Stephan Rose <
[email protected]>'s wild thoughts were
released on Mon, 20 Aug 2007 14:58:54 -0500 bearing the
following fruit:
At home I get hardly any, at work I get quite a few due to
the nature of my work. Of course I choose to have UAC
switched on even at work so that I am aware of any issues
clients are likely to encounter.
So the question is *what* is prompting you so often?
Now? Nothing anymore. Wiped it from my machine after 2 weeks of getting
tired of it. The only prompts I get these days are the ones I personally
initiate (sudo). =)
Well I run a lot of third party crap so I'm thankful of UAC.
But you're right, the users that it's meant to protect are
either going to switch it off or authorise it anyway.
Precisely, which is where I see the failure in UAC. I'll concede that it's
probably better than nothing at all and the way windows has been. Fair
enough.
However, at best, it only delays the inevitable. It does little to
actually really prevent it. The problem with UAC is that it is not a User
activated prompt. The application's cause it to trigger. One might argue
that the user starts the app causing the prompt to trigger and therefore
the user activates the prompt. But to me that's not the best way of going
about it.
Now on the surface, this sounds great as it's being advertised. Malware
tries to do something bad, triggers UAC prompt. Issue is, good software
also triggers the same prompts as I've said before which causes the bad
prompts to just drown in the good prompts.
What would make more sense is if Microsoft would finally learn to properly
separate OS and User space into two distinct regions and restrict user
access into OS space. At this point in time, prompts are "unnecessary".
With the OS and User space properly separated, save for exploits, no
malware can infiltrate the OS in any way. So it can do little harm. Most
malware cares little about damaging user files. Matter of fact, the
last thing they want to do is damage user files as they don't want the
user to know they are there! They just want to live in the system so they
can send out spam or harvest user data. Difficult to do if they can't
penetrate the OS.
Then if a user *does* need an app that needs OS privileges, they need to
explicitly give the app permission *before* actually running it. That's
the key difference between Vista UAC and Linux Sudo. If the user has to
decide, before even running the application, if it's going to get
administrative privileges then it'll be difficult for a user to
accidentally grant it such as is the possibility with UAC.
But until Microsoft learns to eliminate drive letters and moves
on to a more meaningful file system, meaningful separation is not going to
be easy.
Either method, any user is always going to susceptible to "social
engineering" in being conned into giving an app admin privileges. But that
is something that no amount of software and security can fix. =)
You an protect a User from a lot of things but you can't protect a user
from themselves unless maybe you don't let them use anything beyond an
etch a sketch. For some users, that might not be too bad of an idea.
--
Stephan
2003 Yamaha R6
å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰