A Fresh Look at Vista's User Account Control 332
Art Grimm writes to mention a post at Ed Bott's Microsoft Report on ZDNet. There, he talks about Vista's User Account Control, and the issues he sees with the setup as it exists now. From the article: "The UAC prompts I depicted in the first post are those that appear when you install a program, when you run a program that requires access to sensitive locations, or when you configure a Windows setting that affects all users. But as many beta testers have discovered, UAC prompts can also show up when you perform seemingly innocent file operations on drives formatted using NTFS. In this post, I explain why these prompts appear and why some so-called Windows experts miss the obvious reason (and the obvious fix)."
How annoying (Score:5, Informative)
Either put it all on one or two pages (interspersed with ads if you must), or put it into a slide show if the article is written as a slide show.
This is not flamebait, someone mod it back up (Score:3, Informative)
Re:How annoying (Score:2)
Re:How annoying (Score:5, Insightful)
Slashdot badly needs a way to moderate articles themselves, and "-1 Conflict of Interest" (for obvious attempts to drive traffic to sites that just happen to be ad-supported and also just happen to be owned by the person who submitted the article) and "-1 Excess Pagination" need to be two of the categories. I'm not even going to mention dupes.
Re:How annoying (Score:4, Insightful)
For the clueless editors, here's a good summation: If you're going to throw shit at us, expect some back.
Re:How annoying (Score:3)
Re:How annoying (Score:3, Insightful)
That's a good idea, which many people have expressed before.
In fact, we sort of have the ability to do it - tagging!
Currently, the tags I see are
[+] vista, stupid, microsoft, vaporware (tagging beta)
Now, if the article was tagged with something like "RevenueWhore", then everyone would be able to spot it and skip it.
I know that I normally read the comments first before lookin
Re:How annoying (Score:5, Funny)
Re:How annoying (Score:4, Informative)
Re:How annoying (Score:3, Informative)
Re:How annoying (Score:5, Funny)
I think he was trying to capture the "flavor" of Windows Vista. i.e. You'll be spending 90% of your time clicking...
(Click Next to Continue)
through...
(Click Next to Continue)
the dialog...
(Click Next to Continue)
boxes. Each one of...
(Click Next to Continue)
these boxes...
(Click Next to Continue)
will annoy you with something else...
(Click Next to Continue)
incredibly trivial.
Re:How annoying (Score:4, Funny)
(Click Next to Continue)
We've successfully ported an upcoming feature in Vista
(Click Next to Continue)
to the web!
Re:How annoying (Score:3, Informative)
Right-Click->Eject Media
Welcome to the eject media wizard!
The media eject wizard allow you to....blah blah blah
[Cancel] [Next]
Finished:Eject Media Wizard
Congratualtions, you've completed the eject medi....blah blah blag
[Cancel] [Finish]
Wizards are intuitive, and FUN! (Almost as fun as stabbing whoever is responsible for that in the face.)
Re:How annoying (Score:2)
Bascally, it goes like this: Here's something that sucks and here's no idea solution for it. All spread over three pages that should have been one that a reader could scroll through.
Must be a slow news day.
And on a cooler note about cooler things...
http://www.apple.com/science/profiles/hiperwall/ [apple.com]
Re:How annoying (Score:2)
This is not a good approach (Score:5, Insightful)
The whole point of Administrator is that you know what you do and you can Admin a machine securely. I know Joe Sixpack doesn't know how to, but doing this will put Admins all over the world in the place of "Limited User". In the end our Dear Joe Sixpack will just click and click until the task is done anyway. He will be frustrated and will get spyware anyway.
What we need is the equivalent of a Car Mechanic for administration. You call your mechanic and he'll do the maintenance for a fee. Frankly, it's the only way for home users.
Oh, and those that say that you can't run in Limited User on XP (as in the fine article is stated) are completely ignorant. I'm running Limited right now, and I have no problem. Granted, I have to set the ACLs on both directories and registry settings, but it's never been very hard. The only program I've never been able to run as non-admin is a game called "Children Of The Nile", and I still don't know how to run it as a Limited User. The user that needed it got the "Run As" option checked in the shortcut. Sure she has Admin access that way, but she's my sister and knows that she shouldn't run Admin.
No, all problems are just the cause of the legacy of poor security in the past. Nagging dialogboxes won't help.
Re:This is not a good approach (Score:3, Interesting)
OT sig (Score:2)
<a href="linkURL">linkDescription</a>
No one says that you cannot. (Score:5, Insightful)
Running as a Limited User is not impossible.
It just requires spending a LOT of time and effort to LEARN how to do so
and that pre-supposes that the person understands the risk of running as Administrator.
So, someone has to already be aware of the threat
Then that person has to choose to try to avoid that threat
Then, then that person has to spend time becoming further educated
Then, then, then that person has to spend time fixing the ACL's and such.
Or just choose to run as Administrator and all those problems go away (and you get new problems, but all your apps run).
Re:No one says that you cannot. (Score:2)
Running as a Limited User is not impossible.
It just requires spending a LOT of time and effort to LEARN how to do so
and that pre-supposes that the person understands the risk of running as Administrator.
Here's a wildly divergent idea
Re:No one says that you cannot. (Score:2, Informative)
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/ tools/scm/SCESP4I.EXE [microsoft.com]
Run the executable and extract it to a folder, then open the folder. Right-click on "setup.inf," click Install, and restart once it's done. Works with all service pack levels of Home.
Get a Mac. (Score:2)
First off, the additional warning WILL add something.
It will further de-sensitize people to clicking "okay" whenever a fucking popup pops up. You want the warning boxes to be so rare that the user actually stops and thinks.
Secondly, get a Mac. It doesn't take a dedicated mechanic to keep a Mac happy. And M
Re:Get a Mac. (Score:3, Interesting)
Vista's security model doesn't seem to ask for credentials in stupid places, unless the article writer believes that modifying the system folder should be the perogative of every user. What it does (Especially when running user apps) is show just how much applications rely on priveledged
Re:Get a Mac. (Score:2)
-matthew
Two Words (Score:4, Insightful)
Your Momma.
As in, ask Your Momma to do that.
You see, my mother uses a Mac and is able to install updates herself and keep things running just fine, all without knowing what an ACL is much less how to set it.
Saying the average user needs the equivilent of a car mechanic to deal with computers is just sweeeping the issue under the rug and letting Microsoft off the hook for a half-assed solution to the problem. And also ignoring there are a hell of a lot more people that can fix thier own car problems than computer issues.
Re:Two Words (Score:2)
Re:This is not a good approach (Score:2)
write it down on a sticky and teach your kid to type it in.
call it Monsters Inc. admin rights access team training.
kids will love it.
Re:This is not a good approach (Score:2, Informative)
Re:This is not a good approach (Score:4, Insightful)
Re:This is not a good approach (Score:2)
Thank god for Windows user-friendliness
Re:This is not a good approach (Score:3, Insightful)
"If that doesn't work, go into regedit (assuming XP Pro...otherwhise go to regedt32) and look for registry entries in HKEY_LOCAL_MACHINE related to your program. Grant them full access rights to "User" on that part of the tree. 99% of the programs"
and
"read up on cacls [microsoft.com]. Alas, in XP Home it is hard to configure access control on folders.
For example:
C:\> cacls C:\MyFolder\
A right-click under KDE or Gnome under Linux would give
Re:This is not a good approach (Score:2, Informative)
Re:This is not a good approach (Score:3, Informative)
Re:This is not a good approach (Score:5, Informative)
First time a program is started with 'runas
It is certainly not a perfect solution, but it can solve some problems.
However, you should not use this solution if you don't trust the user. I am almost certain that the program can be replaced with another program with the same name without revoking the priviledges.
Re:This is not a good approach (Score:5, Informative)
C:\WINDOWS\system32\runas.exe
The first time you run the app it'll prompt you for the admin password (in an UGLY ass dos box) after that it'll run with no prompting. Honestly, this isn't rocket science. Not quite as slick as suid, but it works. Until you change the admin password of course.
Run on non-admin account without manually entering (Score:2)
You can use the free program AutoIt [autoitscript.com]
; Example AutoIt script to run a program as admin
RunAsSet("Administrator", "", "adminpassword")
Run("C:\Program Files\example\foo.exe")
RunAsSet()
The script can be compiled into a stand-alone executable so that you don't need your password sitting in a plain text file on your hard drive [autoitscript.com]
Re: (Score:2)
Re:Windows easy to use, HAH (Score:2)
Warning: TFA is unreadable (Score:5, Funny)
(more) [jebshouse.com]
Re:Warning: TFA is unreadable (Score:5, Funny)
Re:Warning: TFA is unreadable (Score:2)
Seriously, who designed that page?
Re:Warning: TFA is unreadable (Score:2)
Metrics (Score:2)
Well, it figures (Score:5, Funny)
Re:Well, it figures (Score:2)
Where were they all before computers started doing popups?
Re:Well, it figures (Score:4, Funny)
X10 was the big bang.
Re:Well, it figures (Score:2)
one order of magnitude greater..
I wish they would fix XP's account control (Score:5, Insightful)
Vista is nice and all that, but how about fixing XP first!!!!
Re:I wish they would fix XP's account control (Score:2, Informative)
- You can right-click on any program and select "Run As", type the admin credentials.
- For systems functions, "Run As" IE (as an admin) and change to the Control Panel in the address bar.
- From the command prompt, you can use the "runas" command.
Re:I wish they would fix XP's account control (Score:4, Informative)
Re:I wish they would fix XP's account control (Score:2)
Re:I wish they would fix XP's account control (Score:3, Insightful)
MacOS X handles this by saying that by running a certain program, you're doing something special, you have to type your administrative password. Simple.
Windows handles this by saying "Here's something a program wants to change. Here's what it is. Shall I continue?"
and then if you do say you want to continue, it asks AGAIN.
And then, from what I gather (I haven't used Vista but have read some reviews of this
Re:I wish they would fix XP's account control (Score:2, Insightful)
This also works with Internet Explorer, which gives you pretty much access to the full file system... Including ACLs (if you run XP Pro... else you'll need to learn the cacls command on the command line)
You can also invoke r
Didnt like it... (Score:4, Funny)
Windows experts? (Score:5, Funny)
Well, good thing MS targets this OS exclusively to Windows experts. What utter fools we've all been for assuming this would effect our non-expert friends and families!
bitter irony? (Score:4, Insightful)
Re:bitter irony? (Score:3, Insightful)
Re:bitter irony? (Score:2, Insightful)
Just wonderful (Score:3, Insightful)
3 series of articles, half a dozen pages each, just to tell me why I have to slow down my workflow when deliting or renaming files.
How innovative. (Score:2, Insightful)
The 70's called. They want their security model back.
Yawn.
The options (Score:5, Funny)
"How do you work around this annoyance? You have three choices:
* You can take ownership of the files on the external drive. That gives your account Full Control permissions at all times and prevents other users on the same computer from changing the files unless they do so as an administrator.
* Or you can change the permissions assigned to the Users group so that members of that group have Write or Full Control permissions. That solution allows everyone with a user account on the computer to manage files without having to OK a consent dialog box."
* Or you can play a Sony music CD with a rootkit."
Re:The options (Score:5, Insightful)
I'm hoping that these articles are hyperbole and in fact when you create your own files you are marked as the owner with read/write/execute permissions on them. Granted, administration looks like a total nightmare, but MS has been working for years to make administration as hard as possible so this is no big surprise.
What I think the real fix should be: When you get a dialog box like this, there's a "validate me for X minutes" option that you can check to tell the machine that you're going to be administrating for some minutes and stop showering me with dialog boxes. Sort of like how most modern operating systems work.
Re:The options (Score:2)
Simplicity is the hallmark of genius. User, Group, Other. Read, Write, Execute.
Summary... (Score:5, Insightful)
Or put more simply
XP didn't have sudo so you were always admin, Vista has sudo, enabled via annoying popups rather than a config file.
Re:Summary... (Score:2)
XP didn't have sudo so you were always admin, Vista has sudo, enabled via annoying popups rather than a config file.
It's not the config file part that is broken, it's the UI part.
You see, first of all sudo specifies you want the permissions up front rather than asking for permission after the fact. If you try to do something using the legacy windows APIs, and you don't have permission, you shouldn't get a series of popups, the program's system call should fail, and the program should die. Prog
SUDO on Windows (Score:2)
To modify Windows to operate the way other OSs do (prompt you the password at the right time) is trivial. They could just modify the user interface to prompt when you run the app. I modified the shortcuts in my "Administrative tools" folder to do this.
Microsoft's bo
Re:Summary... (Score:2)
The problem is that everyone is used to just being a local admin on their box, so we get what we have today, malware ridden computers.
The alternative is unacceptable to a lot of people. XP has some good security features, the problem, as always, is the interface between the chair and the keyboard.
Re:Summary... (Score:2)
That, and programs that shouldn't require admin do require admin. This is partially the fault of developers but MS is also to blame for not enforcing such things or at least making them clear in the API.
XP has some good security features, the problem, as always, is the interface between the chair and the keyboard. XP has some good security features, the problem, as always, is the interface between the chair and the keyboard.
Seriou
Executive Summary: (Score:5, Insightful)
That way, when the inevitable virus and spyware hits the system, Microsoft can wash their hands and say that it's all the user's fault for making use of their computer bearable.
It's worse than that actually (Score:3, Interesting)
Unless Vista allows customizing generic "UAC" dialog (with an image or a text) or easily authenticate it in some other way, UAC being ON appears to pose a greater risk to a system security then when it is OFF.
Re:It's worse than that actually (Score:3, Insightful)
The Secure Desktop's primary difference from the User Desktop is that only trusted processes running as SYSTEM are allowed to run here (i.e. nothing running as the User's privilege level) and the path to get to the Secure Desktop from the User Desktop must also be trusted through the entire chain.
So what does this experience look like? When you click on a UAC shielded control, your user desktop will appear to dim and the window that caused the
Re:Executive Summary: (Score:2)
Soon, Same As It Ever Was (Score:5, Insightful)
What will happen is what always happens: when there is a "problem" someone "fixes" it. In this case, the "problem" is the security model. I suspect that there will be a 3rd party "fix" that blasts through all the well-meaning security and basically restores the user-as-root scenario that Windows has operated in since forever.
Re:Soon, Same As It Ever Was (Score:2, Interesting)
I always thought the best model for Aunt Sally would be a keyswitch on the front of the computer. Similar to those round-key locks that used to prevent boot-up.
If a program wants write access to Program Files, a dialogue box will pop up asking the user to turn the keyswitch to admin mode.
Now, hopefully Sally won't turn the keyswitch unless she knows she's trying to install something.
Now attackers wil use social engineering or (Score:2)
What's the likely outcome when $USER hits a web site that says "download this and type in your administrator password to get DANCING WEATHER REPORTS!"?
Annoying slideshow article.. (Score:2)
Lame article, Lame suggestions (Score:3, Insightful)
Can't he just suggest that application designers get a clue and write apps that don't write uneccesarily to sensitive areas of the system? Hopefully annoyed end users will "motivate" lax companies when this happens instead of working around the issue.
Re:Lame article, Lame suggestions (Score:2)
Windows developers are always willing to trade end-user security for fewer support calls.
Meanwhile, as an admin, I have to try to make these crapola, "we still live in a Windows 95 world" applications work with limited user accounts.
Heck, I've heard IE not working right if your not admin. (I would know directly myself, I use FF under Limited User)
Re:Lame article, Lame suggestions (Score:2)
In short, it's a stupid idea, but I think you'd still get a bootable system.
finally (Score:2)
OSX's been doing this for 6+ years. It's annoying to always be hit with a "permission denied" error when trying to do things as a limited user, then realizing that I've gotta log out and back in as an admin.
all I can say is FINALLY.
Re:finally (Score:2)
Re:finally (Score:2)
Flamebait (Score:5, Insightful)
I'm not saying UNIX is "better," since the primary issue here is social, not technical. If UNIX were in Windows' shoes, then third-party applications and slickly packaged malware would be popping up dialogs reading, "This application requires root priviliges to install. Please enter the root password: _____" So UNIX's user model doesn't really solve the base problem. However, I've been using Windows (mostly for gaming) for a while now, and I run with administrative privs all the time, because running as a limited user (in the UNIX sense) just doesn't work. Or, perhaps more precisely, it doesn't Just Work.
So what's the deal?
Schwab
Re:Flamebait (Score:2)
To AIX, Solaris, HP/UX, IRIX, Linux.
It isn't limited to a single user environment (the bigger boxes support many users).
Administrators would have fits if the software required access to priviledged directories and resources, beyond what is vital. That includes NOT writing into your own program directory.
Linux can then leverage from this. The rule is:
Re:Flamebait (Score:2)
Games -vs- firewalls (Score:3, Interesting)
SHGetFolderPath() (Score:3, Informative)
Most games still save their save files into C:\Program Files.
Games certified to run on Windows Vista don't. Instead, they'd use SHGetFolderPath() [microsoft.com] to look up the current user's My Documents folder and end up saving to e.g. C:\Documents and Settings\Pinocchio Poppins\My Documents\GTA Hot Coffee\ or something like that.
Re:SHGetFolderPath() (Score:2)
http://www.microsoft.com/winlogo/software/swoverv
They have never enforced the certifications. Does anyone bother to certify anymore. Is Vista going to refuse to run non-certified applications?
Re:Games -vs- firewalls (Score:2)
Developers will have to do what Firefox has done:
write user settings to the User's profile.(application data)
Oh No... (Score:2, Funny)
We're DOOMed! (Score:2)
oh, those are the simple solutions (Score:2)
Set yourself up as the owner of all files on the drive.
Set full permissions to all files to the "user" group.
Oh gosh gee. I don't know how we could have been so stupid. Please forgive us for doubting the security, power, and flexibility of Microsoft operating systems.
Dear Microsoft "experts": You just permanently lost the user privilege security argument, and you probably don't even know why.
easy to fix (Score:2, Funny)
Start an elevated command prompt window, and from that window run secpol.msc.
Find all the policies that start with "User Account Control" (there are only, like, six of them) and set them to either no prompt or disabled.
That's all there is to it. You'll never need to "run elevated" and you'll never be bothered by those pop-ups again
Thank you, whoever posted this fix.
uh.. (Score:2, Interesting)
Problem/Issue is obvious if you understand Unix (Score:5, Informative)
As I understand the article, EVERYONE in Vista is a normal user. Administrators have the ability though to take administrator actions on a case by case basis after supplying credentials.
To me, this sounds exactly like "sudo" under unix/linux or the "Authenticate: blahblah requires that you type your password" under Mac OS X. This model is more secure and works great, but there are some legacy transition issues.
For you unix people, the problem the article describes is, "what if you mount an old drive, the drive has restrictive permissions, and the file owner UIDs don't match the new system?" (your user account doesn't have permission to do anything on the drive)
NTFS has file permissions, but they rarely came up in practice because everyone in Windows was doing everything as the Unix equivalent of root. In Unix, the obvious fix is to do a sudo chown -R newuser /mnt/olddrive (or an ultraghetto sudo chmod -R o+rwx /mnt/olddrive) . The user/permission concept is totally foreign to your average windows user though, and hence the problem.
Re:Problem/Issue is obvious if you understand Unix (Score:3, Interesting)
Foreign is the right word, but the problem is more extensive and pervasive than familiarity or experience. First there is that mess
lol.. (Score:3, Insightful)
Anybody who needs instructions on how to disable something using gpedit has no business running a beta operating system that was intended for a serious testing audience.
Come to think of it, having a meaningful conversation about an un-finished product is also quite silly. Ok, so in the light of this, I offer this comparison / excersize.
Test 1.) In Windows Vista, make a shortcut to a program you know needs admin to run. Time this part Click the icon, then click the resulting dialog as quickly as you normally would to grant it permission.
Test 2.) In Linux (for argument, lets say Ubuntu) pop open a term. Think in your head the name of an app or process / shell script that needs root or super user to run. Time this part type sudo then the name of the program or command.
Did clicking the box take longer than typing SUDO? meh. what a shame were wasting so much of slashdot's disk space on a coversation over a few milliseconds.
Obvious choices (Score:5, Insightful)
Terrifying (Score:3, Funny)
OT: sig reply (Score:2)
[YES] [NO] [CANCEL]
You selected YES - please enter administrator password: