ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Is UAC as bad as I think it is?

(1/5) > >>

urlwolf:
UAC is "lets give the user Admin rights whenever he asks for it and trust that he will never do anything wrong with it."

This cannot be. It's asking for trouble.

And worse, users will automatize this, and will make no decision (i.e., always allow).

In this sense, it's better to run in admin mode and  be spared the 500 M prompts a day that you endure as a normal user. It feels like you are borrowing your own computer instead of owning it...

Please somebody correct me before I kill UAC forever... or run as admin.

Carol Haynes:
UAC has been improved in Windows 7 - in Vista it is a royal PITA.

It has been widely said that MS deliberately made Vista UAC a royal PITA deliberately because they were so fed up with the bad security press they were constantly subjected to. By forcing windows to flag UAC prompts constantly they could say 'we warn you of potential security problems' - trouble is many people simply click through without thinking (like you said) or just turn UAC off.

Many of those 'bad press' episodes were orchestrated by Apple but to be fair at least MS issues regular patches and fixes which is more than can be said for Apple. The recent upgrade to Windows Safari 4 dealt with over 50 security exploits, many of which have been known about for months.

The big problem is MS don't know how to do security apps - we have UAC and Windows Defender - neither of which have any real user interface for customising responses to prompts. Then there is the OneCare debacle that rendered systems unusable and suffered such bad press and reputation that they are now axing it altogether.

I'll probably get shot down for saying this but the big problem with all operating system security is the use of C++ as a staple language. How many exploits are because of buffer issues? A strongly typed language with proper error checking would slow systems down a bit but would avoid many of the exploits that still plague every OS.

Eóin:
My understanding was that UAC being a PITA was to give developers a wake up call and get them to stop their apps wanting Admin privileges when most never need it.

Which is equally stupid as far as users are concerned but history would seem to show that the only means of getting developers to change their ways are to stop those old ways working. DEP for example would prevent a lot of buffer issues but developers won't stop mixing code with data hence DEP has to be left opt-in by default if those badly written programs are to still work.

NoWhereMan:
UAC is "lets give the user Admin rights whenever he asks for it and trust that he will never do anything wrong with it."

This cannot be. It's asking for trouble.-urlwolf (June 11, 2009, 06:06 PM)
--- End quote ---

how are you supposed to perform administrative tasks, then?

And worse, users will automatize this, and will make no decision (i.e., always allow).
--- End quote ---

one of the biggest criticism to UAC is that there is no such thing as "always allow". Permission must be always granted

In this sense, it's better to run in admin mode and  be spared the 500 M prompts a day that you endure as a normal user. It feels like you are borrowing your own computer instead of owning it...

Please somebody correct me before I kill UAC forever... or run as admin.
--- End quote ---

I'm assuming you didn't even try it; UAC is there even when you *are* admin, that's the other criticism. In Vista the default user is an Administrator, but runs at at a lower level of permissions, which is then elevated when required; the elevation requires answering the prompt. There is actually a class of superusers running at the higher level but the account is disabled as a default.

If you are running as a standard user (non-Admin) then the prompt will ask you for an admin password.

In this case, this is nothing different than the superuser password you get in linux or mac.

UAC is much less annoying than you might think, if you stay in your little user-space and don't mess with the file system.
Your world is your user directory \users\youruserid.
Permission will be asked only when changing system settings, or when installing software. And you really don't do that that often.

Oh, and if some of the freeware you love it's asking for an admin password... they're doing it wrong.

In Win7 they introduced a UAC control panel with a "nag" level chooser; the default level provides a whitelist, so common administrative tasks can be performed without asking user for confirmation. There are however some side effects for which I would suggest to raise the bar to the higher level (you'll get the same Vista level); or in alternative, create a second, lower level user and use that for any everyday task (which is what I already do on my Vista -- and something everyone should already do on his/her xp/vista/7)

bye!

Carol Haynes:
NoWhereMan- the issue is precisely that it always asks and there are no controls to supress pointless prompts. Consequently users just click Allow when ever it pops up without thinking about it (or else they simply disable it). This totally negates the purpose of UAC because it no longer offers any sort of protection for most users. The same is true of techy firewalls and the average user - constant prompts and questions that the user can't answer without more knowledge means that the firewall is pretty pointless as the only response the user has is OK let it go.

As you say it even happens when you log on as Administrator.

The biggest problem with UAC (and it will still be the same in Win7) is that it is purely a kludge to avoid doing proper user permissions and enforcing them. If MS simply said that the normal user is just that (a user) and that all software should allow 'users' to work without needing extra permissions they could then have a proper admin group without restrictions, and the ability to elevate to admin just as Linux does.

They won't do that because the crappy history of user rights in windows development means that most software would break - hell the fact that you needed to have admin rights to run earlier versions of MS Office says it all.

Having said that the UAC rules in Vista are deliberately stupid. The fact that you need admin rights to even look at device manager (OK if you want to update drivers etc. you should need admin rights but just to look at the current settings shouldn't need access rights).

Navigation

[0] Message Index

[#] Next page

Go to full version