The User Account Control in Windows Vista improves security by reducing application privileges from administrative to standard levels, but UAC has been widely criticized for the nagging alerts it generates. According to one Microsoft executive, the annoyance factor was actually part of the plan.
In a Thursday presentation at RSA 2008 in San Francisco, David Cross, a product unit manager at Microsoft who was part of the team that developed UAC, admitted that Microsoft's strategy with UAC was to irritate users and ISVs in order to get them to change their behavior. "The reason we put UAC into the platform was to annoy users. I'm serious," said Cross.
Microsoft not only wanted to get users to stop running as administrators, which exacerbates the effects of attacks, but also wanted to convince ISVs to stop building applications that require administrative privileges to install and run, Cross explained. "We needed to change the ecosystem, and we needed a heavy hammer to do it," Cross said.
News Source: CRN
In a Thursday presentation at RSA 2008 in San Francisco, David Cross, a product unit manager at Microsoft who was part of the team that developed UAC, admitted that Microsoft's strategy with UAC was to irritate users and ISVs in order to get them to change their behavior. "The reason we put UAC into the platform was to annoy users. I'm serious," said Cross.
Microsoft not only wanted to get users to stop running as administrators, which exacerbates the effects of attacks, but also wanted to convince ISVs to stop building applications that require administrative privileges to install and run, Cross explained. "We needed to change the ecosystem, and we needed a heavy hammer to do it," Cross said.
















Agreed!
Also I really have no issues with UAC, after the initial setup I rarely get prompted.
+1
Ever wondered why, despite all the laws and the fines, people still don't wear their seat-belts and still drive along chatting to their friend on their phone? It's because fines and laws don't change the belief system. By their very nature, they are only useful after the event. I can bully you into saying what I believe to be true. That does not mean, however, that I have converted you to believe what I believe.
All Microsoft have accomplished is to irritate many of those who have switched to Vista, and give those who haven't yet switched another reason not to.
I think that the seat belt law had more to do with law/medical officials tired of scraping a person off of the pavement and less to do with concern about everyones safety.
Ever wondered why, despite all the laws and the fines, people still don't wear their seat-belts and still drive along chatting to their friend on their phone? It's because fines and laws don't change the belief system. By their very nature, they are only useful after the event. I can bully you into saying what I believe to be true. That does not mean, however, that I have converted you to believe what I believe.
All Microsoft have accomplished is to irritate many of those who have switched to Vista, and give those who haven't yet switched another reason not to.
It's actually a pretty valid analogy. When seatbelt laws began, people bitched and moaned (just like the way idiots whine about UAC now). Now, it's accepted and second-nature to buckle your seatbelt the minute you get into a car. We're that much safer because of it, and now it's a habbit because it's accepted. It just took a decade!
I don't have any issues with it either because the first thing that I did was disabled after I installed Vista.
Ever wondered why, despite all the laws and the fines, people still don't wear their seat-belts and still drive along chatting to their friend on their phone? It's because fines and laws don't change the belief system. By their very nature, they are only useful after the event. I can bully you into saying what I believe to be true. That does not mean, however, that I have converted you to believe what I believe.
All Microsoft have accomplished is to irritate many of those who have switched to Vista, and give those who haven't yet switched another reason not to.
It's actually a pretty valid analogy. When seatbelt laws began, people bitched and moaned (just like the way idiots whine about UAC now). Now, it's accepted and second-nature to buckle your seatbelt the minute you get into a car. We're that much safer because of it, and now it's a habbit because it's accepted. It just took a decade!
is a correct analogy but the fact that UAC is the same to put on your seatbelt in every stop, so sooner or later you will ask automatically yes for everything or you will disable UAC.
I don't have any issues with it either because the first thing that I did was disabled after I installed Vista.
+1
If it didn't do that, another app could grant itself admin rights....which is what UAC is intended to stop.
O? yeah... its still windows LOL
Last edited by CoolBits on 11 Apr 2008 - 12:48
Why do you need a whole screen dimmed for one app? You just need a password prompt window with explanation of which app needs privileges... you can still use other apps before entering password for this app.
Have you ever used OSX?
Why do you need a whole screen dimmed for one app? You just need a password prompt window with explanation of which app needs privileges... you can still use other apps before entering password for this app.
Have you ever used OSX?
yes and the OSX version is insecure just because of this, by allowing other apps to function at the same desktop/user level as the elevation prompt you make it possible to let other apps "click" on the I agree button. The windows and linux versions don't have this flaw as they operate in a secure desktop. (the faded out windows you see are actually just a screenshot of the screen before the prompt used as wallpaper of the secure desktop)
It is because if the prompt were in the same desktop session as other applications, malware might send messages to the prompt window emulating a click on the allow button. Thats why it is generated in a separate desktop session where other applications cannot send any message and the system can be sure the response came from you.
So malware apps can enter your password too? Didnt know that ufff LOL
Anyway this is only possible in windows (if it is)... in OSX ONLY the app that asks elevation GETS elevation...
Why do you need a whole screen dimmed for one app? You just need a password prompt window with explanation of which app needs privileges... you can still use other apps before entering password for this app.
Have you ever used OSX?
You could easily use Automator to click the OK button on the OSX admin elevation prompt.
So malware apps can enter your password too? Didnt know that ufff LOL
Anyway this is only possible in windows (if it is)... in OSX ONLY the app that asks elevation GETS elevation...
Ever heard of a keylogger?
And secondly, are you even thinking about what you're saying? In Linux and Windows only the App that prompted gets elevated otherwise the whole system would be rendered pointless.
Out of Linux/Windows/OS X, OS X has to be the most insecure. The only reason there are so few vunerabilities/viruses for OS X is because of it's relatively (To Windows) tiny market share.
You're digging yourself a large hole with this discussion, i suggest you quit before it gets any deeper.
I swear in OSX you have to enter your password to 'unlock' the lock. So unless you use Automator or equivalent to steal the user's password, what need is there to blank out the entire screen?
Only Vista has continue/cancel. But even then, you could shut off Secure Desktop and make admins in Admin Approval mode be prompted for credentials. That will be similar to OSX. (except there's no permanent 'sticky' unlock mode)
And secondly, are you even thinking about what you're saying? In Linux and Windows only the App that prompted gets elevated otherwise the whole system would be rendered pointless.
Out of Linux/Windows/OS X, OS X has to be the most insecure. The only reason there are so few vunerabilities/viruses for OS X is because of it's relatively (To Windows) tiny market share.
You're digging yourself a large hole with this discussion, i suggest you quit before it gets any deeper.
I just said that its pointless to dimm the whole screen for 1 app that need elevated privileges and nothing else...
BTW keylogger would also need elevated privileges to run
However, developments on the GNOME front will make PolicyKit the default elevation method instead of gksudo, and it seems that PolicyKit is remarkably similar to OS X's prompts
PolicyKit
OS X Authentication
And, just for reference:
GKSudo
User Account Control (UAC)
On another note, compared with all three system's i've used (UAC, OS X Auth, and GKSudo), UAC is the most annoying. Can't really say why, because UAC is very similar.
I think it's just considerably more jarring, even moreso than GKSudo. It takes a few seconds to go from blanking the screen to displaying a prompt, and the darkness of the fade-out really takes you away from what you were doing... Maybe that was their intention, maybe not, but It IS the most annoying in it's presentation.
And secondly, are you even thinking about what you're saying? In Linux and Windows only the App that prompted gets elevated otherwise the whole system would be rendered pointless.
Out of Linux/Windows/OS X, OS X has to be the most insecure. The only reason there are so few vunerabilities/viruses for OS X is because of it's relatively (To Windows) tiny market share.
You're digging yourself a large hole with this discussion, i suggest you quit before it gets any deeper.
I just said that its pointless to dimm the whole screen for 1 app that need elevated privileges and nothing else...
BTW keylogger would also need elevated privileges to run
you just prooved that you have no idea what you are talking about and didn't even read the answers to your ignorant accusations
You were trying to say that windows has two desktops (secure and insecure) or what? I just said that ist pointless to have secure desktop (to dimm it) if the default desktop is secure...
When there will be an app that will steal your password, enter that password in prompt and click ok... then NO system is secure... not even vista with "secure" desktop
When there will be an app that will steal your password, enter that password in prompt and click ok... then NO system is secure... not even vista with "secure" desktop
Yeah but the difference with Linux and OSX are that you only need elevated priveledges to change core system settings, not for deleting shortcuts, etc... I know you're talking about entering a password here but the topic is about UAC and MS thinks it is necessary to teach users good habits, but a lot of people don't have the problems that UAC is supposed to solve in other OSes.
You were trying to say that windows has two desktops (secure and insecure) or what? I just said that ist pointless to have secure desktop (to dimm it) if the default desktop is secure...
When there will be an app that will steal your password, enter that password in prompt and click ok... then NO system is secure... not even vista with "secure" desktop
You are such an idiot. Because the elevation prompt is on the same desktop as the ordinary user is OS X, a keylogger can just log the password in as you type it in (since it is running on the USER desktop, not an ADMIN SECURE desktop) for a different valid program that you need to run as admin.
In Windows, the user desktop is "deactivated" and any apps running as user can not log the keyboard and mouse anymore. The Secure desktop is completely separate, anything not running as admin has NO POWER in the secure desktop. A key logger would need to be run as admin to work in the secure desktop (where you enter the password) to get your password, but UAC makes sure it doesn't run as admin. If the keylogger were to run without admin, it can not log and UAC passwords.
And yes, UAC doesn't ask for password normally, but only when the user is not an "admin account". Even the UAC prompts that don't ask for a password are secure, because they still run on a secure desktop. Any user program (such as a macro program designed to click "continue"
If you need more explanation, without a secure desktop there can be a 2 part virus. The destructive part needs to be run as admin, and the other part is just a macro program. The virus first launches the macro program which waits until a UAC prompt comes up. The part that requires admin is then run, and the UAC prompt comes up. Since the prompt is not in a secure desktop, the macro program will click continue and the virus does the damage.
You were trying to say that windows has two desktops (secure and insecure) or what? I just said that ist pointless to have secure desktop (to dimm it) if the default desktop is secure...
When there will be an app that will steal your password, enter that password in prompt and click ok... then NO system is secure... not even vista with "secure" desktop
The Secure Desktop in Vista is isolated from the session that you're running.
I can launch an app right now, and it'll run with user privileges. That means it can log my keypresses as I type this. It can move the mouse, do whatever.
However, the UAC prompt forces the computer to switch to something called the Secure Desktop. That application I launched earlier doesn't even know that this desktop exists. It can't see it. It can't log my keypresses so long as I'm on it. It certainly can't interact with the prompt on it.
The only conceivable way that you could log keypresses on the Secure Desktop is that you at some point launched something as an Admin which totally screwed over your system's security. But since you had to manually allow that, it's not Windows' fault.
You were trying to say that windows has two desktops (secure and insecure) or what? I just said that ist pointless to have secure desktop (to dimm it) if the default desktop is secure...
When there will be an app that will steal your password, enter that password in prompt and click ok... then NO system is secure... not even vista with "secure" desktop
No, there is a secure desktop MODE. When UAC takes over it dims everything except the prompt to let you know it's not active and the OS will not accept any input except from the mouse and keyboard. Although I haven't used it yet under Vista, I suspect that you cannot confirm a UAC prompt while working with a standard remote assistance request either. I would guess the local user would have to approve them for you.
I swear in OSX you have to enter your password to 'unlock' the lock. So unless you use Automator or equivalent to steal the user's password, what need is there to blank out the entire screen?
Only Vista has continue/cancel. But even then, you could shut off Secure Desktop and make admins in Admin Approval mode be prompted for credentials. That will be similar to OSX. (except there's no permanent 'sticky' unlock mode)
Many people don't set passwords for their computers. In those cases it only requires clicking the Accept/OK button.
Isn't this the same as just creating a different user account in a different user group and launching an application with their credentials?
On a side note, I wonder if they ever plan on using .NET for IE development.
Last edited by HalcyonX12 on 12 Apr 2008 - 23:54
Isn't this the same as just creating a different user account in a different user group and launching an application with their credentials?
Nope.
Isn't this the same as just creating a different user account in a different user group and launching an application with their credentials?
At least they put the option to turn it off. That's the first I always do after a Vista installation...
At least they put the option to turn it off. That's the first I always do after a Vista installation...
The big deal is that features like this are installed on your PC and eventually add up to 16GB. Add to this Vista's habit to index and backup everything imaginable and you have a Windows installation that continues to grow the more you use it. Eventually, it will collapse under it's own bloat and corruption, then you have to reinstall.
This is a deeply flawed designed, and just one of many reasons why people say that VISTA SUCKS.
Perhaps Vista was designed to suck?
At least they put the option to turn it off. That's the first I always do after a Vista installation...
The big deal is that features like this are installed on your PC and eventually add up to 16GB. Add to this Vista's habit to index and backup everything imaginable and you have a Windows installation that continues to grow the more you use it. Eventually, it will collapse under it's own bloat and corruption, then you have to reinstall.
This is a deeply flawed designed, and just one of many reasons why people say that VISTA SUCKS.
Perhaps Vista was designed to suck?
Thank you for proving you don't have the slightest clue on what you're talking about.
Because if you did, you would realise you can disable the Volume Shadow Copy service and that Indexer only indexes 3 folders by default. (Users, Start Menu and Offline files.)
But i suppose facts are a waste of time in this discussion, because afterall you are throughly attatched to the VISTA $UCKZ bandwagon.
Last edited by Athernar on 13 Apr 2008 - 12:24
You also didn't realize that most of the size of vista is due to the huge amount of drivers it supports out of the box and has nothing to do with active processes...
But it's cool to hate, so right on.
You also didn't realize that most of the size of vista is due to the huge amount of drivers it supports out of the box and has nothing to do with active processes...
But it's cool to hate, so right on.
He is actually more silly.
First: even the dumbest user wouldn't get 16Gb size. More like 8-10.
Second: It's funny how this smartass doesn't know about the harrd links. About half of so-called Vista size are from hard linked files. So all dumb people count gigs of files twice and yell about size. Subtracting free space from the total space is too hard for them.
Last edited by HalcyonX12 on 11 Apr 2008 - 15:12
But the thing you need to remember is that most users don't want to 'discover' the OS, they just want to write documents, surf the web, write emails, etc. Most users are completely ignorant about what is going on in the operating system, and they have been conditioned that that's the way it should be. After all, only geeks and nerds really can know anything about computers and how they work. That is still the impression perpetrated by and supported by the general public. The vast majority of people I know who have computers are completely clueless as to how to take general good care and keep from getting viruses and trojans and other junk. Yes, UAC isn't going to retrain people until people in general start taking an interest in what's going on inside.
But the thing you need to remember is that most users don't want to 'discover' the OS, they just want to write documents, surf the web, write emails, etc.
If that's the case, how is UAC going to help? Clicking "Allow" will become as repetitive and mundane as clicking "I agree" or "Next", if a user doesn't know why they should click "Allow" or "Cancel" then they'll probably just end up having the same problems as before. The only thing UAC changes is that now MS tech support can say "Well you clicked Allow so it's your fault"... the user still won't know what happened or know how to tell what actions are good and what aren't, unless it's just trial and error, which is not a good approach to security.
Besides, us power users can just turn off User Account Control.
a truly power user has UAC enabled.
Last edited by franzon on 11 Apr 2008 - 15:26
a truly power user has UAC enabled.
+1
My works laptop wasn't touched between when my predecessor left and I joined. First thing I did was to re-enable UAC.
Rather have IE running in a sandboxed mode rather than with admin rights thanks.
a truly power user has UAC enabled.
Being a true power user meaning that they know exactly what they're doing and not doing. Thus, features like UAC, System Restore, and Security Center, etc aren't even necessary. Worst case scenario, a 5-minute restore back to clean state.
But you just said we don't need System Restore - how are we supposed to restore then?
a truly power user has UAC enabled.
+1
My works laptop wasn't touched between when my predecessor left and I joined. First thing I did was to re-enable UAC.
Rather have IE running in a sandboxed mode rather than with admin rights thanks.
I don't use Internet Explorer at home, and I don't use Vista at work.
People who know what they're doing also have knowledge of the resources available to them. UAC provides enhanced security. System Restore provides a simple quick way to back out system changes without re-imaging the computer. Security center allows a one-glance way to monitor the condition of security-related software. Yes, you do have the option of not using any of it, but if you're basing that decision solely on the idea that it isn't necessary because you're so elite, then you're already suffering from arrogance and complacence - common problems in end-users.
a truly power user has UAC enabled.
Being a true power user meaning that they know exactly what they're doing and not doing. Thus, features like UAC, System Restore, and Security Center, etc aren't even necessary. Worst case scenario, a 5-minute restore back to clean state.
Wrong. A true Power User will know *why* such security features are in place, and will work alongside them as necessary *without* having to deactivate them (because he/she did the due-dilligence and researched them). The very fact that you *still* want to let applications engage in the very unsafe behavior that's a security risk in the first place (and thus why UAC was created) shows you have not learned the very lesson that UAC was supposed to teach with the annoying reminders.
Ironically, most people who are outrageously annoyed with UAC don't know how to turn it off, and that alone justifies its existence for me.
No, if you're logged in as a standard (non-adminsitrative) as a part of intelligent computing, then you'd get a "To continue, type an administrator password and then click OK." dialog. Administrator accounts get the Allow/Deny options by default, but it can thankfully be turned off with Local Security Policy.
I can see the point because it annoys everybody, but that doesn't mean the concept behind it is bad. It was just poorly implemented.
however, in reality it hurts them. they will have to find a better idea
This is just a guess (I'm still on XP) - but wouldn't UAC's quiet mode still give you the sandboxed mode in IE7 etc?
ya really lol
besides i didnt know this was up fort debate..
i thought it "goes without saying" that obviously it was designed to irratate users
kinda like saying "hey seatbelts are designed to save you" here i thought they were a fashion statement
i still think Vista sucks, bandwagon or no bandwagon
and UAC is poorley implemented but i think but its ok for Mom, Grandma, your girlfriend etc..
you know the people i mean, the Toolbar collectors
there aint much to debate here as usual with security related talk user desicions are the most important factor
and all the security software and features are an aid, and not the solution.
when i tried vista i disabled UAC cause if i wanted to get nagged i would get married or something
it makes installing cracked/pirated software difficult and impedes my efforts at crackin stuff myself
what self respecting hacker or cracker is gonna wanna use Vista as his/her OS of choice ? lol
although i see why MS put it in and i think its a good idea for the general public.. just not for me thx
list goes on. The one gets annoyed the most are Hispanic.
if you want to be GOD again just go secpol enable Administrator account and rename it there you go. back to god mode. matter fact I use it hehe.
guess thats one more reason to buy the business or ultimate edition...
Ok, go ahead and explain what UAC does and why it is so worthless.
Because you know, a web browser (any) needs full access to a computer, right? (for one example) Because Zero day exploits will only happen on IE, right?
What say Mio/Brandon, the unwavering defenders of such annoyances?
While this would mitigate exploits that do things like redirect a file i/o operation, or something, if you had one that allowed for any kind of arbitrary code execution, you're absolutely screwed with a system like the one you suggest.
While this would mitigate exploits that do things like redirect a file i/o operation, or something, if you had one that allowed for any kind of arbitrary code execution, you're absolutely screwed with a system like the one you suggest.
Not only that, but an option to "auto approve" an app means the OS would have to keep a list of the approved apps somewhere. Malware could then be added to that list via some other exploit.
That could be protected by requiring Admin access to write to. The only 'real' problem comes from the fact that it basically allows anything to do anything it wants, so long as it can take the time to spawn another process.
Either give "users" or your user account Full Control of the partition. (Note: Don't do this to your system drive. You'll just be asking for trouble.)
Either give "users" or your user account Full Control of the partition. (Note: Don't do this to your system drive. You'll just be asking for trouble.)
:o it worked!!!! gabazooba! armadillo yams! thanks!
For most users this is annoying but the average joe is safe if they use this mechanism. For powers users, you can turn it off in more than one way without disabling all the features of this protection.
Files from XP may (or rather, most likely) be tagged as owned by an administrator.
I've moved and copied thousands of files on my PC with no prompts.
never had to reinstall a system cause of malware or crap tbh...
Glassed Silver:mac
You know what you are doing? Because I found out a bunch of programs crapping in my system folders. Do you like piles of crap laying around?
Already can't count how many computers I've done exactly the same thing to already either. Maybe they'll get it right next time. I can wait until 2010.
Already can't count how many computers I've done exactly the same thing to already either. Maybe they'll get it right next time. I can wait until 2010.
Amen - I'm picking up a laptop Monday, and after I make sure all the components work, off comes Vista, and on goes XP. If I had a choice, there'd be no OS (or malware) on the damn thing.
Hey MS exec? It's annoying all right - so much so that market share is decreasing. Good job?
UAC only prompts me when i do something that would normally require admin privs to do such as change system settings or screw with the Windows folder.
I'm on SP1 x64
I only really found it annoying when I was doing a fresh install of Vista and had to install all of my usual applications and organise my start menu, but after that it wasn't that obtrusive.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.