Why Permission?????

[Stephan Rose]

Stephan Rose <[email protected]>'s wild thoughts were
released on Sat, 18 Aug 2007 06:52:58 -0500 bearing the
following fruit:


VS has lots of components, to think of it as one application
is really an oversimplification. My own software
installation lauches other setup programs behind the scenes
such as MDAC.

I'm aware of that but that honestly doesn't really matter much to me. It's
still *one* install process to install all the various components. If any
one of them gets messed up due to an accidentally wrongly answered UAC
prompt...that'll be a bad thing.



--
Stephan
2003 Yamaha R6

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

 

[Stephan Rose]

"Jerry White" <[email protected]>'s wild thoughts were
released on Fri, 17 Aug 2007 22:12:36 -0700 bearing the
following fruit:


If you guys want to provide them with a list of all software
both current and future then I'm sure they'll get right on
it.

Seriously what you guys are suggesting is just not possible.

UAC is useful as it does help identify unwanted access to
parts of your computer. Most is indeed harmless and it's a
choice for the user, a choice I'm glad of since I don't want
certain things updating when it feels like it.

The thing about UAC, in my opinion, is that the prompts are so frequent
that I think anything actually malicious is just going to get drowned out
in all the non-malicious prompts...

Especially with people who run lots of 3rd party crap on their machine who
are subsequently also the most likely to catch something malicious in the
first place.

--
Stephan
2003 Yamaha R6

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

 

[Jan Hyde (VB MVP)]

Stephan Rose <[email protected]>'s wild thoughts were
released on Mon, 20 Aug 2007 14:58:54 -0500 bearing the
following fruit:

The thing about UAC, in my opinion, is that the prompts are so frequent
that I think anything actually malicious is just going to get drowned out
in all the non-malicious prompts...

At home I get hardly any, at work I get quite a few due to
the nature of my work. Of course I choose to have UAC
switched on even at work so that I am aware of any issues
clients are likely to encounter.

So the question is *what* is prompting you so often?

Especially with people who run lots of 3rd party crap on their machine who
are subsequently also the most likely to catch something malicious in the
first place.

Well I run a lot of third party crap so I'm thankful of UAC.
But you're right, the users that it's meant to protect are
either going to switch it off or authorise it anyway.

 

[Jan Hyde (VB MVP)]

Stephan Rose <[email protected]>'s wild thoughts were
released on Mon, 20 Aug 2007 14:57:14 -0500 bearing the
following fruit:

I'm aware of that but that honestly doesn't really matter much to me. It's
still *one* install process to install all the various components. If any
one of them gets messed up due to an accidentally wrongly answered UAC
prompt...that'll be a bad thing.

I understand your frustration but it is necessary otherwise
malicious software would install itself from another
installer. You're not an average user and your doing work
that is likely to cause the appearence of the prompt more
often than a normal user. Do you really need UAC on?

 

[Stephan Rose]

Stephan Rose <[email protected]>'s wild thoughts were
released on Mon, 20 Aug 2007 14:58:54 -0500 bearing the
following fruit:


At home I get hardly any, at work I get quite a few due to
the nature of my work. Of course I choose to have UAC
switched on even at work so that I am aware of any issues
clients are likely to encounter.

So the question is *what* is prompting you so often?

Now? Nothing anymore. Wiped it from my machine after 2 weeks of getting
tired of it. The only prompts I get these days are the ones I personally
initiate (sudo). =)

Well I run a lot of third party crap so I'm thankful of UAC.
But you're right, the users that it's meant to protect are
either going to switch it off or authorise it anyway.

Precisely, which is where I see the failure in UAC. I'll concede that it's
probably better than nothing at all and the way windows has been. Fair
enough.

However, at best, it only delays the inevitable. It does little to
actually really prevent it. The problem with UAC is that it is not a User
activated prompt. The application's cause it to trigger. One might argue
that the user starts the app causing the prompt to trigger and therefore
the user activates the prompt. But to me that's not the best way of going
about it.

Now on the surface, this sounds great as it's being advertised. Malware
tries to do something bad, triggers UAC prompt. Issue is, good software
also triggers the same prompts as I've said before which causes the bad
prompts to just drown in the good prompts.

What would make more sense is if Microsoft would finally learn to properly
separate OS and User space into two distinct regions and restrict user
access into OS space. At this point in time, prompts are "unnecessary".

With the OS and User space properly separated, save for exploits, no
malware can infiltrate the OS in any way. So it can do little harm. Most
malware cares little about damaging user files. Matter of fact, the
last thing they want to do is damage user files as they don't want the
user to know they are there! They just want to live in the system so they
can send out spam or harvest user data. Difficult to do if they can't
penetrate the OS.

Then if a user *does* need an app that needs OS privileges, they need to
explicitly give the app permission *before* actually running it. That's
the key difference between Vista UAC and Linux Sudo. If the user has to
decide, before even running the application, if it's going to get
administrative privileges then it'll be difficult for a user to
accidentally grant it such as is the possibility with UAC.

But until Microsoft learns to eliminate drive letters and moves
on to a more meaningful file system, meaningful separation is not going to
be easy.

Either method, any user is always going to susceptible to "social
engineering" in being conned into giving an app admin privileges. But that
is something that no amount of software and security can fix. =)

You an protect a User from a lot of things but you can't protect a user
from themselves unless maybe you don't let them use anything beyond an
etch a sketch. For some users, that might not be too bad of an idea.

--
Stephan
2003 Yamaha R6

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

 

[Stephan Rose]

Stephan Rose <[email protected]>'s wild thoughts were
released on Mon, 20 Aug 2007 14:57:14 -0500 bearing the
following fruit:


I understand your frustration but it is necessary otherwise
malicious software would install itself from another
installer. You're not an average user and your doing work
that is likely to cause the appearence of the prompt more
often than a normal user. Do you really need UAC on?

Well from what I've heard, UAC on is a nuisance, UAC off can cause things
to break. So which evil does one need to deal with? The first I can
confirm, the second I honestly never tried. I never got that far. 2 weeks
into it, I wiped Vista from my machine.

That said, see my other post for more detail. =)

--
Stephan
2003 Yamaha R6

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰