View Full Version : Vista's UAC security prompt was designed to annoy you
Prrkitty
04-11-2008, 03:51 PM
http://arstechnica.com/news.ars/post/20080411-vistas-uac-security-prompt-was-designed-to-annoy-you.html
Quote: At the RSA 2008 confab in San Francisco, Microsoft admitted that UAC was designed, in fact, to annoy. Microsoft's David Cross came out and said so: "The reason we put UAC into the platform was to annoy users. I'm serious," said Cross.
Quote: Peter Watson, Microsoft Australia's chief security advisor, explained it all last year. "Various application providers in the market are coming to terms... recognizing that it's much more effective to run applications and have actual users running on systems as standard users as opposed to system administrator," he said. "Why should I be letting my normal user be running as system administrator?" he asked.
-------------------
Hmmm... so they deliberately set out to piss off their user base?
And if I understand the 2nd quote correctly, they're also trying to force programmers/software engineers/software developers to write code in a specific way (in hopes of getting coders to write code to avoid the UAC) by shoving the UAC in *everyone's* face. <- hope that came out right.
There is a way to disable the UAC. I don't understand the full picture surrounding the UAC... so... would disabling it really be safe?
rock_nog
04-11-2008, 03:53 PM
You know, with all this UAC business, Microsoft is just asking for a Demon invasion.
DarkDragoonX
04-11-2008, 04:05 PM
If there were any justice in the world, a Cyberdemon would have materialized and devoured David Cross after the presentation.
Aliem
04-11-2008, 04:19 PM
While not as horrible as Me, from what I've heard, Vista is the worst OS I've personally used. Granted, I have home basic booted on my laptop, but it's a terrible operating system. I'm not sure if the more expensive versions are any better.
As for the quotes above... Man, I'm not really that shocked. the user security control system, or whatever it's called, is so completely pointless and obnoxious.
Revfan9
04-11-2008, 04:59 PM
lol
ALL of Microsofts products are designed to piss people off.
Are you new to this or something?
Dark Knight
04-11-2008, 05:06 PM
While not as horrible as Me, from what I've heard, Vista is the worst OS I've personally used. Granted, I have home basic booted on my laptop, but it's a terrible operating system. I'm not sure if the more expensive versions are any better.
Home Premium seems to run fine. I don't like the fact that my $150 video card is not Vista compatible, but whatever. My biggest issue is many, many programs refuse to work on Vista without setting the Compatibility to XP SP2 or installing files(mostly DLL's) that are no longer shipped with Vista and that many games that use OpenGL work poorly due to what I assume is a lack of support.
The fact that Vista whores 3/4 of my RAM, regardless of how much I have, comes in at second. It takes getting used to but Vista isn't "horrible" or "bad". I'd say it's "mediocre". But so was XP before the service packs, from my understanding.
There is a way to disable the UAC. I don't understand the full picture surrounding the UAC... so... would disabling it really be safe?
It gives you full Administrator rights on your Administrator account, the way it is with XP, when turned off. Is this safe? If you're retarded, no. If you have a firewall other than what comes with Windows, a good Anti-virus and anti-spyware along with being cautious about what you click on with IE or have the proper addons installed for Firefox it is "safe". You just won't have to worry about 2 or 3 pop-ups opening every time you open a program.
I can't really say that I'm upset by hearing about this nor do I see this as news. It's quite obvious what UAC is. It's Microsoft saying, "Since many didn't feel that XP had enough security, Vista will now prevent you from using your computer without first navigating through many pop-ups". Honestly, not everyone is meant to have Administrator access, even if they own the computer. These are the people that spout nonsense about "gomz windoes am borked am full of virus", click on any link they can with IE and believe that they have indeed been chosen for a pre-paid bank card, as long as they enter all of their personal and banking information.
The rest of them know how to turn UAC off and how to protect themselves. UAC is only a minor annoyance, no more annoying than a yappy dog, and is easily turned off a few minutes after you've installed Vista.
Sadly, many computer users fall into the first type. Maybe, just maybe, UAC will make these people educate themselves about computer security. If not, they'll just have to put up with the pop-ups while the rest of us uncheck the little box and reboot.
MoonCheese
04-11-2008, 06:52 PM
One problem with the annoying UAC is that so many pre-Vista apps trigger it because they mostly assume everyone is an administrator.
rock_nog
04-11-2008, 06:59 PM
More on the point, I consider the whole issue of whether or not people should be administrators of their own computers to be very annoying. Granted, I understand, in the Internet age, it's pretty much impossible to avoid the whole networking aspect, but I still think of computers in terms of the old days, "It's a machine. I feed it a list of instructions, and it carries out those instructions."
Revfan9
04-11-2008, 07:14 PM
One problem with the annoying UAC is that so many pre-Vista apps trigger it because they mostly assume everyone is an administrator.
Yep, and that's what Microsoft wants developers to do. To be forced to rig the entire way their program works specifically for Windows.
Well, they don't necessarily accomplish this with the UAC, but that is certainly what they're trying to do, making sure that it's impossible for other OSes to even exist.
Prrkitty
04-11-2008, 08:26 PM
Paul and I both have Vista Ultimate installed. And honestly... we've not had a lot of issues with it. Is Ultimate worth the difference between Home Premium and Ultimate? Nah... not really.
AtmaWeapon
04-12-2008, 11:11 AM
UAC is a necessary evil that corrects 10+ years of a bad idea. I don't care how 1337 you are, some actions should require a little bit of user approval before they happen.
The #1 stupid thing people do is run random software they find on the internet. It gets bonus stupid points if it was sent via email attachment and there hasn't been a verification check with the sender (i.e. "You sent me this file, what is it?" is replied to with something legit.) When this runs on pre-XP or on XP's administrator account, the security model assumes that if you ran the program you trust it and it's free to trash the registry, install malware, or do whatever the devil else it pleases, all without asking you a single thing. I've had that sinking feeling when running what I felt like was a legitimate file did nothing, and I know the silence means I have a long trail of smacking annoyances ahead. On XP limited-user and Vista accounts, you'll get a box asking you if you want to elevate privileges. The answer should almost always be no.
No software should get installed without my permission, but the thing I don't get is why it's still easy to install hooks. The hooks WH_KEYBOARD_LL and WH_MOUSE_LL can be installed by any application with correct privileges, and once the hooks are in place all mouse and keyboard input are routed through the application's hook procedure first. This is the stuff that keyloggers are made of. I'd love it if I had to answer to a dialog before one of these is installed. I'd like it even better if I had to solve a logic puzzle or a maze, with a 1-800 number for the solution and a 10-minute hold. The average Joe user shouldn't be able to approve this action without a ton of effort, in my opinion.
Do I feel sorry for software vendors who have to change their applications? No, I work for a software vendor and we take great care to minimize our impact on the Vista experience. There is no excuse why any running application should still have issues with Vista; only incompetent management who think there's value in cheaper developers.
So yeah, I want more prompts. Besides, I run Vista Business at work frequently and I'm never really bothered by being asked if I'm sure I want to do something particularly stupid. It reminds me of sudo on Linux, and it's the way things should be.
Also Revfan9 your comment about Microsoft trying to cripple cross-platform interaction is particularly ignorant given Microsoft's recent support for the Mono project and the 30,000+ pages of previously-internal documentation regarding protocols their applications rely on use. I'm not saying MS wants to, but the European Union is doing a much better job at putting them to the fire over monopoly powers than the US government did.
rock_nog
04-12-2008, 11:21 AM
I don't see how this helps the average Joe who is in the habit of running crap he finds in his inbox. If they're stupid enough to click on "Funny joke" from a person they don't know, they're stupid enough to click "yes" when Vista asks permission to run the system-melting virus.
I definitely see the use to this - something tries to run without my knowledge, then yeah, I damn sure want to know about it. Reminds me of one time, years ago, back when my family had AOL. One night, I heard noises coming from my computer, and I woke up to see that AOL was dialing up to connect to the Internet all by itself. Yeah, that kinda freaked the hell out of me. And certainly, I want to be made aware if that new notepad replacement I downloaded is trying to establish an network connection or something.
On the other hand, in day-to-day computing, it really serves no purpose other than to annoy.
phattonez
04-12-2008, 01:10 PM
UAC easily takes away 10 seconds every time since it needs to load up the black screen and find the window. I just turned it off. I'm the administrator and the only one who uses the computer, so of course I'll authorize anything that I'm starting.
AlphaDawg
04-12-2008, 02:05 PM
I'm 100% with AtmaWeapon here. As a former field service technician (supposedly for hardware-only support, but who am I kidding, probably half the shit I got sent out for was software-related) I can appreciate anything that makes it even a little tougher to foul one's computer up... even if people are too stupid to realize that's what it's doing... and even if it pisses off 99.9% of Vista users.
If you don't like UAC, go ahead and turn it off. But don't bother calling me when your computer's fucked, though...
AtmaWeapon
04-12-2008, 02:13 PM
I don't see how this helps the average Joe who is in the habit of running crap he finds in his inbox. If they're stupid enough to click on "Funny joke" from a person they don't know, they're stupid enough to click "yes" when Vista asks permission to run the system-melting virus.
There will always be stupid users that will do everything in their power to ruin their system; there's no way to design a "safe" computer for them short of giving them an internet appliance that has the OS on ROM and no hard drive for storage, but that isn't exactly an attractive machine, is it?
On the other hand, I like the idea that if I hit a site that tries a drive-by install there's an increased chance that I will be asked if I want to install something. It's amazing how for 10 years the primary complaint against Windows has been its "administrator only" approach to users, so when steps are taken to avoid that approach suddenly MS is wrong because now things are hard. The same thing happened with XP when complaining switched from "It doesn't look like OS X" to "It ripped off OS X". If people would stop beating around the bush and identify their position as "irrational hatred of Microsoft", then it'd be easier for the rest of us.
AlexMax
04-13-2008, 04:19 AM
There are much better ways to implement user access control than Microsofts implementation.
Ubuntu does it by asking you to enter YOUR password (not the superuser password, they figure that if an attacker gets physical access to your box, you're fucked no matter what security is in place) if you need to make any administration changes. Not only that, but when you do enter your password, it saves a 'token' so you don't have to enter it again unless you go X number of minutes without doing something super-usery
Mac OSX has a really slick system of having a two-mode options box. All the options a user can edit are editable, everything that you can't is grayed out. If you want to edit them, you click on a little 'lock' symbol and then enter the superuser password, and then the box is completely unlocked. For all of apples hipster faggotry, they sure know how to design interfaces.
I do see where Microsoft is coming from, and it is about damn time that their programs started to respect multiple accounts. But incedently, both alternative that I've listed systems are based off of UNIX, which came out in the 70's, and had concepts of multiuser from the start. There is a saying that those who do not learn from UNIX are doomed to reinvent it...poorly. Quite accurate in this case.
AtmaWeapon
04-13-2008, 12:13 PM
UNIX was a command-line OS that implemented user-level security at the command-line level. MS failed to respect 20 years of this working with Windows 95, but their idea was to trade ease-of-use for security and because they did this a household PC is ubiquitous. They really should have pulled the lever sooner, though. At the time of Windows 95, the internet was a small thing and in general viruses were destructive: you got it and it broke your machine. You almost can't blame them for feeling like security could be a low priority. Somewhere in the past few years virus writers started taking personal information and creating the nuisance of botnets, and MS failed to address this by properly tightening the security of their OS. It started in XP, but they really should have urged people to use limited accounts more. If for the last 4 years people had been running limited by default, there would have been more motivation for developers to support this scenario, and there would be less pain as we transition to Vista.
The graphical options editor you described is implemented in OSX, so you can't really claim MS had 30 years to realize that or that it's "based off of UNIX". It's based off of Apple's intense research into UI design and its definitely a good thing (though not all of their UI decisions are correct.) It's possible MS didn't implement it because Apple patented the interface; if they did then we're all going to suffer until someone wakes up and realizes that letting people patent an interface is stupid. But I'd be willing to bet it's more because MS hasn't spent years researching UIs that can support multiple levels of access simply because the situation hasn't existed.
The next Windows is going to be more painful if MS keeps their promises, but it is a move towards a much better Windows. Vista's probably going to be counted as ME II after it comes out. I've heard that running Windows Server 2008 is like running what Vista should have been, and that kind of fits with how ME drove people to Win2k, and XP was more compatible with Win2k drivers than ME/95/98. We're probably just seeing the end of the XP line and the start of the next one with Vista.
AlexMax
04-13-2008, 03:05 PM
I've heard that running Windows Server 2008 is like running what Vista should have been, and that kind of fits with how ME drove people to Win2k, and XP was more compatible with Win2k drivers than ME/95/98. We're probably just seeing the end of the XP line and the start of the next one with Vista.
Except that Windows 2000 was split into Workstation and Server modules. The Windows 2000 Workstation transitioned into XP Pro, while XP Home filled the obvious upgrade path from Windows 98. From there, they started the Server line with Windows Server 2003 as a continuation of Server 2000 and has returned to having one family of operating systems for home users and workstations (XP, Vista) and home users and another family of operating systems for server use (Server 2003, Server 2008).
AtmaWeapon
04-13-2008, 03:40 PM
This is where I get confused; at various stages of the implementation of both OSes I've gotten lost.
Long ago, Vista was Longhorn. At some point, MS dropped that codename and something else became Longhorn; at this time I saw the codenames Blackcomb and Vienna get tossed around a lot. Features got moved and shifted and it got to the point where reading news about Windows development was like reading HardOCP: every day there was some kind of groundbreaking addition or subtraction and I just quit caring.
When I have paid attention in the past, I've heard all three that Vista is off of 2003's codebase, Vista SP1 makes Vista and 2008's codebase the same, and that 2008 is the beginnings of Windows 7's codebase. I don't know which one is true and the limited searching I've done in the hopes of finding an error in your post is fruitless. What I really want is for them to adopt a release announcement cycle that makes sense: announce when you've got a good implementation, not when you're still putting post-its on whiteboards.
That said, what little I've read indicates Windows 7 is going to be a painful upgrade for lazy software developers, and I'm hoping it is. We'll probably absorb the pain and be first-to-market in our field again :cool:.
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.