Vista new "security" features more a pain in the butt then anything else

[Adam Albright]

If I knew which Microsoft Redmond boy wonder wrote the code for
improving "security" in Vista I'd have my hands around his throat
about now!

Just kidding... but damn, in the real world, this is a disaster for
anybody that moves files around on their system a lot like I do.

Consider:

People send me via the Internet or email, video files which I edit and
return. Simple enough. Well, used to be.

I have things set up to put raw files in a folder in my E drive.

I work on files in folders on my F drive.

I place finished files in a folder on my G drive.

I just checked the security tab on each hard drive. All are set to
"everyone" and permissions are wide open. Anybody can do pretty much
anything. That shouldn't matter anyway since I AM the only user on
this PC. So unless I'm missing something I should should be able to
move files back and forth between hard drives WITHOUT Windows nagging
about it.

So you would think.

Not even close!

This is the silly part:

In order to work on the files I first move them from drive E to F.
Windows doesn't nag at all, and with one exception, still unexplained,
it lets my video editing software write modified files which start out
as "raw" from the E drive to my F drive without complaining if I save
under the same name or a new one.

I just finshed working on one of these files. All I want to do it move
it to my G drive. Which was in XP a very simple process. Click on the
file in Windows Explorer, cut, then paste where you want it moved to
or just drag and drop, whatever...

A new feature in Vista assuming the file is the same name now brings
up a more detailed warning box and asks if you want to overwrite the
older file showing the date and size of each. That's good. However if
you say yes, it starts, then immediately stops, darken your screen and
starts to nag for permission to move the file before it actually does
the move.

The $64,000 dollar question is why since all drives have 'everyone'
permission and therefore such operations should proceed without issue.

Perhaps some Microsoft programmer thought this was improving security.
Well to test this "security" further I fired up Bounce Back which is
my automated backup application. It is pretty slick in that it can
scan my entire system, all 2 TB worth then it presents a detailed list
of all files that have changed since my last backup. It flags
everything, deleted files, renamed files, files not backed up, etc..

Now watch Bounce Back drive a truck sized hole through Vista security.
Bounce Back tells me 1,427 files have changed since my last backup.
The number is higher then usual because I was doing some house
cleaning. Here's the rub. To do the backup Bounce Back needs to read
files and WRITE newer versions to different hard drives or it adds
files that previously had no backups or it finds and asks if I want to
purge files I deleted that at one time I did have backups for.

Hmm.. I say yes, sit back and watch Bounce Back access and WRITE to
every hard drive I have and do its thing. Not once did Vista utter a
peep, yet to move just one file manually as I explained in the
beginning, Vista goes nuts.

Somebody explain why this is "good" security. Vista doesn't challenge
the moving and deleting of over a thousand files some application
moves around, but screams like a stuck pig if I try to move one file
manually.

 

[Guest]

Because "human" are what they are, software programs are what they are!

For you to do the same as your Bounce Back program, you will probably need
to turn User Account Control (UAC) OFF, which you can do by going to
START/CONTROL PANEL/USER ACCOUNTS. You will find "Turn User Account Control

 

[BobS]

Adam,

Good post to raise the question about security "Permissions" ..... But....
it's not just about User Accounts (UAC) in this case, it also involves NTFS
permissions. Your comments raised some questions I also had about what I'm
experiencing when moving files manually versus when a program does it. As
much as I tried to think of a way to explain quickly what I've read in
"Windows Vista Inside/Out" by MS Press, I can't. If I just copy and past
from the eBook version (on the CD with the book), it still would not make
sense unless you read the whole chapter - UAC and NTFS permissions are a
complicated process.

Not that I completely understand either of these processes, what I've read
and seeing for myself - actually makes sense from a security aspect - even
though you think there's a huge disconnect or security hole here - there is
not.

Even as an administrator, you do not have full control until what you want
to do is elevated and credentials verified. Some of this is automatic and
dependent on the task being done. When you are being denied access - you
are then running into NTFS permissions - which change dynamically. The book
explains the convoluted process but has a note that states"

" Because the access-denied message is reminiscent of the messages displayed
by User
Account Control (UAC), you might think that UAC is causing the access
problem. In fact,
this is entirely an NTFS permissions issue, and has nothing to do with UAC
(Don't believe
it? You can confirm it by turning off UAC; you still won't have access to
these folders )"

While this does not address all your comments - the book does. It may not
explain every detail but does a good job of providing the security reasoning
behind it. Now, I'm not defending Vista nor trying to sell you a book but I
am trying to get educated on Vista so I won't be thrashing around and
getting all hyper-frustrated when I'm trying to do some vital work - such as
you're doing.

You have not discovered a security hole - you have in-fact triggered the
security processes of both UAC and NTFS. With neither being fully understood
by most of us, no wonder the frustration level goes up. But keeping in mind
that we've told MS we want and need more security in the OS, we must learn
to use it too. Is it bullet-proof, no and never will be - not even a Mac
can say it is - but Vista is one helluva step forward. It has the good, the
bad and the damn ugly parts too as I'm learning but so far, the good
outweighs the bad.

Please keep posting your comments, I use them as a tutorial for things to
try next......;-) But do get the book.

Bob S.

 

[Adam Albright]

Because "human" are what they are, software programs are what they are!

Rubbish! Five years in development and simple things like this the
world's largest software developer couldn't comprehend the impact?

By the time I finish turning off every new feature Vista brings to the
table, all I have left is XP with a new face, not any new features. I
didn't pay $200 for just eye candy.

Whoever the product manager is for Vista, he/she should be fired. Its
a marketing disaster.

First, nowhere on the retail packaging does it say if you're a XP Pro
user that you can't install inplace or that you can't upgrade to the
version of your choice except in tiny fine print nobody reads. In fact
the packaging goes out of its way to suggest that Home Premium version
IS the right choice for most people.

Second, the Vista Upgrade Advisor seems to have one purpose... to
ADVICE no matter what, everybody should and can upgrade. Then once
you start the actual installer the program tells you the truth. All
those things the advisor said wouldn't be a problem turn out to be
serious enough problems to generate a stop 7B and generate a BSOD for
many users.

Third, Microsoft has done a piss ass poor job of working with vendors,
especially hardware vendors to develop Vista drivers in time for
inclusion on the Vista DVD. Worse it seems increasingly obvious that
some XP drivers work fine for many devices, yet it appears the Vista
installer has been blinded on purpose to these drivers due to
licensing disputes still not settled causing end users untold
headaches.

Yes I know... when you install a major new upgrade you expect a few
bumps in the road. You don't expect to drive off the edge of the
cliff. You don't expect to have to literally fight with Windows to get
it do what you tell it rather then it doing what it wants.

The problem is what its always been. The 800 pound gorilla thinks it
can do whatever it wants and if you the public don't like it, too bad.

There is no joy in Mudville when you invest $200, which is $40 more
then you planned on spending but get forced into a version you don't
want or need just to install the damn thing.