Come on ! 3 prompts to delete a shortcut ?!? Another I hate UAC thread

[Will Niccolls]

"Jimmy Brush" .

So, to recap, UAC:

* Ensures that you TRUST a program to have complete control over your
computer. This prevents programs that you do not trust from gaining
complete access to your computer against your will. (EX: "I don't know
what ajksdka2.exe is, so I will not allow it to run with complete control
over my computer.")

Well, ok, but the problem with this is that 95% of humans that use computers
don't have the requisite knowledge to understand what "trusting" a program
means. They barely know what "delete" means, they don't know what a
shortcut is, they don't understand what a user account is, and they sure as
hell don't know how to judge whether "iexplore.exe" vs. "ajksdka2.exe" is
trustworthy. The prompts that MS is so fond of simply become clickable
hurdles to jump past as fast as possible.

Programmers and most system admins have little understanding of what most
end user's knowledge is so they just can't offer language that makes sense
to them. Programmers use language like "Information you exchange with this
site cannot be viewed or changed by others, however, there is a problem with
the site security certificate".

Non-programmers have no clue what the hell that sentence means. They don't
know what a site is, they don't know what a security certificate is. They
click yes and keep going. Prompting users isn't effective security in my
view--(which is ten years as a help desk/tech support/sysadmin). It's
annoying and largely useless.

 

[Dale White]

When Family members stop calling me saying "The internet is down" and "It
don't work", then we'll be at a place where the UAC is more useful. Of
course, We probably wouldn't need the UAC if that was the case.

 

[Jimmy Brush]

You're right; some users will not know about admin vs. non-admin, or any
other issues, and will know nothing about trust or security.

But, UAC still works for these users by asking them a simple question:

"If you started this action, click Continue"

Which is the MOST important thing that UAC does - it makes sure that what is
happening is what the user wants to happen. (Which is the other point I made
from the section you quoted).

If something happens that the user does not expect, they should click
cancel, and I think that is fairly straightforward from the dialogs, even
for the most novice of users, and even if they aren't sure about the program
name or icon (they know if they clicked on something or not).

Technical people will get much more benefit out of UAC, as they will
understand the signifigance of the seperation between admin and non-admin
and will be able to better judge the trustworthiness of the program as you
said, but the fact that the user is intending for an action to happen is
really THE reason why UAC dialogs exist, and that doesn't require much from
the user.

Will some people still click continue? of course. Does this mean UAC failed?
Nope. Because the point of UAC is to give the reins to the user, even if
they decide to always click continue

If we can get to a point in computer security where the weakest link truely
is the user, then we can say we have done the best we can do.

--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/

 

[Dale White]

Will some people still click continue? of course. Does this mean UAC
failed? Nope. Because the point of UAC is to give the reins to the user,
even if they decide to always click continue

If we can get to a point in computer security where the weakest link
truely is the user, then we can say we have done the best we can do.

I state upfront, this is a dead horse, I'm beating. The UAC is what the UAC
is. I know the MVP's job is simply to tell us what Microsoft meant for it
and you guys have no control over what they do.

I guess I'm not going to the right websites or doing something wrong. When
you are sitting at your PC, just how often are you getting random prompts to
allow a program to run or install, that you didn't already say..Run or
install ? I don't get any, so am I doing something wrong ?

If I got to microsoft's website for updates, it tells me I need to install
an active X control. If I go to creative.com, it tells me I need to let
Adobe Macromedia flash install, if I go to myspace.com, it tells me I need
to let some quicktime updates install or if I didn't go to creative first,
it tells me I need to let Flash 9 install. If I choose "NO" to these options
the websites don't work or doesn't let me proceed. I'll skip the part where
IE already prompted me to let these programs install and we'll just thank
the UAC for giving me control over saying yes a few more times (to my other
yes I told IE)

Now I go to a website that "a friend" sends me and it says, you must let
program ABC install. If I say no, the website doesn't work. Based on my
previous experience with Microsoft, creative, myspace, I'm now trained to
say yes to that prompt. The site installs a bunch of junk, maybe turns my PC
into a Zombie, but I don't know because it's all going on in the background
and the website works, so I assume it's like any other website.

Now it would be your, well really microsoft's, stance that the UAC worked
beautifully and did exactly what it was suppose to. It prompted me to allow
an install, one which I already told IE yes to. One in which I as a user
have been conditioned to say yes to.

It just strikes me as odd that the official party line is, "we gave the
reins over to the user", "even if they don't really know what they are
doing" Again, I guess I'm just not a good candidate for the UAC. Asking me
multiple times, if I really want to do, what I just said I wanted to do,
doesn't feel like I have the reins. Sure I would feel more empowered as an
Advance user, if strange things were going on and the UAC allowed me to
navigate a mindfield, but I don't go into minefields.

 

[Gary VanderMolen]

Now I go to a website that "a friend" sends me and it says, you must let
program ABC install. If I say no, the website doesn't work. Based on my
previous experience with Microsoft, creative, myspace, I'm now trained to
say yes to that prompt. The site installs a bunch of junk, maybe turns my PC
into a Zombie, but I don't know because it's all going on in the background
and the website works, so I assume it's like any other website.

What it boils down to is that a user needs a certain amount of discernment,
somewhere above the level of an eight-year-old child.
Some people would give their bank account information to a complete
stranger, just because the stranger said he was a bank examiner
checking for in-house fraud.
It just isn't possible for Microsoft to make UAC idiot-proof.

 

[Jimmy Brush]

I guess I'm not going to the right websites or doing something wrong. When
you are sitting at your PC, just how often are you getting random prompts
to allow a program to run or install, that you didn't already say..Run or
install ? I don't get any, so am I doing something wrong ?

You're not doing anyting wrong. This is the way things should work 99.9% of
the time.

UAC is there to prevent the .1% of the time where an application will try to
run without you starting it or intending for it to run.

Now it would be your, well really microsoft's, stance that the UAC worked
beautifully and did exactly what it was suppose to. It prompted me to
allow an install, one which I already told IE yes to. One in which I as a
user have been conditioned to say yes to.

What I state is my opinion, not microsoft's. And yes, UAC worked exactly as
it should have in this scenario.

You wanted to go to that website, which required that the software be
installed. You decided to install that software. You TOLD WINDOWS that you
are indeed the one that wants the software to install.

The only thing UAC does is to make sure that you intend for something to
happen.

Which you did.

There are other security tools out there that will prevent you from doing
something that could harm your computer, even if you want to do that
something. Things such as antivirus, antimalware, antiphishing, etc. These
tools work together with UAC to make your computer more secure.

UAC doesn't keep you from doing something bad or dangerous - it just makes
sure that you are the one that is doing it.

Before UAC, any program could FORCE YOU to go to that website, and then
install that ActiveX control, and literally all you could do is sit there
and watch. Or the program could have done it invisibly, so you wouldn't even
have known it was happening.

This is what UAC prevents.

It just strikes me as odd that the official party line is, "we gave the
reins over to the user", "even if they don't really know what they are
doing" Again, I guess I'm just not a good candidate for the UAC. Asking
me multiple times, if I really want to do, what I just said I wanted to
do, doesn't feel like I have the reins. Sure I would feel more empowered
as an Advance user, if strange things were going on and the UAC allowed me
to navigate a mindfield, but I don't go into minefields.

I understand what you mean.

UAC's job is to make sure that you are the one doing something, even if you
don't know what that something is doing.

This DOES empower you, because it allows you to tell the computer when
something happens that you didn't do (even if you don't know what that
something is, you know whether or not you are doing it).

I have a hard time explaining to people that the computer doesn't know what
you are wanting to do, even if you just said what you are wanting to do
(hence it asks you, sometimes multiple times).

That is why the UAC prompt exists - to make sure YOU are doing something, as
opposed to some program doing that something.

This doesn't in and of itself make your computer secure, as you pointed out.
However, it is an important peice of the puzzle .


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/