ANS: "What's the deal with UAC (Windows Needs Your Permission screens)" and "...But I thought I was

[Mark D. VandenBerg]

I had not considered that technology. You make an excellent point.

My only question is, when the robots from Cyberdyne become self-aware, will
they disable UAC?

 

[Mark D. VandenBerg]

I'd hazard a guess that hardware driver (lack of) support will also be a
huge issue, as people with non-WDDM graphic cards and 4-year-old printers
discovery the wonderful world of vendor support.

Well;
I for one; would like to see the numbers;after Vista is released;
providing msft doesn't change uac; of what the #1 complaint with Vista
would be?
Looking at the responses from earlier posts; and the fact that; even MSFT
has; noticed;
Who wants to take bets???
My money's on UAC

Jeff

Of course not. If security is one thing it is a moving target.

OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for ppl
that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut
it off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY
dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow
certain functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be
bypassed just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Let them disable it. Then they are no worse off than they were under
XP but the rest of us are more secure. If UAC were backportable to XP
I would learn to use it there.

Oh;
Mark;
To the contrary; it won't force users to do anything;except disable it
Jeff

<snip>
[voice of MS] we can't figure out how to keep it out of your
system, so we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and
here's why.

Microsoft Windows is an operating system. Just like linux and OSX.
Its purpose is an abstraction layer to the hardware that allows
third-party programs to easily take advantage of the hardware
available, as well as to allow the user to change hardware without
breaking apps or requiring a rewrite of apps (ideally in as many
cases as possible).

Now, it is easy to say that Windows (or any OS for that matter)
should just be able to block all malware and only run software that
is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software -
in terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is
just software. The user is the one who determines what is good and
bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator
factors that say "if program x does this, this, and this, then there
is an 80% probability that it is spyware" - but that's all you can
do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux
rootkits and hiding them on some poor sysadmin's machine so when is
does a ps his system is owned, to the few nasties floating around
that attack OSX.

The problem with Windows is twofold - its market share, and its
default security model.

Market share - Why on earth would you create a virus or a spyware
that goes after a small percentage of the computers in the world?
Virus people seem to like fame, and spyware people want the money.
Windows has a big target on its back that won't go away any time
soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are
the ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because
they have a good security model... it's called Least Privileged
Access, where programs run with only the minimum amount of
permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something
that requires "root", and then "sudo" just that program - for only
the amount of time it needs to do its thing - to have full access to
the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.

 

[Jeff]

Mark;
True; so true!!!
OK i'll still put them neck and neck thn
Jeff

I'd hazard a guess that hardware driver (lack of) support will also be a
huge issue, as people with non-WDDM graphic cards and 4-year-old printers
discovery the wonderful world of vendor support.

Well;
I for one; would like to see the numbers;after Vista is released;
providing msft doesn't change uac; of what the #1 complaint with Vista
would be?
Looking at the responses from earlier posts; and the fact that; even MSFT
has; noticed;
Who wants to take bets???
My money's on UAC

Jeff

Of course not. If security is one thing it is a moving target.

OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for
ppl that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut
it off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY
dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow
certain functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be
bypassed just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Let them disable it. Then they are no worse off than they were under
XP but the rest of us are more secure. If UAC were backportable to XP
I would learn to use it there.

Oh;
Mark;
To the contrary; it won't force users to do anything;except disable
it
Jeff

message <snip>
[voice of MS] we can't figure out how to keep it out of your
system, so we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and
here's why.

Microsoft Windows is an operating system. Just like linux and OSX.
Its purpose is an abstraction layer to the hardware that allows
third-party programs to easily take advantage of the hardware
available, as well as to allow the user to change hardware without
breaking apps or requiring a rewrite of apps (ideally in as many
cases as possible).

Now, it is easy to say that Windows (or any OS for that matter)
should just be able to block all malware and only run software that
is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software -
in terms that an operating system could understand and
differentiate between?

In fact, there's no difference to the operating system - there is
just software. The user is the one who determines what is good and
bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator
factors that say "if program x does this, this, and this, then
there is an 80% probability that it is spyware" - but that's all
you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux
rootkits and hiding them on some poor sysadmin's machine so when is
does a ps his system is owned, to the few nasties floating around
that attack OSX.

The problem with Windows is twofold - its market share, and its
default security model.

Market share - Why on earth would you create a virus or a spyware
that goes after a small percentage of the computers in the world?
Virus people seem to like fame, and spyware people want the money.
Windows has a big target on its back that won't go away any time
soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share
are the ones who have the BEST security model.

This is why malware doesn't get on these systems as easily -
because they have a good security model... it's called Least
Privileged Access, where programs run with only the minimum amount
of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do
something that requires "root", and then "sudo" just that program -
for only the amount of time it needs to do its thing - to have full
access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.

 

[Alan Simpson]

I'm inclined to go with Mark on that one. Stiff hardware requirements, and
needing new drivers and Vista versions of some software will be the biggest
deterrent. But that extra occasional UAC mouse click will run a close second
as the most hated thing about Vista .

I'd hazard a guess that hardware driver (lack of) support will also be a
huge issue, as people with non-WDDM graphic cards and 4-year-old printers
discovery the wonderful world of vendor support.

Well;
I for one; would like to see the numbers;after Vista is released;
providing msft doesn't change uac; of what the #1 complaint with Vista
would be?
Looking at the responses from earlier posts; and the fact that; even MSFT
has; noticed;
Who wants to take bets???
My money's on UAC

Jeff

Of course not. If security is one thing it is a moving target.

OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for
ppl that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut
it off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY
dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow
certain functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be
bypassed just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Let them disable it. Then they are no worse off than they were under
XP but the rest of us are more secure. If UAC were backportable to XP
I would learn to use it there.

Oh;
Mark;
To the contrary; it won't force users to do anything;except disable
it
Jeff

message <snip>
[voice of MS] we can't figure out how to keep it out of your
system, so we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and
here's why.

Microsoft Windows is an operating system. Just like linux and OSX.
Its purpose is an abstraction layer to the hardware that allows
third-party programs to easily take advantage of the hardware
available, as well as to allow the user to change hardware without
breaking apps or requiring a rewrite of apps (ideally in as many
cases as possible).

Now, it is easy to say that Windows (or any OS for that matter)
should just be able to block all malware and only run software that
is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software -
in terms that an operating system could understand and
differentiate between?

In fact, there's no difference to the operating system - there is
just software. The user is the one who determines what is good and
bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator
factors that say "if program x does this, this, and this, then
there is an 80% probability that it is spyware" - but that's all
you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux
rootkits and hiding them on some poor sysadmin's machine so when is
does a ps his system is owned, to the few nasties floating around
that attack OSX.

The problem with Windows is twofold - its market share, and its
default security model.

Market share - Why on earth would you create a virus or a spyware
that goes after a small percentage of the computers in the world?
Virus people seem to like fame, and spyware people want the money.
Windows has a big target on its back that won't go away any time
soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share
are the ones who have the BEST security model.

This is why malware doesn't get on these systems as easily -
because they have a good security model... it's called Least
Privileged Access, where programs run with only the minimum amount
of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do
something that requires "root", and then "sudo" just that program -
for only the amount of time it needs to do its thing - to have full
access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.

 

[Kerry Brown]

I had not considered that technology. You make an excellent point.

My only question is, when the robots from Cyberdyne become
self-aware, will they disable UAC?

UAC won't stop robots. It takes much more than that.

http://www.jamesfuqua.com/lawyers/jokes/trek.shtml

 

[Alan Simpson]

By the way, why is that even with UAC turned off you still get prompted?
Even when you're in an administrative user account.

 

[Fernando]

In my opinion, microsoft have to make it mandatory and not optional by
disabling it. I hate to shut out doors and windows when I go away from
my home, but I have to do it and I used to do it. I think UAC will be
the same when users use it for some time.

Colin Barnhorst escribió:

 

[Don Short]

Kinda looks like MS against their customers to me. lol I see such a
small slice of things though, and at this point I feel out numbered! So
I'll be very quiet!

If you look at the number of respondents, though, it appears that there
are a few posters with strong feelings on both sides of the issue.

Judging from the speed this thread has expanded, and it's size in
relation to other threads, I'd say that's a good bet.

Well;
I for one; would like to see the numbers;after Vista is released;
providing msft doesn't change uac; of what the #1 complaint with Vista
would be?
Looking at the responses from earlier posts; and the fact that; even
MSFT has; noticed;
Who wants to take bets???
My money's on UAC

Jeff
Of course not. If security is one thing it is a moving target.

OK;
So you all seem to be missing my point; Jimmy's coming close tho;
Lotsa ppl wont mess with uac;cuz they wont or dont know how; but for
ppl that do; in its current form;its a pain in the ___!!
And instead of taking the time to run it as intended; theyll just shut
it off.
I know one thing;
Makin that STUPID A** admin group;part admin;mostly not; is WAY
dumb!!
Either give full admin;or not; don't tell me i'm admin;thn not allow
certain functions; and tell me I have insufficient privelege.
Many ppl will put up with it;for 2 reasons;
1) they dont know how to change stuff
or
2) like it set up that way

Oh,
And Colin?? More secure???? hmmm for now maybe;in time;itll be
bypassed just as easy as any msft o.s.
Or to put it in perspective; nothing's 100% secure.
Jeff

Let them disable it. Then they are no worse off than they were under
XP but the rest of us are more secure. If UAC were backportable to
XP I would learn to use it there.

Oh;
Mark;
To the contrary; it won't force users to do anything;except disable
it
Jeff

message <snip>
[voice of MS] we can't figure out how to keep it out of your
system, so we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and
here's why.

Microsoft Windows is an operating system. Just like linux and OSX.
Its purpose is an abstraction layer to the hardware that allows
third-party programs to easily take advantage of the hardware
available, as well as to allow the user to change hardware without
breaking apps or requiring a rewrite of apps (ideally in as many
cases as possible).

Now, it is easy to say that Windows (or any OS for that matter)
should just be able to block all malware and only run software
that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software -
in terms that an operating system could understand and
differentiate between?

In fact, there's no difference to the operating system - there is
just software. The user is the one who determines what is good and
bad.

Now sure, you can have programs like antispyware or norton do
statistical analysis of all spyware and determine some indicator
factors that say "if program x does this, this, and this, then
there is an 80% probability that it is spyware" - but that's all
you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux
rootkits and hiding them on some poor sysadmin's machine so when
is does a ps his system is owned, to the few nasties floating
around that attack OSX.

The problem with Windows is twofold - its market share, and its
default security model.

Market share - Why on earth would you create a virus or a spyware
that goes after a small percentage of the computers in the world?
Virus people seem to like fame, and spyware people want the money.
Windows has a big target on its back that won't go away any time
soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share
are the ones who have the BEST security model.

This is why malware doesn't get on these systems as easily -
because they have a good security model... it's called Least
Privileged Access, where programs run with only the minimum amount
of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same
security model: They run as a "standard user" until they need to
do something that requires "root", and then "sudo" just that
program - for only the amount of time it needs to do its thing -
to have full access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

Great comparison, Jimmy.

 

[Jimmy Brush]

Share your views!

I (or anyone else) may not agree with you, but lively discussion about a
topic is never a bad thing.

- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Ray]

That is hilarious.

Ray
No-one in particular.

UAC won't stop robots. It takes much more than that.

http://www.jamesfuqua.com/lawyers/jokes/trek.shtml

 

[Guest]

thank you your explanation is very informative. but we are all testing vista
ultimate which I beleive is for networks and company access etc. I am just
going to use my vista at home on a simple wireless network. so am I going to
need all of this extra security and control? will vista home and home
premium have all the same security controls. Half the services running arent
even necessary for home applications...thanks for any input.

 

[Colin Barnhorst]

UAC is the same across all editions and is not only a defense for an
internal network but especially for the internet.

 

[Alan Simpson]

Just to add an example, how does the system know the difference between a

good cookie and a bad one when the difference often depends on the user's
own philosophy?

In theory any attempt to write software that can judge "good" from "bad"
software will eventually become an infinite algorithm. That's why all the
anti-malware programs rely primarily on pattern recognition (signatures) for
that sort of thing. And is why we always have to keep our signatures
up-to-date. And why human judgment has to be called into play to make
decisions sometimes.

Just to add an example, how does the system know the difference between a
good cookie and a bad one when the difference often depends on the user's
own philosophy?

[voice of MS] we can't figure out how to keep it out of your system, so
we will
implement this, so its your fault if it runs once it's there.

I'm going to have to say this is an invalid argument, Don, and here's
why.

Microsoft Windows is an operating system. Just like linux and OSX. Its
purpose is an abstraction layer to the hardware that allows third-party
programs to easily take advantage of the hardware available, as well as
to allow the user to change hardware without breaking apps or requiring a
rewrite of apps (ideally in as many cases as possible).

Now, it is easy to say that Windows (or any OS for that matter) should
just be able to block all malware and only run software that is "good".

But if you really think about this, it doesn't make any sense.

What's the difference between "bad" software and "good" software - in
terms that an operating system could understand and differentiate
between?

In fact, there's no difference to the operating system - there is just
software. The user is the one who determines what is good and bad.

Now sure, you can have programs like antispyware or norton do statistical
analysis of all spyware and determine some indicator factors that say "if
program x does this, this, and this, then there is an 80% probability
that it is spyware" - but that's all you can do.

Humans determine if things are good and bad, not computers.

Every OS has to deal with this - from the hackers making linux rootkits
and hiding them on some poor sysadmin's machine so when is does a ps his
system is owned, to the few nasties floating around that attack OSX.

The problem with Windows is twofold - its market share, and its default
security model.

Market share - Why on earth would you create a virus or a spyware that
goes after a small percentage of the computers in the world? Virus people
seem to like fame, and spyware people want the money. Windows has a big
target on its back that won't go away any time soon.

Security Model - Now here's the part where Microsoft is at fault.
Ironically, the operating systems with the SMALLEST market share are the
ones who have the BEST security model.

This is why malware doesn't get on these systems as easily - because they
have a good security model... it's called Least Privileged Access, where
programs run with only the minimum amount of permission necessary.

Sound familiar?

At its core, UAC is forcing windows users to use this same security
model: They run as a "standard user" until they need to do something that
requires "root", and then "sudo" just that program - for only the amount
of time it needs to do its thing - to have full access to the system.

Hello Windows Vista - welcome to the club.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[steve hall]

I have a program that installs just fine in xp but in vista it can not write
to some registry keys I guess it is not made to use the trustedInstaller
service

but if i look at the install error log and give my self permision to each
key in the regestry all 500 keys the install program will then run

is there a better way to to do this how do i get the install program to use
the trustedInstaller which seems to own all regestery keys, I tried to run
as administrator all ready and that did not help

the installer is using install sheild name of program is turningpoint
accounting from redwingsoftware.


steve

 

[simonstevens]

Deary Deary me ! you all sound like hitler youth, blindly following Hier
Gates. I fmicrosoft wasn't such an arrogant monopolising arrogant company
there would be nobody trying to run programs that will do harm to your
computer.

Wake up and stop sucking up to microsoft

 

[Jimmy Brush]

I fmicrosoft wasn't such an arrogant monopolising arrogant company

there would be nobody trying to run programs that will do harm to your
computer.

Baseless accusations. Proof?

 

[Andre Da Costa [Extended64]]

The new account setup, which only allows users with Administrative
privileges or a limited account to all operate as a Standard user with a set
of specific requirements and a deeper awareness of the actions a user takes
while performing task throughout the operating system, Microsoft recommends
this account for daily use. You might wonder what the deeper awareness is;
well it's a new improvement to the security model in Windows, the aim is to
essentially provide a secured environment from top to bottom. A bit
intrusive, the aim of User Access Control from the get-go is to enable a
lock on certain administrative privileges throughout the OS, making it more
difficult for users to expose areas of the operating system that are most
vulnerable to attack or user accidents. A shield attached to an icon or
beside a link can easily identify components within the OS that require UAC.
When such a link or icon is clicked a dialog will pop up freezing the
current user session asking for permission before continuing or executing
the action. Hopefully, this will help you prepare and get use to it.

 

[Guest]

Hello,
thank you for taking the time to explain UAC,

Q: UAC is Microsoft's way of controlling my computer and preventing me from
using it!

A: This is 100% UNTRUE. UAC puts control of your computer IN YOUR HANDS by
allowing you to prevent unwanted programs from accessing your computer.
*Everything* that you can do with UAC turned off, you can do with it turned
on. If this is not the case, then that is a bug.

Then I think I found a bug... :
There was some files I could not access because I did not have the correct
rights...
BUT I could not even change the ownership of the file because I could not
access the file security properties!
The solution was to turn back ON UAC,
With UAC ON I was able to change ownership

 

[Guest]

I am not a computer programmer. I do not know how to access behind the scene
programs.
When I start internet explorer, it does not ask for permission.
I would like to know how to make internet explorer, an administrator.

 

[Jimmy Brush]

If a program does not automatically ask for administrator permission,
right-click it and click Run As Administrator.