Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Windows Vista File Management Issues or questions in relation to Vista's file management. (microsoft.public.windows.vista.file_management) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
UAC should have been a Business class feature, not for Home Users
After the computer is setup and all applications are installed, you
should rarely see a UAC prompt. But how many users buy a new Dell and it has all the programs (that you WANT) installed on it? I run the firewall as an added level of security, not as a replacement of other methods of security. As a PC tweaker, I am constantly making changes to my PC, registry, installing new programs, hardware, etc. UAC can be a pain. Another example... Elderly people that want email and web browser. If they see 2 UAC prompts, they are annoyed and want XP. UAC may not be as frequent, but it still happens. If you do it right, turning off UAC won't help spread the disease, and my network can still be safe. Although I do see your point in having an average joe turning off UAC with no other protection, puts in almost as the same risk as XP. The user will still have a user account, rather than an administrator account, though. -- Dustin Harper http://www.vistarip.com Kerry Brown wrote: If after the computer is setup you are constantly seeing UAC prompts you are doing something wrong. I hardly ever see a UAC prompt. While getting at financial information and identity theft is the goal of some malware it is not the goal of most current malware. Most current malware has the goal of extortion (e.g. spysherrif) or the goal of taking control of your computer to use it as a zombie. The extortion malware is very obvious when you get it. The trojans that take over your computer for use as a zombie are not. The fact that many hundreds of thousands of computers are available for sale as part of a botnet attests to the fact that you cannot secure XP (or any OS) if you run as an administrator. I see many computers that have up to date antivirus and antispyware software that are compromised in this fashion. UAC (or running XP as a standard user) would have stopped these infections. Turning off UAC may relieve some short term pain but it won't cure the disease and may have the opposite effect of helping to spread the disease. |
|
|||
UAC should have been a Business class feature, not for Home Users
On Sat, 24 Feb 2007 02:30:11 -0500, "JD Wohlever"
wrote: I hate to say so MS, but your average joe, the person you are making UAC for, is going to do exactly what they are doing, that is turning UAC off. I'm not a "average Joe" user and I turned off UAC too. I bet most have or will because it isn't any real improvement in security and as many have already found out be a real pain in the ass. You listed some good reasons why people don't like it. Perhaps the biggest flaw with UAC is Microsoft itself admits it is set up on purpose to be defeated. Read that last sentence again slowly so it sinks in. Don't just take my word for it. Listen to a "hacker", kind of cute looking one too, not all hackers are kids or pot belly beer slurping anti-social types. "Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out — from Microsoft officials — that the default no-admin setting isn't even a security mechanism anymore". "That's because Vista uses a compatibility database and several heuristics to recognize installer executables and, every time the OS detects that an executable is a setup program, "it will only allow running it as administrator." Note === On the surface this may sound like a good thing, actually its not. Keep reading, but read carefully. This, in Rutkowska's mind, is a "very severe hole in the design of UAC." In simple terms that means any hacker worth his or her salt could, problably with little effort desgin some malicious bit of code to pretend to be a "installer" type of application and Vista will unbuckle its belt, drop its pants to its anxles and let that code do whatever it wants, including access the deepest depths of Windows including the kernel, having its way also with other applications or your priceless data. More than just talk, this hacker did eactly that at a high volume conference of "black hat hackers" invited by Microsoft no less. A poster named dara summed it up quite nicely in another piece you can find he http://theinvisiblethings.blogspot.c...-big-joke.html A key point, I think, that Ms. Rutkowska made, perhaps unintentionally, is that Microsoft cannot be expected (for reasons of compatibility, I suppose) to design a completely new operating system. This speaks to the root of all their problems - even Vista is just a new shell built on top of old technologies. It's a bit like an upside down pyramid; eventually it will collapse entirely as the underlying structure proves incapable of sustaining all the new construction piling up on top of it. Perhaps because they serve a less diverse and expansive user base, Apple Computer was willing and able five or six years ago to do what Microsoft cannot - switch from their old, rickety operating system, with it's myriad vulnerabilities, to a new system (OS X), build on a sound, proven and substantially more secure foundation - UNIX. Since then the trojans and viruses which used to plague the Mac OS have dried up altogether. LINUX, the open source alternative to Windows that is growing steadily in popularity, is likewise modeled on UNIX. It's not unreasonable to conclude, therefore, that Windows in any form is living on borrowed time. Much of its current popularity is a result of little more than inertia. It's hard to see how even the billions Microsoft has committed to marketing Vista can make up for the core weakness of the underlying system. Vista may be an improvement over Windows XP in many respects, but the differences, like beauty, are only skin deep. Now read what Madam "hacker" Ms. Rutkowska said about UAC: http://blogs.zdnet.com/security/?p=29&tag=nl.e589 |
|
|||
UAC should have been a Business class feature, not for Home Users
On Sat, 24 Feb 2007 09:06:43 -0500, "Mike Hall - MS MVP Windows
Shell/User" wrote: Richard It is easier to buy, try, fail and rant than ever it is to ask for advice or help before making what turns out to be an ill-informed decision.. Imagine if all of these folk were presented with a computer that is entirely controlled by typing in stuff at a command prompt.. I don't know about you, but I would turn in my MVP badge and take up professional strawberry picking or similar.. Say Mike, wouldn't this be a good time to tell the nice people in this newsgroup you're actually a MICROSOFT product manager? Why keep that a secret? http://channel9.msdn.com/ShowPost.aspx?PostID=10924 This is you, right Mike? If so it does explain your outburts and bias, my goodness you're sure wound up tight. |
|
|||
UAC should have been a Business class feature, not for Home Users
What she would propose is a UAC dialog with three options.
Continue with system-wide access | Continue with program access | Cancel. Essentially splitting the admin account into an system-admin account which effects Windows, and one for writing to Program Files. Sure that's good for defending the system, but its hard enough to get developers to test their applications as a standard user. More can always be done on this front, and will be done in the future. -- Paul Smith, Yeovil, UK. Microsoft MVP Windows Shell/User. http://www.windowsresource.net/ *Remove nospam. to reply by e-mail* "Adam Albright" wrote in message ... On Sat, 24 Feb 2007 02:30:11 -0500, "JD Wohlever" wrote: I hate to say so MS, but your average joe, the person you are making UAC for, is going to do exactly what they are doing, that is turning UAC off. I'm not a "average Joe" user and I turned off UAC too. I bet most have or will because it isn't any real improvement in security and as many have already found out be a real pain in the ass. You listed some good reasons why people don't like it. Perhaps the biggest flaw with UAC is Microsoft itself admits it is set up on purpose to be defeated. Read that last sentence again slowly so it sinks in. Don't just take my word for it. Listen to a "hacker", kind of cute looking one too, not all hackers are kids or pot belly beer slurping anti-social types. "Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out - from Microsoft officials - that the default no-admin setting isn't even a security mechanism anymore". "That's because Vista uses a compatibility database and several heuristics to recognize installer executables and, every time the OS detects that an executable is a setup program, "it will only allow running it as administrator." Note === On the surface this may sound like a good thing, actually its not. Keep reading, but read carefully. This, in Rutkowska's mind, is a "very severe hole in the design of UAC." In simple terms that means any hacker worth his or her salt could, problably with little effort desgin some malicious bit of code to pretend to be a "installer" type of application and Vista will unbuckle its belt, drop its pants to its anxles and let that code do whatever it wants, including access the deepest depths of Windows including the kernel, having its way also with other applications or your priceless data. More than just talk, this hacker did eactly that at a high volume conference of "black hat hackers" invited by Microsoft no less. A poster named dara summed it up quite nicely in another piece you can find he http://theinvisiblethings.blogspot.c...-big-joke.html A key point, I think, that Ms. Rutkowska made, perhaps unintentionally, is that Microsoft cannot be expected (for reasons of compatibility, I suppose) to design a completely new operating system. This speaks to the root of all their problems - even Vista is just a new shell built on top of old technologies. It's a bit like an upside down pyramid; eventually it will collapse entirely as the underlying structure proves incapable of sustaining all the new construction piling up on top of it. Perhaps because they serve a less diverse and expansive user base, Apple Computer was willing and able five or six years ago to do what Microsoft cannot - switch from their old, rickety operating system, with it's myriad vulnerabilities, to a new system (OS X), build on a sound, proven and substantially more secure foundation - UNIX. Since then the trojans and viruses which used to plague the Mac OS have dried up altogether. LINUX, the open source alternative to Windows that is growing steadily in popularity, is likewise modeled on UNIX. It's not unreasonable to conclude, therefore, that Windows in any form is living on borrowed time. Much of its current popularity is a result of little more than inertia. It's hard to see how even the billions Microsoft has committed to marketing Vista can make up for the core weakness of the underlying system. Vista may be an improvement over Windows XP in many respects, but the differences, like beauty, are only skin deep. Now read what Madam "hacker" Ms. Rutkowska said about UAC: http://blogs.zdnet.com/security/?p=29&tag=nl.e589 |
|
|||
UAC Not install problem
Please - no net nanny's - the world has enough problems without your
constant nagging about something not being a friggin setup issue in your mind. We run this group - not you and we are the customer in case you've forgotten who's paying the freight here. I've read some of your posts in other groups and talk about being off-topic - yours certainly were so quit your bellyaching. We're kinda tired of your moaning about this - so either live with it or stop reading this group. Bob S. |
|
|||
UAC should have been a Business class feature, not for Home Users
Adam
No, that is not me.. one can't be a Microsoft employee and MVP status at the same time.. sorry to disappoint.. I am also not one of the Mike Hall's in any IBM company employee directory anymore, as I elected to leave IBM employ at the end of 2001.. I am Mike Hall, MS MVP Windows Shell/User, and I AM CANADIAN (well, I hold a permanent residence card.. for now).. "Adam Albright" wrote in message ... On Sat, 24 Feb 2007 09:06:43 -0500, "Mike Hall - MS MVP Windows Shell/User" wrote: Richard It is easier to buy, try, fail and rant than ever it is to ask for advice or help before making what turns out to be an ill-informed decision.. Imagine if all of these folk were presented with a computer that is entirely controlled by typing in stuff at a command prompt.. I don't know about you, but I would turn in my MVP badge and take up professional strawberry picking or similar.. Say Mike, wouldn't this be a good time to tell the nice people in this newsgroup you're actually a MICROSOFT product manager? Why keep that a secret? http://channel9.msdn.com/ShowPost.aspx?PostID=10924 This is you, right Mike? If so it does explain your outburts and bias, my goodness you're sure wound up tight. -- Mike Hall MS MVP Windows Shell/User http://msmvps.com/blogs/mikehall/ |
|
|||
UAC should have been a Business class feature, not for Home Users
On Sat, 24 Feb 2007 10:39:39 -0500, "Mike Hall - MS MVP Windows
Shell/User" wrote: Adam No, that is not me.. one can't be a Microsoft employee and MVP status at the same time.. sorry to disappoint.. Why I asked if it was you or not. Actually relieved, not disappointed. Was almost ready to dump my Microsoft stock. |
|
|||
UAC should have been a Business class feature, not for Home Users
You can turn off the UAC, buy going to Control Panel, User account, should
be the bottom option, Uncheck the box and reboot, No more nagging. Yes, you'll lose some of the extra security and protecting you from you and the unknowns. If you have a program that is not compatibile, there isn't much option but to get one that is or wait for one to come out. Or scour that products forums and see if anyone has found a work around. "ceece" wrote in message ... I like this thread as it explains very well, (thank you JD) my biggest complaint with this new Vista. I'm assuming UAC is user admin. control and it sounds like we can turn this annoying thing off totally! Yippee.... where can I find directions for doing that and maybe uninstalling it forever? And if so, does that mean our level of security will be only less the "improvements" and only that of my old XP? (thank GOD I still have and use that computer too) AVG and Spybot have served me well in over 10 years. That and a little common sense go a long ways. Also a simple drop/drag to create a shortcut on my desktop from the program files pops up two windows... are you sure you want to do this? Does anyone know how I can stop that popup too? I do like the "program compability feature"-- Except, when we are installing a program that is Not compatible and there's no solution---then what? Is it half installed, do I need to uninstall what was started? I had trouble finding the add/remove programs section and I notice it does NOT list everything. That is another big issue with me. It took quite awhile to remove all the ISP junk and advertising off this new computer and I don't even know that I did remove it all since MSN, AOL and that other junk were not listed in add/remove. Everything has been reorganized to the point that it is difficult and not easier. I am seriously considering the idea of removing Vista and replacing with Xp, since HP finally mailed me the restore disks from that class action suit. Sorry for so many questions. Thank you in advance for those of you that help answer my questions. ceece "JD Wohlever" wrote: I hate to say so MS, but your average joe, the person you are making UAC for, is going to do exactly what they are doing, that is turning UAC off. Example, my mother is your basic Internet User. She just graduated from AOL to a normal broadband connection after me telling her for years how much better broadband would be for her. She bought a PC that had Vista Home Premium on it. Suddenly dial-up became a major pain in the butt because Vista is geared more toward a constant net connection. No problem there, I agree. However, 2 days later she calls me up and asks me to put Windows XP back on her computer. When I ask her why, the response " I'm sick of the computer asking me questions every 5 seconds. It didn't do it before. I have an anti-virus, a firewall, and a anti-spyware program running. Why do I have to OK every single thing I do?" I tried explaining the benefits, but she would hear none of it. She has been told by the Norton's and the AdAware's of the world that as long as she runs their programs and practices safe netting that she is ok. So it was either turn UAC off or install Windows XP for her, she was that serious. And to be honest, I understand how she feels. In 5 years she has never had a virus, has only had very light malware (Which SpyBot SD quickly removed), and has nothing of hi-value on her PC for a hacker to have much interest in other than family photo's of the dog etc. My point being is that the average user who buys Windows HOME versions are not going to WANT this elevated security, and as soon as they find a way to remove it, they will. MS should have made UAC a Business / Enterprise feature and left the standard user and admin feature set of XP for the Home licenses of Vista. I build PC's for a living so I know the problems that John Q Public can make for their selves on a PC on the net with no protection. But simple education and running the big 3 (Anti-virus, Anti-spyware and Firewalls) should be more than enough to protect them. Now if they are stupid enough to store all their financial information or work related trade secrets and not have the "the big 3" then they certainly aren't going to tolerate UAC. -- Thank you, JD Wohlever Techware Grafx techware(dash)grafx(at)hotmail(dot)com "Kerry Brown" *a*m wrote in message ... There is some pain associated with UAC. Jimmy Brush's post explains it very well. I'll add a bit of history as to how we got to UAC and why it's needed. There were two families of Windows, NT based (Windows NT) and DOS based (Windows 95). NT was mostly used in business networks and had excellent security. Everyone ran as a standard user and only used administrator accounts for things like installing programs, maintenance etc. Win95 really had no security as it was based on DOS and all users had total control of the system at all times. Windows 95 became very popular and many programs were written for it. Microsoft published guidelines on how to program using established APIs and recommended programmers use this method. Because the hardware at the time was limited, programming through the documented APIs made for slow programs. Most programmers including those at Microsoft, ignored the APIs and basically did what they had to to get their programs running at the speed end users expected. This is where most current programmers got their start and learned their habits. As time progressed the DOS based versions of Windows were abandoned and the NT and DOS world merged in XP which is NT based. All the end users and programmers from the DOS world didn't change their ways. End users ran as administrators all the time and programmers bypassed the APIs and expected the users to be running as administrators. Around this time the Internet exploded. Malware became a major problem exacerbated by the way programmers and end users were using Windows. There was no way to secure XP given this situation. Microsoft decided to write a new more secure OS. There is a lot of changes under the hood but in the end the best security is to enforce programmers to use the APIs and not have end users running as administrators. Unfortunately this would break almost all existing software. Thus we have UAC. It allows most old programs to do what they do and tricks them into thinking it worked. It also allows users to run as an administrator but gives them a warning when those administrator privileges are going to be used. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca "alex" wrote in message ... Hi Kerry, Here's the problem with Vistas security as I see it. I am a long time Windows user with, at best, an intermediate knowledge of how programs work and how they're supposed to work with computers. Whenever Windows prompts me for confirmation regarding a security issue, to be honest, at times, I haven't the slightest clue whether I should allow or cancel something. Other than the most obvious "A program is trying to destroy your hard-drive and clean out your bank account" message, I'm likely going to let the program do what it wants to do. I minimize my exposure to to malware by not downloading software or opening e-mail attachments with which I'm not familiar. But sometimes I visit CNN.com or MSN or something as seemingly benign and I'm told that an update has to be performed and I'm asked if I trust the source. No, I don't trust the source. But if I'm going want to visit those sites I have to allow changes to be made. The UAC just annoys me and actually puts me in the habit of just clicking "continue" without reading what the window says. Ehhh. Personal preference I guess. BTW: This reminds me of how Microsoft didn't give the user the ability to download attachments in Outlook in Office XP (I think it was XP). What a pain-in-the-a@@ that was. "Kerry Brown" wrote: Disabling UAC disables much of the improved security in Vista. Once you have your computer set up as you want it, it is recommended to turn UAC back on. You can do everything you always did with UAC on you just have to do it in a new way. UAC actually gives you more control as you now know when a program is about to do something that may affect the whole system. This is the price of security. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca "alex" wrote in message ... Never mind. I found the UAC options. "alex" wrote: How may I disable all the prompts that appear whenever I try to do something like uninstall a program or delete a file or directory? Vista Premium Thanks, Alex |
|
|||
UAC Not install problem
It's not a Games issue either :P Just kidding "BobS" wrote in message ... Please - no net nanny's - the world has enough problems without your constant nagging about something not being a friggin setup issue in your mind. We run this group - not you and we are the customer in case you've forgotten who's paying the freight here. I've read some of your posts in other groups and talk about being off-topic - yours certainly were so quit your bellyaching. We're kinda tired of your moaning about this - so either live with it or stop reading this group. Bob S. |
|
|||
UAC should have been a Business class feature, not for Home Users
And how does the security in 'nix work? By separating users and superusers
(administrators). If you ran Linux as root (administrator) all the time you would be much less secure than running Vista with UAC enabled. The old saying "You can't have your cake and eat it too" is still true. Increased security means increased complexity and inconvenience for the user. I don't think anyone who knows anything about security would disagree with the statement that Windows XP cannot be secured. It can be made more secure but if you run as an administrator malware can find a way in. You can have all the malware protection you want, you are still vulnerable to a zero day attack. With Vista and UAC zero day attacks will certainly happen but UAC will at least give you a warning that something is up. What you do with that warning is still up to you. I do see Joanna Rutkowski's point about UAC only allowing programs that it deems to be an installer to run as an administrator. I also see Microsoft's point about why this is so. If you read the next article in her blog she also admits this. The point of this is so that you will always know when a program is trying to install something. The down side as she rightly points out is that for older programs that don't need administrator privileges to install they will get them anyway. With installers written for Vista this problem doesn't exist as the installer can notify Vista it doesn't need admin privileges and it won't get them. This design feature could be exploited by a social engineering attack. It's a bit of a catch-22 situation. Do you just let all of these old installers fail until the end user explicitly uses Run as administrator? This would cause even more frustration than exists now and even more people will turn UAC off. Or do you do what Microsoft has done and try to determine if a program is an installer and throw a UAC prompt? I haven't made up my mind which is the better way but it is a conscious design decision not a bug. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca "Adam Albright" wrote in message ... On Sat, 24 Feb 2007 02:30:11 -0500, "JD Wohlever" wrote: I hate to say so MS, but your average joe, the person you are making UAC for, is going to do exactly what they are doing, that is turning UAC off. I'm not a "average Joe" user and I turned off UAC too. I bet most have or will because it isn't any real improvement in security and as many have already found out be a real pain in the ass. You listed some good reasons why people don't like it. Perhaps the biggest flaw with UAC is Microsoft itself admits it is set up on purpose to be defeated. Read that last sentence again slowly so it sinks in. Don't just take my word for it. Listen to a "hacker", kind of cute looking one too, not all hackers are kids or pot belly beer slurping anti-social types. "Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out - from Microsoft officials - that the default no-admin setting isn't even a security mechanism anymore". "That's because Vista uses a compatibility database and several heuristics to recognize installer executables and, every time the OS detects that an executable is a setup program, "it will only allow running it as administrator." Note === On the surface this may sound like a good thing, actually its not. Keep reading, but read carefully. This, in Rutkowska's mind, is a "very severe hole in the design of UAC." In simple terms that means any hacker worth his or her salt could, problably with little effort desgin some malicious bit of code to pretend to be a "installer" type of application and Vista will unbuckle its belt, drop its pants to its anxles and let that code do whatever it wants, including access the deepest depths of Windows including the kernel, having its way also with other applications or your priceless data. More than just talk, this hacker did eactly that at a high volume conference of "black hat hackers" invited by Microsoft no less. A poster named dara summed it up quite nicely in another piece you can find he http://theinvisiblethings.blogspot.c...-big-joke.html A key point, I think, that Ms. Rutkowska made, perhaps unintentionally, is that Microsoft cannot be expected (for reasons of compatibility, I suppose) to design a completely new operating system. This speaks to the root of all their problems - even Vista is just a new shell built on top of old technologies. It's a bit like an upside down pyramid; eventually it will collapse entirely as the underlying structure proves incapable of sustaining all the new construction piling up on top of it. Perhaps because they serve a less diverse and expansive user base, Apple Computer was willing and able five or six years ago to do what Microsoft cannot - switch from their old, rickety operating system, with it's myriad vulnerabilities, to a new system (OS X), build on a sound, proven and substantially more secure foundation - UNIX. Since then the trojans and viruses which used to plague the Mac OS have dried up altogether. LINUX, the open source alternative to Windows that is growing steadily in popularity, is likewise modeled on UNIX. It's not unreasonable to conclude, therefore, that Windows in any form is living on borrowed time. Much of its current popularity is a result of little more than inertia. It's hard to see how even the billions Microsoft has committed to marketing Vista can make up for the core weakness of the underlying system. Vista may be an improvement over Windows XP in many respects, but the differences, like beauty, are only skin deep. Now read what Madam "hacker" Ms. Rutkowska said about UAC: http://blogs.zdnet.com/security/?p=29&tag=nl.e589 |