Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Windows Vista File Management Issues or questions in relation to Vista's file management. (microsoft.public.windows.vista.file_management) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
UAC should have been a Business class feature, not for Home Users
"Mike Hall - MS MVP Windows Shell/User" wrote in message
... I am Mike Hall, MS MVP Windows Shell/User, and I AM CANADIAN (well, I hold a permanent residence card.. for now).. Draft Doger ! ! ! Just kidding |
|
|||
UAC should have been a Business class feature, not for Home Users
If after the computer is setup you are constantly seeing UAC prompts you are
doing something wrong. I hardly ever see a UAC prompt. While getting at financial information and identity theft is the goal of some malware it is not the goal of most current malware. Most current malware has the goal of extortion (e.g. spysherrif) or the goal of taking control of your computer to use it as a zombie. The extortion malware is very obvious when you get it. The trojans that take over your computer for use as a zombie are not. The fact that many hundreds of thousands of computers are available for sale as part of a botnet attests to the fact that you cannot secure XP (or any OS) if you run as an administrator. I see many computers that have up to date antivirus and antispyware software that are compromised in this fashion. UAC (or running XP as a standard user) would have stopped these infections. Turning off UAC may relieve some short term pain but it won't cure the disease and may have the opposite effect of helping to spread the disease. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca "JD Wohlever" wrote in message ... I hate to say so MS, but your average joe, the person you are making UAC for, is going to do exactly what they are doing, that is turning UAC off. Example, my mother is your basic Internet User. She just graduated from AOL to a normal broadband connection after me telling her for years how much better broadband would be for her. She bought a PC that had Vista Home Premium on it. Suddenly dial-up became a major pain in the butt because Vista is geared more toward a constant net connection. No problem there, I agree. However, 2 days later she calls me up and asks me to put Windows XP back on her computer. When I ask her why, the response " I'm sick of the computer asking me questions every 5 seconds. It didn't do it before. I have an anti-virus, a firewall, and a anti-spyware program running. Why do I have to OK every single thing I do?" I tried explaining the benefits, but she would hear none of it. She has been told by the Norton's and the AdAware's of the world that as long as she runs their programs and practices safe netting that she is ok. So it was either turn UAC off or install Windows XP for her, she was that serious. And to be honest, I understand how she feels. In 5 years she has never had a virus, has only had very light malware (Which SpyBot SD quickly removed), and has nothing of hi-value on her PC for a hacker to have much interest in other than family photo's of the dog etc. My point being is that the average user who buys Windows HOME versions are not going to WANT this elevated security, and as soon as they find a way to remove it, they will. MS should have made UAC a Business / Enterprise feature and left the standard user and admin feature set of XP for the Home licenses of Vista. I build PC's for a living so I know the problems that John Q Public can make for their selves on a PC on the net with no protection. But simple education and running the big 3 (Anti-virus, Anti-spyware and Firewalls) should be more than enough to protect them. Now if they are stupid enough to store all their financial information or work related trade secrets and not have the "the big 3" then they certainly aren't going to tolerate UAC. -- Thank you, JD Wohlever Techware Grafx techware(dash)grafx(at)hotmail(dot)com "Kerry Brown" *a*m wrote in message ... There is some pain associated with UAC. Jimmy Brush's post explains it very well. I'll add a bit of history as to how we got to UAC and why it's needed. There were two families of Windows, NT based (Windows NT) and DOS based (Windows 95). NT was mostly used in business networks and had excellent security. Everyone ran as a standard user and only used administrator accounts for things like installing programs, maintenance etc. Win95 really had no security as it was based on DOS and all users had total control of the system at all times. Windows 95 became very popular and many programs were written for it. Microsoft published guidelines on how to program using established APIs and recommended programmers use this method. Because the hardware at the time was limited, programming through the documented APIs made for slow programs. Most programmers including those at Microsoft, ignored the APIs and basically did what they had to to get their programs running at the speed end users expected. This is where most current programmers got their start and learned their habits. As time progressed the DOS based versions of Windows were abandoned and the NT and DOS world merged in XP which is NT based. All the end users and programmers from the DOS world didn't change their ways. End users ran as administrators all the time and programmers bypassed the APIs and expected the users to be running as administrators. Around this time the Internet exploded. Malware became a major problem exacerbated by the way programmers and end users were using Windows. There was no way to secure XP given this situation. Microsoft decided to write a new more secure OS. There is a lot of changes under the hood but in the end the best security is to enforce programmers to use the APIs and not have end users running as administrators. Unfortunately this would break almost all existing software. Thus we have UAC. It allows most old programs to do what they do and tricks them into thinking it worked. It also allows users to run as an administrator but gives them a warning when those administrator privileges are going to be used. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca "alex" wrote in message ... Hi Kerry, Here's the problem with Vistas security as I see it. I am a long time Windows user with, at best, an intermediate knowledge of how programs work and how they're supposed to work with computers. Whenever Windows prompts me for confirmation regarding a security issue, to be honest, at times, I haven't the slightest clue whether I should allow or cancel something. Other than the most obvious "A program is trying to destroy your hard-drive and clean out your bank account" message, I'm likely going to let the program do what it wants to do. I minimize my exposure to to malware by not downloading software or opening e-mail attachments with which I'm not familiar. But sometimes I visit CNN.com or MSN or something as seemingly benign and I'm told that an update has to be performed and I'm asked if I trust the source. No, I don't trust the source. But if I'm going want to visit those sites I have to allow changes to be made. The UAC just annoys me and actually puts me in the habit of just clicking "continue" without reading what the window says. Ehhh. Personal preference I guess. BTW: This reminds me of how Microsoft didn't give the user the ability to download attachments in Outlook in Office XP (I think it was XP). What a pain-in-the-a@@ that was. "Kerry Brown" wrote: Disabling UAC disables much of the improved security in Vista. Once you have your computer set up as you want it, it is recommended to turn UAC back on. You can do everything you always did with UAC on you just have to do it in a new way. UAC actually gives you more control as you now know when a program is about to do something that may affect the whole system. This is the price of security. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca "alex" wrote in message ... Never mind. I found the UAC options. "alex" wrote: How may I disable all the prompts that appear whenever I try to do something like uninstall a program or delete a file or directory? Vista Premium Thanks, Alex |
|
|||
UAC should have been a Business class feature, not for Home Users
On my account? How thoughtful of you, Adam.. you really do care..
"Adam Albright" wrote in message ... On Sat, 24 Feb 2007 10:39:39 -0500, "Mike Hall - MS MVP Windows Shell/User" wrote: Adam No, that is not me.. one can't be a Microsoft employee and MVP status at the same time.. sorry to disappoint.. Why I asked if it was you or not. Actually relieved, not disappointed. Was almost ready to dump my Microsoft stock. -- Mike Hall MS MVP Windows Shell/User http://msmvps.com/blogs/mikehall/ |
|
|||
UAC should have been a Business class feature, not for Home Users
This will take time but as programs are updated for Vista UAC will become
less of a hassle. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca "Dustin Harper" wrote in message ... After the computer is setup and all applications are installed, you should rarely see a UAC prompt. But how many users buy a new Dell and it has all the programs (that you WANT) installed on it? I run the firewall as an added level of security, not as a replacement of other methods of security. As a PC tweaker, I am constantly making changes to my PC, registry, installing new programs, hardware, etc. UAC can be a pain. Another example... Elderly people that want email and web browser. If they see 2 UAC prompts, they are annoyed and want XP. UAC may not be as frequent, but it still happens. If you do it right, turning off UAC won't help spread the disease, and my network can still be safe. Although I do see your point in having an average joe turning off UAC with no other protection, puts in almost as the same risk as XP. The user will still have a user account, rather than an administrator account, though. -- Dustin Harper http://www.vistarip.com Kerry Brown wrote: If after the computer is setup you are constantly seeing UAC prompts you are doing something wrong. I hardly ever see a UAC prompt. While getting at financial information and identity theft is the goal of some malware it is not the goal of most current malware. Most current malware has the goal of extortion (e.g. spysherrif) or the goal of taking control of your computer to use it as a zombie. The extortion malware is very obvious when you get it. The trojans that take over your computer for use as a zombie are not. The fact that many hundreds of thousands of computers are available for sale as part of a botnet attests to the fact that you cannot secure XP (or any OS) if you run as an administrator. I see many computers that have up to date antivirus and antispyware software that are compromised in this fashion. UAC (or running XP as a standard user) would have stopped these infections. Turning off UAC may relieve some short term pain but it won't cure the disease and may have the opposite effect of helping to spread the disease. |
|
|||
UAC should have been a Business class feature, not for Home Users
On Sat, 24 Feb 2007 08:29:25 -0800, "Kerry Brown"
*a*m wrote: If after the computer is setup you are constantly seeing UAC prompts you are doing something wrong. I hardly ever see a UAC prompt. That's way too broad a generalization. I'm hardly a casual user. I went against typical "sage" advice and did a install in place as opposed to a clean install because I got nearly 2 TB worth of stuff. A nightmare to reinstall and reconfigure obviously. So I gambled (after making so I had current backup) and it worked, ie no troubles transferring applications, settings and data files from XP to Vista with a couple minor hickups. However once Vista was up and running it drove me crazy. Every couple minutes it would pop up some moronic UAC window, gray my screen, nag, nag, nag. If Windows did what it said, mirror my settings and in effect save my system and only overlayed Vista then is already knows or should know much of the stuff it keeps nagging about. What's worse of course if if your move files around a lot, and I do, it shouldn't nag, nag, nag, that in effect the user that has administrative rights which has already done the same task repeatedly, ie move files from Drive E Folder A, to Drive F Folder B needs again, over and over Ad nauseam to get permission from his operating system, click yes I want to do this time and time again until you are literally ready to toss your monitor out the nearest window. That is what I would call poor design and something no power user would ever put up with for more than a few minutes which is why many people, even MVP's turn UAC off. While getting at financial information and identity theft is the goal of some malware it is not the goal of most current malware. Most current malware has the goal of extortion (e.g. spysherrif) or the goal of taking control of your computer to use it as a zombie. The extortion malware is very obvious when you get it. The trojans that take over your computer for use as a zombie are not. The fact that many hundreds of thousands of computers are available for sale as part of a botnet attests to the fact that you cannot secure XP (or any OS) if you run as an administrator. I see many computers that have up to date antivirus and antispyware software that are compromised in this fashion. UAC (or running XP as a standard user) would have stopped these infections. Turning off UAC may relieve some short term pain but it won't cure the disease and may have the opposite effect of helping to spread the disease. I think a lot of people would call Windows the biggest and most pervasive virus to ever infect a computer. giggle I think most knowledgeable people if being totally honest would admit no version of Windows is secure or can be made totally secure. So no matter how much Windows gets "improved" it is really just patches on top of previous patches. The bottom line is Microsoft is stuck. It knows better then anybody the real solution is to start over. From scratch. It won't and can't really because to do that would blow the world's biggest installed user base that demands that each new version of Windows be more or less backward compatible with what hardware and software that ran on earlier versions of Windows. The old catch 22. Sure, I have no doubt if Microsoft really wanted to they could deliver on a very robost Windows or something called something else. To do that would mean they would have to be willing to give up a sizable chuck of their users and obviously they don't want to do that and the irony is way too many users don't want a total new and completely different OS either because they would have to dump a lot of their current hardware and software. If they did that, unlikely they would pick any Microsoft OS as their OS of first choice. |
|
|||
UAC should have been a Business class feature, not for Home Users
"Adam Albright" wrote in message
... On Sat, 24 Feb 2007 08:29:25 -0800, "Kerry Brown" *a*m wrote: If after the computer is setup you are constantly seeing UAC prompts you are doing something wrong. I hardly ever see a UAC prompt. That's way too broad a generalization. I'm hardly a casual user. I went against typical "sage" advice and did a install in place as opposed to a clean install because I got nearly 2 TB worth of stuff. A nightmare to reinstall and reconfigure obviously. So I gambled (after making so I had current backup) and it worked, ie no troubles transferring applications, settings and data files from XP to Vista with a couple minor hickups. However once Vista was up and running it drove me crazy. Every couple minutes it would pop up some moronic UAC window, gray my screen, nag, nag, nag. If Windows did what it said, mirror my settings and in effect save my system and only overlayed Vista then is already knows or should know much of the stuff it keeps nagging about. What's worse of course if if your move files around a lot, and I do, it shouldn't nag, nag, nag, that in effect the user that has administrative rights which has already done the same task repeatedly, ie move files from Drive E Folder A, to Drive F Folder B needs again, over and over Ad nauseam to get permission from his operating system, click yes I want to do this time and time again until you are literally ready to toss your monitor out the nearest window. That is what I would call poor design and something no power user would ever put up with for more than a few minutes which is why many people, even MVP's turn UAC off. While getting at financial information and identity theft is the goal of some malware it is not the goal of most current malware. Most current malware has the goal of extortion (e.g. spysherrif) or the goal of taking control of your computer to use it as a zombie. The extortion malware is very obvious when you get it. The trojans that take over your computer for use as a zombie are not. The fact that many hundreds of thousands of computers are available for sale as part of a botnet attests to the fact that you cannot secure XP (or any OS) if you run as an administrator. I see many computers that have up to date antivirus and antispyware software that are compromised in this fashion. UAC (or running XP as a standard user) would have stopped these infections. Turning off UAC may relieve some short term pain but it won't cure the disease and may have the opposite effect of helping to spread the disease. I think a lot of people would call Windows the biggest and most pervasive virus to ever infect a computer. giggle I think most knowledgeable people if being totally honest would admit no version of Windows is secure or can be made totally secure. So no matter how much Windows gets "improved" it is really just patches on top of previous patches. The bottom line is Microsoft is stuck. It knows better then anybody the real solution is to start over. From scratch. It won't and can't really because to do that would blow the world's biggest installed user base that demands that each new version of Windows be more or less backward compatible with what hardware and software that ran on earlier versions of Windows. The old catch 22. Sure, I have no doubt if Microsoft really wanted to they could deliver on a very robost Windows or something called something else. To do that would mean they would have to be willing to give up a sizable chuck of their users and obviously they don't want to do that and the irony is way too many users don't want a total new and completely different OS either because they would have to dump a lot of their current hardware and software. If they did that, unlikely they would pick any Microsoft OS as their OS of first choice. If you have that many programs that cause a UAC prompt you should have stuck with XP until there were Vista compatible versions of them. I move files around my network all the time and never see a UAC prompt because of moving files. You may have to change your habits as to where you store your files but simply moving files around doesn't cause a UAC prompt. You say no version of Windows can be made secure. I'd extend that to say that no OS can be made secure. The better ones at security all use some method to stop normal users from changing system wide settings and changing system files. I'll make another broad generalization and say that most Vista users who have considerable experience with OS' than Windows leave UAC on. It's mostly the long time Windows users and programmers who haven't used other OS' who are whining the loudest about UAC. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca |
|
|||
UAC should have been a Business class feature, not for Home Users
The only way to fully secure a PC is to unplug it from the network and
turn the power off. No OS is fully secure, even a read only CD based install (something is running in RAM). With Windows Vista, they increased the security. But, again, when I do security it has to be as transparent to the end user as possible yet being as secure as possible. -- Dustin Harper http://www.vistarip.com Adam Albright wrote: On Sat, 24 Feb 2007 08:29:25 -0800, "Kerry Brown" *a*m wrote: If after the computer is setup you are constantly seeing UAC prompts you are doing something wrong. I hardly ever see a UAC prompt. That's way too broad a generalization. I'm hardly a casual user. I went against typical "sage" advice and did a install in place as opposed to a clean install because I got nearly 2 TB worth of stuff. A nightmare to reinstall and reconfigure obviously. So I gambled (after making so I had current backup) and it worked, ie no troubles transferring applications, settings and data files from XP to Vista with a couple minor hickups. However once Vista was up and running it drove me crazy. Every couple minutes it would pop up some moronic UAC window, gray my screen, nag, nag, nag. If Windows did what it said, mirror my settings and in effect save my system and only overlayed Vista then is already knows or should know much of the stuff it keeps nagging about. What's worse of course if if your move files around a lot, and I do, it shouldn't nag, nag, nag, that in effect the user that has administrative rights which has already done the same task repeatedly, ie move files from Drive E Folder A, to Drive F Folder B needs again, over and over Ad nauseam to get permission from his operating system, click yes I want to do this time and time again until you are literally ready to toss your monitor out the nearest window. That is what I would call poor design and something no power user would ever put up with for more than a few minutes which is why many people, even MVP's turn UAC off. While getting at financial information and identity theft is the goal of some malware it is not the goal of most current malware. Most current malware has the goal of extortion (e.g. spysherrif) or the goal of taking control of your computer to use it as a zombie. The extortion malware is very obvious when you get it. The trojans that take over your computer for use as a zombie are not. The fact that many hundreds of thousands of computers are available for sale as part of a botnet attests to the fact that you cannot secure XP (or any OS) if you run as an administrator. I see many computers that have up to date antivirus and antispyware software that are compromised in this fashion. UAC (or running XP as a standard user) would have stopped these infections. Turning off UAC may relieve some short term pain but it won't cure the disease and may have the opposite effect of helping to spread the disease. I think a lot of people would call Windows the biggest and most pervasive virus to ever infect a computer. giggle I think most knowledgeable people if being totally honest would admit no version of Windows is secure or can be made totally secure. So no matter how much Windows gets "improved" it is really just patches on top of previous patches. The bottom line is Microsoft is stuck. It knows better then anybody the real solution is to start over. From scratch. It won't and can't really because to do that would blow the world's biggest installed user base that demands that each new version of Windows be more or less backward compatible with what hardware and software that ran on earlier versions of Windows. The old catch 22. Sure, I have no doubt if Microsoft really wanted to they could deliver on a very robost Windows or something called something else. To do that would mean they would have to be willing to give up a sizable chuck of their users and obviously they don't want to do that and the irony is way too many users don't want a total new and completely different OS either because they would have to dump a lot of their current hardware and software. If they did that, unlikely they would pick any Microsoft OS as their OS of first choice. |
|
|||
UAC should have been a Business class feature, not for Home Users
"Kerry Brown" *a*m wrote in message
... I'll make another broad generalization and say that most Vista users who have considerable experience with OS' than Windows leave UAC on. It's mostly the long time Windows users and programmers who haven't used other OS' who are whining the loudest about UAC. Good observation. I've just started the update manager on Linux to download some patches, I had to supply my password for it to start up. That's just normal. Running with administrative rights is *bad*. Sure UAC could do with a few improvements - the system should auto-allow any prompts from say the Control Panel for x number of minutes once you've accepted one already. I think that will solve most complaints. It would also be nice to prompt when something makes a change instead of when the app launches. Like you can open the Device Manager without being prompted, and then if you chance something to be prompted. But that will require a huge amount of work to be done to implement that. But ultimately we have to let go of running everything with full rights to the box. It's a bad habit, and its a shame so many developers are slow in reacting. -- Paul Smith, Yeovil, UK. Microsoft MVP Windows Shell/User. http://www.windowsresource.net/ *Remove nospam. to reply by e-mail* |
|
|||
UAC should have been a Business class feature, not for Home Users
On Sat, 24 Feb 2007 22:14:53 -0000, "Paul Smith"
wrote: "Kerry Brown" *a*m wrote in message .. . I'll make another broad generalization and say that most Vista users who have considerable experience with OS' than Windows leave UAC on. It's mostly the long time Windows users and programmers who haven't used other OS' who are whining the loudest about UAC. Good observation. I've just started the update manager on Linux to download some patches, I had to supply my password for it to start up. That's just normal. Running with administrative rights is *bad*. If running with administrative rights is bad (agreed) then why in the heck does Microsoft under Vista give all installer applications Administrative rights? Hint: That means any malicious code can pretend to be a "installer" too and in effect gain access to anything on your computer including Windows kernel or YOUR data. It doesn't make much sense to me. Wish somebody would attempt to explain why UAC as presently configured is such a great idea. I even see several MVP's saying they turned it off, now if we could just get them to stop top posting. snicker |
|
|||
UAC should have been a Business class feature, not for Home Users
You had to supply your "root" password - the same as running Windows as
administrator. All these people complaining, especially the e-zine columnists, have never before worked with a secure operating system. -- Regards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! "Paul Smith" wrote in message ... "Kerry Brown" *a*m wrote in message ... I'll make another broad generalization and say that most Vista users who have considerable experience with OS' than Windows leave UAC on. It's mostly the long time Windows users and programmers who haven't used other OS' who are whining the loudest about UAC. Good observation. I've just started the update manager on Linux to download some patches, I had to supply my password for it to start up. That's just normal. Running with administrative rights is *bad*. Sure UAC could do with a few improvements - the system should auto-allow any prompts from say the Control Panel for x number of minutes once you've accepted one already. I think that will solve most complaints. It would also be nice to prompt when something makes a change instead of when the app launches. Like you can open the Device Manager without being prompted, and then if you chance something to be prompted. But that will require a huge amount of work to be done to implement that. But ultimately we have to let go of running everything with full rights to the box. It's a bad habit, and its a shame so many developers are slow in reacting. -- Paul Smith, Yeovil, UK. Microsoft MVP Windows Shell/User. http://www.windowsresource.net/ *Remove nospam. to reply by e-mail* |