The Great UAC Debate!

[abcdefg]

Mac OSX has been around long enough to where developers have made apps that install and run without admin rights (sometimes it asks you for the password during install).

Once Vista and its successors hit maturity developers better learn.

XP has been out longer than OS X. Developers made and probably still make software for it that requires admin rights.

Only one to blame is Micro$oft who made people run as admin by default.

[+Fahim S. MVC]

XP has been out longer than OS X. Developers made and probably still make software for it that requires admin rights.

Only one to blame is Micro$oft who made people run as admin by default.

Did you even read the post you replied to - or are you having too much fun trolling here?

Apple could get away with changing the entire security model of their operating system (and actually their entire operating system) because of their absolutely tiny userbase at the time of release of OS X. Microsoft don't have the same luxury - a level of backward compatibility is paramount to their business.

Users running with Admin rights is the way XP worked - not the way Vista and future operating systems from Microsoft will work. When Vista (and subsequent operating systems from Microsoft) become the norm, things won't be coded with the assumption - obviously the transition will cause some pain just like any other paradigm shift.

[abcdefg]

Did you even read the post you replied to - or are you having too much fun trolling here?

Explain how M$ can do a change now but not then. Troll.

It's hard to even imagine how many formats and wasted hours could've been saved if XP had been released with LUA account as default. M$ screwed badly. Of course only ones to get hurt were the users, not M$.

[+Fahim S. MVC]

Maybe because that would have broken even more apps from the Windows 9x era (which if you may remember had virtually no security model at all) than the transition to the NT codebase alone? Troll!

People complain that UAC is annoying now, not that it stops the majority of their apps from working.

[Linkinfamous]

Maybe because that would have broken even more apps from the Windows 9x era (which if you may remember had virtually no security model at all) than the transition to the NT codebase alone? Troll!

People complain that UAC is annoying now, not that it stops the majority of their apps from working.

Bingo.

9x had no concept of filesystem security. Everyone just dumped everything wherever they wanted.

If they had not made you an Admin by default on XP, virtually everything would have broken.

By now, however, enough people have gotten the idea of security down to make what they did with Vista actually viable for Windows.

[rtk]

It's hard to even imagine how many formats and wasted hours could've been saved if XP had been released with LUA account as default. M$ screwed badly. Of course only ones to get hurt were the users, not M$.

And just think of the millions of years and lives wasted in evolution...

If we could only just start at the finish.

[Brandon Live Veteran]

Also consider that it took years to provide the level of compatibility that Vista provides. If your complaint is, "Why wasn't XP written the way Vista was," you might as well be asking "Why didn't they wait until 2006 to release XP?"

Surely you're just whining and don't really believe that would have been the right thing to do.

[»X«]

I first started to turn off UAC right from Vista install. Then I just forgot to do it the 2nd time around. Currently my Vista has been running perfectly for months and months with UAC. I got used to clicking it, never made me pull my hair out. Don't know what all the fuss is about.

[gigapixels Veteran]

Don't know what all the fuss is about.

The fuss is about the fact that they've got nothing better to do with their lives and they think they know how to develop software better than the largest software company in the world. Duh. :rolleyes:

[jjrambo]

The fuss is about the fact that they've got nothing better to do with their lives and they think they know how to develop software better than the largest software company in the world. Duh. :rolleyes:

For you information because of Microsoft, billions of dollars are lost every year across different businesses. They are the largest company, and it doesn't mean that they do everything right.

Key problems for Windows in general...

Poor file/folder organization

Registry

[ViperAFK]

For you information because of Microsoft, billions of dollars are lost every year across different businesses. They are the largest company, and it doesn't mean that they do everything right.

Key problems for Windows in general...

Poor file/folder organization

Registry

That's very broad, I definitely wouldn't call the registry a "key problem in windows" or really a "problem" at all...

[syncore]

UAC is for people who don't know how to use computers. I know how to use a computer. That's why I have it turned off on my vista machines.

[ViperAFK]

UAC is for people who don't know how to use computers. I know how to use a computer. That's why I have it turned off on my vista machines.

"UAC is for people who don't know how to use computers."

*facepalm*

[rtk]

"UAC is for people who don't know how to use computers."

*facepalm*

And that's why the choice needs to be taken out of the user's hands.

On without a way to turn it off.

[gigapixels Veteran]

For you information because of Microsoft, billions of dollars are lost every year across different businesses. They are the largest company, and it doesn't mean that they do everything right.

Please, give me some example of this. And I never said they do everything right, but it gets ridiculous when everybody with a computer and an internet connection starts to act like they know how to develop software better than Microsoft.

[.Prozium]

For me at least, UAC was one of about 5 reasons why Vista was replaced with Windows XP on my PC.

It doesn't save people from anything, it's ridiculous to even imagine for 1 minute that it does.

People click OK because 'it's just another dumb Microsoft dialog that's stopping me from doing what I want to do'. Microsoft's Steve Ballmer understands this. Yet, there are Microsoft employees that are still trying to advertise how wonderful the feature is.

Here's the news. This was a bad implementation of a vaguely useful idea. I wish Microsoft would stop trying to convince customers that UAC is there for their own good, and get the s___t together and try again.

[Linkinfamous]

I'm going to guess you didn't even glance at any other posts in this thread before posting that?

[.Prozium]

I'm going to guess you didn't even glance at any other posts in this thread before posting that?

I read the first 5 pages and the last 5. My post is still just as relevant. What do you see wrong with my views on UAC?

Locking the door to my house and setting the alarm, EVERY time I leave, is annoying.... but I don't think I'll consider leaving it unlocked.

Seems like a sound analogy.

How about, your car asking you permission and making sure that you definitely positively wanted to press your brake pedal when you're travelling at 110KM/h and see a truck coming right at you.

That would be annoying, yes? Ditto for UAC.

[Brandon Live Veteran]

How about, your car asking you permission and making sure that you definitely positively wanted to press your brake pedal when you're travelling at 110KM/h and see a truck coming right at you.

That would be annoying, yes? Ditto for UAC.

Fortunately that's an absurd analogy, and UAC is nothing like that.

UAC is like your car asking for your key before it starts. Only people in possession of the key have been entrusted to take control of the vehicle and not crash it into a wall. UAC is just like that, you only give the key to applications you trust not to drive your computer off a cliff.

Or drive slowly around bad neighborhoods with the doors unlocked.

Regular applications that don't run as an Administrator are like people you let into the car by unlocking it for them. They can still get inside, play around, mess up your stuff. But at least they don't have the key, so they can't start it and drive through the side of your house.

Edited April 10, 2008 by Brandon Live

[rtk]

I read the first 5 pages and the last 5. My post is still just as relevant. What do you see wrong with my views on UAC?

Um, they're wrong? That's a good start.

Even if a person mindlessly clicks on UAC dialogs, it's still far more secure than letting any app that doesn't ask run with full permission to do whatever it wants. Protected Mode in IE alone increases security by leaps and bounds.

Maybe you should go back and read the other pages you skipped, this has all be discussed before, your views on UAC are a commonly believed complete fabrication.

If every single exe and dll on your system asked for elevation, you'd have a point.

[svnO.o]

I personally have UAC in "quiet mode". UAC is pretty pointless to me except for the IE sandbox feature. The way in which UAC works is just to prevent users from making self-inflicted mistakes. For me personally, if I double click an exe/install file, I meant to click it and that's that. UAC has flaws in that once a person allows something to be run, it can go ahead and run any other application at will.

I did a test by creating an exe that opens up another exe (both of which require UAC elevation when opened separately). I renamed one to file-setup.exe and the other to file-install.exe. Since both have install/setup in their name, UAC will come up and require you to allow it to run. When I ran the file-setup.exe file it popped up UAC, I allowed it, and the file-setup.exe automatically opened file-install.exe without a second UAC popup.

Basically, UAC can only stop things from opening/running that can somehow execute on their own. Once you allow something to run, it has the ability to run other things with/without UAC.

But like I said, I use UAC in "quiet mode" to keep the IE7 feature intact. But otherwise it is just an annoyance that is pointless to me.

Also just I noticed that UAC hasn't been helpful (so far) to the majority of voters. Just another reason why to keep it in "quiet mode".

Edit: One thing good about UAC: running an exe (which initially doesn't prompt UAC) that opens another exe (which requires UAC elevation) will cause the prompt to appear. Though someone writing software to get around this could simply require the original exe to require elevation and do whatever they wish (eg. open other executables) after that.

Edited April 11, 2008 by dlegend

[Linkinfamous]

I personally have UAC in "quiet mode". UAC is pretty pointless to me except for the IE sandbox feature. The way in which UAC works is just to prevent users from making self-inflicted mistakes. For me personally, if I double click an exe/install file, I meant to click it and that's that. UAC has flaws in that once a person allows something to be run, it can go ahead and run any other application at will.

I did a test by creating an exe that opens up another exe (both of which require UAC elevation when opened separately). I renamed one to file-setup.exe and the other to file-install.exe. Since both have install/setup in their name, UAC will come up and require you to allow it to run. When I ran the file-setup.exe file it popped up UAC, I allowed it, and the file-setup.exe automatically opened file-install.exe without a second UAC popup.

Basically, UAC can only stop things from opening/running that can somehow execute on their own. Once you allow something to run, it has the ability to run other things with/without UAC.

But like I said, I use UAC in "quiet mode" to keep the IE7 feature intact. But otherwise it is just an annoyance that is pointless to me.

Also just I noticed that UAC hasn't been helpful (so far) to the majority of voters. Just another reason why to keep it in "quiet mode".

Edit: One thing good about UAC: running an exe (which initially doesn't prompt UAC) that opens another exe (which requires UAC elevation) will cause the prompt to appear. Though someone writing software to get around this could simply require the original exe to require elevation and do whatever they wish (eg. open other executables) after that.

You seem to be misunderstanding what UAC is trying to do. Once you give a piece of code Admin access to your system (That is, elevate it with a UAC prompt), it's got full access. It can do whatever it wants. UAC's job is completely over at that point.

What UAC does is prevent normally running applications from having enough access to your system to do anything harmful beyond just your user account. It's not about stopping things you've elevated from doing anything. It's about stopping things you haven't elevated from doing stuff. For instance, I don't want my word processor, email client, browser, or PDF viewer to have write access to my system folders, do I? Absolutely not. That'd be stupid, seeing as how every one of those applications can interact with potentially dangerous data from the internet.

With UAC in silent mode, an exploit or any malicious executing code can try to spawn another process elevated to do its dirty work. With UAC on fully, you'd get a random prompt out of nowhere, and probably dismiss it (I certainly would if I was reading an email and got a random prompt out of nowhere!). With it in silent mode, however, it'll just magically start an elevated process, and have all the fun it wants.

Don't get me wrong. UAC in silent mode is certainly better than it off. It's just not the same as with the prompts enabled.

[+Fahim S. MVC]

I have never understood the point of running UAC in silent mode...

[Brandon Live Veteran]

I have never understood the point of running UAC in silent mode...

Then it seems you don't understand the point of UAC?

Granted, it's far less secure than running without it. But for some power users it strikes a good balance. It is certainly far better than running without it.

[+Fahim S. MVC]

Then it seems you don't understand the point of UAC?

Granted, it's far less secure than running without it. But for some power users it strikes a good balance. It is certainly far better than running without it.

I understand it... To me using UAC in silent mode seems so much less secure that it is really better to put up with the inconvenience of the prompt for the peace of mind.

Don't get me wrong, I am proponent of UAC and wouldn't dream of turning it off on any of my systems.