Is there any way to create exceptions in the UAC for programs that you
trust? Or will there be in RC1?

--
Kevin
Please send replies to group.

Hello,

Unfortunately there will be no way to do this for Windows Vista.

The reason is because the operating system does not know the difference
between YOU starting a program and a program starting a program.

If you allow a certain program, for example the command prompt, to always
run "as administrator", a malware program would be able to start a command
prompt without your permission and use that command prompt to do things that
you don't want it to do, such as format your hard drive.

--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

That's too logical Jimmy...cut it out!
dotcom

"Jimmy Brush" wrote in message
...
Hello,

Unfortunately there will be no way to do this for Windows Vista.

The reason is because the operating system does not know the difference
between YOU starting a program and a program starting a program.

If you allow a certain program, for example the command prompt, to always
run "as administrator", a malware program would be able to start a command
prompt without your permission and use that command prompt to do things
that you don't want it to do, such as format your hard drive.

--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

"Jimmy Brush" wrote in message
...
Hello,

Unfortunately there will be no way to do this for Windows Vista.

The reason is because the operating system does not know the difference
between YOU starting a program and a program starting a program.

It's too bad there's no SUID option in Vista. It works quite nicely in
Linux.
Microsoft gets it wrong, yet again.

--
Scott http://angrykeyboarder.com

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on Usenet?

Actually, SUID is a major security concern when used improperly and has been
the source of many, many security breaches to linux systems. Most linux apps
nowadays do the same thing that MS enforces with UAC - running the program
as a "standard user" and elevating to "root" only when necessary.

The difference is MS doesn't need a poorly-implemented SUID to make this
work correctly - thus closing an avenue for potential privilege elevation.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/
"Scott" wrote in message
...

"Jimmy Brush" wrote in message
...
Hello,

Unfortunately there will be no way to do this for Windows Vista.

The reason is because the operating system does not know the difference
between YOU starting a program and a program starting a program.

It's too bad there's no SUID option in Vista. It works quite nicely in
Linux.
Microsoft gets it wrong, yet again.

--
Scott http://angrykeyboarder.com

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on Usenet?

Jimmy Brush wrote:
Actually, SUID is a major security concern when used improperly and has
been the source of many, many security breaches to linux systems.

True but a few of them still need it. You do get a security warning
before installing though. And in most cases it's only a risk if your
computer is directly connected to the Internet with no Firewall (mine
isn't).


Most linux apps nowadays do the same thing that MS enforces with UAC -
running the program as a "standard user" and elevating to "root" only
when necessary.

They seem to do a much better job of it though.

The difference is MS doesn't need a poorly-implemented SUID to make this
work correctly - thus closing an avenue for potential privilege elevation.

They need something. I shouldn't have to enter my administrator
password after logging in to Windows every time to run some programs
that require Administrator access. Perhaps it's the software and not
the OS that needs some tweaking?

Speaking of passwords.: The sudo command in Linux (and OS X I believe)
asks you to enter your own password and not thee root/administrator
password.




--
Scott http://angrykeyboarder.com
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on Usenet?

They need something. I shouldn't have to enter my administrator
password after logging in to Windows every time to run some programs that
require Administrator access. Perhaps it's the software and not the OS
that needs some tweaking?
Speaking of passwords.: The sudo command in Linux (and OS X I believe)
asks you to enter your own password and not thee root/administrator
password.

It sounds like you are running in a standard user account. This will always
prompt you to enter the password of an administrator when you run an
application that needs admin permissions.

This is a good idea; as a suggestion, if you are opening a program that
usually throws a lot of permissions dialogs, right-click that program and
click Run As Administrator - this will implicitly give any other action that
program does permission.

Otherwise, if you change your account type to administrator, you will see
behavior similar to OSX (based on what you have descibed). When logged in as
an administrator, programs run with limited rights, and you are asked to
click "continue" to authorize programs to have admin rights. You can change
this behavior using Local Security Settings in Administrative Tools to
always ask you to enter your password instead of just being able to click
continue, and this should exactly mimick OSX behavior.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

Most linux apps nowadays do the same thing that MS enforces with UAC -
running the program as a "standard user" and elevating to "root" only
when necessary.

They seem to do a much better job of it though.

I agree .

The difference is, Linux apps have volunatarily done this to make the system
more secure.

In Windows, Microsoft has to drag software vendors kicking and screaming
into this new security model. This is the major pain point with UAC as is -
old/current apps don't play nice because they don't follow the rules.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

These are all valid points, but it seems to me that the UAC should act more
like a firewall. I'm programming with JCreator, and whenever I re-compile,
I have to tell Vista it's ok to run the java compiler. It seems like I
should be able to disable UAC for this particular program, or at least only
have to approve it once in, say, a 30 minute period.

"Jimmy Brush" wrote in message
...
They need something. I shouldn't have to enter my administrator
password after logging in to Windows every time to run some programs that
require Administrator access. Perhaps it's the software and not the OS
that needs some tweaking?
Speaking of passwords.: The sudo command in Linux (and OS X I believe)
asks you to enter your own password and not thee root/administrator
password.

It sounds like you are running in a standard user account. This will
always prompt you to enter the password of an administrator when you run
an application that needs admin permissions.

This is a good idea; as a suggestion, if you are opening a program that
usually throws a lot of permissions dialogs, right-click that program and
click Run As Administrator - this will implicitly give any other action
that program does permission.

Otherwise, if you change your account type to administrator, you will see
behavior similar to OSX (based on what you have descibed). When logged in
as an administrator, programs run with limited rights, and you are asked
to click "continue" to authorize programs to have admin rights. You can
change this behavior using Local Security Settings in Administrative Tools
to always ask you to enter your password instead of just being able to
click continue, and this should exactly mimick OSX behavior.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

Why on earth does a java compiler need admin access to the computer?

I think once applications are written with UAC in mind you won't run into
these types of situations.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/