×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Caves, Will Change UAC In Windows 7

kdawson posted more than 5 years ago | from the more-better dept.

Security 249

CWmike writes "Reacting to intense criticism of an important security feature in Windows 7 (which we discussed a few days back), Microsoft today said it will change the behavior of User Account Control in Windows 7's release candidate. In a blog post, two Microsoft executives responsible for Windows development, John DeVaan and Steven Sinofsky, said 'We are going to deliver two changes to the Release Candidate that we'll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. Second, changing the level of the UAC will also prompt for confirmation.' They said the changes were prompted by feedback from users, including comments on an earlier post Thursday by DeVaan in which he defended the modifications Microsoft made to UAC in Windows 7."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

249 comments

I had a little glimmer of hope (0, Flamebait)

kcbanner (929309) | more than 5 years ago | (#26751045)

When I read the headline...that they were going to implement proper user account permissions (a la UNIX) so UAC wouldn't be needed. Alas, I was disappointed.

Haunted Moon: Linux or Windows? (0, Offtopic)

UbuntuLinux (1242150) | more than 5 years ago | (#26751121)

After further research, I have my doubts that the moon is haunted. It *is* a planet, floating in space, which would suggest that, like other planets, the moon *is* haunted, but I have not yet seen any direct evidence, like footprints or things that have been knocked over.

However, I am very interested in writing software to help the scientists of earth to find out, once and for all, wether the moon is haunted, and what kind of ghosts are likely to live there. What platform would be best for this? Windows seems like the best choice, especially what with Windows 7 coming out, but I believe that such an easy to use operating system could be used for evil where it to fall into the hands of moon ghosts. Linux looks appalling in all of its forms, so it is less likely that the inquisitive mind of moon ghost's would be tempted to tamper, and also because it is so hard to use, moon ghosts would probably give up using it before any evil acts could be performed. Unfortunately, there is not so much ghost/haunting detection software available for Linux. What do the users of Slashdot think?

Re:I had a little glimmer of hope (4, Informative)

Anonymous Coward | more than 5 years ago | (#26751223)

Um. You're aware the access controls of the Windows NT line is MORE fine grained than UNIX, right? The entire reason SELinux was created was to give Linux the same granularity of Windows, so the NSA could use it internally. So, I would say Windows has proper account permissions. Even if 99.95% of all users misuse them.

Re:I had a little glimmer of hope (5, Informative)

Anonymous Coward | more than 5 years ago | (#26751647)

No... SELinux goes way beyond the access controls Windows NT has.

What you're thinking of is basically the POSIX ACLs. They've been in Linux for years. They don't see much use, because in the vast majority of cases, the old Unix permissions are good enough, and much easier to manage.

You have the standard owner, group, and everybody permissions on each file. If a file also has an ACL, it takes precedence.

Both Unix permissions and POSIX ACLs, as well as Windows's permissions, are a form of user access control.

SELinux is something else entirely - it's a form of mandatory access control, and it's applied to applications instead of users. A SELinux profile defines what an application is allowed to do - which system calls it may use, what files it has access to, and so on. This runs alongside the Unix permissions.

The closest analog in Windows is IE7's Protected Mode, where IE7 (and only IE7) is sandboxed and is unable to access anything but it's own configuration files. It's not really the same thing though - it's a sandbox, not a MAC implementation. A MAC implementation can be used to build a sandbox, but it can also be used to do far more.

It's not there to prevent users from doing something stupid. It's there to prevent applications from doing something they aren't allowed to, so that in the event of a security breach, an attacker is prevented from doing anything the application wouldn't normally do.

Re:I had a little glimmer of hope (1)

ClosedEyesSeeing (1278938) | more than 5 years ago | (#26752307)

SELinux is something else entirely - it's a form of mandatory access control, and it's applied to applications instead of users. A SELinux profile defines what an application is allowed to do - which system calls it may use, what files it has access to, and so on. This runs alongside the Unix permissions.

Sounds like Group Policy Objects in Windows (running in a Domain).

Re:I had a little glimmer of hope (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26753279)

Sounds like Group Policy Objects in Windows (running in a Domain).

If it sounds like it, I hope you haven't done much administrating Domains recently.

But maybe you're right, so... how can I create a GPO object that gives the following MAC profile to any instance of Firefox, started by any user:

- disallow connecting to ports other than 80 and 443
- disallow reading files in the User's home directory
- allow reading and writing files in %AppData%\Firefox, but not reading anything else in %AppData%
- allow writing files to %TEMP%, but allow reading only of the files created by Firefox itself

Re:I had a little glimmer of hope (-1, Troll)

GooberToo (74388) | more than 5 years ago | (#26752493)

What a great explanation!

Its surprising how often Windows users truly believe Windows is ahead of Linux - at everything. Simple fact is, excluding game play and perhaps game development, Linux is far, far ahead on everything else and it is Windows which has proved to be in a chronic state of catch-up.

Of course the down side is, Linux has so many configuration and deployment options it tends to make many people's head spin thinking about them all.

Re:I had a little glimmer of hope (3, Insightful)

jonadab (583620) | more than 5 years ago | (#26752825)

Unless you work for a vendor that sells Linux-based solutions, and have a job title something along the lines of "Deployment Options Specialist", there really isn't any reason to *try* to think about all of the various configuration and deployment options. What would be the point? You're Doing It Wrong.

The right approach is to ask, "In our situation, what do we need the software to do?"

Re:I had a little glimmer of hope (5, Informative)

gzipped_tar (1151931) | more than 5 years ago | (#26751749)

SELinux is not about account permissions. It is based on security contexts which may or may not involve user accounts. For example, the idea of "root" means nothing in SELinux. A process with uid root can't get out of its confined security context and go rampant just because of its root privilege.

Regarding Windows' filesystem access control, it is similar to POSIX ACLs found in almost all Linux distros. These ACLs define the fine-tuned relationship between users and filesystem objects. However, filesystem access control is only a part (albeit important) of OS security, and I think neither SELinux nor Windows UAC is meant to work only in the realm of filesystem control.

Anyway the above description is based on my vague memory of these stuff and I could be wrong.

Re:I had a little glimmer of hope (-1, Troll)

the_B0fh (208483) | more than 5 years ago | (#26751783)

AHAHAHAHAHAHAHAHAHAHAHAHAHAHAAHAHAHHA

More, and more and even more fine grained crap is better.... ahahahahahaha!

That's why the windows Registry is far superior to the config files in /etc/

HAHAHAHAHAHAHAHAHAHAHA

Re:I had a little glimmer of hope (0, Troll)

NeverVotedBush (1041088) | more than 5 years ago | (#26751225)

I quit hoping a long time ago. Windows gets hit over and over with security problems that are exposed to the outside world. As the stakes keep going up because compromising computers is now a business, it's that much more important for people to protect themselves.

Windows has become the AOL of operating systems.

Re:I had a little glimmer of hope (0, Redundant)

NatasRevol (731260) | more than 5 years ago | (#26752459)

I think I'm changing my sig:
"Windows has become the AOL of operating systems."

Re:I had a little glimmer of hope (4, Insightful)

Toreo asesino (951231) | more than 5 years ago | (#26751337)

When I read the headline...that they were going to implement proper user account permissions (a la UNIX) so UAC wouldn't be needed. Alas, I was disappointed.

By that you mean "put password in everytime you need to elevate?". UAC does that if you're not an admin. If you are, because you're not really an admin, it just confirms you want to...if the app is digitally signed; if not, it give you a big scary warning box you actually have to read.

Re:I had a little glimmer of hope (1, Interesting)

gad_zuki! (70830) | more than 5 years ago | (#26751425)

What? Windows' ACL much more complex than the "proper" user, group, and world method in unix. The NSA built SELinux to address this. In other words, Linux needs to catch up to windows.

The UAC wont ask for a password if you are already an admin. if you want to input a password you can run as non-admin, as you should be doing.

Re:I had a little glimmer of hope (2, Insightful)

gzipped_tar (1151931) | more than 5 years ago | (#26752005)

As I put it in another post (http://it.slashdot.org/comments.pl?sid=1118669&cid=26751749 [slashdot.org] ), SELinux is not just a user access control (UAC) system. The NSA didn't build it "to address this" as you said. Instead, they built it to implement a much wider range of ideas e.g. role-based access control and security context/type management.

I'm not familiar with the Windows Vista UAC so I can't make reasonable comparison between it and SELinux. However, if they are designed for different jobs, then we are really comparing apples and oranges.

Re:I had a little glimmer of hope (2, Informative)

Cowmonaut (989226) | more than 5 years ago | (#26752419)

Here [wikipedia.org] is some info on SELinux. Some people apparently don't Google things they don't know about before posting (still, its only been a few years) and others like to not explain things so they appear to know what they are talking about.

The patches for SELinux have the same goal as UAC (and vice versa). That is, they provide a means of controlling what various applications can actually access on a PC. With UAC, MS makes it pretty intrusive and seems to punish the user but overall it is a good thing. If they can make it not so annoying it'll go a long way in making Windows more secure (for about a week).

By the way, the patches for SELinux are built in to the 2.6 kernel now so every Linux distro can or does do this.

Anyways, all they've done here is make it harder for UAC to be disabled without the user being aware. This is important since they've changed the default behavior of UAC so you won't see it as much since they found people only hate UAC when they see more than 2 prompts in a session.

I imagine in a week and a half someone will have figured out how to still disable UAC without the user being aware or just take the shortcut already suggested and have the programs piggy back on ones that already have admin rights.

It must suck being a large target that didn't start out secure. Securing Windows must be a right pain.

Re:I had a little glimmer of hope (5, Informative)

benjymouse (756774) | more than 5 years ago | (#26753217)

What is generally discussed (and ridiculed) on /. is what is termed UAC prompts UAC prompts are merely the visible part of UAC. It's no surprise that the most important parts are hidden beneath the surface (and why it is so stupid to turn it off). UAC introduces a concept called process integrity. One can consider it a subdivision of user accounts as it works by modifying the security token associated with the process. If a process is running in "low integrity" it has virtually no rights to file system, registry database, IPC etc. It may render on the designated desktop and may also use an isolated storage. It is important to point out that because this sits in the security token, it is an intrinsic protection. IE7 and Chrome leverages low integrity mode, so even if an "exploitable" bug is found in IE7/Chrome or in an addin, this presents a formidable barrier to compromising the machine or even to get to sensitive or personal data.

Because a low integrity process is so limited, the browsers cannot even download files, except to their local, isolated storage. Therefore UAC calls for a separate broker process which drives the familar "save" dialog and reaches into the isolated storage and marshals the downloaded files out to userland.

Aside: When Vista was compromised at last years pwn2own it was through a custom broker process which Adobe had bundled with Flash. In their wisdom they had allowed the broker process to launch external programs. They needed at to perform updates or something. Go figure. Other integrity level are normal and elevated. In normal integrity level you cannot perform any actions which requires administrative privileges. In that case you need to elevate your privileges. That is where the UAC prompt comes in. To summarize, while UAC addresses some of the same concerns as SELinux, it does so by reigning in the process as opposed to SELinux/AppArmour which reigns in applications by defining profiles with allowable actions per app. I suppose you could build something like UAC by using SELinux and inspecting the process, but I'm not aware that this is what SELinux does.

One obvious difference - an advantage to UAC if you will - is apparent in the case of browsers. If a browser needs to be able to upload and download files, it must have a policy defined for that under SELinux. Hence, a compromised browser can also read/write files from/to those same locations without the users' knowledge or consent. That's not possible with UAC and IE7/Chrome. There is only one way (if UAC is not buggy) to have files transferred, and that's through the broker process. Assuming that process is not buggy (looking at you, Adobe) the user *will* know when a file is being downloaded and saved.

To be fair about Vista (can you do it, /.?) (2, Informative)

Dystopian Rebel (714995) | more than 5 years ago | (#26751511)

I agree about the flawed permissions architecture.

I use Ubuntu ("Canonical's Debian") and OS X. But not everything runs in WINE so I do have an occasional need to run MS for contract work. I have no more patience for WinXP's constant updates (many requiring a reboot) and it's growing harder to find Win2K drivers, so I tried Vista. It is availble for 64-bit (more addressable RAM) and it has outbound firewall blocking (that's good). Vista looks better than previous versions and the UAC is truly NOT so annoying as has been portrayed by Apple's advertising. I see the super-user password dialog in Ubuntu and OS X just as often.

I *have* run into problems with the Program Files folder in Vista. Some applications need to write in there and sometimes *I* want to write in there, but "for safety", Vista won't let me do it even if I accept the UAC dialog. It's inconsistent behaviour verging on buggy.

I would consider Vista a worthwhile upgrade. But the biggest problem with Vista -- the deal-breaker -- is the licensing model. It's my business where I install the OS. It will only be on one computer at a time, but if I pay the money, the OS goes where I decide when it suits me to reinstall, without a penalty to ME. I want a long-term investment in my favour. It looks as though Win7 licensing will be the same as for Vista.

Re:To be fair about Vista (can you do it, /.?) (3, Insightful)

nine-times (778537) | more than 5 years ago | (#26752055)

It's my business where I install the OS. It will only be on one computer at a time, but if I pay the money, the OS goes where I decide when it suits me to reinstall, without a penalty to ME.

I agree completely. I always get modded as a troll, but forced activation really is one of the things that keeps me from using Windows Vista. Every product that I've used that has activation has, at some point or another, made it needlessly difficult for me to do something legitimate. I just refuse to deal with that stuff anymore.

I have enough problems with software working properly without the developers embedding kill-switches in their software.

Re:To be fair about Vista (can you do it, /.?) (1)

benjymouse (756774) | more than 5 years ago | (#26752185)

I *have* run into problems with the Program Files folder in Vista. Some applications need to write in there and sometimes *I* want to write in there,

NO you do not want to write into program files. UNLESS you are an installer. Period.

YES some programs do - buggy programs violating coding practices for years. For THOSE there is another part of UAC (it is not all about prompts) called file system virtualization. As the name gives away it virtualizes some of the file system, such as "program files" and "windows". When switched on it lets the program believe it writes to the folders, while in reality the files are being stores below the current users folder below "Users". This little trick cheats some older apps into running, even though they perform the stupid action of writing into the hand-off folders. This little feature can be configured in the app's manifest.

Re:To be fair about Vista (can you do it, /.?) (2, Insightful)

Vectronic (1221470) | more than 5 years ago | (#26753011)

"NO you do not want to write into program files. UNLESS you are an installer. Period."

Personally, I like to think of myself as a continuously modified script, running a bio-mechanical machine.

Far more often than not (nearly always) you do not want applications to write into the ./Program Files/. folder, however, I am not a program, and I need to write to various (program files) folders for many reasons, what if I need to install a plug-in that does not have an installer, perhaps a file got corrupted, and I need to edit it, or maybe I am just bored and/or curious and feel like poking around, it is "My Computer" which includes every file and folder contained on any of its hard drives, I am not renting it from the OS, or the applications on it.

Although, you generally do not want your average e-mail checking user to be able to do those things, not because it is some mysterious taboo, but because they will generally fuck it up and not know how to fix it, but even then, if it is their personal/home use computer, they should still be able to do so, given enough dialogs/warnings... trial, error, money spent, they'l learn, but never completely locked out.

Re:To be fair about Vista (can you do it, /.?) (1)

Tibor the Hun (143056) | more than 5 years ago | (#26752599)

Not to sound like an Apple apologoist (thoug I am a fan and a user) I think Window's UAC's annoyances go beyond 1 Apple commercial which hasn't ran in months.

Re:I had a little glimmer of hope (1, Insightful)

aarmenaa (712174) | more than 5 years ago | (#26751921)

Proper user account permissions? Like the ACL system that Windows has had for more than a decade? The one that's more granular than what you can get on Linux? I guess Linux needs to ditch sudo and get real "user account permissions" too?

I don't see what you're getting at here: UAC fills almost the same role as sudo on a Linux system. Okay, I admit - it's a little different "under the hood" from the way sudo works under Ubuntu, but it legitimately works, and Microsoft actually did sit down and think this one through. For example, instead of asking to elevate for every piece of software that does terrible crap like writing into the Program Files directory, it just virtualizes that file system operation into a folder in your user account. Doesn't even ask to elevate. It does kinda cause problems when files don't end up where you expected them to, but most users never notice and it's actually a very nice way to deal with developers who refuse to follow the rules. Thanks to nice things like that, I generally only get prompted for elevation when I install new software or legitimately need access to a restricted directory, which is exactly the way it should be.

Don't misunderstand me here - there's plenty of things wrong with Vista. UAC and the NT security model weren't one of them, though. UAC was a step towards a sane default of limited users instead of having everyone run as an administrator. Defaulting everyone to admin is one of those bad decisions Microsoft made and we've been paying for ever since. Windows needs UAC, and it's the main reason I use Vista on my home box.

Try this: enable Vista's Administrator account (it's disabled by default), give it a password, then make your user account a "Limited User." What happens when it asks to elevate? Yep, a password prompt instead of the regular UAC. It's not technically sudo but it's the same effect and it works extremely well.

Re:I had a little glimmer of hope (2, Insightful)

thethibs (882667) | more than 5 years ago | (#26752385)

proper user account permissions (a la UNIX)

You mean "me, us, anybody" permissions? Windows account security is both more sophisticated and more granular. The problem is not with user account permissions, but with the out-of-the-box defaults. On this one, Microsoft can't win. If they do something that's appropriate for the average home user (a breed of cat most of /. can't even imagine), power users and tech writers get all over their case.

In the enterprise environment, the degree of user lockdown is easily adjusted on a per-user basis and runas (Windows' sudo -u) is available for exceptions.

changing 6 with half-a-dozen (-1, Troll)

zanderredux (564003) | more than 5 years ago | (#26751069)

the uac model is inherently broken. I cannot understand how these paliative measures will improve security beyond just the sense of it....

Re:changing 6 with half-a-dozen (3, Informative)

recoiledsnake (879048) | more than 5 years ago | (#26751621)

the uac model is inherently broken.

Citation needed. Along with suggestions on a better alternative.

Re:changing 6 with half-a-dozen (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26751963)

And explanation of how what Windows does is different from what KDE, Gnome or OSX do.

Re:changing 6 with half-a-dozen (0)

benjymouse (756774) | more than 5 years ago | (#26752231)

And explanation of how what Windows does is different from what KDE, Gnome or OSX do.

From the style of the statement I'd gather that it is not something Windows does or does not do. It's about something Windows is not: Linux. Very mature.

Intense? (5, Insightful)

jamesl (106902) | more than 5 years ago | (#26751103)

Intense criticism? Define "intense."

Isn't this how it's supposed to work? Release pre-production code to the community. Listen to comments. Respond to comments as appropriate.

Now define "over the top."

Re:Intense? (1)

tb3 (313150) | more than 5 years ago | (#26751805)

That's fine for the colors of a window frame, or the number of items on a pull-down menu, but OS security should not be driven by marketing and 'community feedback'. Microsoft's development methodology is fundamentally broken, and they don't seem to realize it.

Re:Intense? (1)

recoiledsnake (879048) | more than 5 years ago | (#26753117)

That's fine for the colors of a window frame, or the number of items on a pull-down menu, but OS security should not be driven by marketing and 'community feedback'.

Why not? Security levels in many cases(especially UAC) is a tradeoff between usability and security. People have spoken on the Microsoft blogs that they are okay with some inconvenience of elevation prompts for UAC changes and are not willing to sacrifice the security. Microsoft listened to them. This actually looks like a sound development methodology to take into account user feedback.

Re:Intense? (1)

benjymouse (756774) | more than 5 years ago | (#26752305)

Yeah - but apparently some of the less-technical MS brass preempted the engineers with a knee-jerk reaction something in the line of: "There's nothing wrong; it is as it is by design; you asked for it; move along!"

What's significant here is that they actually did an about face very shortly thereafter. Presumably when the real engineers and UX experts had told the brass what they thought.

Which is actually pretty significant as it hints that the actual MS engineers powers are growing.

Re:Intense? (2, Interesting)

aj50 (789101) | more than 5 years ago | (#26752633)

User: Ummm, this seems wrong...

MS: Nah, that's by design

Lots of users: WTF? No, it's wrong you idiots!

That last bit was somewhat intense but was only brought about my MS's initial attempt to wave away the problem.

Re:Intense? (1)

JCSoRocks (1142053) | more than 5 years ago | (#26752775)

Personally I'm just baffled by Microsoft listening to the community. I think that guy that got a job to spy on them also must have started putting something in the coffee. They're obviously in an altered state of mind at the moment. They'll go back to normal in a week or two and realize this was all a mistake. At that point we can look forward to our usual dose of, "we're microsoft and you're not" when we complain.

The entire concept is broken (5, Insightful)

landimal_adurotune (824425) | more than 5 years ago | (#26751111)

With the initial Vista UAC people were trained to just click yes to everything or they would turn off the function entirely. With Windows 7 it is far less frustrating but the User part of the UAC is what is broken, there is no substitution for actually educating users. That is something that is far out of MS's reach IMHO.

Re:The entire concept is broken (1)

xtracto (837672) | more than 5 years ago | (#26752539)

You might think (as well as I do) that the UAC screens are really annoying.

But just last December a friend (computer illiterate) asked to help him installing a camera on his computer running Vista. While helping him I said something bad about the moronic UAC "cancel or allow" messages and my friend told me the following:

"Although you may find the warnings cumbersome, they are good for me because it warns me if I am sure to do something. Sometimes I press somewhere without knowing and if not because of the warnings I may run programs I do not want"

His logic made me think twice about UAC... of course, people that do not need it (i.e., those of use who know what we are doing) can simply deactivate it, however it may be useful for people who do not know what they are doing.

On the other hand, I still believe that the actual messages that appear could be more explanatory... however, there comes another problem, and it is that most of the people do not care to actually READ what the system is telling them and they just see an alert message with a warning sign.

But that comes from the times of MSDOS... I remember when I was a kid and started programming computers that my father told me it would be a good Idea to make a program that would read the instructions of the programs to the users (his university students) because even when the instructions were there in the screen, they would not care to read them... people are lazy.

Re:The entire concept is broken (1)

TJamieson (218336) | more than 5 years ago | (#26753069)

Here's the secret: UAC has nothing to do with protecting users. Instead, it exists (at least in Vista) to reveal old programming problems lazy developers often made (such as writing within Program Files).

Of course the argument can be made that MS should've locked down Program Files from the beginning, but that's another discussion.

Re:The entire concept is broken (1)

darkmeridian (119044) | more than 5 years ago | (#26753143)

The concept is also out of anyone's reach. As computers become more and more ubiquitous, a smaller percentage of computer users are specialized. The typical user nowadays expects a computer to just work like a TV or microwave. They just want to use the wonderful computer and do not have time to read instruction manuals or even prompts. But when computers do not work, they freak out and blame the computer.

No one is immune once you reach out to average users. As Apple starts to penetrate the market, you will see more and more trojans and spybots for OS X as well. I mean, even Linux users fall for phishing scams through the computer. It will only get worse as Linux gets onto netbooks and low cost computers.

I do not envy Microsoft's problem, but we ought to realize their problem will soon be ours.

windows users are STILL more tolerant than ME (5, Interesting)

v1 (525388) | more than 5 years ago | (#26751161)

The pain threshold, it turned out, was just two prompts in a session, which DeVaan defined as the time from turning the PC on to turning it off, or a day, whichever is shorter. "If people see more than two prompts in a session they feel that the prompts are irritating and interfering with their use of the computer," DeVaan said.

I get asked for my password when I do something in terminal that requires sudo, but other than that, I don't get a security prompt more than once a day on the average. Again depending on what I'm doing. I can go an entire day and not see one sometime.

I suppose I'd like to spend a day watching a windows7 user and see WHY they are getting all these UAC popups. I can't believe that if the OS is engineered properly if there would be any reason for it with ANY frequency unless you're doing things that *I* might find common, which is not Joe User.

I have my mother's main account on her machine as a limited user, and she knows the admin l/p when needed. I bet she gets asked for it once every 2 weeks at most. (like when a firefox update wants to install, and then it's behaving exactly as expected and desired) THAT'S how I'd expect ALL "typical" computer users to want to see. I'm absolutely certain I'd be getting a phonecall after she got prompt number two (for no good reason) in the same day. Why does it keep doing that? Fix it!

Application for Windows (4, Interesting)

jgtg32a (1173373) | more than 5 years ago | (#26751453)

There was an article a while back about some application programmer complaining about the security model in Vista and what a pain it was to develop for.

What it actually came down to was the programmer was complaining about having to separate privileged code from non-privileged code.

Just about every app made for Windows run in admin mode and UAC will complain about it.

In *nix it would be like requiring root to run the tar or ls commands.

Re:Application for Windows (1)

NSIM (953498) | more than 5 years ago | (#26752133)

"just about every app runs in admin mode" is the most utter rubbish I've seen for a while. I have a wide selection of apps installed on my system, the only ones that trip UAC are:
DVDdecrypt (runs without admin, but bitches about it)
Core Temp (has to run as admin)
Handbrake (can't update profiles unless it's running as admin)
Everything else runs just fine. (Office, Paintshop Pro,Firefox, Thunderbird,utorrent, Omea RSS reader, and dozen or more other applications that I'm too lazy to list)

Re:windows users are STILL more tolerant than ME (2, Insightful)

0123456 (636235) | more than 5 years ago | (#26751483)

"I can't believe that if the OS is engineered properly if there would be any reason for it with ANY frequency"

Yes, but this is Windows, which has been so poorly engineered for so long that roughly 97% of applications expect to be run as Admin; and thanks to the delights of 'backwards compatibility', Joe Sixpack will be running many of those applications for many years to come (heck, I have a copy of Word from the Windows 3.1 era on my Windows PC because I had to open old Word files and current versions wouldn't read the old format).

Re:windows users are STILL more tolerant than ME (4, Insightful)

v1 (525388) | more than 5 years ago | (#26751855)

but this is Windows, which has been so poorly engineered for so long that roughly 97% of applications expect to be run as Admin; and thanks to the delights of 'backwards compatibility'

ya, but wasn't that what Vista was all about? Causing 80% of the existing windows apps to spontaneously combust and force the developers once and for all to fix their crap? What happened to that? (guessing... public outcry from the users and lazy devs pointing at MS as the blame) I thought that was the reason that Windows7 was going to make an even more solid, committed attempt to force the developers to adopt good coding practice. MS can't just continue to roll over on this issue.

Re:windows users are STILL more tolerant than ME (1)

0123456 (636235) | more than 5 years ago | (#26751973)

"ya, but wasn't that what Vista was all about? Causing 80% of the existing windows apps to spontaneously combust and force the developers once and for all to fix their crap?"

Well, that was kind of my point: even if they get developers to fix their broken applications that expect to run as Admin for generic tasks that shouldn't need it, the old versions of those applications will still be around for years to come, and people using those applications will complain until Microsoft have to do something to make them less painful to use.

Microsoft grew big and fat on 'backwards compatibility', and now it's turning from a huge advantage into a huge problem.

Re:windows users are STILL more tolerant than ME (1)

Rycross (836649) | more than 5 years ago | (#26751993)

What happened to it? UAC was panned by Slashdot, panned by the press, panned by Apple, panned by developers, and hated by users. Everyone blamed Microsoft for "breaking things" and "annoying prompts" when it was the crappy application developers' fault in the first place.

The moral of the story is that people don't care what's technically correct. They just want their apps to work. Microsoft absolutely can roll over on this issue, because their customers want them to.

Re:windows users are STILL more tolerant than ME (4, Informative)

clodney (778910) | more than 5 years ago | (#26751975)

I've been running Vista on my home/gaming rig for over a year now. It runs Steam, Fallout, Oblivion, Half-Life, Office, DevStudio, Firefox, Thunderbird, KeePass, Paint Shop Pro, Python, AV, iTunes - lots of stuff, some old, some new, some MS, lots of ISV.

I probably encounter a UAC prompt every week or two. Going into the control panel is pretty much guaranteed to trigger it, ad does updating a device driver, or installing/updating software.

That's pretty much it. I have at least one app that writes settings into its program files directory, but Vista silently redirects that to somewhere in the profile directory without requiring UAC.

The reality is that MS has been pushing ISVs for years to stop relying on admin access. Look at the requirements for getting the Windows logo on your app - one of the reqs is that it has to run as a normal user.

Between that pressure and the fact that Vista does trap and redirect some of the most common accesses to HKLM and Program Files, most shrinkwrap userland apps work fine in Vista.

When you start talking about things that a guy in the IT group whipped up in a few days back in 1998 thinks aren't nearly as rosy, but most home systems don't have to deal with that crap.

problem, soon as you say "i have ben running vista (1)

CHRONOSS2008 (1226498) | more than 5 years ago | (#26752471)

thats were it all goes wrong go back to XP and enjoy life , so what if they end support in 2014 thats what 4 - 5 years away.
BY then they might have windows666 ready and actually doing things right

Re:windows users are STILL more tolerant than ME (1)

Aladrin (926209) | more than 5 years ago | (#26752085)

The problem is that Window isn't doing uncommon things, the programs are. They are designed with WindowsXP-do-anything-you-like-as-admin philosophy, instead of restricting their business to their own areas.

In my experience, Vista seems to Admin Popups than Linux because the apps are doing stupid things, not because Vista was designed wrong. When I think about when Vista pops things up, it's the same times I'd be required to sudo in Linux: Installing/changing/deleting stuff globally for all users.

I don't use many apps now that haven't been updated for Vista, so I don't see the annoying behavior on Vista any more than on Linux.

Re:windows users are STILL more tolerant than ME (1)

nine-times (778537) | more than 5 years ago | (#26752121)

I can't believe that if the OS is engineered properly if there would be any reason for it with ANY frequency unless you're doing things that *I* might find common, which is not Joe User.

I can believe that a properly engineered OS would prompt that frequently, assuming enough improperly engineered applications. And there are plenty of crappy Windows apps floating out there to make this thing believable.

Re:windows users are STILL more tolerant than ME (1)

benjymouse (756774) | more than 5 years ago | (#26752405)

My wife stole my old cool acer ferrari 3400 when I got a new dell. It wasn't that it was faster than what she had, but she really liked the color of that thing (all shiny Ferreri red).

Anyways - she runs Vista Business. She's on a user account and she does not know my admin pw. She went a good 6 months using it every day before she experienced the UAC prompt. She had to install a new homebanking app.

I'd say it works as intended. For everyday work - even with Visual Studio 2008 - I don't get UAC prompts. (I did with VS2005, though)

Caves? (4, Insightful)

ukyoCE (106879) | more than 5 years ago | (#26751167)

This is hardly "caving". Microsoft was alerted to a security issue, and they're fixing it. How did this get spun into an anti-microsoft story?

Did I miss some story where Microsoft said they absolutely refused to fix the problem, but now a few days later they're giving in and fixing it?

Re:Caves? (4, Insightful)

Lostlander (1219708) | more than 5 years ago | (#26751233)

I agree, I hate Microsoft as much as the next Linux user but seriously agreeing to change something in a beta isn't caving it's feature adjustment. The tittle of the summary is just flamebait. Windows 7 seems to be a functional Microsoft operating system for a change and people are freaking out looking for something to hate about it.

Re:Caves? (1)

Rary (566291) | more than 5 years ago | (#26751493)

Not only that, but this very forum is overrun with people complaining about how many times UAC prompts appear in Vista, and this story is about Microsoft responding to users' complaints and reducing the number of prompts, only to then be told that now it had too few prompts. So, they're listening to users' complaints again and rolling things back.

But apparently that's "caving".

Re:Caves? (4, Insightful)

Hal_Porter (817932) | more than 5 years ago | (#26751867)

A true slashdot user believes all these things

1) The flaw in XP was that everyone run as admin. Unix's system of running as a limited user and doing a privilege escalation via sudo each time you do something that requires admin rights.
2) The flaw in Vista was UAC, where you do a privilege escalation each time you do something that requires admin rights.
3) The first Windows 7 beta had a flaw where it was possible for malware to disable UAC programatically and thus bypass it.
4) Microsoft have 'caved' and changed UAC in the Windows 7 release candidate.

and he believes them simultaneously too.

Re:Caves? (3, Insightful)

Cro Magnon (467622) | more than 5 years ago | (#26751265)

This is hardly "caving". Microsoft was alerted to a security issue, and they're fixing it. How did this get spun into an anti-microsoft story?

This is slashdot. Nuff said.

Re:Caves? (0)

Anonymous Coward | more than 5 years ago | (#26751517)

Erm, why is this modded troll? Every time I come on /. it's HURR DURR MICROSOFT PRIVACY FUCK THE SYSTEM HURR DURR. A few arrogant fucktards in their basements decide to base their world philosophy on their distro - that's their loss.

Re:Caves? (1)

the_humeister (922869) | more than 5 years ago | (#26751377)

You want to know why? Microsoft eats babies and worships the devil! That makes them EVIL! Ergo, whatever they and anyone else associated with them does anything, it must be spun negatively no matter what.

Re:Caves? (0)

Anonymous Coward | more than 5 years ago | (#26751405)

A security issue?

Then it was a security issue being publicly advocated by the senior vice president responsible for Windows' architecture and core components.

Re:Caves? (3, Informative)

DavidR1991 (1047748) | more than 5 years ago | (#26751465)

"This is hardly "caving". Microsoft was alerted to a security issue, and they're fixing it. How did this get spun into an anti-microsoft story?"

They stated it was by design a few days ago, immediately after the issue was posted, that's why

Re:Caves? (1)

Hal_Porter (817932) | more than 5 years ago | (#26751967)

This is the good thing about commercial software. The technical people can be overruled by the marketing/management people if their decisions are unpopular with a majority of users. Non commercial software doesn't have this ability.

Re:Caves? (0)

Anonymous Coward | more than 5 years ago | (#26751637)

For all I prefer using a *nix system I want to complain about systems because there is a problem.

If MS go down I want to think that it was because they made a bad product. At the minute I'm worried that if they go down I'll just end up thinking it was because people THOUGHT they made a worse product than they do.

Need more windoze 7 articles! (0)

Anonymous Coward | more than 5 years ago | (#26751251)

Seriously.

Windows 7 Windows 7 Windows 7 Windows 7 Windows 7 (-1, Flamebait)

Spatial (1235392) | more than 5 years ago | (#26751253)

Windows 7 Windows 7 Windows 7 Windows 7 Windows 7 Windows 7 Windows 7, just in case you forgot. But how could you? WINDOWS 7!

Not even Slashdot can shut the fuck up about it for five consecutive minutes, pre-order today! That name again, Windows 7!

Re:Windows 7 Windows 7 Windows 7 Windows 7 Windows (1)

Spatial (1235392) | more than 5 years ago | (#26753149)

Flamebait mod :(

The idea was to make a joke about how although Slashdot is pretty anti-Microsoft, there's a veritable advertising campaign here for their latest product iteration. Irony, you know? Clearly I bodged it though...

I thought it was a new product (0, Offtopic)

Hognoxious (631665) | more than 5 years ago | (#26751359)

Look like you try hunt mammoth!

Do you want:

* Use pointy stick
* Use big rock
* Install bow and arrows plus pack?

At least they're trying (1, Informative)

javacowboy (222023) | more than 5 years ago | (#26751361)

First of all, Microsoft screwed up initially because DOS and the non-NT versions of Windows didn't implement the concept of a multi-user, networked operating system like Unix and NT did. This means that when the internet took off, Microsoft was selling an operating system for the masses that was not architected to be used securely over the internet.

The consequences were disastrous. Malware, including viruses, warms, trojans, adware and spyware spread like wildfire over Windows systems over the internet. Zombie machines became common. Software was written to require admin privileges to install and run correctly.

By the time Microsoft realized they needed to fix the problem (between XP and XP SP2, depending on how you look at it), there were too many legacy dependencies for Microsoft to switch whole-hog to a Unix style multi-user, restricted user by default system.

Still, they did try to do something about it. They merged NT and 9.x into a single operating system and kernel, namely, Windows XP. It was now possible to create multiple users, including admin and non-admin users. They implement the Run As functionality, to allow non-admin users to temporarily escalate their permissions.

I know Run As mostly worked, because I spent a few hours setting up my dad's XP and Vista computers with regular user accounts. There's the odd program that doesn't run correctly (or at all) as a regular user, but they all run correctly with Run As. I think there was only one program he had that used to run correctly under his old account that didn't work at all under the new setup.

Still, there are third party software developers that perpetuate use of the old system, and force Microsoft to enable admin users by default. Among those are game developers, that require users to run as admin *AND* stay connected to the internet (I believe Half-Life 2 requires this, but I'm not sure). This is grossly irresponsible, and Microsoft needs to do more to discourage this practise.

Still, as awkward as it initially was, UAC was a step in the right direction. It was too obtrusive in Vista, so they toned it down in Windows 7. Now, they realize they need to go partway back in the opposite direction again.

I'll give Microsoft credit for trying really hard to fix their past mistakes. However, some third party developers need to be smacked down hard for forcing Microsoft to maintain its past mistakes.

Sandboxing? (1)

Seth Kriticos (1227934) | more than 5 years ago | (#26751363)

I still don't understand why they don't just sandbox any application that wants to be installed and only when it tries to access user data there should be a prompt.

You know, something like "Market watch X wants to inspect your porn collection [allow] [yes]" instead of "blah blah privileges blah [allow] [maybe]"

Re:Sandboxing? (0)

Anonymous Coward | more than 5 years ago | (#26752587)

performance?

Brilliant! (1)

Saija (1114681) | more than 5 years ago | (#26751373)

Second, changing the level of the UAC will also prompt for confirmation.

Oh great!
a confirmation for the confirmation dialog...

Re:Brilliant! (1)

quickOnTheUptake (1450889) | more than 5 years ago | (#26751809)

One of the recent issues discussed on /. was that it was a huge security threat to have scripts able to turn off UAC without any notification. This is exactly what MS needed to do.

"Do not alert me again." Checkbox (1)

FathomIT (464334) | more than 5 years ago | (#26751433)

Couldn't they set it up with all the crazy user restrictions in place and then just add that nice little checkbox that says: "Do not alert me again."

Most of the computer users on the planet will think twice if the alert is made simple and clear.

Re:"Do not alert me again." Checkbox (1)

AndrewNeo (979708) | more than 5 years ago | (#26752031)

The UAC dialogs on Windows 7 have a 'change how often this dialog appears' text link in them.

Still missing... (3, Insightful)

Mascot (120795) | more than 5 years ago | (#26751479)

the one thing that will make me consider not turning it off. A "do not ask again for this application" checkbox.

Come on. Every firewall/HIPS system I can remember trying the past decade or so has an option to remember the answer.

This obviously won't work for settings, but for when starting an application? God, it's so needed.

Re:Still missing... (2, Insightful)

MBCook (132727) | more than 5 years ago | (#26753009)

Why should any application need that checkbox?

No application should be asking for privileges that much, unless it accesses special hardware (easy example: something akin to WireShark). A normal application (like FireFox) shouldn't need to ask for permission all the time. If it does, it probably has a design flaw.

If you grant full permissions in the way you are suggesting be made possible, then if a new version of the application alters it's functionality (or some time-bomb kicks in) then it can do things you didn't authorize (like erase other programs) because it was given blanket authorization by you so you wouldn't be nagged about some stupid thing it was doing (like changing your wallpaper).

You want the "always" button to be more granular? So now I have to check 5 different "always" boxes on 5 different prompts so some poorly written application won't bug me... until I use some new function and it asks for a 6th time. Having the "always" box not mean "always for everything" will confuse a great many users.

Well written programs don't have this problem. I've been using OS X for years and the only two applications that prompt me on any kind of regular basis are Software Update (which has to touch all sorts of software and the system software, I'm going to include MS's Office Update in here too) and the Installer used by some applications (because they may need to install libraries or check for other installed software). User space applications almost never trigger these questions. They don't NEED to.

Re:Still missing... (1)

SuiteSisterMary (123932) | more than 5 years ago | (#26753219)

You're almost there!

UAC was never about the user; it was about the developers. For ten bloody years now, everything necessary to write apps without admin requirements, without needing to write to places like program files, and so on, have been in Windows.

You could do it in WinME, you could do it in Win2000, you could do it in XP. Developers didn't bother. I *still* find programs that want to write user data to program files. Hell, I just about fell over when I discovered,installing the 'network' version of Quickbook 2008, that it sticks a file on a network share with a lockfile. Like dBase and Foxpro and what not for WfWg 3.11 did.

UAC is a big FU to those developers. It just didn't work as intended. People bitched at Microsoft for all of the 'unnecessary' prompts, rather than bitching at the developers for writing software that expected crazy access to the computer.

So in other words... (1, Troll)

PontifexMaximus (181529) | more than 5 years ago | (#26751495)

to change anything in the UAC I'll get a 'confirmation' box that I'm running something with Admin privs, I'll need to authenticate, requiring another dialog, then when I change the level I will get ANOTHER dialog asking me to confirm my changes?

Man, that's brilliant, let's add yet another dialog asking 'Are you sure you want to do this? Really, really sure?'

Wow. I have to admit, this level of bureaucracy makes the Federal Government look lean and mean by comparison.

Re:So in other words... (1)

Tony Hoyle (11698) | more than 5 years ago | (#26753183)

Changing the UAC level is something you do maybe once (or maybe never, since in Win7 the UAC is a lot less annoying).. you'll never see it again.

However if an app manages to exploit a hole in one of MS' signed apps, run itself elevated silently and attempt to change the UAC level, you'll be warned (Of course if said app manages to do that changing UAC will be the least of your worries...).

UAC is useful (4, Interesting)

DarthVain (724186) | more than 5 years ago | (#26751509)

While many may scoff at UAC, it does do something very well. It foists responsibility on the user. While this may not be the nicest thing to do, it enforces perhaps the most difficult ideal. That being of awareness of security. User that have no idea, will not be aware of how to protect themselves. Perhaps I am being too forgiving but perhaps someone in Microsoft has actually come up with the philosophical crux of security argument in that no matter how well you design a system, no mater how many updates, patches, or how secure a system you make, someone at some point is going to break it. If DRM, or adware, malware, virus, or Trojans have taught us anything, is that no matter our perceived security we are all vulnerable at some level and all that it takes is someone willing to go the distance and break it. I think microsoft would be correct in its thinking that they will always be target #1, and for the foreseeable. That said, how do you protect yourself from all the bad guys in the world. Well you could create some wonderbar new technology that will secure your systems, and update it constantly to try and keep up with attacks, knowing that it will eventually fail. Or you can implement that and make your users aware of basic security issues, which would probably be about a thousand times more useful as most of the time these things happen when a stupid user opens a file he shouldn't or downloads something sketchy, etc...

I mean when you hose your box you have no one to blame but yourself. Usually it become apparent shortly after you tell UAC to go screw itself. Then you know. Now in the future when you download that mp3 and try to open it with media player, which doesn't reconize the file type, you might actually think. "Ok this may be a codec it doesn't know, or it is a very bad idea to get it to try and open it anyway, perhaps I will just update my codecs and see what happens".

Anyway I am sure some security professional (both IT and otherwise) will attest to having a user informed and aware of potential threats is far more useful than anything else.

Of course perhaps I am just giving Microsoft too much credit.

Re:UAC is useful (0)

Anonymous Coward | more than 5 years ago | (#26752329)

But windows even without UAC has so many dialog boxes that users have been essentially trained to click "OK" without reading them. (I don't have the link, but there was actually a study that showed this to be true.) So, especially because no password or other significant action is required of the user, UAC is just another set of dialog boxes to click through.

Wait, isn't it a beta? (0, Redundant)

Nick Fel (1320709) | more than 5 years ago | (#26751539)

Beta had something wrong with it, beta testers spotted it, company fixed it prior to release. How is this news? Next headline: release candidate close to final version!

Re:Wait, isn't it a beta? (1)

yakumo.unr (833476) | more than 5 years ago | (#26751831)

Because at first MS declared it 'by design', and 'wont fix'. The 2 fixes they have implemented a great news, they claim at least one of them was planned anyway. I don't care how it happened, I'm just very glad it did.

ANOTHER new product tied to Windows?!? (1)

Astadar (591470) | more than 5 years ago | (#26751605)

When _I_ read the headline, I thought it was an announcement of a new product called "Microsoft Caves", which would change security in Windows 7.

I figured that in order to improve security, they would put you in your own "cave" (figuratively or, perhaps, literally). Seemed like a terrible concept, but from the makers of "Bob", who knows...

"User switching now called 'visiting another person's cave'!"... uh... wait... maybe not.

From WhoCares to Astroturfing (1)

Dotren (1449427) | more than 5 years ago | (#26751635)

These Microsoft article responses are funny.

First it was tagged "whocares" which I thought was somewhat silly considering the related article [slashdot.org] ended up with 379 comments, many of which were condemning said UAC security hole. Obviously, a lot of people, even those who don't even use Windows, did care or at least found it interesting.

Of course thats all in the past since the tag seems to have been replaced by "astroturfing", which would be correct since the article was about a positive change. After all, we wouldn't want anyone to come under the false belief that anything positive from Microsoft is anything other than a PR scam to make you forget that they're evil.

Come to think of it, this article clearly needs the "itsatrap" tag!

Blah blah blah (0)

Anonymous Coward | more than 5 years ago | (#26751985)

Cwmike, who links directly to computerworld, who have been sucking microsoft dick since the beginning. OH WOW another Microsoft Windows 7 ad. WE'RE NOT GOING TO BUY THAT ONE EITHER, REDMOND. Take your Microsoft tax and shove it.

Integrity requires elevation? (0)

Anonymous Coward | more than 5 years ago | (#26752551)

"First, the UAC control panel will run in a high integrity process, which requires elevation."

So.. what happens if the user does not have enough rights to display the UAC prompt? Will the OS attempt to spawn an UAC prompt to acknowledge the display of the first prompt? Oh my, headaches have begun already...

Error... (0)

Anonymous Coward | more than 5 years ago | (#26752697)

Did anyone else see that "Error" on the screen, from 00:59 - 01:01? Fail! :)
It probably had to do with an Internet connection not being available, although I can't tell for sure, because I am a Gnome boy.
(And) I'm not perfect.

Union Aerospace Corporation (2, Funny)

HisMother (413313) | more than 5 years ago | (#26753065)

It's been years, and I still chuckle when I see a reference to Microsoft's UAC. They couldn't have chosen a more appropriate name for it!

Security smurity (0)

Anonymous Coward | more than 5 years ago | (#26753169)

As a linux user the features that I like best about Vista, and upcoming Windows 7, are the security features including UAC. Consider a virus that is new and undetected by your antivirus software trying to run as the user currently logged in. Should it be allowed to do it's thing silently or should the user be prompted for every little step the virus wants to take? I, for one, would like to be warned and have the option of saying no multiple times before I lose data, time, productivity, money, etc one time. Personally, I think it should do what Debian does and require the admin password when it prompts for a UAC issue. It's a last line of defense. But if you don't want it it is very simple to disable, so why are you bitching bout it to Microsoft? Take some responsibility for your own user experience and just turn it off.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...