Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Says Other OSes Should Imitate UAC

kdawson posted more than 7 years ago | from the bring-'em-down-to-our-level dept.

Security 493

COA writes "Many Vista adopters find User Account Control irritating, but Microsoft thinks it's an approach other OSes should emulate. Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.' He also believes Microsoft is charting new territory with UAC. 'The most controversial aspect of Watson's comments all center around the idea that Microsoft is a leader with UAC, and that other OSes should follow suit. UAC is a cousin of myriad "superuser" process elevation strategies, of which Mac OS X and all flavors of Linux already enjoy. The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

cancel ×

493 comments

Sorry! There are no comments related to the filter you selected.

Obligatory (5, Funny)

gunnk (463227) | more than 7 years ago | (#18943475)

Microsoft would is trying to make you believe sudo was their idea. Cancel or Allow?

Re:Obligatory (5, Funny)

HomelessInLaJolla (1026842) | more than 7 years ago | (#18943669)

If you click "Cancel" an information box is displayed informing you of a patent pending.

Re:Obligatory (5, Interesting)

truthsearch (249536) | more than 7 years ago | (#18943825)

It's no joke. They really do believe they invented the idea:

Patent #6,775,781 [uspto.gov]

Re:Obligatory (-1, Offtopic)

HomelessInLaJolla (1026842) | more than 7 years ago | (#18943915)

Someone should point that out to the mod who hit me [slashdot.org] with a redundant.

Re:Obligatory (2, Insightful)

Blakey Rat (99501) | more than 7 years ago | (#18943903)

To be fair, Apple's system is pretty easy to spoof.

Write a goofy screen saver and get people to download it. On install, say "you need to log in to install" which isn't unusual for a screen saver (at least not to the layman.) You put up a fake login dialog, and record their password. You install the screen saver in the user's folder, which doesn't require a password, and will trick the user into thinking it's all legit. Then you just transmit the saved password to God knows where when the screensaver activates.

I don't know if Microsoft's system offers more protection against that scenario.

Re:Obligatory (2, Informative)

eneville (745111) | more than 7 years ago | (#18944025)

To be fair, Apple's system is pretty easy to spoof.

Write a goofy screen saver and get people to download it. On install, say "you need to log in to install" which isn't unusual for a screen saver (at least not to the layman.) You put up a fake login dialog, and record their password. You install the screen saver in the user's folder, which doesn't require a password, and will trick the user into thinking it's all legit. Then you just transmit the saved password to God knows where when the screensaver activates.

I don't know if Microsoft's system offers more protection against that scenario.
doubtful, whats to stop the program from forking a process that takes a capture of the actual 'please enter the user/pass' screen, then displaying that and read the keystrokes ...

Re:Obligatory (4, Insightful)

ShieldW0lf (601553) | more than 7 years ago | (#18944035)

The interesting bit of the article was the part where it suggests that this will lead application developers for windows to start writing programs that don't need escalated privileges. Long term, such pressures are good for the "software ecosystem".

Remains to be seen if Vista will ever achieve enough market penetration to apply such pressures effectively, but still...

*clap* (3, Insightful)

Frequently_Asked_Ans (1063654) | more than 7 years ago | (#18943975)

....and the last horse crosses the finishing line... too bad the other horses finished years ago and the race track no longer exists... *Coming soon from Microsoft* More working ideas that where implemented years ago in other operating systems that we'll claim we invented

Re:Obligatory (4, Insightful)

jkrise (535370) | more than 7 years ago | (#18944011)

Vista is Microsoft's proof that whatever they make, the users will just buy, the news agencies will simply extol, and the market will slowly adopt and adapt to. But with UAC, Microsoft went one step further and called everyone else IDIOTS.

And now it wants everyone to imitate them?

Re:Obligatory (1)

Varun Soundararajan (744929) | more than 7 years ago | (#18944031)

With Cisco Security Agent, its already there.. It usually shows a Popup asking if I should allow the Active X Control, or say a new program that recently got downloaded and started installing all by itself..etc etc, it can catch most obvious ones..

--
no Sig

Or not? (4, Insightful)

Sparr0 (451780) | more than 7 years ago | (#18943477)

How about UAC starts imitating better designed privilege escalation mechanisms from Linux or OS X? Of course, that would require a sensible architecture in which software can be installed by users, for themselves, without superuser permissions. And, unfortunately, it would need secure software as a basis to avoid needing unnecessary privileges to accomplish mundane tasks in insecure applications. Sorry Microsoft, you missed the boat on this one. The majority of Vista users have UAC turned off, and the majority of those who dont will turn it off as soon as they figure out how.

Re:Or not? (4, Interesting)

frankie (91710) | more than 7 years ago | (#18943823)

How about UAC starts imitating better designed privilege escalation mechanisms from Linux or OS X?

I'm a card-carrying Mac cultist, but I really can't agree that the root password prompt in OS X is well designed. It could easily be severalfold better if they tried. For starters, it's all or nothing, with insufficient information. The little detail dropdown arrow should open up to an elegantly indented list of what privileged actions the app intends to do. Copy a plugin into /Library/foo? Install a kernel extension? Delete all user documents?

Also, if memory serves, there are still situations where an installer app is allowed to simply take root access for itself without asking. Only Lord Steve knows why no one has abused that yet. And MAC on Mac awaits its Leopardly debut...

Re:Or not? (1)

tsa (15680) | more than 7 years ago | (#18944039)

Also, if memory serves, there are still situations where an installer app is allowed to simply take root access for itself without asking.

Yes, I was really surprised to see Firefox upgrade itself with no problems. How does it do that? I installed it in Applications and I run it as a normal user with no extra rights.

Re:Or not? (1, Troll)

eric76 (679787) | more than 7 years ago | (#18944037)

If Microsoft wants real security controls, maybe they should switch to Security Enhanced Linux.

Hello Microsoft (5, Funny)

The Anarchist Avenge (1004563) | more than 7 years ago | (#18943485)

From TFA: "Why should I be letting my normal user be running as system administrator?" Welcome to the 1980s

Hey, Microsoft, I have a question (1)

Mateo_LeFou (859634) | more than 7 years ago | (#18943587)

This "access control" thing causes me some concerns. Specifically, it looks as though my software "CoolestWebSearch Dot Pr0n!" might not have access to all the sysytem resources it needs to do all the great things that it does. Have you considered this when designing your system? How do I get the correct behavior (allow all pieces of software to run basically in kernel space) back?

Special Reset Switch for that (4, Funny)

Kadin2048 (468275) | more than 7 years ago | (#18943961)

We implemented a special switch which allows these functions. It's located inside the computer's power supply, near the big thing marked "1000uF 250V".

In order for the setting to take effect, you have to make sure to press the switch while the computer is running. We've found that using a steel coat-hanger wire (be sure to sand the paint off, first, you don't want it getting into your computer!) passed in through the vent holes in back works well.

Re:Hello Microsoft (5, Insightful)

QuantumRiff (120817) | more than 7 years ago | (#18943795)

Because if your a school, textbooks now contain multimedia CD-ROMS, that have Macromedia Authorware software that is a version from the good old windows 95 days, when everyone had Admin priveleges (this includes books that were published December of 06!). Try calling a publisher, and asking why the hell their software tries to copy files to %system32% before it runs. They don't understand why it wouldn't work, they work from home, and it works on the XP home machines they developed it with! Or even newer non Authorware software that feels it needs to write to HKLM in the registry, to store its configuration. Hell, I have a textbook CD that installs Apache and Mysql to do the "interactive stuff" that sets up a local web server running on port 80(without checking if it is already used), uses a few hundred MB of ram (lots of page file swapping!), requires IE, not Firefox, and heaven help you if you use a Proxy server (the publisher of the sofware has never used one, or tested with it.. how many schools use proxies!) Sorry about the rant, just had to let it out... ;) thank god for deep-freeze

Re:Hello Microsoft (1)

Rakshasa Taisab (244699) | more than 7 years ago | (#18944053)

I believe we're talking about the late 1960's actually...

sudo (5, Funny)

Inmatarian (814090) | more than 7 years ago | (#18943489)

make me a sandwich.

Re:sudo (4, Funny)

sconeu (64226) | more than 7 years ago | (#18943535)

$ make me a sandwich
make: *** No rule to make target `me'. Stop.

Re:sudo (5, Insightful)

plams (744927) | more than 7 years ago | (#18943879)

Off-topic? Parent was likely referring to this gem [xkcd.com]

Re:sudo (1)

wellingtonsteve (892855) | more than 7 years ago | (#18943889)

What? Make it yourself

Re:sudo (1, Funny)

Anonymous Coward | more than 7 years ago | (#18944041)

What? Make it yourself.

http://xkcd.com/c149.html [xkcd.com]

Well, that's because... (-1, Flamebait)

RobertM1968 (951074) | more than 7 years ago | (#18943491)

Well, that's because MS wants to finally be first to market with something - and this is all they have that might fit that category... :-)

Mod parent up ... (0, Flamebait)

Mateo_LeFou (859634) | more than 7 years ago | (#18943645)

... on your way to go re-elect Nixon

Well, that's because THERE IS "0" ORIGINAL THOUGHT (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#18943837)

Well, the same can be said about anyone (other than Bell Labs) who has created their "own versions" of UNIX variant.

After all: The original "Dennis Ritchie & Ken Thompson" UNIX truly IS, THE ONLY ORIGINAL UNIX!

(The rest came afterwards (1974 iirc?) once AT&T released code to the public)

The others/rest? Truly, only mere imitations (inclusive of today's BSD variants, and LINUX's as well) albeit, having their merits too over the others @ times/on points)

UNIX too, is not above this either. UNIX has its "roots" in a joint effort by many, in the MIT project, MULTICS, before it.

Windows NT-based OS are not excluded: They use BSD code in their IP network stack (best in the business outta BSD imo), Os/2 for filesystem & API design, VMS for the kernel/core & overall design (per Digital Equipment Corp.'s Mr. Dave Cutler working for MS), and previous builds of Windows 16-bit (1.x - 3.x series) & hybrid 16/32 bit Windows 9.x series prior to it.

Yes, I agree on one point I think you are alluding to: Microsoft does buy out a lot of stuff from other vendors.

Examples being Access/Foxpro (JET DB Engine), FrontPage, Visio, Their buyout of GIANT antivirus for their Windows Defender/OneCareLive antispyware/antivirus solution (I may be somewhat 'off' here, so correct me where necessary), and over time, licensing code from Executive Software (current) and Symantec (backup & antivirus Win9x days plus defrag code) for defragging from both, even in gaming (Microsoft's "FURY" was a buyout of a 90's gaming company's code for that one).

Back Office Side? SQLServer is/was a "joint effort" with another company as well, in Sybase. ... and doubtless this list goes on ...

So, that all said & aside, per my subject-line above?

There is usually little original thought, and most of what we have is built off of a "foundation" of 'standing on the shoulders of giants before us'. Os' of today are no exception.

I have a retarded cousin (1, Funny)

Anonymous Coward | more than 7 years ago | (#18943495)

He says cute things too sometimes.

Call Theo! (5, Funny)

hahiss (696716) | more than 7 years ago | (#18943503)

Yeah, it is about time those OpenBSD pikers got off their collective asses and followed the World Leader in Secure Operating Systems: Microsoft.

Microsoft "thinks" ... (1, Funny)

unity100 (970058) | more than 7 years ago | (#18943509)

since when ?

news flash (4, Insightful)

brunascle (994197) | more than 7 years ago | (#18943511)

nearly all OSes already have something similar, but superior, to UAC.

Re:news flash (5, Funny)

jellomizer (103300) | more than 7 years ago | (#18943881)

My version of DOS has nothing close, Neither do my versions of Windows 3.1, 95, 98, ME, 2000, or XP. A Ton Of OS's dont have anything even remotly close to UAC.

Re:news flash (1)

Marillion (33728) | more than 7 years ago | (#18943965)

Indeed, I like how the spun the idea to sound like something others should emulate when it's Microsoft who is emulating MacOS. Before I erased it, I also typed sudo. I don't thing sudo qualifies because you have to invoke it before a privileged operation.

I think it would be un-unixish to try to do something like this in Linux (or any other flavour of unix) because in unix, the operating system does not talk to users. The OS talks to programs that talk to users. Now if some fancy unix program with ideas above it's station (aka GUI environments - Gnome, KDE) wants to speak to the user about privilege escalation on behalf of the OS, that's the only compromise I can think of.

Microsoftened? (4, Insightful)

HTH NE1 (675604) | more than 7 years ago | (#18943513)

"The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"
Patent pending?

Agreed, other OS's need to copy UAC (5, Insightful)

Rosyna (80334) | more than 7 years ago | (#18943515)

Other Operating Systems need to put more annoying dialogs that ask for elevation privileges every 5 minutes and don't ask for any credentials.

Hell, they should make them appear so often people completely ignore their content and just blindly click "OK" or "Allow". Yeah, that's the ticket...

Re:Agreed, other OS's need to copy UAC (4, Insightful)

grassy_knoll (412409) | more than 7 years ago | (#18943585)

Other Operating Systems need to put more annoying dialogs that ask for elevation privileges every 5 minutes and don't ask for any credentials.

Hell, they should make them appear so often people completely ignore their content and just blindly click "OK" or "Allow". Yeah, that's the ticket...


Exactly.

I translated the microsoft speak as "We suck... so everyone else should too! Cancel or Allow?"

Re:Agreed, other OS's need to copy UAC (1)

HomelessInLaJolla (1026842) | more than 7 years ago | (#18943713)

The politicians already have a patent on this method. It's a variation on photodetector saturation. A sustained swamping of the detector with signal causes the detector to become unresponsive. I think it's Pavlovian.

Yup, they're right. (0)

Anonymous Coward | more than 7 years ago | (#18943521)

I just turned off UAC in order to get file and printer sharing to work correctly when trying to access an XP box.

Yeah, sounds like something everyone should imitate.

Ironic (5, Insightful)

Chaymus (697182) | more than 7 years ago | (#18943527)

For a company who is reknowned for brutalizing industry standards it's humorous to find them believing the industry would adopt their bastardized version of the existing.

How is this news (1, Insightful)

MECC (8478) | more than 7 years ago | (#18943531)

MS thinks they are the greatest, fastest, bestus of all time, and everybody should validate that belief by trying to be like them. This is news how again?

tag request (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18943533)

Someone tag this 'lol'

Um, no thanks... (1)

Mysticalfruit (533341) | more than 7 years ago | (#18943537)

I'll just stick with sudo and selinux.

Re:Um, no thanks... (2, Informative)

fritsd (924429) | more than 7 years ago | (#18943947)

To be brutally honest though, I find it difficult to even *understand* selinux. I'm still only running it in permissive mode.. If Microsoft actually manages to show the user/system admin such audit messages and modify policy accordingly (based on system admin's response) then I think that's a good idea. Fetchmail and spamassassin spew some "denied" audits on my home computer but I haven't (yet :-)) found out how to modify the selinux policy. I think it shouldn't be done with interactive menus though; secure e-mail directly into root's mailbox is probably a bit safer.
Disclaimer: IANAsecurity expert, but I play one at home.

biggest issue is filesystem (0, Offtopic)

jshriverWVU (810740) | more than 7 years ago | (#18943543)

I'm not sure about NTFS but I know a big issue with permission issues is within the FAT filesystem itself. Anyone who can read FAT can read any file by any user and execute any program. One thing nice about any SysV/BSD based OS is that the fs has builtin features that describe who and what can be done with each file. Though NTFS might have fixed this, not sure since I dont use it.

Re:biggest issue is filesystem (1, Informative)

Anonymous Coward | more than 7 years ago | (#18943595)

NTFS use ACLs. FAT is only used by flashmemory devices nowadays.

Re:biggest issue is filesystem (1)

LurkerXXX (667952) | more than 7 years ago | (#18943789)

Ah, no, the biggest issue is NOT the filesystem. Vista uses NTFS, not FAT. NTFS uses ACLs, the brilliant part of VMS that Cutler rewrote for NT. Much easier to customize/detail permissions in than the typical UNIX owner/group/world.

Re:biggest issue is filesystem (1)

Tanuki64 (989726) | more than 7 years ago | (#18943853)

If it is so much easier I wonder why so many developers get it wrong.

Re:biggest issue is filesystem (1)

dknj (441802) | more than 7 years ago | (#18944007)

its easy to manipulate ACLs from a user perspective. no one ever said the pragmatic approach was easy.

Re:biggest issue is filesystem (0)

Anonymous Coward | more than 7 years ago | (#18944051)

With ntfs, you can set permissions for folders, based on groups or users. All you have to do is yank the drive, put it in another computer and read them all as Admin there.

My problem with ntfs is the spare allocation table in the middle of the drive that has NEVER WORKED ONCE when the main gets corrupted. Happened three times now.

Translation of story title... (4, Insightful)

brennanw (5761) | more than 7 years ago | (#18943553)

"Microsoft says other OSes should annoy the crap of its userbase more."

Re:Translation of story title... (0)

Anonymous Coward | more than 7 years ago | (#18943611)

Or maybe this translation

"We screwed up again; would someone please go do a better job somewhere else so we can copy it?"

Re:Translation of story title... (1)

Borealid (838626) | more than 7 years ago | (#18943743)

Of course - it's a clever move by Microsoft to try to sabotage other operating systems! Get them to adopt a really bad idea, then MS announces they're ditching it themselves in a service pack... Probably for something more like gsudo, with a password entry dialog.

Make me a sandwich! (5, Funny)

Falkkin (97268) | more than 7 years ago | (#18943565)

Why use UAC when a much more intuitive sudo interface [xkcd.com] has already been developed?

Re:Make me a sandwich! (2, Funny)

xenn (148389) | more than 7 years ago | (#18943809)

you are a sandwich.

Instead of UAC asking you permission (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18943569)

Microsoft should convince app developers to write software that does not need elevated privileges.

Patently obvious motivation. (5, Insightful)

Tackhead (54550) | more than 7 years ago | (#18943573)

> Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.'

Translation: "If we can get all the other operating systems to follow our lead, we can claim some sort of patent infringment on 'em."

> The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

The fact that Microsoft is late to the party is what makes it a patent trap. If it were just sudo, it wouldn't be patentable. When it's "a method for controlling process elevation, comprised of (sudo) and (a fancy display mechanism) and (extra monitoring)", it becomes patentable.

Microsoft is setting a trap for future patent lawsuits. Deny or Allow?

Re:Patently obvious motivation. (1)

nine-times (778537) | more than 7 years ago | (#18943733)

They've had display mechanisms for sudo in OSX, Linux for some years, and I believe you can monitor sudo more than the default setting if you want to (am I wrong?).

Re:Patently obvious motivation. (2, Informative)

just_another_sean (919159) | more than 7 years ago | (#18943847)

No you're not wrong. Even the default behaviour notifies root when someone tries to invoke it and fails. I'm not sure of the granularity but I am pretty certain that there are a number of configuration options for use in sudoers that set up notification for various invocations by different groups and users. (E.g. notify when random luser even tries to invoke sudo, only notify for adam-admin when his password is entered incorrectly).

Not to say that any old user can come along and figure this out quickly and easily but the facility is there for distros to design tools around it or to just provide a sane, default configuration.

Ahead in the Race (1)

vthokie69 (549779) | more than 7 years ago | (#18943597)

Once again Microsoft thinks it's ahead in the race. Once the reach the finish line, they may finally realize that the others behind them were about to lap them, and then they'll wonder why they have one more lap to go.

You can tell your locked down DRM laden OS... (4, Insightful)

A beautiful mind (821714) | more than 7 years ago | (#18943605)

...what to do, but keep your grubby hands off the real operating systems that don't base their security on feel-good measures, but sound design and actually fixing things.

UAC 2.0 (1)

griebels2 (998954) | more than 7 years ago | (#18943607)

Maybe they should licence their uber-UAC to *nix and MacOS X; including a "defunct office-assistant-theme-pack" with just one addition: Klippy, the one-legged, one-eyed penguin that can fly 5 ft while being thrown off a cliff of 5000 ft.

Another nice take at security from Microsoft, throw a warning for everything. If it breaks anyway, you cannot claim you haven't been warned!

Right... (2, Funny)

DarkShadeChaos (954173) | more than 7 years ago | (#18943613)

because Unix has a method to do this [that isn't annoying], so we should immediately switch to one that is?
what the hell is security through pop-ups anyway?

UAC--Universal Authentication via Clippy (1)

u-bend (1095729) | more than 7 years ago | (#18943685)

Looks like you're trying to allow Chinese hackers into your operating system. Would you like some help?

Great, just great. (1)

Tanuki64 (989726) | more than 7 years ago | (#18943639)

Microsoft Says Other OSes Should Imitate UAC. It is junk, user hate it and we were not able to come up with something better. But if the honored competition please would follow our lead and implement the same crap, we then would not look so bad anymore. Thank you. :-)

Almost right (5, Insightful)

UnknowingFool (672806) | more than 7 years ago | (#18943647)

The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

I would say (and many here would agree) that UAC is a half-hearted, bad copy of sudo. sudo requires authentication and only for actions that require elevated privileges (like changing key system files). UAC annoying asks the user to verify suspicious behaviors to ensure that is what he or she really wants to do. Really UAC is an attempt at MS to shift the blame the user for their somewhat insecurity architecture. When something does go wrong, MS can blame the user saying it was the user's duty to verify their actions.

Microsoft does have a point... (2, Funny)

Vexler (127353) | more than 7 years ago | (#18943655)

...ROT13 *is* easier to manage and deploy.

UAC isn't a bad idea, just one taken waaay to far. (4, Insightful)

Vellmont (569020) | more than 7 years ago | (#18943657)

I don't think it's such a bad idea to have some extra means of making sure a user REALLY wants to do a special action. Ubuntu and Fedora handle this by asking a user to authenticate whenever an action requiring elevated rights occurs. It's actually done quite well and is only required for doing things like adding or deleting software, and the rights stick around for a while so you're not constantly typing in passwords.

The problem of course is that Microsoft went crazy and decided to lock down EVERYTHING. To the point where it's just plain annoying running the OS with it on. I tried it for a couple weeks just to see if I could get used to it. There's a tendency for people to crave the old way of doing something not because it's better, but just because that's what they're used to. I did eventually decide UAC was more trouble than it's worth, and disabled it.

I guess I tend to agree with the theory that UAC wasn't really real security, but about putting the blame more on the user. Microsoft can just claim "Well, you DID disable UAC didn't you?, so it's not our problem."

why is it new? (0)

nine-times (778537) | more than 7 years ago | (#18943665)

Where UAC is different--and also where I think many power users would completely freak out--is in its mistrust for full Administrators. While your average Linux distro will allow you to run as root and give you complete control without prompts (Ubuntu's default settings excepted, of course), Vista's UAC still prompts Administrator users as though they're not admins.

No, that's not different-- as it mentions elsewhere in the article, that's what sudo does. In fact, you can give users sudo rights for only a single command. Ubuntu, Apple, and pretty much everyone else has given users access to this sort of setup for years.

There are some users who feel as though being an Admin should mean no interruptions or calls for authentication from the OS, but Microsoft's message seems to be this: the days of the mighty Administrator should come to an end. In Microsoft's vision, any and all "Admin activity" should be flagged as such and prompted for verification.

Well, of course that's your choice, but this isn't a new issue or debate. Some Linux admins I know use root, while others insist on using sudo for everything. It's because some don't want the hassle of typing sudo, while others don't want to have the rights to do anything crazy unless they specifically tell the computer "let me act as a super user."

So there really I don't see anything new or different about UAC, except maybe that the implementation seems worse to me.

I just invented the wheel! Follow my lead! (1)

BunnyClaws (753889) | more than 7 years ago | (#18943689)

Leave it to Microsoft to do a poor job at copying someone else's idea and taking credit for inventing it.
What is really sad is many people who only know Windows and are not familiar elevating permissions will believe Redmond's lies.

Re:I just invented the wheel! Follow my lead! (1)

HomelessInLaJolla (1026842) | more than 7 years ago | (#18943803)

Middle managers in corporate America do the same thing all the time--then they have HR fire the employees who have anything to say about it.

As a comic and cartoon, "Richie Rich" never should've been published.

Pffft! (0)

Anonymous Coward | more than 7 years ago | (#18943701)

I used Vista for testing for an hour last month. It took me ten minutes before I blindly clicked ok whenever the UAC dialog came up.

The Microsoft Way (1)

Gryffin (86893) | more than 7 years ago | (#18943705)

Just great.

Microsoft can't figure how to make a secure OS easy to use, so they push to make more secure OS's more annoying.

"You are coming to a sad realization, Confirm or Deny?" Indeed.

Weak comparison (1)

Lazerf4rt (969888) | more than 7 years ago | (#18943729)

The submitter wants to compare UAC to sudo? Come on, genius. The "fancy display mechanism" is the entire point! One's a command-line utility for uber-nerds, the other is a prompt which just works. Man, if you're smart enough to run sudo, you should be smart enough to think like a casual person, and understand why one might easily benefit from UAC.

If I sound like a fanboy, I'm not. I'm just trying to stay objective, which is more than the submitter is doing. Use your head.

Re:Weak comparison (1)

Lazerf4rt (969888) | more than 7 years ago | (#18943883)

Oops. The submitter was quoting the story and not trying to make a point. My bad! I retract my attack on him/her. Still, I think the comparison is weak, even in its correct context.

Re:Weak comparison (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18943983)

Come on, genius. The "fancy display mechanism" is the entire point! One's a command-line utility for uber-nerds, the other is a prompt which just works. Man, if you're smart enough to run sudo, you should be smart enough to think like a casual person, and understand why one might easily benefit from UAC.

If I sound like a fanboy, I'm not. I'm just trying to stay objective, which is more than the submitter is doing. Use your head.


Translation: I have no idea what the hell I'm talking about. I only have a cursory idea of what sudo, and for that matter what UAC does. I certainly have never used any of the advanced features. However, if I tell you you're all stupid, and that you're over thinking it, maybe you'll think I'm smart. If I tell you I'm not a fanboy, maybe you'll be stupid enough to believe me.

Re:Weak comparison (1)

bucket_brigade (1079247) | more than 7 years ago | (#18944017)

You totally have to be an uber nerd to actually type 4 letters into the terminal emulator, thats sooo way beyond anyone who isnt a super genius that theres no way any normal person could use it

Shut up, fanboy! (1)

mangu (126918) | more than 7 years ago | (#18944061)

The "fancy display mechanism" is the entire point! One's a command-line utility for uber-nerds, the other is a prompt which just works.


Dude, if you think only "uber-nerds" are capable of typing commands, you should keep your hands off the computer. If you're not smart enough to run sudo, you aren't smart enough to perform administrative tasks in a computer.


If only you windows people kept off the internet, I would have nothing against microsoft fanboys. But the minute you start allowing zombies to install spambots in your machines you are creating a problem for all of us. So, please, if you really believe that "a fancy display mechanism is the entire point" could you, pretty please, disconnect that little cable with the square transparent plug from the back of your computer?

bleh. i give up (1)

yodleboy (982200) | more than 7 years ago | (#18943739)

after 4 months of living with vista, i decided to go back to XP today. there's just not enough there to be worth the hassles. UAC was the least of my issues. once you get things set up, it doesn't intrude often.

The bigger issue was that i couldn't get any game but Half-Life 2 to run properly, and it still had issues. Since gaming is half my PC usage, i couldn't take it anymore. Old games, new games, whatever. funky graphical artifacts, weird crashes or inability to launch. and yes, my pc is well over the min. specs, i have the latest, greatest VISTA drivers for all my hardware, all the games in question were patched, and i tried adjusting compatibility mode for each game. no luck, and honestly, it's just not worth the effort. except for the 3 new games i've gotten since i took the vista plunge, all my others ran great on the same pc under XP.

anyway, i gave up more than i gained. so long vista, i'm sure we'll reunite someday.

Re:bleh. i give up (2, Funny)

Anonymous Coward | more than 7 years ago | (#18943885)

You are coming to a sad realization. Confirm or Deny? :)

Spin (2, Insightful)

rlp (11898) | more than 7 years ago | (#18943755)

What do you expect him to say - "we're late to the party and we botched the implementation". It took them five years to create Vista. They pulled out every major feature except 'security' and DRM and they got security wrong. And now they wonder why customers aren't clamoring to upgrade to Vista.

Re:Spin (1)

mbone (558574) | more than 7 years ago | (#18943977)

If customers aren't clamoring to upgrade to Vista , then why is Microsoft's profit up due to Vista Sales [smartpros.com] ?

I have to say, that was the first press release I have read in a while that had me thinking about Enron (no one I know is rushing to buy Vista, and yet it magically raises Microsoft's profits!).

Re:Spin (1)

HomelessInLaJolla (1026842) | more than 7 years ago | (#18944033)

Very astute observation. Microsoft's profit is up--but what is it really attributable to?

As long as Microsoft continues to move billions of dollars every year they will continue to be a convenient money-funnel, a way to launder money and pass the profits on to select individuals while cluttering the paper trail as much as possible.

More and more the stock market and the banking system resembles old mafia movies--money laundering is not the crime, it is the rule. The crime of money laundering is only used by the existing most powerful mafia arm to keep the competition in check.

classic joke (1)

Tumbleweed (3706) | more than 7 years ago | (#18943777)

"Wait for us, we're the leader!"
- Microsoft

I'd Read the Article, but... (4, Funny)

filesiteguy (695431) | more than 7 years ago | (#18943799)

...my browser keeps asking me to allow or deny arstechnica...

Default Behavior (2, Insightful)

rtobyr (846578) | more than 7 years ago | (#18943835)

Barring the debate over whether UAC is well implemented, what's somewhat new is that it's the default behavior. Ubuntu has been doing this since the beginning of that distro, but I don't know of other Linux distros that--by default--don't let you log in as root, granting sudo priviliges to the first user created. I can't say whether Apple does this. I know for sure that Slackware, Fedora, and RHEL don't. FreeBSD didn't last time I checked, but that was a *long* time ago. I think the debate ought to be less about whether UAC is well implemented or innovative, and more about whether other OS's ought to have the default behavior that Ubuntu, and now Microsoft have... whether by sudo, UAC, or whatever the mechanism is. To me, that's the point of the whole thing.

Re:Default Behavior (2, Informative)

frogstar_robot (926792) | more than 7 years ago | (#18944045)

It's what Apple does more or less. The root user isn't actually involved but the first account created can assert administrator level privileges when appropriate by password.

"UAC" (0)

Anonymous Coward | more than 7 years ago | (#18943875)

Am I the only one who actually read "Union Aerospace Corporation" in the first place?

what? (1)

stim (732091) | more than 7 years ago | (#18943891)

no haha tag?

new... (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#18943913)

please, can we settle on reporting only news thats news ?
they are finally trying out a 20 year old concept and what ?
get fscking publicity for it ? get a life, delete TFA.

(no fluffy bunnies where hurt)

Dr. Watson, I presume.. (1)

smitty97 (995791) | more than 7 years ago | (#18943919)

Microsoft Australia's Chief Security Adviser Peter Watson
Could this be the same Watson thats been crashing my computer all these years? Remember, crashes = security [slashdot.org]

Just how much PR are we going to be forcefed today (1)

postbigbang (761081) | more than 7 years ago | (#18943923)

Ballmer is on a mission. Trash the iPhone. Claim that UAC is theirs and unique (they're actually the last to come to the table with it, see SELinux, and various other Linux, MacOS, and BSD implementations).

You guys fall for this stuff. It's a red flag in front of you. The problem really is: there's no one competent standing up for non-Microsoft architectures to the public. So old Monkey-Dance gets in front of gullible 'jounalists', spews disinformation, and you guys snort and charge.

There's nothing to see here. Really. Those that are informed are already past this current deluge of PR crap. Oh yeah, Mikey likes Ubuntu. Suckas.

UAC off in Longhorn Server (1)

smist08 (1059006) | more than 7 years ago | (#18943949)

I'm a bit surprised by this, as I just installed the Longhorn Beta 3 and all this silly UAC stuff seems to be gone (or at least turned off by default). Anyway it doesn't bother me with all those annoying prompts. Is this a pre-cursor to it being removed in SP1 of Vista? Also the default color scheme goes back to something sensible like in Windows 2000. Generally a very pleasant retro sort of OS.

Better summary (0)

Anonymous Coward | more than 7 years ago | (#18943971)

Many Vista adopters find User Account Control irritating, but THIS IS SPARTA!

This is their "security expert". (0)

Anonymous Coward | more than 7 years ago | (#18943991)

Imagine what the cowboy coders are thinking.

Summary is Wrong! Wrong! Wrong! (2, Interesting)

mpapet (761907) | more than 7 years ago | (#18943993)

The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

No it's not! Not at all. First of all, let's define what sudo should do: Act as a barrier that data and application execution must pass. UAC does not fit the definition.

"Vista features such as UAC or Protected Mode Internet Explorer that are dependent on limited user privileges -- which Microsoft calls Integrity Levels (IL) -- are designed to allow some IL breaches.

Because the boundaries defined by UAC and Protected Mode IE are designed to be porous, they can't really be considered security barriers, he said. "Neither UAC elevations nor Protected Mode IE define new Windows security boundaries,"

Thank you Mark Russinovich for stating what's been clear for quite some time. http://www.networkworld.com/news/2007/021407-micro soft-uac-not-a-security.html [networkworld.com]

I wish, for once, everyone and their grandmother would stop assuming Microsoft's security proclamations are reliable information.

Nice Try, Not a Fix (0)

Anonymous Coward | more than 7 years ago | (#18943995)

A response to a pop-up isn't the equivalent of deliberate action. How many IE users have installed spyware and viruses on their machines by clicking on a button - any button - to get rid of a browser pop-up? To be fair, I'm not jumping for joy over the MacOS implementation, either.

I've already seen a virus imitate the firewall pop-up on Windows XP, tricking the user to authorize actions and also collect local admin passwords.

There's no safe way of avoiding full privilege separation, and I like my superuser functions done while logged on as a superuser. There's also no way of avoiding the need to learn a little about how a modern operating system works.

-F

Linux and Mac have their bad ideas copied too (1)

Henry V .009 (518000) | more than 7 years ago | (#18944005)

Single user Linux boxes are not more secure due to non-root users being default! After all, when was the last time your user account was owned?

UAC was a bad idea. So is sudo which it copies. So is running a single-user Windows XP box as anything but an Administrative user.

Root security privileges are just fine for a multi-user box. But they don't make sense on most home desktops. (I'm not talking about Slashdot readers who make their girlfriends change their password every 3 weeks, I'm talking about normal Joes.)

The most important data on a multi-user machine is the system data. It's far more important than any single user's data. Once system data integrity is breeched, all user's data is at risk. I'm a sysadmin, and I've seen Unix user accounts owned for various stupid reasons, but system security kept tight despite that.

The most important data on a single user machine is the user data. The system data can be restored from the factory install CDs. In the single user environment, you don't need sudo or root or to run as a non-Administrator. What you need is: 1) To be warned when you are doing something that might break the system. 2) To have programs run only with the privileges they need -- NOT with your full user privileges. Sudo is massive overkill for one -- anything more than a warning box is a dreadful UI decision. No, before you say it, the stupid users don't pay any more attention to "Enter your password:" than any other sort of warning box.

Build A Better Bridge, Not Build A Better Sign (2, Insightful)

EXTomar (78739) | more than 7 years ago | (#18944043)

Microsoft's UAC approach does not fix the problem. Windows is like a rickety bridge. We know its dangerous but Microsoft's "fix" is to place signs every 5 steps warning you could slip. How about instead we build a better bridge instead of build a better sign? Maybe we need Microsoft to build a better Windows instead of build a better system to warn us about Windows? That must be crazy talk because Microsoft year after year continues to choose to seek how to build better signs instead of better bridges.

Lets get Microsoft to design a software platform that doesn't require the user to think about whether or not the user is about to break something? Is that really so hard for one of the largest software companies in the world? UAC from my view is the wrong way to solve a problem which was born of questionable engineering. One of the reasons why UAC is so dubious is that the user may not know any better either which is a "blind leading the blind" across that rickety bridge. In summary, a better Windows wouldn't have a need for UAC so why tout this technology?

Bad usability (1)

zaibazu (976612) | more than 7 years ago | (#18944047)

If security checks pop up too often people will grow tired to them and will stop reading the messages and just click next without bothering what the dialog is about. Vista definately crossed this line so the joe average PC isn't much safer from spy/malware than a XP box in admin user mode.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>