Prompts, prompts, and more prompts...jeez

[Chad Harris]

JD--

This is a user's group. This isn't a hotline to MSFT. And the cross posting
meant absolutely no sense. If you want to get your message to MSFT do it on
a MSFT blog--there are hundreds or post on the Vista team blog read by Jim
Allchin who ran Windows until a few weeks ago, and the Vista marketing team
and others from MSFT.

It's a little bit like opening the window and saying you want the Iraq
fiasco to stop.

UAC is a security feature in Vista and it has been discussed in the Vista
general group and the Vista security group. It's not a setup feature lol or
a game feature or particularly a file management feature. Cross posting
without a very specific reason just clutters more groups.

CH

 

[Chad Harris]

My posts are on point to fixing what the question wants or supplying info.

Anything below my signature is a variation of somoene's sigining with a
quote etc.

To the extent that you read any of them, you increased your steep learning
curve positively. I'm looking for any of yours I can learn anything from.

CH

 

[Chad Harris]

UAC is User Account Control and if you want to learn more, some ways for you
to do this are to put it in the Help and Support Search box on the start
menu or go to http://technet.microsoft.com and put it in search or google
for msdn uac vista or search it on the MSDN Radio 9 site
http://channel9.msdn.com/ or go to the Vista general group and View
search>uac.

CH

 

[Adam Albright]

JD--

This is a user's group.

You're so right and you're just another user. Don't pretend you are in
charge.

 

[Adam Albright]

My posts are on point to fixing what the question wants or supplying info.

If you only had a clue how many people are laughing at you. You're
trying to run the newsgroup. Sorry, we all already have mommys.

 

[Adam Albright]

You had to supply your "root" password - the same as running Windows as
administrator.

All these people complaining, especially the e-zine columnists, have never
before worked with a secure operating system.

Yea right. I keep forgetting so many MVP's are "experts".

Yep, at spreading bullshit.

Memo to Richie. You should consult with other MVP's, several have said
just today there is no such thing as a secure operating system.

 

[Chad Harris]

Albright--

I could care less who is in charge. It's a user group. I've been using
them a good while. The cross posts are absurd. This is no MSFT hotline.
UAC isn't an install issue. Has nothing to do with who is in charge. All 3
statements are accurate. I gave direct connections to bitch to MSFT about
it; that's more than I've seen you do.

I see a lot of little children grown into adult bodies who had a lot of
people push them around as kids and an even greater number pushing them
around as adults projecting their pissedoff affect onto me.

How dumb does someone have to be to dump off topic issues into a setup group
when there are a dozen or so more groups for them?

CH

 

[Adam Albright]

Albright--

I could care less who is in charge.

The proper phrase is you couldn't care less. Meaning you are already
at your limit of caring. Hint: If you could care less, as you just
said, then you're not caring the least amount you could, because you

It's a user group. I've been using them a good while.

Probably no where as long as I have which is why I always laugh when
somebody admits they're not in charge, but keep acting like they are.

The cross posts are absurd.

Cross posting is common on Usenet. Hint: You're posting on Usenet.
There are no special rules for Microsoft groups. I bet you didn't know
that when people cross-post (post the same comments to multiple
newsgroups at the same time by setting the header to post their
messages to multiple groups), they are just saved in one place on the
news server. You see, you don't know anywhere near as much as you
think you know.

So cross-posting bothers nobody except maybe up-tight twits, doesn't
take up bandwidth and doesn't waste space on anybody's news server. So
what's your problem? Again it seems you just like to pretend you're in
charge.

This is no MSFT hotline.

Nobody but you keeps saying that. Which brings us full circle. You
keep saying you're not in charge, we all know you're not, yet you
insist on trying to control what other do. If you don't wish to help,
and you're not asking questions, why are you here? Nobody forces you
to answer anybody's post. You elect to do so or not. Your choice.

UAC isn't an install issue.

More of you attempting to control who posts what. Instead of having a
hissy fit if you bothered to read up on the subject you would learn
many people are bothered by UAC's implemenation, even MVP's and far
more knowledgeable people then you including professionals Microsoft
hired to deliberately attempt to break into Vists an demonstrated how
they did at a well attended Microsoft sponsored convention because of
the UAC. When you recover, pick yourself off the floor.

Has nothing to do with who is in charge.

Kindly explain your obsession with who's in charge. I don't claim to
be, you're certainly not and I see nobody else complaining yet you are
fixiated on who's in charge of a newsgroup you admit you aren't in
charge of, yet you keep acting like you are or want to be.

All 3 statements are accurate. I gave direct connections to bitch to MSFT about
it; that's more than I've seen you do.

You're just another primadana that got his ears pinned back and you
don't like it because it bruised your bloated ego. May I suggest you
develop a thicker skin and mellow out.

I see a lot of little children grown into adult bodies who had a lot of
people push them around as kids and an even greater number pushing them
around as adults projecting their pissedoff affect onto me.

You've been staring in a mirror haven't ya. What you just said is
known in the mental health industry as projecting.

How dumb does someone have to be to dump off topic issues into a setup group
when there are a dozen or so more groups for them?

How dumb do you have to be to keep complaining about something you
can't control or change? This group doesn't have much traffic. Its
probably the first newsgroup people trying to install Vista come to.

The scope of installing a operating system is rather broad and open
ended. If people after installing Vista immediately start getting
moronic UAC nag screens I would wager a good many of them may conclude
something happened that corrupted the install or that they missed a
step. If you're too big a primadona to want to help may I humbly
suggest you simply try real hard to find the willpower to simply skip
over such posts since they bother you so. You can try harder to be a
good little boy can't you Chad?

 

[Dustin Harper]

Yes, I agree. Just as the drivers will mature and stability will get
better.

 

[Chad Harris]

Read my lips Albright. I'm not in charge of any newsgroup. I've
participated in them for years. But I rarely see threads that have nothing
to do with the newsgroup on any of the hundreds of MSFT groups. This group
became an exception the day that MSFT began selling Vista in stores.

One of the reasons is that the masses, most of whom couldn't work the 5
second wizard to configure OE for groups, because they couldn't figure out
what to type for incoming and outgoing mail and were too lazy to google "OE
newsgroups" now are too lazy to use the easier pathway.

They are also too lazy to figure out how to search for newsgroups by putting
vista in the search interface and reading the list of groups and putting
their issue in the appropriate group.

There is no reason whatsoever to dump issues unrelated to setup in this
group and it distracts from the title and purpose of the group.

If you choose to distort this as an authority issue, it's easy to understand
that many things in your life revolve about the authority you perceive you
don't have.

I've said explicitly, I'm not trying to run anything, but I will piont out
when someone posts a totally unrelated message to put it in the right group.

If a answers start popping up in groups they have nothing to do with, it
impairs the ability of people to search a particular group for an answer
before they post, something the masses are apparently too lazy to do. These
are the same people that could easily get their answer but refuse to read
Help and Support and search it.

How dumb does someone have to be to dump off topic issues into a setup group
when there are a dozen or so more groups for them?

CH

CH

 

[Adam Albright]

Read my lips Albright. I'm not in charge of any newsgroup. I've
participated in them for years. But I rarely see threads that have nothing
to do with the newsgroup on any of the hundreds of MSFT groups. This group
became an exception the day that MSFT began selling Vista in stores.

As somebody has already pointed out Chad Harris, you're behaving like
a a-hole. I'm sure you're really a nice guy, but nobody will ever know
if you keep having temper tantrums, especially over nothing.

Again I need to ask you, what did you expect? Of COURSE this newsgroup
got more busy the day Vista hit the shelves. Does that surprise you?
It seems like half the posts here are from you bitching about cross
posting and bellyaching the question wasn't asked in the "right"
newsgroup. Sorry, the somewhat weird sense of humor I have, that's
damn funny to see you with your shorts all bunched up over nothing.
You're twisting in the wind due totally to what you yourself have said
and can't figure out why most people are probably laughing their ass
off over how you are acting. I'm not mad at you, doubt anybody really
is, we're just playing with you. You need to calm down.

There is no reason whatsoever to dump issues unrelated to setup in this
group and it distracts from the title and purpose of the group.

Listen fella, NOBODY distracts more in this newsgroup then you do. For
somebody that bitches about off-topic posts it should dawn on you that
your posts are more off topic than anybody's. Duh!

How dumb does someone have to be to dump off topic issues into a setup group
when there are a dozen or so more groups for them?

How dumb does somebody have to be to keep beating a dead horse?

 

[Chad Harris]

People who help consistently on groups have been posting when the OP is off
topic where to post it for years. You're just a newbie and instead of
putting up substantive help you seem obsessed with your delusion that I want
to be in charge.

I want people to read the name of the group and post appropriate to it. MSFT
names it. They purport to be "in charge." Take your bitching to them.

CH

 

[cquirke (MVP Windows shell/user)]

On Sat, 24 Feb 2007 02:30:11 -0500, "JD Wohlever"

MS should have made UAC a Business / Enterprise feature and left the
standard user and admin feature set of XP for the Home licenses of Vista.

95% of spam is sent through botnets, and them botted PCs aren't just
in the corporate world.

When 3-year-olds smack each other, it's ugly but harmless. When a
16-yer-old pulls an Uzi and goes postal, it matters.

When consumers were putting around with dial-up, it didn't matter to
the rest of us if they got infected. When they pack always-on
broadband and wide-open WiFi, it matters far more.

The real question is; how did the lanscape get so ugly that web pages,
email "messages" and "documents" can automate rings around users
without their noticing? That crap design is the Pandora flood that
we're trying to mop up with a UAC hankie.

--------------- ---- --- -- - - - -

Saws are too hard to use.
Be easier to use!

 

[Adam Albright]

People who help consistently on groups have been posting when the OP is off
topic where to post it for years. You're just a newbie and instead of
putting up substantive help you seem obsessed with your delusion that I want
to be in charge.

I want people to read the name of the group and post appropriate to it. MSFT
names it. They purport to be "in charge." Take your bitching to them.


CH

 

[BobS]

Chad,

We have read the name of the newsgroup and we read the quality of the posts
from the MVP's and others that are trying to help - and this is the place
that is offering the best solutions. You've been reading the other groups,
and I've made posts to the other groups as well as many others but we come
back here - wonder why?

It may be a matter of perception on what constitutes a set-up issue or not.
Your undefined definition is to narrow for our liking is what you're being
told by myself and others. Is there a charter for this group? I read
something on the MS site about keeping the threads "relevant to the topic
being discussed" and that is a pretty broad statement if I recall it
correctly. At any rate, the message also recognized that some off-topic
discussions will result from on-topic discussions simply (and I'm implying
this) because they aid in the understanding and troubleshooting effort.

So if someone can't get Vista setup on his system and along the way someone
here (like an MVP) suggests he may have a driver problem as well as some
other issues, does he now take his questions to "general", "devices" or
whatever? No, it stay's here - it's relevant and since it's "we" (the group
cabal) that decides what gets answered or not and not "you", your posts
about taking a question elsewhere will continued to be ignored and
criticized.

I think you're wound up a bit to tight over nothing and our jerking you
around a bit because of it has really got you in a dither. This is a
friggin newsgroup with people trying to help others the best they can.
Without us, M$ would not exist - right? Join in and quit being so
tight-ass - this isn't boot camp. Relax, help those you can and try to enjoy
life a little - it's only a computer operating system we're fussing about
here - not your wife or your girlfriend or boyfriend.

As for taking our bitching to MSFT.....yeah right. As I said in one of my
posts already, if the free MS tech support was any good, we would use them.
I made my one call, got some silly answer from someone in India, I said
thank you and came here to get the "real" help.

If you take a good read Chad you'll notice that we (the ones twisting you
around) have also been trying to help others here and saying Thanks to
others who have helped in-kind. A good example is some of Adam's
observations and detailed posts. Sure he ranted a bit, so did I - you're
dealing with a couple of frustrated perfectionists here (you can't win) who
have been around the block a few times, have written hardware drivers in
machine code and assembly language. We've dealt with many OS's, we and
many others have paid our dues so to speak and we've paid a good money for
Vista. It's good/bad and somewhere in-between.... and we're learning about
it just as MS and you still are.

This is a give and take group, very little spam and a whole lot of relevant
questions. May not seem like it to you because it's not you having the
problem and the last thing a person needs is someone telling him to take it
elsewhere. Ever think if he/she found this group - they also knows about
the others? They then did a lot of reading, saw the quality of the
information and decided "this is the place".

So be it... live with it.

Bob S.

 

[cquirke (MVP Windows shell/user)]

On Sat, 24 Feb 2007 08:19:55 -0800, "Kerry Brown"

And how does the security in 'nix work? By separating users and superusers
(administrators). If you ran Linux as root (administrator) all the time you
would be much less secure than running Vista with UAC enabled.

And when you run Linux, you get prompts to enter the root password
whenever you do something that needs root permissions.

Same thing in MacOS - I only had to use it for a few minutes,
troubleshooting a WiFi access issue, before I was appropriately
prompted for a system-rights password.

How is that different from UAC?

I don't think anyone who knows anything about security would disagree
with the statement that Windows XP cannot be secured. It can be made
more secure but if you run as an administrator malware can find a way in.

I'm not that impressed with the notion of "user rights" as the be-all
and end-all of security, or even basic safety.

The whole "user rights" ediface stands on deeper levels of abstraction
that go all the way down to NTFS. But the same sort of holes in the
assumption that "code only does what it was written to do" etc. that
allow malware to run via exploits, may also drill through user rights
in various ways - either by assuming higher rights as a consequence of
what they've drilled into, ot escalating rights, or just going under
the whole thing alltogether, as Witty did.

Witty drilled in though an exploitable surface in a 3rd-party firewall
(Black Ice Defender), which presumably gave it admin rights, if not
complete system rights. From there it trashed the file system by
doing raw writes to arbitrary sectors, right from within XP.

So all that fancy NTFS permissions stuff wasn't worth a pile of beans,
in this case. All sectors are the same, from raw hardware access.

With Vista and UAC zero day attacks will certainly happen but UAC
will at least give you a warning that something is up.

It may do, prolly should do. YMMV depending on the nature of the
attack, especially if an exploitable surface allows the malware to
drill into a process that's accepted by UAC as part of the system.

--------------- ---- --- -- - - - -

Saws are too hard to use.
Be easier to use!

 

[cquirke (MVP Windows shell/user)]

Hint: That means any malicious code can pretend to be a "installer"
too and in effect gain access to anything on your computer including
Windows kernel or YOUR data. It doesn't make much sense to me.

The basic mechanism of malware is to behave in a riskier manner than
what the user thought they were risking.

The most extreme cause of this is the clickless attack, such as
Lovesan waltzing in through RPC "service" (that should never have been
left waving it's ass at the Internet in the first place) without the
user doing anything at all.

OTOH, if you install a program, you are fully aware of the risk you're
taking. Installing software does position that software to do
anything it wants to do, including integrating itself so that it may
be impossible to run Windows without it running as well.

If you decide to give that much power to what turns out to be malware,
then really, you have only yourself to blame.

IOW, where's the risk escalation advantage in malware pretending to be
an installer? That is *exactly* what malware is, anyway.

This level of non-SE has been PoC'd, e.g. we've had malware called
VIRUS.EXE that pops up a dialog that says "I am a VIRUS and I will
attack your PC!" and yep, some users go right ahead and click "OK".

--------------- ---- --- -- - - - -

Saws are too hard to use.
Be easier to use!

 

[Adam Albright]

The basic mechanism of malware is to behave in a riskier manner than
what the user thought they were risking.

Why would anyone WILLINGLY give malware any permission to do anything?
You guys are priceless in your endless blind defense of Microsoft
decisions! The FACT is Microsoft ADMITS it had no choice but to leave
the door wide open to accept any installer request to have access
anything. Any reasonably clever hacker therefore can write code to
pretend his malware code is a installer of a "trusted" application and
such a attack will do whatever it wants.

OTOH, if you install a program, you are fully aware of the risk you're
taking.

If you include Windows in that statement you are entirely correct.

Windows is the biggest thread to your PC's security because of how it
was originally written and nothing to date changes that.

Windows has patches on top of previous patches over the course of 20
plus years. Just for kicks it would be damn interesting to see all the
source code don't you think?

Why is Windows so weak when in comes to security? Well Mr. Gates
himself made a poor decision. When Windows was first being developed
the Internet (main threat) was unknown to most. Microsoft originally
ignored the Internet. Gates is on record saying the Internet was a
passing fad that Microsoft wasn't interested in. Only after he
realized that was a huge miscaculation did Microsoft start to try to
patch the huge number of security holes hackers were starting to
exploit in Windows itself (stupid policy of turning everything on like
file sharing) making Windows easy prey to port sniffers and the
laughable early attempts with Microsoft's early browsers and Active X.

The problem is no matter how much Windows gets patched it still wasn't
designed as a secure OS. Microsoft had pleny of time to fix this
oversight by rewriting Windows from scratch. Surely they could have
with XP, may have with Windows 98, ever as far back as Windows 95, but
they chickened out fearful they would lose too many customers if
Windows suddendly became more secure but nobody's hardware or software
worked anymore with this new beefed up Windows. Surely with all the
attacks seen during XP's history you would think Vista would be more
secure, but all Microsoft did was put a bandaid on Windows called UAC
which is badly flawed and obviously has the serious drawback of really
pissing off current customers endlessly getting nag screens everytime
they do every little thing they always could easily do without
interference in prior versions of Windows which under Vista if UAC is
turned on as it is by default rather then choice as it should be
designed will often cause Vista to have one hissy fit after another.

I'm not against the concept of UAC, I'm simply surprised Microsoft did
such a crappy job with it considering its taken them over 5 years to
push Vista out the door. What have they been doing all this time?

 

[Mike Hall - MS MVP Windows Shell/User]

Adam

They willingly give permission to the 'fun stuff' that is used to disguise
malware.. chat room and messenger smiley faces and crap like Budweiser Frog
cursors are popular with kids and adults alike..

Some open the URL to a bogus Citibank website to check details as instructed
even though they know that they don't have a Citibank account..

They accept e-mails and open files sent to them by people who are known to
hate their guts..

They accept and open Valentine e-mails and the files therein from mysterious
lovers called Chi_ (e-mail address removed)

They download MS Publisher "yes this version really works' using P2P stuff
like Limewire without thinking that maybe the MS Publisher installation may
be just a little larger than 785.5k in size..

It is not so much a case of Windows leaving the door open as the user keeps
opening the door..

Why would anyone WILLINGLY give malware any permission to do anything?
You guys are priceless in your endless blind defense of Microsoft
decisions! The FACT is Microsoft ADMITS it had no choice but to leave
the door wide open to accept any installer request to have access
anything. Any reasonably clever hacker therefore can write code to
pretend his malware code is a installer of a "trusted" application and
such a attack will do whatever it wants.


If you include Windows in that statement you are entirely correct.

Windows is the biggest thread to your PC's security because of how it
was originally written and nothing to date changes that.

Windows has patches on top of previous patches over the course of 20
plus years. Just for kicks it would be damn interesting to see all the
source code don't you think?

Why is Windows so weak when in comes to security? Well Mr. Gates
himself made a poor decision. When Windows was first being developed
the Internet (main threat) was unknown to most. Microsoft originally
ignored the Internet. Gates is on record saying the Internet was a
passing fad that Microsoft wasn't interested in. Only after he
realized that was a huge miscaculation did Microsoft start to try to
patch the huge number of security holes hackers were starting to
exploit in Windows itself (stupid policy of turning everything on like
file sharing) making Windows easy prey to port sniffers and the
laughable early attempts with Microsoft's early browsers and Active X.

The problem is no matter how much Windows gets patched it still wasn't
designed as a secure OS. Microsoft had pleny of time to fix this
oversight by rewriting Windows from scratch. Surely they could have
with XP, may have with Windows 98, ever as far back as Windows 95, but
they chickened out fearful they would lose too many customers if
Windows suddendly became more secure but nobody's hardware or software
worked anymore with this new beefed up Windows. Surely with all the
attacks seen during XP's history you would think Vista would be more
secure, but all Microsoft did was put a bandaid on Windows called UAC
which is badly flawed and obviously has the serious drawback of really
pissing off current customers endlessly getting nag screens everytime
they do every little thing they always could easily do without
interference in prior versions of Windows which under Vista if UAC is
turned on as it is by default rather then choice as it should be
designed will often cause Vista to have one hissy fit after another.

I'm not against the concept of UAC, I'm simply surprised Microsoft did
such a crappy job with it considering its taken them over 5 years to
push Vista out the door. What have they been doing all this time?

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

 

[Adam Albright]

It is not so much a case of Windows leaving the door open as the user keeps
opening the door..

You get brownie points for defending Microsoft's poor design of Vista?

What part of "it is MY computer, I'll decide which features to
implement" don't you or Microsoft understand?

If UAC worked, transparently, behind the scenes, if it actually DID
offer some REAL protection it would be fine. From what I've read so
far it seems to do little if anything to protect the user but for sure
at the same time if UAC is turned on can get in the way of users with
constant nag screens.

Now sit back and learn how Windows in previous versions has "opened"
the door to hackers BY DESIGN.

As I've said before Windows wasn't designed to be a secure operating
system. Trying to patch holes is the most Microsoft seems willing to
do. For example I doubt many are aware that part of XP's design was to
automatically "turn on" file sharing. If your computer is connected to
the Internet, this is open door to your system hackers loved. The
irony is there was NO NEED to do this. It was done because originally
the Microsoft mindset was "turn everything on by default, otherwise
users would be too dumb to find out how to turn on features, that only
applies to LAN setups in this example.

Even fewer are aware that deep in the bowels of Windows there's a
hidden feature that without your knowledge is automatically turned on
and if you attempt to delete or turn off this feature through normal
means Windows, on its own, behind your back, will just install it
again the next time you boot. Microsoft likes to call these security
holes "features". Does not apply to XP home.

One of many, read all about it:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q314984

http://www.windowsnetworking.com/kb...WindowsNTW2KXPHiddenAdministrativeShares.html

I haven't had time to check how many things like this may still remain
in lurking deep in Vista or if hopefully they have been corrected. My
point, is while Microsoft talks a good game, what it has actually done
in the past in way of design suggests a lot more work needs to be done
if they are truly serious about making Windows really secure.