Microsoft Australia has defended the company's User Account Control (UAC) system as being "misunderstood" and said it should be the type of technology that all operating systems aspire towards.
"There has been a lot of misunderstanding in the market around User Account Control (UAC). If you look at it from an architectural direction User Account Control is a great idea and strategically a direction that all operating systems and all technologies should be heading down," Peter Watson, Microsoft Australia's chief security advisor said.
UAC is a security feature introduced with Microsoft's Windows Vista operating system. The aim is to provide increased security when using Windows as a standard user by informing them when possible security breaches could be undertaken. The technology has been a source of irritation for Vista users, with Apple going as far as to make fun of UAC in a recent commercial.
As Vista and the latest edition of Office were developed with Microsoft's Secure Development Lifecycle (SDL), "the number of exploits has been extremely low", he added.
News source: Builder AU
"There has been a lot of misunderstanding in the market around User Account Control (UAC). If you look at it from an architectural direction User Account Control is a great idea and strategically a direction that all operating systems and all technologies should be heading down," Peter Watson, Microsoft Australia's chief security advisor said.
UAC is a security feature introduced with Microsoft's Windows Vista operating system. The aim is to provide increased security when using Windows as a standard user by informing them when possible security breaches could be undertaken. The technology has been a source of irritation for Vista users, with Apple going as far as to make fun of UAC in a recent commercial.
As Vista and the latest edition of Office were developed with Microsoft's Secure Development Lifecycle (SDL), "the number of exploits has been extremely low", he added.
News source: Builder AU
ONLY because you may be good with computers... for regular users it can be helpful, or annoying to teenages who aren't as good with PC's.
But for professional users who know what they are doing, it is infact a headache, that is why i disabled it myself.
It''s good for beginning users, bad for advanced.
Sure, UAC is annoying for us computer geeks - probably most on Neowin. and sure, we are probably safe to disable it.
BUT for the vast vast majority of vista users, computer novices buying a computer to surf the net and nothing more, or their very first computer, UAC is a very very worthy part of the OS, and it very useless as an extra safety step.
hahaha
Haha, pwned!
I'm a paid software developer and at least I have a brain enough to realize UAC is a patchwork to solve a broken security model with default adminships that *nix operating systems and OS X had got right before Vista was even conceived. MS can stuff that statement up their asses while they try to figure out what's idiotic about their argument.
I'm a paid software developer and at least I have a brain enough to realize UAC is a patchwork to solve a broken security model with default adminships that *nix operating systems and OS X had got right before Vista was even conceived. MS can stuff that statement up their asses while they try to figure out what's idiotic about their argument.
windows was screwed up, but mostly it is/was the 3rd party devs who botched making their apps non-admin friendly.
with vista there is NO excuse for running admin fulltime, think of admin vista as *nix root.
it's not default userlevel, it's just what idiots choose.
NEway, don't most other operating systems (Linux/OSX) already employ similar systems? This seems like a shallow PR move rather than a useful suggestion/comment.
Oh well, that's why I bought a MacBook Pro last week. I got tired of this BS.
No, only one reason of a very long list. Battery life on my MacBook Pro made the decision for me. No Windows laptop with MBP specs lasts nearly as long.
I've kept OS X on it just in case I ever need or want to try an iLife application, but otherwise it's just wasted drive space on that very nicely designed (if quite overpriced) bit of hardware.
Under Vista, Applications being run under your profile have two modes of access, one, User level, which is default, and two Admin. Under both, they're run under your profile.
In unix, to elevate a process, you'd run it as root, which is a different user. Your account's profile isn't in use with that program. In Vista, you'd just start the process as 'elevated'. I personally like the Vista way better.
Last edited by olavinto on 28 Apr 2007 - 21:32
I think Redmond needs to fix their photocopier. It always makes malformed replicas.
It isn't at all, hopefully. That wasn't my point. Microsoft is saying that all operating systems should use UAC, I'm saying I prefer SELinux + Unix permissions (+ PaX + stack smashing protection ... ad naseum).
Edit: Word arrangement.
It isn't at all, hopefully. That wasn't my point. Microsoft is saying that all operating systems should use UAC, I'm saying I prefer SELinux + Unix permissions (+ PaX + stack smashing protection ... ad naseum).
Edit: Word arrangement.
In other words, clamp down even *harder* than UAC.
Suppose MS were to do that (or even offer it as an option): think of the firestorm that would erupt then! Over half the UAC-inspired criticism directed at Microsoft is because UAC clamps down too *hard*; yours seems to be that it doesn't clamp down hard *enough*.
It isn't at all, hopefully. That wasn't my point. Microsoft is saying that all operating systems should use UAC, I'm saying I prefer SELinux + Unix permissions (+ PaX + stack smashing protection ... ad naseum).
Edit: Word arrangement.
In other words, clamp down even *harder* than UAC.
Suppose MS were to do that (or even offer it as an option): think of the firestorm that would erupt then! Over half the UAC-inspired criticism directed at Microsoft is because UAC clamps down too *hard*; yours seems to be that it doesn't clamp down hard *enough*.
I'm a security nut
Edit: Plus there's the whole not having a CLI by default thing. Doing administrative tasks (or any "real" task, really) without a command line must be really, really horrible.
Last edited by TenebraruM on 28 Apr 2007 - 20:53
You've never been an admin/programmer/encoding nut, have you?
I bet I could do most tasks in the order of 5x as fast as you using bash or emacs.
I don't even know of a GUI that'll substitute in for
#make. Is there one?
Editing configs:
I don't know of an easy way to open an X text editor with admin privileges. Opening emacs is easy, I just have to type emacs. Opening, say, gedit, I'd have to log out, and log in as root (erm, no thanks). Besides, emacs GUIs suck.
General operations:
How do you use regular expressions with a gui?
Encoding:
kzip -b256 file.zip
cd ../../dir && ffmpeg -i file.ext -acodec copy -vcodec x264 -qp0 -moreoptions file2.ext
How do you do that in 5 seconds using a gui?
Last edited by TenebraruM on 28 Apr 2007 - 22:09
+1
+1
+2
I wouldn't turn it ever, even for money unless it was some extremely large amount.
Secondary Logon(Run As) is efficient too why UAC?
The 3D effects there are seen in other OS long time ... XGL, Beryl ...
I like very much Win2k3 for enterprise users winXP SP2 ... Vista maybe with SP1
Vista in troubleshooting have more cool stufs, counter logs, eventvwr, processes(Disk, memory...) maybe sysinternals hand.
... but personaly the only OS that worked cool in native 64b was gentoo ... i have all things working, 3D, Beryl, wireless WPA ...
Windows is great at enterprise level... Domain Controler's, Group Policys, Replication ... things that are not so well planned in Unix or Linux Systems...
UAC is a nhack!
Run As better then UAC ...
GNU/Linux is fine. It works, is stable. The biggest problem that I have encountered is that it lacks good power management (mostly because mobo are not well documented). This, however, is slowly changing. What Linux really needs is more drivers (though in a lot of situations, I am not sure how this is possible).
A) to run all Windows software (including games) as well as (or better than) Windows XP
B) to hide its 1970's command line, shareware OS legacy from 21st century end users ( re: if the phrase "recompile the kernel" ever appears before an end user, goodbye Linux )
Until these two MAJOR things happen, Linux will continue to be relegated to the kind of marginal fanboy desktop and IT backroom/server market share it currently "enjoys".
A) to run all Windows software (including games) as well as (or better than) Windows XP
B) to hide its 1970's command line, shareware OS legacy from 21st century end users ( re: if the phrase "recompile the kernel" ever appears before an end user, goodbye Linux )
Until these two MAJOR things happen, Linux will continue to be relegated to the kind of marginal fanboy desktop and IT backroom/server market share it currently "enjoys".
A) Are you kidding me? It's not up to 'Linux' to run Windows software. It's up to software developers to develop cross-platform software.
B) It's getting there. As a regular user, you don't need to run the command line, except for maybe a few exceptions.
Oh, and there's nothing wrong with that '1970's command line, OS legacy'
GNU/Linux is fine. It works, is stable. The biggest problem that I have encountered is that it lacks good power management (mostly because mobo are not well documented). This, however, is slowly changing. What Linux really needs is more drivers (though in a lot of situations, I am not sure how this is possible).
A) to run all Windows software (including games) as well as (or better than) Windows XP
B) to hide its 1970's command line, shareware OS legacy from 21st century end users ( re: if the phrase "recompile the kernel" ever appears before an end user, goodbye Linux )
Until these two MAJOR things happen, Linux will continue to be relegated to the kind of marginal fanboy desktop and IT backroom/server market share it currently "enjoys".
A) Are you kidding me? It's not up to 'Linux' to run Windows software. It's up to software developers to develop cross-platform software.
B) It's getting there. As a regular user, you don't need to run the command line, except for maybe a few exceptions.
Oh, and there's nothing wrong with that '1970's command line, OS legacy'
A. It is if Linux ever wants to be used by the mainstream user.
- UAC is good for beginners.. so it's better to be On..
- While for Pro. Users, yeah it's a headache.. Simply, just disable it..
- Is it Microsoft's fault to make its OS better and safer..?
- While for Pro. Users, yeah it's a headache.. Simply, just disable it..
- Is it Microsoft's fault to make its OS better and safer..?
+ 1
MS telling other OS producers what THEY soud aspire to.
MS needs to examine their absolutely shoddy track record on security since 2001. After years of users' compromised systems, constant customer letdown, they finally mis-implement some form of UAC and then have the audacity to point others (say, Apple, believe it or not) in what they assume to be the right direction.
Maybe it might have been a good idea to NOT ship your OS with 5 open ports back in 2001. Sheesh.
It's too late to fix the problem, however. I'm hoping Vienna will be truly worthy of a company with such near-inestimable assets.
Anyhow, what's with all this damage-control from MS? Why all this effort to convince everyone and their dog that their OS is worth buying? Can't it stand on its own and shine by example?
Last edited by LTD on 28 Apr 2007 - 20:17
Apple does indeed implement something like UAC today (in fact, it's part and parcel of OS X, and has been for a while), and so does nearly every distribution of Linux (the only widespread distribution that *doesn't* implement SELinux is Ubuntu; however, because Ubuntu is Debian-based, it can add it easily enough). So what's the *real* issue here?
Apple does indeed implement something like UAC today (in fact, it's part and parcel of OS X, and has been for a while), and so does nearly every distribution of Linux (the only widespread distribution that *doesn't* implement SELinux is Ubuntu; however, because Ubuntu is Debian-based, it can add it easily enough). So what's the *real* issue here?
You can't compare OS X's UAC to Vista's. I see OS X's UAC once in a blue moon.
The fact is, Windows security is broken. Can't be fixed. It was doomed from the start. Redmond underestimated the power of the internet to massively fubar your PC. Vista's UAC is the only solution, it seems. It didn't help when MS decided to ship XP (in 2001!
The real solution? Scrap Windows altogether. Start from new, fresh code. Inititate a two-year (ballpark) transition campaign with businesses. Is UNIX the answer? I don't know. What we do know is that it's a pain to write malware for UNIX. I hope Vienna will be a fresh start - an opportunity for MS to rethink the whole game.
So even if Microsoft made a shoddy implementation of what was asked we should praise them? (That isn't to say I'm for or against UAC. Truth be told, I've barely had any time to play with Vista.) I think a lot of people bash MS for the sake of bashing them, as opposed to hoping that they'll improve Windows, but that's an entirely other issue from whether or not MS has made a good implementation of the whole UAC thing. Yes they should be applauded for what they've done so far, but at the same time it's far from perfect and they should be willing to tweak it as needed, as per their users' feedback.
A proper install of Vista should not be running as an administrator with UAC enabled. It should be running as a regular user with UAC enabled. The real benefit to Vista has to a reworking of the user profiles in order to allow individuals users to essentially not have to run their system as root (administrator level) in order to use their computer. It is kind of like the Run-As command, except that it now actually works, and is safer (since you don't have to admin to run).
A brief overview:
http://theinvisiblethings.blogspot.com/200...-every-day.html
When and why it is triggered:
http://www.edbott.com/weblog/?p=1602
Why is that funny?
Users should have the option to disable it.
It's called "Choice".
Microsoft believes in it. Show me another OS developed that gives you as much of a say in how things are run.
A brief overview:
http://theinvisiblethings.blogspot.com/200...-every-day.html
When and why it is triggered:
http://www.edbott.com/weblog/?p=1602
i know what triggers it but also running certain apps etc still triggers it for instance my mouse software triggers it on start up
simply it just annoys me but im always installing stuff
Because the OS is insecure by design and disabling it makes it just insecure like any other version of Windows before it. It should mandatory for admin rights to (un)install something or to make other system wide changes. Disabling the annoyance of the dialogs that popup should not defeat the underlying protections of the OS itself.
Nope. Users should not have to be bothered with useless prompts and warnings when doing mundane tasks.
Microsoft believes in it.
Microsoft believes in choice huh? Then tell my why they've been sued over and over again for the strong arm tactics they use/used to push the Windows OS on the world.
*nix. It has protection akin to UAC and I can still do anything on it that I want to.
I've seen some Installation programs launch a UAC confirmation.
I know Mac OS X does this on some major installations that require more than a simple drag and drop - but requiring administrative rights to install a program is ridiculous.
I've seen some Installation programs launch a UAC confirmation.
I know Mac OS X does this on some major installations that require more than a simple drag and drop - but requiring administrative rights to install a program is ridiculous.
I think OS changes and installs (could change the OS) should have admin access to do those things. If something is trying to install whether it's intentional or not should be alerted to and give a choice. Other routine stuff like creating/deleting folders, so long as it's not being done in system space, should not require it. Opening control panel applets should not require it. You want to just look at the time properties for some reason then you need to aprove it. It should only have to be aproved if you change the settings.
However, UAC should be disabled if you feel you know the system well - for administrators or advanced users. The choice is entirely up to you.
Just my two cents.
If it was as great as Microsoft says it is, they'd not need to keep reminding everyone how great it was.
So the problem with UAC is that the beginners just mindlessly click OK, and many of the "experts" turn it off.
That has to be the best comment on this article yet. Well done.
What a blatantly misleading title. It firstly suggests this is some MS specific thing, and also implies they're saying that their implementation is what everyone should use - both untrue.
Other than this, I'm still enjoying the "Windows ME retake" (whoever said that hasn't used Vista RTM).
Like I said, it's sad that there can't be a post about Linux, Mac OS X, or Windows without a stupid flamewar. I'm an OS X user and I'm standing up for Microsoft, that has to be a sign that something is wrong with you people.
based systems. The problem is that it's been poorly implemented on Vista, causing
undue annoyance every time it pops up, and dimming out the rest of the UI.
The way I beleive it should have been done, is to display a password prompt dialog to
the user, for tasks that could make potentially unsafe changes, but still allowing the
rest of the UI to be accessible while the password prompt dialog is open.
At the moment, UAC is an irritant that most Vista users will turn off as soon as they
find out how to, thus making their Vista installations no more secure than XP was.
Especially since turning off UAC also turns off Protected Mode in IE7, making the
system as vulnerable to "drive by" malware installs as was the case with IE6.
What about if the PC in question is unconnected to the outside world, and stays that way?
If there's no way for it to be attacked, what need is there for protection like UAC?
And that's ignoring the expert user who simply wants to look after the security himself as opposed to letting UAC do things for him.
Back in the dawn of time, there were many other OS's and systems people could and did use. The early Macs, Amiga's, OS/2, etc. It was the public and the public alone who chose Microsoft.
Are they the best? No. Not by any means...
But they did read the public's mood and develop a superior ease-of-use/user friendly OS (versus say, Linux which has only recently approached the same ease of use) on a less expensive (versus Macs) more open-architecture based, and hence easier to upgrade and fiddle with (versus most Apples since the IIe) platform.
They tend not to do any one thing exceptionally well, but do manage to do many things reasonably well enough to capture the public's interest.
Were that not the case, Linux and Macs would have a far greater market share as opposed to what they actually have, which is perhaps 10%.
UAC as it stands is admittedly pretty annoying, but I'm forced to wonder if Linux and Macs were targetted for virii and spyware to anywhere close to the extent of Windows PC's if their more hands-off, less intrusive approach wouldn't be seen by everyone as woefully lax on security. It could be said that Microsoft's approach is anal retentive, but because they're the ones in the bad guys' crosshairs all the time, perhaps it NEEDS to be to keep users safe.
NO OTHER OPERATING SYSTEM _NEEDS_ UAC!
UAC is just a nasty kludge to fix the inherent design flaws of the Windows NT security model!
And it's TOTALLY ANNOYING!!!
I don't care how secure it makes me it's WORSE than a virus with how many time I gotta click 'OK' to do everything.
Silly Microsoft, tricks are for kids!
NO OTHER OPERATING SYSTEM _NEEDS_ UAC!
UAC is just a nasty kludge to fix the inherent design flaws of the Windows NT security model!
And it's TOTALLY ANNOYING!!!
I don't care how secure it makes me it's WORSE than a virus with how many time I gotta click 'OK' to do everything.
Silly Microsoft, tricks are for kids!
Is it that the NT security model is really that inherently poor, or that *nix and Macs look better because fewer virii and spyware authors go after those OS's? Were their market shares reversed with Microsoft, I suspect that *nix and Macs might have just as many security issues as Windows does now, but why go after a "target-empty" environment if you're out to cause problems? Any OS can be attacked. Any security system designed by a person can be broken by another person given time and effort.
Few days later, I uninstalled Vista and installed XP again
Pinch me when SP1 has arrived
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.