Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Designed UAC to Annoy Users

ScuttleMonkey posted more than 6 years ago | from the at-least-they-are-being-honest dept.

Microsoft 571

I Don't Believe in Imaginary Property writes "At the 2008 RSA security conference, Microsoft's David Cross was quoted as saying, 'The reason we put UAC into the platform was 'to annoy users. I'm serious.' The logic behind this statement is that it should encourage application vendors to eliminate as many unnecessary privilege escalations as possible by causing users to complain about all the UAC 'Cancel or Allow' prompts. Of course, they probably didn't expect that Microsoft would instead get most of the complaints for training users to ignore meaningless security warnings."

cancel ×

571 comments

Of course... (5, Insightful)

evanbd (210358) | more than 6 years ago | (#23043140)

If they'd done this from the start, no one would be complaining. In Linux or UNIX, if a program wants elevated privileges, it requires user intervention. The result is that programs don't expect to have superuser privileges if they don't actually need them, and everyone is happy because the only things that have to be done as root are things you'd expect to require root access.

Re:Of course... (2, Insightful)

stubear (130454) | more than 6 years ago | (#23043178)

They did do this from the start, they just didn't force developers to follow good coding practises when writing apps for the NT platform.

And Microsoft was the biggest offender. (5, Insightful)

khasim (1285) | more than 6 years ago | (#23043220)

You cannot force someone else to follow a particular coding practice when your coders do not do so themselves.

Re:And Microsoft was the biggest offender. (4, Interesting)

InsertCleverUsername (950130) | more than 6 years ago | (#23043578)

> You cannot force someone else to follow a particular coding practice
> when your coders do not do so themselves.

It's shamefully pervasive. In my years of developing software for Windows, I've rarely seen other developers NOT running Windows as admin. --basically developing apps. completely blind as to what permissions they may or may not need. (I finally got religion 5-6 years ago after a nasty virus.) Now, every time I log in, I get several ugly little error messages due to HP drivers and other startup bits and pieces not having God access under a normal user account. I think Win developers --QA and project owners too-- need to feel some personal UAC pain.

Re:And Microsoft was the biggest offender. (5, Insightful)

repka (1102731) | more than 6 years ago | (#23043628)

Any particular examples? Application designed following guidelines of win95 (e.g. Office) will work properly in Vista and will not even require folder/registry virtualization (btw, I assume a lot of effort went into this feature to minimize UAC prompts and it for some reason is rarely mentioned among usual rants about them).

I consider the opposite: Microsoft spends too much effort for app-compat. Would Win2k have defaulted users to be "restricted", while win98/ME were viable alternatives (i.e. MS could still cash in on their sale) for compatibility, this effort could have been much more successful and, nowadays, when you try to get Intuit Quickbooks to start under limited user (you don't have much choice in college setting), you didn't have to give write access to whole CLASSES_ROOT registry branch (don't get me started on this...).

So in short, yes, I believe UAC is a great compromise, which forces lousy coders to reconsider their approach to the stuff they ship.

you, my friend, made an incorrect assumption... (-1, Troll)

DaedalusHKX (660194) | more than 6 years ago | (#23043326)

The original Privilege Escalation attack occurred with trojans hijacking various Microsoft Office or Windows/Internet Explorer processes and using privilege escalation, even from a windows NT/2000/XP "Guest" account if it was available. This was once referred to as a teardrop attack. You can google the rest of the details.

Want to know the funny?

Any process running in windows could do this, regardless of whether the virus was .exe or .com or a .jar.

The culprit? Bad code in Winlogon. Now I'm pretty sure Winlogon wasn't developed by third party developers who didn't "follow Microsoft best code practices".

Perhaps if they had spent less time trying to fuck users into being locked into their software and had actually spent as much time developing good solid software as they spent developing the activation / antipiracy features, people would actually want to PAY for their products just to make sure they stay in business and keep making good products, they wouldn't have people demanding to stay with XP. (Hell until games stopped using OpenGL and went to Direct 3d, I was still using Windows 98 for gaming... once Direct 3d became mandatory for newer games, I went to XP on a laptop and transferred it to my desktop when I switched the laptop to BSD... short of gaming, my gaming rig does little else, spending most of its non gaming time, OFFLINE... which is good for my power bills and AC bills since it outputs more heat than my 24/7 servers next door. Which, is, in itself, quite funny.)

Re:you, my friend, made an incorrect assumption... (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23043422)

This is quite ridiculously uninformed. First, the "teardrop" attack had nothing to do with winlogon, it was a crash caused by packet reassembly in the TCP/IP stack. According to wiki: http://en.wikipedia.org/wiki/Denial-of-service_attack#Teardrop_attack [wikipedia.org] ,

Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to 2.0.32 and 2.1.63 are vulnerable to this attack.
If you think you could do so much better, why not get a job at MS and work from the inside out making it into the company you want? I mean, the pay is good, the projects diverse, and then you'd actually be doing more than ranting ineffectively to a choir of anti-MS fanboys. Claim what you want about spending a large amount of time developing activation/antipiracy software, in the big picture it's a splash in the pond of work done to developing solid software.

Re:you, my friend, made an incorrect assumption... (4, Insightful)

Anonymous Coward | more than 6 years ago | (#23043508)

Because it's much easier to sit on Slashdot and make up bullshit and lies about Microsoft because it's trendy to hate them.

Re:you, my friend, made an incorrect assumption... (1)

Sancho (17056) | more than 6 years ago | (#23043470)

Most of the time, when people talk about bad coding practices in the context of UAC, they're talking about programs which assume that the user will be running as Administrator, and thus they stomp all over areas which should remain protected (both on the filesystem and in the registry.)

Aside from annoying users, UAC ostensibly exists to keep privilege escalation from occuring. If a program really needs the privileges, it can get them granted by the user. If it doesn't, the user can deny them. In practice, one has to question how effective this really is (does the user know when it's a program or a privilege escalation attempt?)

What the hell are you rambling about? (1)

toadlife (301863) | more than 6 years ago | (#23043496)

The teardrop attack was a DoS attack that exploited a TCP stack bug. It had nothing to do with local privilege escalation. Perhaps you should have "googled the rest of the details" before posting.

Aside from that, privilege escalation vulnerabilities have nothing to do with "good coding practices" mentioned by the parent poster.

Re:you, my friend, made an incorrect assumption... (0)

Anonymous Coward | more than 6 years ago | (#23043530)

If you google teardrop attack you'll find that it has nothing to do w/ hacking Office or IE w/ trojans. Teardrop was a network-based attack that involved DoSing remote systems by sending malicious fragmented IP traffic.

You are just plain incorrect (1)

SendBot (29932) | more than 6 years ago | (#23043604)

As others have commented, you could not be more wrong about the teardrop attack. Teardrop worked by fragmenting a tcp packet such that when your tcp/ip stack reassembled it, it would buffer overflow and usually just crash the system.

I had LOTS of fun with this back in '96 - (pre-google) I'd search for sites using the "powered by backoffice" image, which made certain that it was vulnerable to this.

Re:Of course... (0)

Anonymous Coward | more than 6 years ago | (#23043352)

Of course, they could actually make it *effective* by asking for a password.

Re:Of course... (4, Informative)

Z34107 (925136) | more than 6 years ago | (#23043450)

It does - if you're on a limited account.

It's only if you're logged in as administrator that you don't have to provide a password - you already did when you logged on.

Think of it this way - with UAC, even root has to sudo.

Re:Of course... (5, Funny)

tepples (727027) | more than 6 years ago | (#23043368)

If they'd done this from the start, no one would be complaining.
In the era of Windows 95, home PCs weren't considered to have enough CPU and RAM to enforce proper privilege separation.

Re:Of course... (1)

msuarezalvarez (667058) | more than 6 years ago | (#23043446)

I have a rather vivid image of myself entering root passwords to get administrative things done in my 95ish computer... Maybe the home PCs magically became more powerful when you used another OS?

Re:Of course... (1)

CastrTroy (595695) | more than 6 years ago | (#23043518)

Worked when I installed Mandriva on my laptop. It's quite a bit faster than Vista.

Re:Of course... (4, Interesting)

Chris Mattern (191822) | more than 6 years ago | (#23043474)

In the era of Windows 95, home PCs weren't considered to have enough CPU and RAM to enforce proper privilege separation.


Odd that the same home PC at the time, running Linux, had no trouble at all enforcing it.

Re:Of course... (1, Informative)

tepples (727027) | more than 6 years ago | (#23043554)

Odd that the same home PC at the time, running Linux, had no trouble at all enforcing it.

Then I said it wrong. Please let me rephrase: "In the era of Windows 95, home PCs weren't considered to have enough CPU and RAM to enforce proper privilege separation while running a graphical user interface." Or did you manage to usefully run X11 on a 486 PC with 8 MB of RAM?

Re:Of course... (4, Informative)

CastrTroy (595695) | more than 6 years ago | (#23043390)

The problem is that even MS hasn't gotten around to removing all the annoying UAC popups based on stuff in their own interface. If you want to rename something in your start menu, you get 3 prompts from UAC. Same goes for moving or deleting something. I get tons of UACs, and most of them are from Windows itself, not other apps.

Installed for all users? (1)

tepples (727027) | more than 6 years ago | (#23043542)

If you want to rename something in your start menu, you get 3 prompts from UAC.
Was this "something" installed for you, or was it installed for all users?

Re:Installed for all users? (4, Insightful)

CastrTroy (595695) | more than 6 years ago | (#23043602)

Doesn't matter, I should only get 1 prompt, not 3.

Re:Of course... (0)

Anonymous Coward | more than 6 years ago | (#23043468)

The result is that programs don't expect to have superuser privileges if they don't actually need them, and everyone is happy because the only things that have to be done as root are things you'd expect to require root access.
I'm guess you haven't tried to deploy a SELinux desktop environment...

Re:Of course... (5, Insightful)

CyberLife (63954) | more than 6 years ago | (#23043488)

To extend your point, the reason UNIX systems don't have UAC-style privilege elevation is due to its history. UNIX came into being, and was largely developed, during an era in which virtually all computers were large, multi-user systems that sat in a back room. An administrator would have to be sitting at a terminal 24/7 just in case somebody came knocking -- quite an unreasonable expectation. As a result, programmers had to get used to the idea of restricted abilities.

With the desktop computer model, the situation is quite different. Classically-speaking, the user is sitting right at the machine and is the only one using it. They are the administrator as well as the user. There is no expectation of security since nobody else is involved. Windows derives much of its architecture and style from this method of computing.

Modern-day computing is rapidly moving back toward the shared-computer model. This is occurring somewhat on the front-end (e.g. individual user accounts on a desktop machine for different users), but mostly it's happening on the back-end. Internet servers are very reminiscent of the mainframe-era multi-user model. This is why UNIX is such a good fit for such tasks -- it was designed specifically for it, whereas Windows has had to play catch-up. UAC is a good example of single-user thinking applied to a multi-user problem.

A difference so subtle, I nearly missed it (4, Insightful)

starglider29a (719559) | more than 6 years ago | (#23043152)

Mac OSX has prompts for authorization also. It doesn't bother me like Vista does. Why not? I didn't really catch it... until I realized that I could ignore the dialog box and get something done before allowing an update/reboot or whatever. Something that simple and the whole problem goes away!

Re:A difference so subtle, I nearly missed it (4, Informative)

cnettel (836611) | more than 6 years ago | (#23043194)

You can configure to be like that with group policy. The official reason for the current default was that no ordinary process should be able to interfere with user input or fake the UI (i.e. showing some other always-on-top window with a different text that moves away just before the click etc etc). If you can accept that, just turn UAC into "same-desktop" mode, while not turning it off completely.

Re:A difference so subtle, I nearly missed it (0)

smitty_one_each (243267) | more than 6 years ago | (#23043282)

How I despise the Windows reboot fetish.
Every bit as ronngg as the fusion of disk partitions and file systems embodied in that monument to Keep Le User a Dumb Git, Eh? (KLUDGE), C:\

Re:A difference so subtle, I nearly missed it (3, Funny)

Justabit (651314) | more than 6 years ago | (#23043342)

You have come to a sad realization...Cancel or Allow? http://www.youtube.com/watch?v=VKM1cAtAdtQ [youtube.com]

Re:A difference so subtle, I nearly missed it (3, Funny)

dwater (72834) | more than 6 years ago | (#23043434)

never mind that old one...did you see the South Park one youtube referenced after it finished :

http://www.youtube.com/watch?v=Id_kGL3M5Cg&NR=1 [youtube.com]

Now that's funny :D

Re:A difference so subtle, I nearly missed it (1)

retnuh1 (306689) | more than 6 years ago | (#23043358)

well theres that and the fact that the OS X version tells you useful information. That or I slept through the class on how to read GUID.

If this is true... (4, Informative)

pionzypher (886253) | more than 6 years ago | (#23043162)

It is an idiotic approach. Vista is the one being annoying....how could someone predict that end users would blame the applications and not the os that's to blame? Not to mention the whole issue of purposely designing a ui to annoy paying customers, to pressure 3rd parties to change.

Bad idea all around if this was their intention at design.

Re:If this is true... (2, Insightful)

corsec67 (627446) | more than 6 years ago | (#23043192)

Yep, the proper way to do this would be to have UAC like crazy when running an app in debug/test mode, and leave the customers alone. If they want to put pressure on the 3rd party developers, then they should do that directly, and not mess with everyone in hopes that the pressure would kind of go back to the 3rd party developers.

That assumes that 3rd party developers care at all about the customer experience, which if you look at Norton/McAfee, is very dubious.

And then give the customers something reasonable, like how sudo works on *nix.

Re:If this is true... (1)

MRiGnS (1125139) | more than 6 years ago | (#23043228)

Maybe they wanted to /show/ the world how bad su/sudo works in the world of unixoid operating systems, by looking at the way it works and exaggerating it by some means. I think this is called reality satire. I'm nut sure, but how can anyone treat their customers like this.

Re:If this is true... (1)

corsec67 (627446) | more than 6 years ago | (#23043278)

I'm nut sure, but how can anyone treat their customers like this.


Welcome to the world of monopolies. If your "customer" can't avoid purchasing your product, then you can get away with a lot of crap that simply wouldn't be tolerated in a market with more equal competition.

Sudo works just fine if applications that only do userland stuff don't trigger the sudo dialog. Remembering your sudo privileges for a while is a huge thing that UAC lacks. MS's UAC could easily be considered a satire of sudo.

Re:If this is true... (4, Insightful)

Anonymous Coward | more than 6 years ago | (#23043410)

Remembering your sudo privileges for a while is a huge thing that UAC lacks. MS's UAC could easily be considered a satire of sudo.
So, I'm a malware developer - My software sits in the background and waits for you to do something that requires UAC. Then after a few moments, I use the remembered UAC authorization to install my spyware.

Re:If this is true... (3, Informative)

toadlife (301863) | more than 6 years ago | (#23043528)

The same thing is possible in Ubuntu right now.

Re:If this is true... (1)

ColdWetDog (752185) | more than 6 years ago | (#23043346)

I think the concept you're looking for is reductio ad absurdum [wikipedia.org] (reduction to the absurd). And no, you don't want to go there with a real product. It's just for bars, courtrooms and legislative sessions.

Re:If this is true... (5, Interesting)

Shihar (153932) | more than 6 years ago | (#23043240)

I don't think that is what he really meant. What MS is trying to do is actually the right thing. MS wants to make it access privileges more like Linux. It wants to make it so that random programs can't run a muck with admin privileges. This is MS's attempt to get application makers to stop requesting privileges that they don't need because they are too lazy to program it the right way.

Look, I'll be the first to decry Vista as a piece of shit, but despite all of Vista's flaws, trying to restrict access of programs is a good thing.

Personally, I think that MS is slowly learning. MS is in no danger of losing its business division so long as companies demand backwards compatibility, but in personal computing it is getting kicked around. MS looks old and faded while Apple has a solid product combined with a marketing machine of d00m (Microsoft always sucked at marketing). MS needs to make changes or else it is going to get run over by Apple. Lock in isn't going to last forever in the face of a comparable, if not outright better, product and vastly superior branding and marketing.

I mean hell, what do you think of when you think of Apple? Shinny plastic with a hipster in a coffee shop. What do you think of when you think of MS? A moldy office.

Re:If this is true... (5, Interesting)

MRiGnS (1125139) | more than 6 years ago | (#23043384)

MS needs to make changes or else it is going to get run over by Apple. Lock in isn't going to last forever in the face of a comparable, if not outright better, product and vastly superior branding and marketing.
I'm pretty sure MS isn't as afraid of Apple as they are of Linux. You might be able to buy/bribe/whatever stock holders, but almost impossible to buy out GNU/Linux. Even if they would get Linus on their side, there would be some nerds releasing GNU/Xunil (That's the point where you might laugh) just a couple of minutes after the announcement. The only thing they may fear is in fact FOSS reaching critical mass.

MS is in no danger of losing its business division so long as companies demand backwards compatibility, but in personal computing it is getting kicked around.
I wonder what happens as windows7 is supposed to break the binary compatibility

Re:If this is true... (2, Insightful)

Anonymous Coward | more than 6 years ago | (#23043276)

Not that I disagree, and I realize bashing Vista is a quick way to feel like you fit in, but how else are you going to pressure third party vendors to not write crappy applications that need admin privileges for stupid reasons? Every Win32 program in existence seems to think it needs to put its settings into an INI file located in the program files directory.

A big reason for Windows sucking is the third party applications. Look at what XP did with the tray: introduced this little arrow that hides infrequently used icons because every marketing assmunch realized they could brand the user's computer and most of the users wouldn't be able to do anything about it. Meanwhile, it became common to see half the task bar being eaten by the tray and 25 stupid icons just sitting there. (Sun doing that with Java says a lot about the platform.) It is the tragedy of the commons playing out on the user's desktop, and the users are the ones losing. Meanwhile, nobody seems to care, it is business as usual.

With regard to UAC, I'm curious to what you think is a better solution. Not that I like the current one, but I rate it as the least-worst option that I can think of, other than virtualization.

Settings in INI files? (1)

tepples (727027) | more than 6 years ago | (#23043392)

Every Win32 program in existence seems to think it needs to put its settings into an INI file located in the program files directory.
Would it be wrong to keep putting the settings in an INI file, but keep that INI file in %APPDATA% if the application is installed to a fixed disk?

Re:Settings in INI files? (0)

Anonymous Coward | more than 6 years ago | (#23043582)

Nope, that is actually how it is supposed to be done:

%APPDATA%\(company)\(program) or the like. That is where settings go. Documents should go in My Documents, as usual. But for the love of all that's good, don't make folders in the user's My Documents folder. Everytime I see "My eBooks" I cringe...thanks Acrobat!

Just a typo.... (4, Funny)

Naughty Bob (1004174) | more than 6 years ago | (#23043334)

If this is true....
I think it's just that the story submitter accidentally included the letters UAC in the headline.

Re:If this is true... (1)

Technician (215283) | more than 6 years ago | (#23043538)

It is an idiotic approach. Vista is the one being annoying....how could someone predict that end users would blame the applications and not the os that's to blame? Not to mention the whole issue of purposely designing a ui to annoy paying customers, to pressure 3rd parties to change.

I was wondering if Microsoft figured on the number of people who will simply skip Vista altogether? Apple and Ubuntu are doing great. My dad moved to the former and I moved to the latter. If it's unusable, it's unusable.

At last, a little truth from MS (0, Troll)

Whuffo (1043790) | more than 6 years ago | (#23043164)

It's about time someone there admitted that they designed that thing to annoy its users. People have been complaining about various annoyances in Windows for years now and even us skeptics don't think that the MS programmers are so stupid that they did it by accident.

It also puts the claim that Vista is "easier and faster" firmly in the BS category. Definitely not faster - and they designed it to be annoying.

Such arrogance; I wonder how much longer they'll be able to play this game...

Re:At last, a little truth from MS (0)

Anonymous Coward | more than 6 years ago | (#23043236)

Such arrogance; I wonder how much longer they'll be able to play this game...
Just as long as idiots keep buying their crapware. All versions of Windows have had stupid 'features'. It's always been a second-rate OS. People don't seem to care. I'm surprised Vista is getting as much bad press as it is, but still, Microsoft makes money hand over fist.

Re:At last, a little truth from MS (5, Insightful)

unlametheweak (1102159) | more than 6 years ago | (#23043248)

No they didn't design UAC to annoy users. This was a crass statement made by a Microsoft employee. No company would design something to annoy users. This was a poor use of self-deprecating rhetoric that will be exploited to the extreme. It's a dumb statement for a Microsoftie to make, and really dumb for the media to exploit.

"Stupid is as stupid does", somebody once said.

Re:At last, a little truth from MS (3, Insightful)

pavera (320634) | more than 6 years ago | (#23043402)

I'm sad to hear that. This was the most logical explanation of UAC's existence I have heard. If you are correct that means MS actually had a different object/goal in mind for UAC, that they actually thought it would improve security, that they actually thought that it WASN'T annoying, that this thing got passed off on multiple levels throughout the dev process as being a) useful, b) a desirable feature, c) accomplished a purpose.

UAC does none of those things in the real world. It is a horrible security mechanism, it slows down every day usage of most PCs, it causes endless annoyance to users. If this feature was designed solely for the purpose of alerting 3rd party devs to the numerous unnecessary privilege escalations they are using, it almost would be worth it/make sense. If not, it is proof that MS has absolutely no clue what users want, need, or what is a good feature.

Re:At last, a little truth from MS (1)

unlametheweak (1102159) | more than 6 years ago | (#23043546)

As somebody posted in a previous article "Gartner Analysts Warn That Windows Is Collapsing"; UAC would be more worthwhile if it was more Linux-like (had password authentication as oppossed to Allow-Deny options). It's a step in the right direction IMHO. I don't think M$ designed this for ill effects :) In the long run I think it is good to "force" or persuade developers to get on the bandwagon. Security is always difficult; windows has traditionally had poor security. Let there be a "learning curve". In the long run I think it's worth a bit of inconvenience.

Microsoft has always been traditionally lax on security to make things easier for users, now that M$ is making security a priority people are bitching. No shit, and not surprising. Give M$ Kudos for going in the right direction.

Re:At last, a little truth from MS (1)

FudRucker (866063) | more than 6 years ago | (#23043420)

umm, are you here for/from damage control?

Re:At last, a little truth from MS (3, Insightful)

SendBot (29932) | more than 6 years ago | (#23043630)

No company would design something to annoy users.
I've got two words for you: "alarm clock"

Re:At last, a little truth from MS (0)

Anonymous Coward | more than 6 years ago | (#23043266)

They have been saying this since before Vista was released.

And the purpose isn't just to be assholes. The purpose is to make users bother developers about it, so they would write their shit right.

But sure, M$ is evil, down with M$! Everything they do is malicious!

Re:At last, a little truth from MS (0, Offtopic)

vandelais (164490) | more than 6 years ago | (#23043272)


Such arrogance; I wonder how much longer they'll be able to play this game...

If the game is Alpha Centauri, "DRONE RIOTS!"

Re:At last, a little truth from MS (1)

smitty_one_each (243267) | more than 6 years ago | (#23043290)

Oh, Redmond has jumped the shark in a big way.

Reminds me of one wise man's words! (0, Flamebait)

MRiGnS (1125139) | more than 6 years ago | (#23043172)

mission uaccomplished!

oblig. (4, Funny)

cvd6262 (180823) | more than 6 years ago | (#23043180)

It appears you are trying to make a snide comment.
[Cancel] [Allow]

Re:oblig. (1)

poopdeville (841677) | more than 6 years ago | (#23043230)

Computar, make it sew.

VISTA is awesome, real world story (2, Funny)

n1_111 (597775) | more than 6 years ago | (#23043188)

My son has a $600 HP laptop that is running home premium edition and sp1 (absolutely no problems) Kid figured out UAC completely. It really goes away after the first day or two. All yo uhave to do is read the prompts and understand when and why you are prompted. UAC is awesome, makes my and my kid's laptops super secure and reliable.

Re:VISTA is awesome, real world story (0)

Anonymous Coward | more than 6 years ago | (#23043444)

Fortunately Vista on a $600 laptop gives you plenty of time to read those popups....

Do you feel like root access, punk? (0)

Anonymous Coward | more than 6 years ago | (#23043202)

I didn't expected [sic] that they would say something like that.

I find it amusing that that article compares UAC to Clint Eastwood. Ironically, I think UAC would actually be less annoying if it called me a 'punk'.

At last - an MS Success! (5, Funny)

fatmal (920123) | more than 6 years ago | (#23043210)

It Worked!

Microsoft and the United Aerospace Corporation (3, Funny)

the_other_one (178565) | more than 6 years ago | (#23043224)

whatcouldpossiblygowrong

If I had to sudo to run each app in Linux... (4, Insightful)

Deviant (1501) | more than 6 years ago | (#23043226)

I think there is going to be quite a bit of criticism of MS for this but basically you see UAC prompts where you would have to do a su or sudo to get the job done as a starndard user in Linux/Unix. The reason you don't have to do those all the time in Linux is that the application writers do not write their apps to require constant root priviledge escalations. There is one app that I couldn't get working properly in Fedora 8 without running it with a sudo - Nero Linux - and it annoyed me quite a bit.

MS needs to drag both its users and those who write windows applications along to the limited security model we all need each other to be using for the good of the internet. It was always going to be painful.

The one criticism that I have of the system/model in practice is the start menu - and that is all MS! I try to organize my start menu and I see several dialogs. I would be much more on-board with only one Cancel or Allow for an operation like that...

sudo because burning a CD-R is irreversible (0)

tepples (727027) | more than 6 years ago | (#23043440)

There is one app that I couldn't get working properly in Fedora 8 without running it with a sudo - Nero Linux - and it annoyed me quite a bit.
Nero products write data to blank CDs and DVDs. If a blank CD-R or DVD-R disc is in the drive, and a program writes to the disc without authorization from the owner of the disc, the disc becomes unusable. For this reason, recording requires the owner of the computer (i.e. root) to authenticate and approve the recording, as the owner of the computer likely can oversee physical access to the CD recorder.

Printing is irreversible too (3, Insightful)

Mr2001 (90979) | more than 6 years ago | (#23043514)

If some blank paper is in the printer, and a program writes to it without authorization from the owner of the paper, the paper becomes unusable.

But do you have to enter your root password every time you print? I think not.

Re:Printing is irreversible too (1)

tepples (727027) | more than 6 years ago | (#23043568)

If some blank paper is in the printer, and a program writes to it without authorization from the owner of the paper, the paper becomes unusable.
Touche. But unlike most printers for home PCs, which have an automatic sheet feeder, most CD recorders for home PCs do not have an automatic disc changer. If you burn a disc, the whole drive becomes unusable until somebody with physical access swaps the disc out.

Re:Printing is irreversible too (1)

Mr2001 (90979) | more than 6 years ago | (#23043606)

If physical access is what matters, then it should be possible for anyone to burn CDs as long as they're logged in at the console.

Re:sudo because burning a CD-R is irreversible (1)

CastrTroy (595695) | more than 6 years ago | (#23043560)

I remember many CD recording programs requiring root access of some kind or another to work correctly. I think that things have changed in the last few years, and you no longer require root access to burn a CD, but I specifically remember having to launch xcdroast [xcdroast.org] as root in order to burn CDs.

Re:If I had to sudo to run each app in Linux... (1)

lp_bugman (623152) | more than 6 years ago | (#23043506)

Did you try
chmod g+rw /dev/dvd
and add your self to the group owning it?

It's drugware, not software. (0)

Anonymous Coward | more than 6 years ago | (#23043234)

Well, Im not surprised. The customer is not even on their priority list. They are like a Drug cartel. First fix is free, from there they'll charge you as much as posible to use their product for the next one.

Not that bad a strategy, really. (4, Insightful)

danielsfca2 (696792) | more than 6 years ago | (#23043254)

I'm not MS's biggest fan. But this isn't the worst strategy ever.

It's actually pretty logical that if you make running these retarded apps annoying, you can force the vendors to fix them.

But MS faces a big obstacle in that strategy--the fact that moving back to XP fixes the problem as well, from the user's perspective. And of course, the fact that doing so also makes today's computers 3x more responsive.

It's a shame... I would love a world where Vista caught on but UAC didn't have to pop up ever unless something truly administrator-ish were really going on. Then all my users could be Users.

Re:Not that bad a strategy, really. (4, Interesting)

calebt3 (1098475) | more than 6 years ago | (#23043320)

The hard part is getting consumers to blame developers, too.

Re:Not that bad a strategy, really. (1)

CastrTroy (595695) | more than 6 years ago | (#23043442)

It's very hard, because if you run the same app on XP, you don't experience any of the annoying popups. So therefore, it has nothing to do with the app, and everything to do with Vista.

What a half-assed way to go about it. (5, Insightful)

dpbsmith (263124) | more than 6 years ago | (#23043268)

This approach could have worked. But if they really meant for it to work, then developers would have been required to embed usable contact information in the application. When the UAC prompt came up it would explain that this was a result of an action taken by the application, and that if it seemed unnecessary to you, you should click a button and send feedback to the developer.

It would also identify and tag the particular circumstances so that there could be a option, "don't warn me about this again."

This latter option would have been particularly useful during the beta phase.

After a couple of years, Microsoft might then assume that developers had been given adequate warning and adequate feedback, and the option to ignore warnings could have been retracted.

What Microsoft did doesn't sound as if they serously wanted the approach to work. They just wanted to be able to say that users "didn't want" security, just the way Detroit said for decades that car buyers "didn't want" safety.

Re:What a half-assed way to go about it. (1)

retnuh1 (306689) | more than 6 years ago | (#23043400)

That would have been the smart way to do it. But seriously that really goes against the mid management design by comity that vista portrays so well.

Authenticode (2, Informative)

tepples (727027) | more than 6 years ago | (#23043462)

But if they really meant for it to work, then developers would have been required to embed usable contact information in the application.
That's what Authenticode was designed for. But not all developers can afford 2,495 USD for a five-year Authenticode certificate from VeriSign. Microsoft doesn't want to block unsigned applications from running on new versions of Windows, as it would only encourage businesses who rely on unsigned vertical market apps to stick with old Windows.

Turning off UAC doesn't require UAC confirmation (0, Insightful)

Anonymous Coward | more than 6 years ago | (#23043286)

I'm not a user of any version of Windows, but out of curiosity I glanced at the instructions for disabling UAC, and noticed something striking:

Turning off UAC doesn't involve a UAC-mediated privilege elevation.

WTF? Even if UAC has the narrow goal of guarding against malware rather than a malicious user sitting at the console, doesn't this completely defeat the purpose?

(It seems that it does require a reboot, but that's hardly a barrier. Some piece of malware can just silently flip a registry key to turn off UAC, and then wait until the next time you reboot to finish 0wning you.)

Re:Turning off UAC doesn't require UAC confirmatio (4, Informative)

Anonymous Coward | more than 6 years ago | (#23043364)

This is incorrect. The registry key in question is protected by permissions and by default requires you to be running as Administrator in order to make changes. If UAC is on, then to get a command prompt, regedit, etc running with Admin rights requires UAC approval somewhere along the line.

UAC is not about confirming specific actions like changing registry keys. It is about giving Windows permissions to use admin-level privileges. For example, once you allow a command prompt to run with your admin token, it can then launch admin-level tasks without any new prompts.

Re:Turning off UAC doesn't require UAC confirmatio (3, Interesting)

figleaf (672550) | more than 6 years ago | (#23043412)

Not true.
I can disable UAC using regedit, using msconfig, gpedict.msc, User Account applet. Each and every method raises a UAC consent prompt.

Re:Turning off UAC doesn't require UAC confirmatio (0)

Anonymous Coward | more than 6 years ago | (#23043424)

Turning off UAC doesn't involve a UAC-mediated privilege elevation.
Where did you see that? From my experience it requires a UAC to get to the screen that allows that. Furthermore flipping a registry key would work if it's already turned off, but if it's on Windows uses virtualization of parts of the FS and most of the Registry. I'm not a huge fan of Microsoft, but from my use of Vista UAC are not THAT troublesome once the system is set up.

Frustration Detection patent (4, Funny)

OMNIpotusCOM (1230884) | more than 6 years ago | (#23043288)

It does make sense, when you think about it, since they've found step 2 and patented a frustration detection system [slashdot.org] .

I have to steal this comment from one of the posts from that story, but...

Step 1: Make frustration and annoying software
Step 2: Patent frustration detection system
Step 3: Profit.

This is no different (1)

iminplaya (723125) | more than 6 years ago | (#23043294)

than the banks blaming the customers and making them jump through hoops because the banks' own lame security practices. The banks and Microsoft, Apple, etc should be held responsible. The customers need to demand it.

So (1, Insightful)

jav1231 (539129) | more than 6 years ago | (#23043336)

Wow! Microsoft thinks of its users as pawns in a pissing match between them and developers? Why not? They think of them as pawns in their pissing match with the DOJ, their vendors, the conquest of the world... Fuck you, Microsoft!

C:\Program Files\ (4, Interesting)

WoTG (610710) | more than 6 years ago | (#23043356)

This reminds me of the c:\program files\ as a default install folder. I think it started with Windows 95. I read somewhere, years after the launch, that it was specifically chosen to force programmers to handle long file names properly.

Funny, even now, I usually create a c:\programs\ directory for everything that doesn't have a proper installer. 10 years and counting.

IMO, the UAC did not have to be as annoying as it is. All they needed was a "allow admin stuff to happen for 5 minutes" dialog so that installing a program would only take one prompt. Too smart for their own good...

Re:C:\Program Files\ (1)

CastrTroy (595695) | more than 6 years ago | (#23043476)

Well, that also explains "Documents and settings". Anyway, I think that MS's standard folder names are a bit like a kid with a new toy. The finally had long file names, and they went crazy creating the longest most impossible to type file names they could come up with.

Re:C:\Program Files\ (2, Insightful)

Anonymous Coward | more than 6 years ago | (#23043478)

c:\progra~1\ would be the workaround there, fyi

Dos programs used to handle it like that with (and my memory is a bit fuzzy here) FAT32 methinks. The legacy is still in there even though the modern cmd.exe can handle long names in quotes. Now, if only they could learn how to properly escape special characters...

If you're stuck with a browse box and no option to type in the path manually I guess you're pretty much out of luck...I'd kill for decent symbolic linking in Windows, shortcuts are like a bad joke

Re:C:\Program Files\ (2, Interesting)

tepples (727027) | more than 6 years ago | (#23043484)

All they needed was a "allow admin stuff to happen for 5 minutes" dialog so that installing a program would only take one prompt.
Had Microsoft made it system-wide like some antivirus utilities do, any malware running in the background could detect that the 5 minutes have started and do its dirty work.

Re:C:\Program Files\ (1)

CastrTroy (595695) | more than 6 years ago | (#23043576)

Well, they could provide an option so that the process continues to have root privileges. Other processes would continue to run with regular privileges, but the process you already gave permission to wouldn't ask again.

Re:C:\Program Files\ (1)

tepples (727027) | more than 6 years ago | (#23043626)

Well, they could provide an option so that the process continues to have root privileges. Other processes would continue to run with regular privileges, but the process you already gave permission to wouldn't ask again.
Malware could still shatter [wikipedia.org] the process that got elevated, posing as an assistive technology for users with disabilities.

Like "Program Files" and "My Documents" (3, Interesting)

flyingfsck (986395) | more than 6 years ago | (#23043372)

Microsoft added spaces in system directories to annoy users too I'm sure and specially neglected to make links to network folders work with spaces and left it like that for the past 13 years, to ensure that you cannot copy and paste a spacy network path from Windows Explorer into Outlook and email it to someone else in the company. All that only to annoy their users...

Re:Like "Program Files" and "My Documents" (2, Interesting)

CastrTroy (595695) | more than 6 years ago | (#23043494)

Just like they don't give you an option to stretch the wallpaper image without screwing up the aspect ratio. A feature that would take 20 minutes to program, but it's left out, simply to annoy the users.

Just go to the "application vendors" (2, Insightful)

a_generic_name (1242610) | more than 6 years ago | (#23043398)

Why not just tell the application vendors to "eliminate as many unnecessary privilege escalations as possible"? It would be an easier way to solve the problem, plus less people would hate their operating system.

...who don't listen. (3, Insightful)

tepples (727027) | more than 6 years ago | (#23043512)

Why not just tell the application vendors to "eliminate as many unnecessary privilege escalations as possible"?
Because a decade of experience starting with Windows 95 shows that application vendors don't listen.

Microsoft is right this time (3, Insightful)

Animats (122034) | more than 6 years ago | (#23043418)

Microsoft is right. Most applications should never have administrator privileges, not even during installation. It's way past time to tighten the screws.

Re:Microsoft is right this time (1)

tepples (727027) | more than 6 years ago | (#23043500)

Most applications should never have administrator privileges, not even during installation.
But only users in the administrators group can write to %ProgramFiles%. So should installers write a separate copy of the program to each user's Documents and Settings?

Good idea, bad implementation (4, Insightful)

Todd Knarr (15451) | more than 6 years ago | (#23043426)

The basic idea's sound. The problem is that, given the implementation, users view the problem as being UAC and/or Vista, not the apps. After all, the apps work just fine if you turn those annoying dialogs off or go back to XP. If the users don't view the app as the cause of the problem, they won't pressure the app vendor to do anything about it. Idea fails.

I prefer the Unix approach. The OS doesn't pop up any dialog, or offer the user any choice. If an app does something it doesn't have privileges for, it gets an ENOPRIV returned from that call and isn't allowed to do that. How the app handles it from there is up to the app, but there's no easy way to make the errors go away at the system level (most modern Unixes are set up to make it inconvenient to log in or run programs as root, and only root can install a program setuid-root).

Let me fix this for you... (5, Funny)

actionbastard (1206160) | more than 6 years ago | (#23043432)

Microsoft Designed UAC to Annoy Slashdot Users.

There. All better.

Well..... (4, Funny)

Anonymous Coward | more than 6 years ago | (#23043454)

Aha! They annoyed me so much that I actually switched to linux. /success

No, they did it to annoy shitty developers... (1)

exphose (1261624) | more than 6 years ago | (#23043486)

When the developers of shitty software that needs root just to run or to do something that shouldn't it annoys the end users who then in turn complain to their software company reps who then figures out a bunch of people hate how annoying their software is in vista and then they dictate to the developers to fix it, thus annoying the developers. /runonsentence
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...