A Fresh Look at Vista's User Account Control

Art Grimm writes to mention a post at Ed Bott's Microsoft Report on ZDNet. There, he talks about Vista's User Account Control, and the issues he sees with the setup as it exists now. From the article: "The UAC prompts I depicted in the first post are those that appear when you install a program, when you run a program that requires access to sensitive locations, or when you configure a Windows setting that affects all users. But as many beta testers have discovered, UAC prompts can also show up when you perform seemingly innocent file operations on drives formatted using NTFS. In this post, I explain why these prompts appear and why some so-called Windows experts miss the obvious reason (and the obvious fix)."

Re:This is not a good approach

[kimvette]

And, it's unlikely that Quickbooks will run as Limited User in Vista. See the URL in my sig (it is not my site, just conveniently appropriate for this thread)

Re:Soon, Same As It Ever Was

[dr-suess-fan]

I always thought the best model for Aunt Sally would be a keyswitch on the front of the computer. Similar to those round-key locks that used to prevent boot-up.

If a program wants write access to Program Files, a dialogue box will pop up asking the user to turn the keyswitch to admin mode.

Now, hopefully Sally won't turn the keyswitch unless she knows she's trying to install something.

Games -vs- firewalls

[MobyDisk]

I'm curious how this handles applications that constantly modify system settings inappropriately. Does it prompt you every time, or just once? Does it remember the setting? Ex: Most games still save their save files into C:\Program Files. When I save my game, am I booted from my DirectX environment back to the desktop to answer the prompt? If so, does it happen every time I save? Or can it work like a firewall and say "let me do this every time."

uh..

[DoctorDyna]

But, if you disable the run elevated functions, wont the popup be replaced with a dialog that says "This program needs administrator priveleges to run. Unfortunatly, you disallowed elevating you, dumbass. please log on using an account capable of running this."

Re:Get a Mac.

[jacksonj04]

Vista has the potential to turn around the eternity of warning boxes. I would consider myself a computing professional, and sometimes even I've automatically clicked OK before going "Oh shit, what exactly did that just say?"

Vista's security model doesn't seem to ask for credentials in stupid places, unless the article writer believes that modifying the system folder should be the perogative of every user. What it does (Especially when running user apps) is show just how much applications rely on priveledged accounts. If the developers can get the program to work as expected without relying on admin rights, it will make users stop and think "Woah, why is this asking me for the admin password? What is it trying to do?"

I have no objection to being prompted every time something wants to mess with a system file. I object to being prompted every time something wants to mess with a system file because the application is piss-poorly designed.

It's worse than that actually

[apankrat]

What's worse is that there is no way to distiguish between authentic "User Account Control" dialog and a fake one that is poped up by a malicious application trying to collect admin credentials.

Unless Vista allows customizing generic "UAC" dialog (with an image or a text) or easily authenticate it in some other way, UAC being ON appears to pose a greater risk to a system security then when it is OFF.

Re:Problem/Issue is obvious if you understand Unix

[value_added]

NTFS has file permissions, but they rarely came up in practice because everyone in Windows was doing everything as the Unix equivalent of root. In Unix, the obvious fix is to do a sudo chown -R newuser /mnt/olddrive (or an ultraghetto sudo chmod -R o+rwx /mnt/olddrive) . The user/permission concept is totally foreign to your average windows user though, and hence the problem.

Foreign is the right word, but the problem is more extensive and pervasive than familiarity or experience. First there is that mess called the registry and its tortured permission structure. Then there is an incoherent file system hierarchy where anything can be just about everywhere, except for what's supposted to in SYSTEMROOT or system32, which is where everything gets dumped anyway to avoid creating a path that's a mile long. Then there's Windows bizarre concept of file ownership. I create a file, but some other group owns it instead, but it's almost always executable by everyone, so no worries, right? Executable JPGs and GIFs and text files. LOL. Short of right-clicking one's way through the registry and file system, I doubt anyone knows and or manages anything, Microsoft included. And then, of course, there's all those services ...

Sorry, but Microsoft will have to reinvent themselves a few more times before they discover Unix and these problems go away. These perennial discussions of "running as Administrator" vs. "running as a member of the Administrator's Group" vs. "running with limited privileges" obscure the real problems, and New and Improved Changes by Microsoft only mitigate the existing chaos. Get a typical home user to run with low privileges? Woohoo. That takes care of everything, doesn't it?

DOS-style attributes in combination with an overcomplex ACL/policy-based system and a nutty bunch of default user and group acounts (SYSTEM, anyone?) is painful enough without the embarassing lack of tools. I give it a few more years before they get round to giving us a terminal window in which perms and ownership are clear and visible, using chmod and chown become standard practice, and an appropriate umask can be defined. Should I hold my breath, I wonder?