Main Area and Open Discussion > Living Room
Is UAC as bad as I think it is?
urlwolf:
I should add I'm running windows server 2008, that explains some discrepancies. I'm putting my userspace files in a different partition, not on the same one where the OS is (could be part of the problem).
Something that could be done is to set up a timer in which you are admin without more prompts.
Alternatively, one can run one filemanager app always elevated, and use it rarely, only for installs.
Yet another solution: give rwx permissions to your user, recursively, on pretty much every little corner of the filesystem but the most obviously wrong ones. Btw, what a long time it takes to change permissions recursively!
Unix is pretty bad in some aspects, but permissions, they got right. And the ubuntu way of doing things (timed sudo) is pretty good. Not to mention you can have a shell for admin and leave it open in a tab, where it's out of the way... something I couldn't do on console (replacement for cmd.exe).
urlwolf:
What would actually be useful is to know WHY the prompt.
Is this installer trying to write to c:\windows? Is it adding something in the registry? What? etc
Right now, when I get a prompt, I'm blind. I just assume it must be ok to accept.
If the thing I'm installing has a big hoking trojan inside, there's no way for me to know that. How is UAC helping with security then? It's just making me exercise my fingers.
f0dder:
UAC is fine, and I don't find it popping up all the time when I'm doing normal stuff. If you get lots of popups, either you're doing stuff wrong or running some very badly-behaved applications... which you should nag the software developers about. For dealing with badly designed apps, you can often amend it by setting some NTFS permissions (yes, obviously regular users don't know about that kind of stuff).
Win7's "improved" UAC is actually a problem since it's a gaping security hole - you need to ramp it back up to Vista level as one of the first things you do after system install.
I do agree that timed elevation would be a nice thing, but "always allow this" or application whitelisting is a really bad idea. Really, developers need to fix their shitty code.
PS: if you open an elevated cmd.exe, applications you start from that should be elevated as well?
Eóin:
What would actually be useful is to know WHY the prompt.
Is this installer trying to write to c:\windows? Is it adding something in the registry? What? etc-urlwolf (June 12, 2009, 06:20 AM)
--- End quote ---
This would only work though if you had to ok every operation, and that wouldn't be fun. As it is one could ok the first innocent looking operation and then all the malicious ones could follow.
now, when I get a prompt, I'm blind. I just assume it must be ok to accept.
If the thing I'm installing has a big hoking trojan inside, there's no way for me to know that. How is UAC helping with security then? It's just making me exercise my fingers.-urlwolf (June 12, 2009, 06:20 AM)
--- End quote ---
For me I really see UAC as asking 'Do you trust this app do give it free reign of your system?'. Personally I just not sure how else it could work.
Josh:
f0dder, any applications started under an elevated profile for one program will launch elevated in their instance. I.E., I launch cmd.exe in elevated mode and I type "mspaint". That launches MSPaint in elevated privellege mode as well.
By the way, am I the only one who doesn't find UAC all that annoying? I actually enjoy having it. While "Allow all" is definitely a no-no, I think NortonUAC is a great addon. I use this and it lets you set an "Allow always" depending on the context in which the program is executed. For example, if I launch procexp from a custom build placed on my desktop in admin mode, I will be able to allow THAT location and that version to run elevated at any time. But, if I place that same file in c:\temp, I am again prompted to confirm that I want to run it. Also, if the file hash changes, I am then re-prompted for elevated rights again
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version