Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Details on Refining Vista's User Control

Zonk posted more than 8 years ago | from the progress-moving-forward dept.

304

borgboy writes "Windows Vista has gotten a lot of negative press recently following the release of the latest beta, especially regarding excessive prompting for privilege escalation for seemingly common activities. On his blog, Steve Hiskey, the Lead Program Manager for User Account Control in the Windows Security Core group, details what the issues with the excessive prompting are, what the design goals of the feature are, and how they plan to achieve them. Briefly - they know the excessive prompting is a royal pain, they know that have to reduce it to an absolute minimum to be both productive AND an effective security risk mitigation measure, and they want as much feedback as they can get on the beta."

cancel ×

304 comments

Why the interest? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15454801)

If I'm getting what I want from my OS already, why bother upgrading from Mandriva?

Re:Why the interest? (0)

Anonymous Coward | more than 8 years ago | (#15454816)

To get more.

Re:Why the interest? (1)

kfg (145172) | more than 8 years ago | (#15454855)

Clearly you are not ranking giving Microsoft money a high enough priority in your desired OS feature set.

Don't worry, they're working on that; and you vill like it!

KFG

Re:Why the interest? (3, Funny)

stupidfoo (836212) | more than 8 years ago | (#15455038)

Three reasons:
1. You can save your game in solitaire
2. You can save your game in freecell
3. It includes a super pretty chess game!

Re:Why the interest? (0)

Anonymous Coward | more than 8 years ago | (#15455322)

If I'm getting what I want from my OS already, why bother upgrading from Mandriva?
At least you acknowledge that it would be an upgrade...
but more power to ya if you like what you've got.

malware safeguards (3, Insightful)

Douglas Simmons (628988) | more than 8 years ago | (#15454810)

As a result, Windows cannot tell if YOU launched the application or if malware launched the application.

So what's to stop malware from affirming the prompt? It isn't even a hurdle.

Re:malware safeguards (1)

Anonymous Coward | more than 8 years ago | (#15454836)

So what's to stop malware from affirming the prompt? It isn't even a hurdle.


I think the real question is how to stop users from hitting the "install spyware", "yes go ahead and screw my OS" and "open all ports and share my hard disk to world" buttons.

Re:malware safeguards (0)

Anonymous Coward | more than 8 years ago | (#15454845)

Plus... people are upset about prompts... give me fucking strength. How about getting upset at the DRM that has been built into the core of the operating system. Vista is designed to ensure that you have *no* control over the machine, never mind whining about a few pissing dialogs.

Re:malware safeguards (1)

naelurec (552384) | more than 8 years ago | (#15454955)

Sounds like smoke and mirrors.. Make a big fuss about UAC that everyone who is testing is focused on UAC issues and DRM just silently passes without any media attention.

Brilliant!

Re:malware safeguards (1, Funny)

brouski (827510) | more than 8 years ago | (#15455504)

You remind me of one of those creeps on Stormfrot or similar that can turn any news story into a rant about Jews.

Re:malware safeguards (2, Insightful)

Tim C (15259) | more than 8 years ago | (#15454905)

Presumably the malware won't know your password...

Re:malware safeguards (5, Informative)

spongman (182339) | more than 8 years ago | (#15454971)

the prompt appears on a sparate desktop, it's HWND isn't retrievable by any application, and the regular keyboard message pumping mechanism is bypassed.

unfortunately, this breaks the brilliant synergy2 [sourceforge.net] tool temporarily...

Re:malware safeguards (1)

zuvembi (30889) | more than 8 years ago | (#15455205)

That sounds like it won't work very well with screen readers (i.e. for visually impaired users). Do you know how they get around that sort of thing?

Re:malware safeguards (0)

Anonymous Coward | more than 8 years ago | (#15455439)

So what's to stop malware from affirming the prompt? It isn't even a hurdle.

That's true, it's not. I work for a company that sells software which uses an SSL connection to talk back to our servers. When the program would first run it would make a connection, and since our certs were self signed Windows would prompt the user to accept the unknown CA. If the user clicked the wrong button the problem wouldn't work right and we had tons of support calls.

Since at the time certs were very expensive and writing a function to click the button was cheap, we released a new version a few days later to accept the certificate for them.

I'm surprised there isn't already more of this going on in the malware world.

Re:malware safeguards (0)

Anonymous Coward | more than 8 years ago | (#15455565)

If the user clicked the wrong button the problem wouldn't work right and we had tons of support calls.

I hate it when problems don't work right.

Here's how to delete a file on Windows Vista (5, Funny)

ASkGNet (695262) | more than 8 years ago | (#15454817)

Re:Here's how to delete a file on Windows Vista (2, Funny)

$RANDOMLUSER (804576) | more than 8 years ago | (#15454947)

That's hysterical. I bet it takes fewer clicks to format a hard drive.

Broken security model -- AGAIN! (2, Insightful)

A.K.A_Magnet (860822) | more than 8 years ago | (#15454966)

Regarding the link posted by parent, the problem is: why the Hell doesn't this file (a shortcut), which actually seems to be on the main user's desktop, BELONG to the corresponding user?? Why does it belong to "SYSTEM"? I can't understand how Microsoft succeeds in screwing up things so much each and every time. It's not like there aren't easier, working and well-thought security models (look at UNIX's perms simplicity and efficiency, and they can be completed with a more thorough ACL system).

Those who don't understand Unix are condemned to reinvent it, poorly

Re:Broken security model -- AGAIN! (2, Insightful)

A.K.A_Magnet (860822) | more than 8 years ago | (#15455114)

And btw, just to make things clear, the default configuration is a part of the security model. Which means a file with wrong permissions, or wrong owner, created by the system installer, shows misunderstandings in the security model chosen. It's like you'd have file belonging to root on your desktop.

Another thing is surprising: how can you do privilege escalation without entering your password/authentification of any kind? How is it more secure if there is no user entry? It's just like a sudoers file with the "NOPASSWD" directive on your user; you can become root as you wish (without entering password), but then, malicious programs can, too. If this is the default configuration on Vista, there won't be any benefit except in corporate networks where admins supposedly know their job (I suppose only the "main user" has the "sudoers" rights, but these people will be the ones who are now admin on their Windows [zombified] computer, and they are a huge part of the problem [think spamming, DdoS'ing, etc..]).

Re:Broken security model -- AGAIN! (1)

NutscrapeSucks (446616) | more than 8 years ago | (#15455195)

Another thing is surprising: how can you do privilege escalation without entering your password/authentification of any kind? How is it more secure if there is no user entry? It's just like a sudoers file with the "NOPASSWD" directive on your user;

Perhaps someone can correct me, but my impression is that it did ask you for a password if you were a normal user. But as an Administrator, it just prompts yes/no.

So this would be more like logging into Unix as "root" and rather than just ignoring permissions, the system would prompt you if you wanted to break them.

Re:Broken security model -- AGAIN! (1)

A.K.A_Magnet (860822) | more than 8 years ago | (#15455479)

Yeah you may be right, in that the "Admin" and "SYSTEM" account seem not only different in names, but in level of permissions too. So "Admin" isn't really root, SYSTEM seems to be (but you can't log as SYSTEM).

With UNIX, there is never any authentification asked to root (but asking for confirmation is never useless ;)), because everything root asks is holy ;). Yet, if the "Admin" account has to go through these 6 stages of confirmation to remove a shortcut, then there is a UI problem :). The first confirmations should be enough. And if that's a user account, then there's definitely a security problem.

Regardless to privilege escalation, the file on YOUR desktop shouldn't belong to anyone else than YOU in the first place. And really, people need to get used to only log as a regular user.

Re:Here's how to delete a file on Windows Vista (3, Interesting)

deficite (977718) | more than 8 years ago | (#15454969)

Perhaps that'll annoy people enough not to delete the system icons. I used to get so mad when I used the family computer and my dad would delete an icon for something on his account and it got deleted on mine too. Another thing about shortcuts I hate: some applications only install them for the account you installed the program with. I had to make shortcuts by hand for every account on the machine or manually copy the shortcut to the shared shortcuts.

Re:Here's how to delete a file on Windows Vista (3, Insightful)

Anonymous Coward | more than 8 years ago | (#15455394)

First, two of his seven steps are just emptying the recycle bin. He says he has to do this "every time he wants to delete a shortcut". He clearly doesn't understand the recycle bin. If he doesn't want its functionality, he can turn it off or shift+delete the file (which bypasses the recycle bin for that operation)

Second, his first step is simply "look at the shortcut." No action was taken.

Third, it's already been publically stated that the UAC will not cover this case in the future. Now we're down to 3 clicks.

Lastly, I'm unsure how he got a shortcut on his desktop that he doesn't own. I've been using Vista for months now (assorted builds) and I haven't run into this situation. This seems like a bug to me.

Assuming this bug gets fixed, we're now down to 2 steps - click delete, confirm delete. This, in my opinion, is the optimal number of steps. A confirmation on delete activities is probably good. Especially since the delete confirmation can be turned off in the recycle bin options for power users.)

Already fixed (1)

I'm Don Giovanni (598558) | more than 8 years ago | (#15455455)

From the article (one of the blog comments)"
"We fixed deleting Desktop Icons in the current RC1 builds. Unfortunately, the Beta 2 build still has the (many) step user experience. It is an interesting dilemma on how ISVs should write their installers to place icons though. The advantage to putting the icon on the all-users desktop is that any NEW user will also get the icon. We (windows) need to add some sort of "hide" technology to have it both ways... and we haven't done that yet."

the real problem (2, Insightful)

BerkeleyDude (827776) | more than 8 years ago | (#15455461)

The real problem is: the icon belongs to the system, not the user. So the user shouldn't try to delete it, since it will affect other accounts, too.

Of course, that means the user can't get rid of the icon at all, which is a bug in the way desktop displays icons. It should either:
1) display only the user's icons, or
2) allow the user to "hide" system icons.

Same problem with the Start menu, by the way.

Freedesktop.org's menu standard is much better. (At least, the way KDE works - I assume that other DEs support this, too). The user can create a local shortcut with the same name, and it will override the system icon. The shortcut can be marked as "hidden", which will effectively delete the system one for the current user.

Re:the real problem (1)

BerkeleyDude (827776) | more than 8 years ago | (#15455517)

Also, the freedesktop.org example applies only to the menu, not the destkop.

As far as I know, the desktop is a regular folder that displays only the user's icons, and nothing else. So programs don't install icons there in the first place. Which is a good thing, in my opinion.

SAme as in OSXs early days (1, Troll)

Henriok (6762) | more than 8 years ago | (#15454818)

Mac uses have gotten used to the authorization of petty procedures by now but it was a real nuisance in the beginning, some five years ago. Software developers have gotten used to it also and have written better installers that don't require multiple instances of authorization, or any at all, installers that installs in non restricted areas and so forth. I think these issues will pass with time for Vista users too. In the mean time, they really shoud take joy in the fact that malware will be increasingly scarce on the platform.

Re:SAme as in OSXs early days (3, Interesting)

plasmacutter (901737) | more than 8 years ago | (#15454901)

I am a mac user, and have been using it since osX's early days, and the tasks they request authorization for are not "petty".

on the other hand, I have gotten those prompts in osX for microsoft and real built applications which were trying to do things which they had no business doing.

all the open source players i have installed on osX (I have 2 or 3) have never required root authorization for anything, yet wmp and real wanted to access my root files, why? This hints at how invasive the programs are, what are they doing monkeying around at that level on my system.

The user prompting you are seeing in windows is not necessarily excessive, it may arise from genuine security concerns because of how invasive microsoft is to their users, as reported in previous years consistently with hidden logs, spyware bundling, and surruptitious installation of DRM modules. (I have office 2004 on my mac, was prompted for a root pass, and immediately hunted down where the change was.. it turns out it snuck a drm bundle into my web browser!)

Re:SAme as in OSXs early days (4, Insightful)

Frobozz0 (247160) | more than 8 years ago | (#15455076)

No, this isn't even close to be the same. Vista asks you for confirmation of nearly everything you can possible do on the computer. At no point did OS X do this. While *installation* of applications have always asked for confirmation, and access to your Keychain has also, pretty much nothing else does. Vista, on the other hand, is about a gnat's hair away from asking you to confirm "Did you really want to click?"

I've used the beta. It's awful. The usability of the file "explorer" is atrociously convoluded. It makes it even more complicated to know what's going on that XP did. And, to keep this on topic-- the security measures are astoundingly invasive. Vista seemingly asks you to confirm the same type of function, triggered in the same way, but by different applications. Look, if I want port 80 HTTP requests to go through, I want them to go through all the frickin' time. Don't make me repeat myself. (Yes, this is only an example but it's indicative of the process you'll go through time and time again.)

Maybe it's the horrible presentation of the dialogs that does it? They offer ZERO information about what *application* (in English instead of seemingly random strings of letters and numbers!!!!) wants your attention. It also offers no real understanding of what is being asked of you. Microsoft, for all they did correctly with the xbox 360 interface, needs to learn how to design a dialog. Here's a fine example:

I open a jpeg file or some other seemingly harmless thing. I get a security alert box that unnecessarily shares the shit out of me with it's inappropriate use of iconography. It says something incomprehensible like this:

Application gobbleygook.exe is attempting to access suckit.dll. Do you want to want to allow this? (This is considered a minor threat.)

Oh. Great. So some EXE with a name I don't recognize wants access to a DLL (what's that-- hahaha?) that I also don't recognize. Now that I'm completely lost, Windows tells me this is not that much of a threat and I can probably click "allow" for the application I don't know to open the dll I don't know to do some task that I have no clue to what it's purpose is. Super.

I'm trying to make a point by being a bit funny about this-- but Microsoft really needs MAJOR improvement to this process. First, don't assume everything is a threat and scare a user into confirming something that is not needed. Second, improve the presentation. Third, figure out how to discen between Malware and your own software!

Re:SAme as in OSXs early days (2, Insightful)

bogie (31020) | more than 8 years ago | (#15455299)

"Application gobbleygook.exe is attempting to access suckit.dll. Do you want to want to allow this? (This is considered a minor threat.)"

This is the same problem with software firewalls. Unless your an expert user you have jack shit of an idea whether or not to allow xxxxx.exe to connect to xxx.xxx.xxx.xxx port xx.

I just don't see the constant prompting as a better alternative, I honestly hope I'm wrong though. It would be nice if MS finally was able to deliver security to the masses. Personally I am partially looking forward to Vista as new tehcnology to play around with. It is coming afterall no matter how good or bad it turns out to be. Let's hope MS turns things around over the next several months and addresses some very valid complaints with the Vista Beta.

Re:SAme as in OSXs early days (1)

I'm Don Giovanni (598558) | more than 8 years ago | (#15455488)

"Vista Beta 2asks you for confirmation of nearly everything you can possible do on the computer."

I fixed that for you. :p
Regarding all of your complaints, this is what betas are for. To get user feedback and address the problems, and obviously Microsoft is doing just that.

Re: Same as in OSXs early days (1)

mad.frog (525085) | more than 8 years ago | (#15455558)

Yeah.

My favorite was something I encountered yesterday: creating a new folder inside C:\Windows\system32, I get the "you must authenticate blah blah"... ok, fine, makes sense, I want to create a directory inside the system space.

But then when I type in the actual name I want (replacing "New Folder") and hit enter, I get the authentication rigamarole AGAIN. What, like I was going to leave it named "New Folder"? Sheez...

Re:SAme as in OSXs early days (4, Insightful)

NutscrapeSucks (446616) | more than 8 years ago | (#15455079)

Well, Apple required everyone to rebuild their applications for OS X, and when they did so, they fixed all the stupid single-user assumptions. Which is great so long as your apps were ported to OS X.

Windows, on the other hand, has hundreds of thousands of apps that expect to be administrator. The software companies don't want to fix them, and Microsoft doesn't want to break them.

So MS defined a middle ground -- annoying prompts which you can't get rid of. Since there isn't a special security level which hides the prompts. presumably people will complain to the software authors and the software authors will fix the apps. And if they don't fix the apps, at least the programs will still run.

Huge Difference (2, Interesting)

astrosmash (3561) | more than 8 years ago | (#15455382)

This kind of security model has always been present in OS X, and other various unix-like flavors, so applications written for these operating systems have always expected to explicitly request super-user authorization before doing any system-level configuration.

The situation on Windows is completely different. Microsoft is retrofitting Windows with this security model, but it must still support the vast catalog of existing software that was written assuming the traditional Windows security model. So, instead of an application or installer explicitly requesting authorization, Windows watches all processes for what amounts to security violations, halts the process and prompts the user for elevation. And now they're talking about writing shims for specific problematic applications. Yikes!

To call this over-engineering is an understatement, to say the least, but what else can they do? The value of Windows has always been in its backward compatibility, and Microsoft cannot give that up without risking their dominance in the market. But this is precisely why OS X has surpassed Windows in terms of the rate of development within the last few years (also an understatement).

Re:Huge Difference (0, Flamebait)

oh_my_080980980 (773867) | more than 8 years ago | (#15455484)

"The value of Windows has always been in its backward compatibility, and Microsoft cannot give that up without risking their dominance in the market."

I don't think you are trolling but....BULL SH*T!

Backwards compatibility! In Windows!! All you have to do is look at XP's SP2 and you will find a whole host of programs that will no longer work. The user is left holding the bag on that one, hoping the software company produces a patch. In some cases software companies don't bother and tell the user to upgrade to the newest version. Thus the user is forced to pay double for an application that was suppose to work under XP!!

And I can on back to Windows 95 with compatibiity issues. That's not even raising the issue with MS Office and backwards compatibility.

That's one of MS's biggest lie backwards compatibility. With Vista it will be worse.

Considering (1, Insightful)

Shadow Wrought (586631) | more than 8 years ago | (#15454826)

That every new iteration of Windows I've used I have hated more than previous, I doubt that any amount of refinement is going to keep me from hating Vista. But we'll see.

Of course if the j-o-b foists it on us anyway, at least there will be the necessary hardware upgrade at long last...

Re:Considering (4, Insightful)

Richthofen80 (412488) | more than 8 years ago | (#15454982)

I kind of disagree. For me, it was more of a parabola. I hated Windows 3.1, hated 95 less, 98 even less, 98SE I had contempt for, and then the peak is Windows 2000, which was the most Stable and least-resource hungry. Then ME and XP were released... XP maintains some of the stability but they wonked up a ton of little things. And it looks like Vista is just stacking more 'stuff' on top to annoy me.

I think why I liked 2000 so much was that it was NT done right, a well written and stable OS without a lot of clutter. I think that if Vista really was a new OS, not just enhancements to their existing codebase, then we'd be okay with it.

I think we'll have a 2000-like resurgence in a good Windows when a Windows OS is released as a managed code OS. until then I'll keep dreaming.

Re:Considering (1)

stupidfoo (836212) | more than 8 years ago | (#15455090)

Windows 2000 was good because it was built on "NT Technology". Or, in other words, it was built on "New Technology Technology" (since NT originally meant "New Technology").

Brought to us by the Department of Redundancy Department.

Excessive security? (-1, Troll)

w33t (978574) | more than 8 years ago | (#15454856)

This "excessive prompting" is never complained about with OS X, or within Linux. What's the big deal about being asked for credentials when doing an installation or when performing privileged executions? Is not "excessive prompting" exactly what keeps malicious code from auto-executing and essentially is the primary reason there has been no self-replicating OS X worms to date?

I recall that recent "Mac Virus" which masqueraded as an image - however, if you clicked on it it would ask you for your password which set off alarms immediately. Had Apple decided that it was too much of a hassle for the user to enter their username everytime they needed to install a piece of software, this virus may very well have been successful.

I think the reason it's going to seem "excessive" is simply because of the lack of virtually ANY prompting in previous versions of Windows.

It's all relative, I would think.

Now, requiring Vista to play certain games however, that's excessively lame and nonsensical.
--
Music should be free [myspace.com]

Re:Excessive security? (2, Insightful)

Dr. Max E. Ville (821578) | more than 8 years ago | (#15455058)

This is NOT security! It's just a bunch of meaningless dialogs, that everybody in the world will learn to click "OK" to, thus making them even more meaningless. When linux asks for permissions, it's for a reason. I used several different shells / desktop environments, and never recived shit for deleting a file in ~/Desktop from any of them.

Re:Excessive security? (1)

heinousjay (683506) | more than 8 years ago | (#15455163)

Windows has an 'All Users' home directory, which is where this shortcut lived. Since it wasn't owned by the
current user, affirming permission was the right thing to do.

The flow is poorly designed, but it's the first cut of the feature, and the product is unreleased, so a little slack is in order. Of course, this is a Microsoft article on Slashdot. I should be happy there isn't a preponderance of dollar signs on this page. It's amazing you anti-Microsoft zealots finally realized that isn't clever.

Re:Mod Parent Down (1)

mpapet (761907) | more than 8 years ago | (#15455225)

You're kidding right?

This "excessive prompting" is never complained about with OS X, or within Linux.
Uhh, that's because it works right? Clearly you don't use either because you'll find there is no prompting for normal user activity.

Is not "excessive prompting" exactly...
Uh, no. Again, if you used either one you'd see they take care of the problem the right way as opposed to Microsoft's cluster fsck.

I'm guessing you are trolling for Microsoft. If not, please switch to linux or OSX and you'll see what everyone is talking about.

Re:Mod Parent Down (1)

w33t (978574) | more than 8 years ago | (#15455414)

I'm not sure why you have to say "uh" when posting. There is plenty of time to form cogent arguments without stalling for time.

At any rate, I actually do use OS X and Linux. But yes, my primary desktop is Windows. Frankly I find OS X to be overhyped and Linux is just not a great desktop. Don't get me wrong, I *heart* linux deeply and use exclusively LAMP at work.

And I do find the prompting in OS X to be excessive at times. When running software updates I must enter my password for each update.

Even from the terminal, even if I am logged in as root I still need to sudo rm -R and then enter my password to remove a directory and it's contents. It's for the best, of course, but it seems that I shouldn't have to enter my password again once I've logged in as "root the all powerful". Darwin is a weird unix-like.

Now, lastly - I'm not looking forward to Vista. I use windows pretty much because it runs my games and has the added advantage of being able to browse and process words. But I am by no means a die-hard fan. I simply have the opinion that it's a good thing that Windows is prompting more often. I am not implying that this indicates that Windows is by any means now "fixed" because of it. Microsoft needs to leave their current architecture behind - Vista should (and it seems will) be the last of the NTs.
--
Music should be free [myspace.com]

Re:Excessive security? (2, Insightful)

futuresheep (531366) | more than 8 years ago | (#15455309)

The big difference between the way it's implemented in Vista, and on my KDE desktop, is my KDE desktop isn't completely locked up by the process. I was typing an email last night when I was cut off in mid sentence by the Vista implementation. THAT'S why it sucks. At least in KDE all I get is a password prompt that I can leave in the background if I need to. OSX works the same way I think. I also think that asking for a password instead of just clicking OK is a better way to do it as well, I can just see the first round of viruses finding a way around clicking OK. At least with a password there's some sort of credential involved. You'd think that with the nifty password strength dialouge you see with setting up a user account, that some user education could be added in as well.

I don't mind having to authorize the process, I applaud it. But completely interrupting what the user is doing is a sure way to make people want to learn how to disable it.

Re:Excessive security? (1)

Tab is on Slashdot (853634) | more than 8 years ago | (#15455506)

For the record, Gnome on Ubuntu 6.06 does lock the screen until you enter a password. However, this still happens infrequently and predictably enough to not be annoying in the least --it only happens when dealing with application addition/removal, and any of the apps in System->Administration. Pretty reasonable.

Slashdot on Vista (-1)

gEvil (beta) (945888) | more than 8 years ago | (#15454861)

It appears that you are trying to post a comment to Slashdot.
Please enter your Windows username and password to continue.

Username:
Password:

Re:Slashdot on Vista (3, Funny)

Rik Sweeney (471717) | more than 8 years ago | (#15454972)

It appears that you are trying to post a comment to Slashdot.
Please enter your Windows username and password to continue.

Username:
Password:


You forgot the buttons:

[OK] [Continue] [Cancel]

Continue will let you carry on regardless...

Re:Slashdot on Vista (0)

Anonymous Coward | more than 8 years ago | (#15455257)

And this is different from the current (real) slashdot how, exactly? For fuck's sake, the real slashdot even requires you to type a captcha! Lamest joke ever.

Re:Slashdot on Vista (1)

gEvil (beta) (945888) | more than 8 years ago | (#15455448)

Funny, Slashdot doesn't ask me for my Windows username. Of course, you've probably used the same name and password for your system as you do for a site like Slashdot, which is why you missed the point...

Windows... Bah (0, Flamebait)

Enigmafigment (978746) | more than 8 years ago | (#15454868)

This is a sad attempt by windows to increase the security of there lacking security in previous OS's. Well thats no surprise. Just a little interesting information, instead of using the Windows Network operating systems that they produce, NT, 2000, etc, there MSN server main host terminal, the connection for the whole network itself to the net past LAN, is a FreeBSD server. A blatant way of them saying, not even we trust or software to be safe.

Re:Windows... Bah (1)

gallondr00nk (868673) | more than 8 years ago | (#15454997)

"there MSN server main host terminal, the connection for the whole network itself to the net past LAN, is a FreeBSD server"

Ahh, but what about the Total Cost of Ownership?

Not the point (1)

Enigmafigment (978746) | more than 8 years ago | (#15455087)

What im getting at is that microsoft is making Vista with all the security precautions in place because their prior operating systems lack so fully in the department its pathetic. And as an example of how sad they truly are when it comes to trusting the security of their own product, I felt the need to point out that the server for MSN that scans all incoming and outgoing data and connects the server itself is a FreeBSD server. Its just a blatant fact that even microsoft knows that their products are crap for security. Total cost of ownership of the MSN properity is not the issue here, its simply the fact that Windows in itself is almost always a rushed to production peice of software filled with bugs, glitches, and holes. Hence, the necessity for continual service packs and security updates. You wanna know when you update FreeBSD, when a new release is out and you dont have a custom kernel.

It's Still In Beta Folks! (4, Insightful)

gasmonso (929871) | more than 8 years ago | (#15454877)

Tough crowd here at Slashdot. We all know it's going to suck, but at least let them release it first before you criticize. Seriously though, it is just a beta and not the end result. They're looking for feedback to make improvements and thats a good thing.

http://religiousfreaks.com/ [religiousfreaks.com]

Re:It's Still In Beta Folks! (0, Offtopic)

kfg (145172) | more than 8 years ago | (#15454938)

We all know it's going to suck, but at least let them release it first before you criticize . . . They're looking for feedback to make improvements . . .

?

KFG

Re:It's Still In Beta Folks! (5, Funny)

Tim C (15259) | more than 8 years ago | (#15455168)

I don't think posting "lololololol!!!1! M$ suX0rz, Linux r0ck0rz!!!111!!" to slashdot counts as feedback.

Re:It's Still In Beta Folks! (1)

kfg (145172) | more than 8 years ago | (#15455224)

There is a certain amount of "venting" going on as well.

KFG

Re:It's Still In Beta Folks! (1)

Tim C (15259) | more than 8 years ago | (#15455289)

Fair enough, but the correct way to vent your frustrations with a product is in the general direction of the product's producer. In this case, MS has specifically asked for feedback - so people should stop bitching here and bitch over there. At least there, there's a chance that it'll actually get fixed.

Re:It's Still In Beta Folks! (1)

kfg (145172) | more than 8 years ago | (#15455387)

"Chatting" around the water cooler is often an advisable first step; before going into the boss's office.

KFG

You don't make design changes in beta. (2, Insightful)

ArthurDent (11309) | more than 8 years ago | (#15455034)

It's too late to change the design once you've made it to Beta. Beta testing is about finding the obvious bugs in the system so they don't end up in the final version. If they tried to fix all their design errors after beta they'd never release anything.

Re:You don't make design changes in beta. (2, Insightful)

heinousjay (683506) | more than 8 years ago | (#15455230)

This kind of thing probably counts as a tweak, I would have to assume. They talk about changing the UI, not the mechanism itself. As much as people like to bash Microsoft, they have some really smart people working there.

Of course, it's easy to criticize. If the challenges in pointing out flaws were anywhere near creating something in the first place, Slashdot would have about 3 comments per story.

Re:It's Still In Beta Folks! (1)

siegecraft4 (978785) | more than 8 years ago | (#15455392)

Amen! I can't understand why everyone wants to see Microsoft fail with Vista. If Microsoft turns out a great product, that will simply force open source and Apple into high gear to turn out an equally competitive product. Success for any company in the software business is a good thing, as it drives competition. Stagnation occurs when a poor solution is never replaced by a better alternative. That's what everyone on here was bitching about with the old iterations of Windows. Now we have a modern Windows solution that will drive competitors into action. Hence, better Linux and better OSX. What do we have to lose from Microsoft's success? Onward, towards better operating systems!

Re:It's Still In Beta Folks! (0)

Anonymous Coward | more than 8 years ago | (#15455436)

They're looking for feedback to make improvements and thats a good thing.

But they are asking the wrong questions! Look, these fixes are all just more band-aids on top of an ugly gaping wound and now Microsoft is asking "What color would you like these band-aids to be?" What users really want is surgery to fix the gaping, festering and now gangrenous wound!

Microsoft steadfastly refuses to go back, redesign the system to eliminate some very bad decisions that were made in the first place and goddman fix the underlying structure! Instead, they offer more eye-candy, more bloat to an already over-bloated system and require a supercomputer to meet minimum system requirements.

Mod Parent Down (1)

mpapet (761907) | more than 8 years ago | (#15455473)

They've had how many years and an unbelievable amount of people/money thrown at the problem and this is the best they've got?

My previous post on the subject covers it pretty well:
http://slashdot.org/comments.pl?sid=187221&cid=154 47596 [slashdot.org]

It's funny that it's moderated 30% Interesting 40% Troll 30% Underrated

Just pay me and I'll promote Longwait.

Re:It's Still In Beta Folks! (4, Informative)

starfishsystems (834319) | more than 8 years ago | (#15455505)

Yes, it's a tough crowd here at Slashdot.

Some people here still expect beta to mean beta, which is conventionally intended to identify bugs in an otherwise stable product. A beta release is not, as you suggest, an invitation to change the feature set, though that has never prevented Microsoft from bending the rules at its convenience.

To be charitable, I can imagine that with this Vista beta, the codebase might indeed be as stable as what we ordinarily expect from a beta release, and so what we're looking at now is just a matter of tuning the configuration parameters so that it prompts at the right thresholds. And, on the principle of security by default, the system will initially tend toward maximum prompting. However, thinking more soberly, a secure system will have fully addressed these issues at the design level, and prompting will not be excessive but appropriate and meaningful. If it's not, that's a clear sign that the design has deeper problems than can be fixed just by changing the prompting parameters. Pardon my cynicism, but in my experience, that would be entirely typical of Microsoft.

Definition of beta at: Wikipedia [wikipedia.org] .

For usability see: Whitten and Tygar [usenix.org] .

su - ? (1)

mikesd81 (518581) | more than 8 years ago | (#15454881)

I just read this article last night and remember reading about having to keep entering the admin password.

Why can't they set it up so when you open control panel, you have to enter the root password (like opening yast as a non-root user in suse and the like) and then you're essentially su'd until you close control panel, or I suppose you could time it out, so after 10 minutes even if the CP is open, you will have to re-enter the password if you click on a little icon in there.

From reading the article, I did follow the link to the article, putting in your password that many times will drive someone insane.

Re:su - ? (1)

joe 155 (937621) | more than 8 years ago | (#15454964)

I agree with you; a system like linux uses does seem to be the best way to keep security... what I don't understand is how MS's system is fundamentally different from what linux does. You need to be what is the functional equivalent of root to install or change settings; but just for normal use I bet it wouldn't ask you that much. For me MS is doing the right thing here

...don't get me wrong I won't be moving from linux (which has many other advantages of windows)

Re:su - ? (1)

mikesd81 (518581) | more than 8 years ago | (#15455071)

For me MS is doing the right thing here

I'm not saying what they're doing is bad. I'm saying they went a little extreme. With as many times, I believe the article I cited said 17 times, it should have a do not show again. Personally, I do not believe in caching passwords, but for that many times...

I actually commend them for doing this, but it needs to be more practical.

Re:su - ? (1)

morgan_greywolf (835522) | more than 8 years ago | (#15455380)

Because the Windows control panel, unlike, say the Preferences menu in GNOME, is a mishmash of user preferences and systems administration functions. IMHO, they should just remove all of the the system admin functions out of control panel, and have a new Start Menu shortcut that opens the 'Manage...' window you get when right-clicking on computer.

Other uses (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15454885)

Border fortifications are good for keeping criminals and others from fleeing the country, too. The USSR did this with great success.

Market Forces? (2, Insightful)

PepeGSay (847429) | more than 8 years ago | (#15454888)

Reminds me of talking cars. Users ask for an easy to use operating system without it getting in the way. Users complain about security issues. Users ask for a more secure operating system. Users complain about the OS getting in the way. Microsoft's response? You can't have your cake and eat it too. It sounds to me like their security implementation isn't half assed and that they realize that the closest you get to a totally secure machine is one that isn't turned on and has never been used. Their implementation therefore is going to cause some "Yes You Can Do That" "yes" "yes" "yes you can" headaches.

Bad Software Design (0)

Anonymous Coward | more than 8 years ago | (#15454892)

All I have read are bad reviews of Microsoft's next operating system upgrade. Are there really any reasons (yet) for an average user to pay the money to upgrade from Microsoft Windows XP Pro to Microsoft Windows Vista?

Btw, there was free software called Vista produced by the U.S. government for administering veterans' health care. Some time after Microsoft announced its desired name for its software, the U.S. government began calling Vista (so named since 1996), VistA. Now they have even gone so far as to call it VistA (note the obnoxious bold) on its own website. I guess the U.S. government really wanted to help Microsoft out with its trademark application.

Re:Bad Software Design (1)

kfg (145172) | more than 8 years ago | (#15455046)

Are there really any reasons (yet) for an average user to pay the money to upgrade from Microsoft Windows XP Pro to Microsoft Windows Vista?

Bill wants a jacuzzi in his stretch Corvette?

KFG

Re:Bad Software Design (1)

slaker (53818) | more than 8 years ago | (#15455269)

"All I have read are bad reviews of Microsoft's next operating system upgrade. Are there really any reasons (yet) for an average user to pay the money to upgrade from Microsoft Windows XP Pro to Microsoft Windows Vista?"

From my testing, the Microsoft (ical-based) calendar app looks like it'll be kind of nice. And there's some nice new things for deployments and in group policy, but that's not really "average user" stuff.
Average users will be pissed off when they find out that none of the default games are stored on the PC any more. Wanna play Solitaire? Too bad. You aren't connected to the internet.

The prompting is not annoying (1, Insightful)

timecop (16217) | more than 8 years ago | (#15454926)

It's the greatest feature in vista.

This ensures ALL users and majority of services are running UNPRIVILEGED, which means viruses/malware/etc can't do jack shit to the system.

This is great - try going to c:\windows and creating a file there or a new folder. Boom, UAC dialog. Why? Because normal users don't need to do anythign in C:\windows! But, you say, what about when apps are installed? Well, I went and installed Office 2007 Beta2.
The privilege dialog came up TWICE. Once at beginning install and another time a few seconds later. That wasn't much bother at all. And now I can go back to running it as a unprivileged user.

When vista final is released, it will be the most secure windows release to date.

Re:The anulsecks is not annoying (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15455008)

LOL ASSbuntu!

Re:The prompting is not annoying (1)

Spad (470073) | more than 8 years ago | (#15455296)

When vista final is released, it will be the most secure windows release to date.

And the most fucking annoying if you actually want to *do* anything outside of wordprocessing, web browsing or gaming.

I've used this beta and you can be asked for "confirm" your actions 3 or 4 times just trying to do something simple like get in and change your TCP/IP settings - on top of all the usual confirmation dialogs you'd get in XP/2K. Sure, you can turn off UAC, but that somewhat defeats the point of having it there and you certainly can't do it if you *share* the machine with someone clueless.

fuEck3r (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15454929)

this post up. Exemplified by feel obligated to encountered while fucking 4ercent of hobbyist dilettante suffering *BSD series of exploding I know it sux0rs, to die. I will jam

mmm, drugs (NT) (1)

ElephanTS (624421) | more than 8 years ago | (#15455464)

nt

There you go again (-1, Flamebait)

KrisCowboy (776288) | more than 8 years ago | (#15454998)

what the design goals of the feature are
Yeah, now everything is a "feature" with "goals". Give me a break.

However, that means that malware, running as a Standard User, can download an administrative application, and send keystrokes through Windows to simulate the user invoking the application. As a result, Windows cannot tell if YOU launched the application or if malware launched the application.
How about if you add something extra to make sure no "malware" lands up on my system? Can you do that?

Re:There you go again (4, Interesting)

Tim C (15259) | more than 8 years ago | (#15455045)

How about if you add something extra to make sure no "malware" lands up on my system? Can you do that?

In a word, no. How is the OS supposed to know that that cute little systray weather forecast app you downloaded and installed is actually a trojan?

As long as a user can download and install/run software, the system is vulnerable, and there's nothing it can do about it.

It's all about the registry (3, Informative)

Spy der Mann (805235) | more than 8 years ago | (#15455016)

Anytime you install a program, it has to change the registry. You want to see a video encoded in a new format? Ah, you have to register the format and the codec - and there ya go, you have to change the registry. You want to associate a new filetype with a program? There ya go, you have to change the registry.

Sometimes I wonder - rootkits use stealth techniques to intercept registry calls. Why doesn't microsoft use the same rootkit approach to "cage" the registry into the directories used by the programs you install, and let the programs only use their caged registry? That way programs would only need access to their own caged directory and maybe a temporary or data directory.

IMHO, the registry was the worst idea Microsoft could have come up with.

Re:It's all about the registry (1)

vertinox (846076) | more than 8 years ago | (#15455494)

Why doesn't microsoft use the same rootkit approach to "cage" the registry into the directories used by the programs you install, and let the programs only use their caged registry? That way programs would only need access to their own caged directory and maybe a temporary or data directory.

Wouldn't that just be Apple preference files?

getting there... (4, Informative)

spongman (182339) | more than 8 years ago | (#15455047)

beta 2 is much better than previous CTPs which were almost unusable - I had to turn off UAC to preserve what's left of my hair.

there's still some core OS UI that's not UAC-enabled, though. for example, you can't fully configure network connection settings without running running explorer.exe elevated.

Re:Not Likely (1)

mpapet (761907) | more than 8 years ago | (#15455351)

I got into it with a(nother?) Microsoftie on this a few weeks ago.

I predicted there was no clear path with their access control plan.
http://slashdot.org/comments.pl?sid=186700&cid=154 07442 [slashdot.org]
The microsoftie claiming just because I had never used it, I shouldn't criticize and masterfully dropped a few personal insults too.

I fired back that I didn't see it happening.
http://slashdot.org/comments.pl?sid=186700&cid=154 08915 [slashdot.org]

Funny how I was right...

Today's Lesson: Run away from Longwait and don't look back.

Unless of course you are like me and are paid to babysit them. I'm confident there will be plenty of work.

Please Microsoft, just pay me to promote Longwait. It will be much easier on you.

Wow. All this time, and it's more of the same. (3, Insightful)

Phanatic1a (413374) | more than 8 years ago | (#15455048)

The issue here is extensibility of Windows. Windows prides itself it on being pluggable and extendable. For example, to facilitate the accessibility extensions, Windows needs to be able to send keystrokes on the user's behalf so that a Windows user can talk to an input device and have that be translated into keystrokes that drive a dialog or type an email message. This also allows interesting and useful scenarios such as "show me how" buttons inside help dialogs.

However, that means that malware, running as a Standard User, can download an administrative application, and send keystrokes through Windows to simulate the user invoking the application. As a result, Windows cannot tell if YOU launched the application or if malware launched the application.


So they're *still* designing insecurity into the system because they place a higher priority on the "extensibility" that lets applications do things the user isn't expecting them to do.

Once that is true, we can then move to educating the users to know that "good" elevations are ones that they initiated and "bad" elevations are ones that suddenly appear without their explicit action.


And they're still relying on Grandma logged into her AOL account as the last line of defense.

Have they learned nothing?

Sorry, that was rhetorical.

Feedback?! (-1, Redundant)

guitaristx (791223) | more than 8 years ago | (#15455068)

"[...] they want as much feedback as they can get on the beta."

Translation: Microsoft can't decide what it should do, and doesn't want to spend the money figuring it out, so they'd rather get the tech-savvy people who'd be willing to try out a beta to tell them how it should behave.

Re:Feedback?! (3, Insightful)

siegecraft4 (978785) | more than 8 years ago | (#15455251)

Wow, talk about holding Microsoft to a different standard than other software companies. Last time I checked, in the OSS pit that is Slashdot, getting feedback about functionality from your potential users is a good thing.

security feature that's needed by windows... (0, Redundant)

abigsmurf (919188) | more than 8 years ago | (#15455093)

Isn't excessive prompts, it's a feature that can let the user stop a certain process from running. How many regenerating virii and rootkits rely of automatically running an executable the second a dodgy process is closed to make it tricky to remove? If you could identify a malicious process and prevent windows from running it in the future. Removing virii that are running, even in safemode is a complete nightmare. A password protected feature that can prevent a process being run again the second it's closed would make the majority of agressive malware next to useless and far easier to remove. Although knowing microsoft they'll leave a security hole in and hackers will start doing things like disabling explorer.exe...

Speaking of refining control... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15455109)

Brad Jesness FAQ 7.0

Brad Jesness FAQ last updated January 12, 2006.

Disclaimer: The Brad Jesness FAQ is being hosted by the owner of WilHelp.Com, Taylor Jimenez. This FAQ is about a USENET abuser and Internet stalker named Brad Jesness. He achieved initial notoriety by abusing the newsgroup sci.psychology.psychotherapy, but has expanded his abuse to many other groups, including, ironically, groups devoted to discussions of Internet abuse. This FAQ was not created by the current host and there are many individual contributors who have provided information in the hope that the more people know about Brad Jesness, the greater the likelihood that he will realize his internet abuse is not achieving the desired result. Make no mistake: If you publicly (on the Internet) confront Brad Jesness without some measure of anonymity, Brad Jesness will not hesitate to call your employer or even law enforcement to harass you. As time goes on and this FAQ is seen by more and more people, Brad Jesness will become less and less a threat. But vigilance must be maintained. Brad Jesness has shown for many years that he becomes utterly obsessed with anyone who dares confront him in public. His obsession is well documented. By the time you finish this FAQ you should have all the information you need to protect yourself from a genuinely dangerous person.

Brad Jesness has claimed to have worked in the psychology field yet it is not clear exactly what it was that he did. From 1995 to the present Brad Jesness has attempted to represent himself as a reputable authority in the field of psychology. At one point Brad Jesness had claimed he was a "certified professional" but was forced to retract such claims. The Minnesota State Board of Psychology, the Minnesota Board of Teaching, Post-Secondary Education and Higher Education boards/agencies all say that Brad is neither licensed nor certified by them.

Brad Jesness has redefined internet stalking for the 21st century. He has attempted to bully, extort, threaten and harass people who dare speak out against his failed logic or outright, dangerous advice. With over 1078 known aliases and his abuse of anonymous remailers, Brad Jesness has managed to become a one man harassment army. Never in the history of the internet has there been such an arrogant and shameless abuser. Several thousand USENET postings over an almost ten year period can be attributed to Brad Jesness or his "supporters". Almost 100% of those posts were mean spirited and/or defamatory.

Many in the field of psychology believe Brad Jesness suffers from acute Narcissistic Personality Disorder (NPD). Brad Jesness' demonstrated method of internet abuse would support such a theory. Brad Jesness' intense hatred and distrust of most psychologists will unfortunately prevent him from getting the help he so desperately needs. Apparently Brad Jesness has developed some kind of home-grown, half-baked theories regarding psychology. At the heart of this snake oil is the notion that conventional psychology is completely wrong and only Brad Jesness' radical approach is valid. This type of belief structure and worldview are consistent with most people who suffer NPD. This is really unfortunate for the internet community because Brad Jesness believes he is normal and will never seek help on his own.

The typical M.O. of Brad Jesness is to enlist the help of a "Supporter Of Brad", (SOB) to actually post the offensive material. These posts always speak of Brad Jesness in the third person and are written in such a way that Brad Jesness could perhaps try to deny his authorship. The interesting thing about these posts is that the SOB author frequently has really positive things to say about Brad Jesness. To date, no one other than Brad Jesness has been identified as an SOB and Brad Jesness has offered no hard evidence that any other people are responsible for the SOB abuse of USENET. Posting anonymously cuts both ways. The mechanism that provides his deniability (anonymous remailers) also makes it impossible for him to prove if someone has ever impersonated an SOB to discredit him. The irony that an anonymous poster is so well known and *anything but* anonymous is not lost on those who know about Brad Jesness.

Brad Jesness will also threaten legal and criminal action for those who associate, post or talk about his FAQ too. Those who stand up to Brad Jesness do so at great personal risk. Brad Jesness has threatened legal action against all involved with the FAQ since September 4, 2001. To date, Brad Jesness has not made good on his threats. There is documented evidence that Brad Jesness has been investigated for alleged internet stalking. Let this be a warning to all of you. Brad Jesness is a ruthless and mean-spirited person. He attempts to destroy people's reputation out of jealously or spite and if you stand up to him, you could be the focus of endless defamatory yet anonymous USENET postings. The best thing to do with Brad Jesness is ignore and avoid him.

Re:Speaking of refining control... (0)

Anonymous Coward | more than 8 years ago | (#15455146)

This is the stupidest thing i've ever seen, anywhere...

Easy fix (2, Interesting)

Anonymous Coward | more than 8 years ago | (#15455110)

One solution is for developers to write applications that don't need to be installed, nor run as, the Administrator user. Of course, that is if Vista was designed to allow applications to run properly as non-admin.

Whose computer is it, anyway? (2, Insightful)

hockpatooie (312212) | more than 8 years ago | (#15455185)

I read the article's justifications. And I don't doubt that the number of elevation prompts seen in 'normal' usage will decrease as the betas roll on, to a number that most people will just learn to live with.

But I can't shake the feeling that their idea of increased security is, "WE decide, case by case, what operations are safe for you to do on your computer." Especially with sentences like this: "The hope here is that the user won't need to launch many administrative applications." Or, "Why can't my child run the anti-virus checker?" "They're not supposed to."

Sounds to me like by the time Vista goes gold, Microsoft will have successfully determined what set of operations we should be allowed to do with our computers to make the system somewhat usable by MOST users, MOST of the time.

Does that sound scary to anybody else? PC's with Microsoft OS's are becoming more and more like appliances with just a fixed set of day-in, day-out tasks, e.g. media center, gaming box, office productivity tool.

Fine, then. If that's all people want, I guess they should have an OS that conditions them not to do stupid things. The good result of this might be that Microsoft OS's will be even less desirable for people who still want to use a PC as a tool for exploration, research, and hacking. The bad result will be that, if M$ stays ubiquitous, fewer and fewer young people will even realize that that's what PC's at their best can be.

Re:Whose computer is it, anyway? (0)

Anonymous Coward | more than 8 years ago | (#15455403)

[Isn't it scary that] PC's with Microsoft OS's are becoming more and more like appliances with just a fixed set of day-in, day-out tasks, e.g. media center, gaming box, office productivity tool.

And that's how 90% of the population uses their computer. If you want to use your PC as a "tool for exploration, research, and hacking", then you're free to turn off UAC. Or use Linux.

give it up microslop (-1, Redundant)

FudRucker (866063) | more than 8 years ago | (#15455206)

just build a GNU/Linux distro instead :p

Is Indexing a Security Breech? (3, Insightful)

buckhead_buddy (186384) | more than 8 years ago | (#15455329)

A big feature touted in Vista is the Instant Search feature. Will it become a new security hole?

If it can search and index file contents, then it has full access to my data. If access to that index or search feature is insecure then it's taking control of my data out of my hands and giving it freely to others. Why should applications need to access files that I created but which I haven't explicitly opened for their use?

Will the security be in place in both the API and data storage files so that instant search won't just become a new way for malware to quickly focus on the data it wants (e.g. Credit Card or Social Security Numbers)?

Security Rope-A-Dope (2, Insightful)

Spinlock_1977 (777598) | more than 8 years ago | (#15455332)

While Microsoft has everyone screaming bloody murder about all these security prompts - keep this in mind: It's probably an intentional distraction.

Very few folks seem to be analyzing and criticizing the other 99% of this operating system. Keep focusing on this security-prompt-red-herring, and we'll fail to uncover the real turds before it's too late.

Don't prompt each time (1)

Todd Knarr (15451) | more than 8 years ago | (#15455348)

The point of UAC is to make sure the user has to authorize any actions that need administrative privileges. So address the authorization instead of the actions. Do what my Debian box does when programs need root privileges. When I run a program like that from my normal user account, a wrapper prompts me to enter the root password or abort the operation. If I enter the password and it's correct, root credentials are added to my keyring temporarily and the program can run as root. As long as those credentials are on my keyring, any other programs that need root access can run without prompting. If the credentials remain unused for more than a short time, they're removed from my keyring and any programs after that that need root privs will cause a prompt again. This makes sure I have to manually authorize root access, but that I don't have to keep answering repetitive prompts. It doesn't require any fancy tuning of which actions prompt and which don't, at most it only needs tuning of how long root credentials remain on the keyring which is a lot simpler.

Typical Microsoft, crafting the most complicated solution to the problem.

I will handle it just the way... (1)

Lispy (136512) | more than 8 years ago | (#15455545)

I used to deal with UAC before [bungie.org] . :)

Metaphor for the NSA? (1)

GregStevensLA (976873) | more than 8 years ago | (#15455559)

Does anyone else see this as being a metaphor for (or at least, highly parallel to) the huge beaurocracy of the NSA: an organization designed to have the appearance of being "tough on security", but actually being costly and inconvenient while affecting real security very little?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...