Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Windows Vista File Management Issues or questions in relation to Vista's file management. (microsoft.public.windows.vista.file_management) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
UAC should have been a Business class feature, not for Home Users
On Sat, 24 Feb 2007 02:30:11 -0500, "JD Wohlever"
MS should have made UAC a Business / Enterprise feature and left the standard user and admin feature set of XP for the Home licenses of Vista. 95% of spam is sent through botnets, and them botted PCs aren't just in the corporate world. When 3-year-olds smack each other, it's ugly but harmless. When a 16-yer-old pulls an Uzi and goes postal, it matters. When consumers were putting around with dial-up, it didn't matter to the rest of us if they got infected. When they pack always-on broadband and wide-open WiFi, it matters far more. The real question is; how did the lanscape get so ugly that web pages, email "messages" and "documents" can automate rings around users without their noticing? That crap design is the Pandora flood that we're trying to mop up with a UAC hankie. --------------- ---- --- -- - - - - Saws are too hard to use. Be easier to use! --------------- ---- --- -- - - - - |
|
|||
This ain't no MSFT hotline; and cross posting doesn't help you get anything done.
On Sun, 25 Feb 2007 19:30:45 -0500, "Chad Harris"
vistaneedsmuchowork.net wrote: People who help consistently on groups have been posting when the OP is off topic where to post it for years. You're just a newbie and instead of putting up substantive help you seem obsessed with your delusion that I want to be in charge. I want people to read the name of the group and post appropriate to it. MSFT names it. They purport to be "in charge." Take your bitching to them. CH "Adam Albright" wrote in message .. . On Sun, 25 Feb 2007 10:36:43 -0500, "Chad Harris" vistaneedsmuchowork.net wrote: Read my lips Albright. I'm not in charge of any newsgroup. I've participated in them for years. But I rarely see threads that have nothing to do with the newsgroup on any of the hundreds of MSFT groups. This group became an exception the day that MSFT began selling Vista in stores. As somebody has already pointed out Chad Harris, you're behaving like a a-hole. I'm sure you're really a nice guy, but nobody will ever know if you keep having temper tantrums, especially over nothing. Again I need to ask you, what did you expect? Of COURSE this newsgroup got more busy the day Vista hit the shelves. Does that surprise you? It seems like half the posts here are from you bitching about cross posting and bellyaching the question wasn't asked in the "right" newsgroup. Sorry, the somewhat weird sense of humor I have, that's damn funny to see you with your shorts all bunched up over nothing. You're twisting in the wind due totally to what you yourself have said and can't figure out why most people are probably laughing their ass off over how you are acting. I'm not mad at you, doubt anybody really is, we're just playing with you. You need to calm down. There is no reason whatsoever to dump issues unrelated to setup in this group and it distracts from the title and purpose of the group. Listen fella, NOBODY distracts more in this newsgroup then you do. For somebody that bitches about off-topic posts it should dawn on you that your posts are more off topic than anybody's. Duh! How dumb does someone have to be to dump off topic issues into a setup group when there are a dozen or so more groups for them? How dumb does somebody have to be to keep beating a dead horse? |
|
|||
This ain't no MSFT hotline; and cross posting doesn't help you get anything done.
Chad,
We have read the name of the newsgroup and we read the quality of the posts from the MVP's and others that are trying to help - and this is the place that is offering the best solutions. You've been reading the other groups, and I've made posts to the other groups as well as many others but we come back here - wonder why? It may be a matter of perception on what constitutes a set-up issue or not. Your undefined definition is to narrow for our liking is what you're being told by myself and others. Is there a charter for this group? I read something on the MS site about keeping the threads "relevant to the topic being discussed" and that is a pretty broad statement if I recall it correctly. At any rate, the message also recognized that some off-topic discussions will result from on-topic discussions simply (and I'm implying this) because they aid in the understanding and troubleshooting effort. So if someone can't get Vista setup on his system and along the way someone here (like an MVP) suggests he may have a driver problem as well as some other issues, does he now take his questions to "general", "devices" or whatever? No, it stay's here - it's relevant and since it's "we" (the group cabal) that decides what gets answered or not and not "you", your posts about taking a question elsewhere will continued to be ignored and criticized. I think you're wound up a bit to tight over nothing and our jerking you around a bit because of it has really got you in a dither. This is a friggin newsgroup with people trying to help others the best they can. Without us, M$ would not exist - right? Join in and quit being so tight-ass - this isn't boot camp. Relax, help those you can and try to enjoy life a little - it's only a computer operating system we're fussing about here - not your wife or your girlfriend or boyfriend. As for taking our bitching to MSFT.....yeah right. As I said in one of my posts already, if the free MS tech support was any good, we would use them. I made my one call, got some silly answer from someone in India, I said thank you and came here to get the "real" help. If you take a good read Chad you'll notice that we (the ones twisting you around) have also been trying to help others here and saying Thanks to others who have helped in-kind. A good example is some of Adam's observations and detailed posts. Sure he ranted a bit, so did I - you're dealing with a couple of frustrated perfectionists here (you can't win) who have been around the block a few times, have written hardware drivers in machine code and assembly language. We've dealt with many OS's, we and many others have paid our dues so to speak and we've paid a good money for Vista. It's good/bad and somewhere in-between.... and we're learning about it just as MS and you still are. This is a give and take group, very little spam and a whole lot of relevant questions. May not seem like it to you because it's not you having the problem and the last thing a person needs is someone telling him to take it elsewhere. Ever think if he/she found this group - they also knows about the others? They then did a lot of reading, saw the quality of the information and decided "this is the place". So be it... live with it. Bob S. "Chad Harris" vistaneedsmuchowork.net wrote in message ... People who help consistently on groups have been posting when the OP is off topic where to post it for years. You're just a newbie and instead of putting up substantive help you seem obsessed with your delusion that I want to be in charge. I want people to read the name of the group and post appropriate to it. MSFT names it. They purport to be "in charge." Take your bitching to them. CH "Adam Albright" wrote in message ... On Sun, 25 Feb 2007 10:36:43 -0500, "Chad Harris" vistaneedsmuchowork.net wrote: Read my lips Albright. I'm not in charge of any newsgroup. I've participated in them for years. But I rarely see threads that have nothing to do with the newsgroup on any of the hundreds of MSFT groups. This group became an exception the day that MSFT began selling Vista in stores. As somebody has already pointed out Chad Harris, you're behaving like a a-hole. I'm sure you're really a nice guy, but nobody will ever know if you keep having temper tantrums, especially over nothing. Again I need to ask you, what did you expect? Of COURSE this newsgroup got more busy the day Vista hit the shelves. Does that surprise you? It seems like half the posts here are from you bitching about cross posting and bellyaching the question wasn't asked in the "right" newsgroup. Sorry, the somewhat weird sense of humor I have, that's damn funny to see you with your shorts all bunched up over nothing. You're twisting in the wind due totally to what you yourself have said and can't figure out why most people are probably laughing their ass off over how you are acting. I'm not mad at you, doubt anybody really is, we're just playing with you. You need to calm down. There is no reason whatsoever to dump issues unrelated to setup in this group and it distracts from the title and purpose of the group. Listen fella, NOBODY distracts more in this newsgroup then you do. For somebody that bitches about off-topic posts it should dawn on you that your posts are more off topic than anybody's. Duh! How dumb does someone have to be to dump off topic issues into a setup group when there are a dozen or so more groups for them? How dumb does somebody have to be to keep beating a dead horse? |
|
|||
UAC should have been a Business class feature, not for Home Users
On Sat, 24 Feb 2007 08:19:55 -0800, "Kerry Brown"
And how does the security in 'nix work? By separating users and superusers (administrators). If you ran Linux as root (administrator) all the time you would be much less secure than running Vista with UAC enabled. And when you run Linux, you get prompts to enter the root password whenever you do something that needs root permissions. Same thing in MacOS - I only had to use it for a few minutes, troubleshooting a WiFi access issue, before I was appropriately prompted for a system-rights password. How is that different from UAC? I don't think anyone who knows anything about security would disagree with the statement that Windows XP cannot be secured. It can be made more secure but if you run as an administrator malware can find a way in. I'm not that impressed with the notion of "user rights" as the be-all and end-all of security, or even basic safety. The whole "user rights" ediface stands on deeper levels of abstraction that go all the way down to NTFS. But the same sort of holes in the assumption that "code only does what it was written to do" etc. that allow malware to run via exploits, may also drill through user rights in various ways - either by assuming higher rights as a consequence of what they've drilled into, ot escalating rights, or just going under the whole thing alltogether, as Witty did. Witty drilled in though an exploitable surface in a 3rd-party firewall (Black Ice Defender), which presumably gave it admin rights, if not complete system rights. From there it trashed the file system by doing raw writes to arbitrary sectors, right from within XP. So all that fancy NTFS permissions stuff wasn't worth a pile of beans, in this case. All sectors are the same, from raw hardware access. With Vista and UAC zero day attacks will certainly happen but UAC will at least give you a warning that something is up. It may do, prolly should do. YMMV depending on the nature of the attack, especially if an exploitable surface allows the malware to drill into a process that's accepted by UAC as part of the system. --------------- ---- --- -- - - - - Saws are too hard to use. Be easier to use! --------------- ---- --- -- - - - - |
|
|||
UAC should have been a Business class feature, not for Home Users
On Sat, 24 Feb 2007 17:14:28 -0600, Adam Albright wrote:
Hint: That means any malicious code can pretend to be a "installer" too and in effect gain access to anything on your computer including Windows kernel or YOUR data. It doesn't make much sense to me. The basic mechanism of malware is to behave in a riskier manner than what the user thought they were risking. The most extreme cause of this is the clickless attack, such as Lovesan waltzing in through RPC "service" (that should never have been left waving it's ass at the Internet in the first place) without the user doing anything at all. OTOH, if you install a program, you are fully aware of the risk you're taking. Installing software does position that software to do anything it wants to do, including integrating itself so that it may be impossible to run Windows without it running as well. If you decide to give that much power to what turns out to be malware, then really, you have only yourself to blame. IOW, where's the risk escalation advantage in malware pretending to be an installer? That is *exactly* what malware is, anyway. This level of non-SE has been PoC'd, e.g. we've had malware called VIRUS.EXE that pops up a dialog that says "I am a VIRUS and I will attack your PC!" and yep, some users go right ahead and click "OK". --------------- ---- --- -- - - - - Saws are too hard to use. Be easier to use! --------------- ---- --- -- - - - - |
|
|||
UAC should have been a Business class feature, not for Home Users
On Tue, 27 Feb 2007 00:33:49 +0200, "cquirke (MVP Windows shell/user)"
wrote: On Sat, 24 Feb 2007 17:14:28 -0600, Adam Albright wrote: Hint: That means any malicious code can pretend to be a "installer" too and in effect gain access to anything on your computer including Windows kernel or YOUR data. It doesn't make much sense to me. The basic mechanism of malware is to behave in a riskier manner than what the user thought they were risking. Why would anyone WILLINGLY give malware any permission to do anything? You guys are priceless in your endless blind defense of Microsoft decisions! The FACT is Microsoft ADMITS it had no choice but to leave the door wide open to accept any installer request to have access anything. Any reasonably clever hacker therefore can write code to pretend his malware code is a installer of a "trusted" application and such a attack will do whatever it wants. OTOH, if you install a program, you are fully aware of the risk you're taking. If you include Windows in that statement you are entirely correct. Windows is the biggest thread to your PC's security because of how it was originally written and nothing to date changes that. Windows has patches on top of previous patches over the course of 20 plus years. Just for kicks it would be damn interesting to see all the source code don't you think? Why is Windows so weak when in comes to security? Well Mr. Gates himself made a poor decision. When Windows was first being developed the Internet (main threat) was unknown to most. Microsoft originally ignored the Internet. Gates is on record saying the Internet was a passing fad that Microsoft wasn't interested in. Only after he realized that was a huge miscaculation did Microsoft start to try to patch the huge number of security holes hackers were starting to exploit in Windows itself (stupid policy of turning everything on like file sharing) making Windows easy prey to port sniffers and the laughable early attempts with Microsoft's early browsers and Active X. The problem is no matter how much Windows gets patched it still wasn't designed as a secure OS. Microsoft had pleny of time to fix this oversight by rewriting Windows from scratch. Surely they could have with XP, may have with Windows 98, ever as far back as Windows 95, but they chickened out fearful they would lose too many customers if Windows suddendly became more secure but nobody's hardware or software worked anymore with this new beefed up Windows. Surely with all the attacks seen during XP's history you would think Vista would be more secure, but all Microsoft did was put a bandaid on Windows called UAC which is badly flawed and obviously has the serious drawback of really ****ing off current customers endlessly getting nag screens everytime they do every little thing they always could easily do without interference in prior versions of Windows which under Vista if UAC is turned on as it is by default rather then choice as it should be designed will often cause Vista to have one hissy fit after another. I'm not against the concept of UAC, I'm simply surprised Microsoft did such a crappy job with it considering its taken them over 5 years to push Vista out the door. What have they been doing all this time? |
|
|||
UAC should have been a Business class feature, not for Home Users
On Tue, 27 Feb 2007 09:14:33 -0500, "Mike Hall - MS MVP Windows
Shell/User" wrote: It is not so much a case of Windows leaving the door open as the user keeps opening the door.. You get brownie points for defending Microsoft's poor design of Vista? What part of "it is MY computer, I'll decide which features to implement" don't you or Microsoft understand? If UAC worked, transparently, behind the scenes, if it actually DID offer some REAL protection it would be fine. From what I've read so far it seems to do little if anything to protect the user but for sure at the same time if UAC is turned on can get in the way of users with constant nag screens. Now sit back and learn how Windows in previous versions has "opened" the door to hackers BY DESIGN. As I've said before Windows wasn't designed to be a secure operating system. Trying to patch holes is the most Microsoft seems willing to do. For example I doubt many are aware that part of XP's design was to automatically "turn on" file sharing. If your computer is connected to the Internet, this is open door to your system hackers loved. The irony is there was NO NEED to do this. It was done because originally the Microsoft mindset was "turn everything on by default, otherwise users would be too dumb to find out how to turn on features, that only applies to LAN setups in this example. Even fewer are aware that deep in the bowels of Windows there's a hidden feature that without your knowledge is automatically turned on and if you attempt to delete or turn off this feature through normal means Windows, on its own, behind your back, will just install it again the next time you boot. Microsoft likes to call these security holes "features". Does not apply to XP home. One of many, read all about it: http://support.microsoft.com/default...;EN-US;Q314984 http://www.windowsnetworking.com/kba...eShares.ht ml I haven't had time to check how many things like this may still remain in lurking deep in Vista or if hopefully they have been corrected. My point, is while Microsoft talks a good game, what it has actually done in the past in way of design suggests a lot more work needs to be done if they are truly serious about making Windows really secure. |
|
|||
UAC should have been a Business class feature, not for Home Users
"cquirke (MVP Windows shell/user)" wrote in
message ... On Sat, 24 Feb 2007 08:19:55 -0800, "Kerry Brown" And how does the security in 'nix work? By separating users and superusers (administrators). If you ran Linux as root (administrator) all the time you would be much less secure than running Vista with UAC enabled. And when you run Linux, you get prompts to enter the root password whenever you do something that needs root permissions. Same thing in MacOS - I only had to use it for a few minutes, troubleshooting a WiFi access issue, before I was appropriately prompted for a system-rights password. How is that different from UAC? UAC allows you to run as an administrator for backwards compatibility. In Linux or OS X this isn't possible. A task either has full superuser privileges or it doesn't. UAC gives a task two security tokens, Linux and OS X one. This has both good and bad points. Personally I think it is mostly bad points but in the interest of backwards compatibilty I can see why it was done. It improves security greatly over XP while still allowing the majority of old programs to run with little or no changes. It allows programmers to catch up before the next OS comes out which will be even more secure :-) I don't think anyone who knows anything about security would disagree with the statement that Windows XP cannot be secured. It can be made more secure but if you run as an administrator malware can find a way in. I'm not that impressed with the notion of "user rights" as the be-all and end-all of security, or even basic safety. The whole "user rights" ediface stands on deeper levels of abstraction that go all the way down to NTFS. But the same sort of holes in the assumption that "code only does what it was written to do" etc. that allow malware to run via exploits, may also drill through user rights in various ways - either by assuming higher rights as a consequence of what they've drilled into, ot escalating rights, or just going under the whole thing alltogether, as Witty did. Witty drilled in though an exploitable surface in a 3rd-party firewall (Black Ice Defender), which presumably gave it admin rights, if not complete system rights. From there it trashed the file system by doing raw writes to arbitrary sectors, right from within XP. I've always been against software firewalls. They are an easy attack vector as by definition they must have very low level access to the system. This situation is better in Vista because of the reduced ability of a low privilege task to affect higher privileged tasks but I still see it as an attack vector. So all that fancy NTFS permissions stuff wasn't worth a pile of beans, in this case. All sectors are the same, from raw hardware access. With Vista and UAC zero day attacks will certainly happen but UAC will at least give you a warning that something is up. It may do, prolly should do. YMMV depending on the nature of the attack, especially if an exploitable surface allows the malware to drill into a process that's accepted by UAC as part of the system. I am sure that zero day attacks that work around UAC will eventually happen. There is no doubt in my mind Vista is much more secure than XP could ever be made through updates or service packs. How much more secure only time will tell. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca |
|
|||
UAC should have been a Business class feature, not for Home Users
Adam
I didn't say that there were not holes, and I do not need lecturing on the early design of Windows.. I was merely remarking that many users bring on problems themselves.. "Adam Albright" wrote in message ... On Tue, 27 Feb 2007 09:14:33 -0500, "Mike Hall - MS MVP Windows Shell/User" wrote: It is not so much a case of Windows leaving the door open as the user keeps opening the door.. You get brownie points for defending Microsoft's poor design of Vista? What part of "it is MY computer, I'll decide which features to implement" don't you or Microsoft understand? If UAC worked, transparently, behind the scenes, if it actually DID offer some REAL protection it would be fine. From what I've read so far it seems to do little if anything to protect the user but for sure at the same time if UAC is turned on can get in the way of users with constant nag screens. Now sit back and learn how Windows in previous versions has "opened" the door to hackers BY DESIGN. As I've said before Windows wasn't designed to be a secure operating system. Trying to patch holes is the most Microsoft seems willing to do. For example I doubt many are aware that part of XP's design was to automatically "turn on" file sharing. If your computer is connected to the Internet, this is open door to your system hackers loved. The irony is there was NO NEED to do this. It was done because originally the Microsoft mindset was "turn everything on by default, otherwise users would be too dumb to find out how to turn on features, that only applies to LAN setups in this example. Even fewer are aware that deep in the bowels of Windows there's a hidden feature that without your knowledge is automatically turned on and if you attempt to delete or turn off this feature through normal means Windows, on its own, behind your back, will just install it again the next time you boot. Microsoft likes to call these security holes "features". Does not apply to XP home. One of many, read all about it: http://support.microsoft.com/default...;EN-US;Q314984 http://www.windowsnetworking.com/kba...eShares.ht ml I haven't had time to check how many things like this may still remain in lurking deep in Vista or if hopefully they have been corrected. My point, is while Microsoft talks a good game, what it has actually done in the past in way of design suggests a lot more work needs to be done if they are truly serious about making Windows really secure. -- Mike Hall MS MVP Windows Shell/User http://msmvps.com/blogs/mikehall/ |