windows products…
Download one of the BSD’s and get back to getting your work done with the confidence that the operating platform is/was designed by competent engineers, for engineers – not salesman.
UNIX systems are more than thirty years old and are still second to none when it comes to stability and security.
You don’t need to wait, and pay, for this garbage from Microsoft.
Free yourself from the nonsense.
“Just don’t use Windows products…
Download one of the BSD’s and get back to getting your work done with the confidence that the operating platform is/was designed by competent engineers, for engineers – not salesman.”
Spoken like an engineer…which is good at engineering, but has no idea about how the actual business runs.
What you say is fine for the backend, as long as all the tools you need are available. For the front-end, meaning Sales, Marketing, the CEO’s and such, they need it simple. Very rarely is there truly a Tech savy sales or marketing person, even in the tech industry. Even the CEO’s who have a tech background become un-technical after years of just handling the business.
I cant believe how privilege elevation prompt pop-ups has received so much criticism. If your changing something system-wide, you should need some administrative privileges to do so, end of story. If you’re changing your local account settings then you shouldnt get a prompt for a password, end of story. How did this get so complicated? If it inconveniences the user, well too bad, its for their own good. Microsoft wont loose marketshare over this.
Their user base as a whole have already demonstrated they’ll upgrade to anything whether they need it or not.