topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:18 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Windows 7 — first impressions  (Read 43955 times)

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #50 on: December 03, 2009, 01:09 PM »
MilesAhead: you might not be able to directly read the password in plaintext, but since it's an automated method, what stops you from simply copying the encrypted password and using the sudo tool to launch other stuff?

What stops you is the algorithm isn't that simple.  Your password as well as the program/batch commands executed are calculated into a string that's unique for each shortcut created(unless perhaps you created identical shortcuts.)  The server decrypts the password and the info about the command and matches them up.  If you made a batch file with "del c:\windows\temp\*.tmp"  and then used the password string generated with a shortcut that used the command "del c:\windows\system32\*.dll" it would not work.

The author said it's not bullet-proof but it's something.  If we really want to get into it, typing in the password by hand you could have a key logger or even a listener for electronic noise that would know which keys are pressed.  Depends how paranoid you are.  Don't use the automated method for anything really critical. It's just a convenience.  Back then there weren't a lot of utilities such as CCleaner as I recall.  You pretty much did it manually.  There's exponentially more freeware available these days.


Anyway, I'm just going from memory back in the 1990s. I think the programmer gave up on it around 2005 or so. On most machines the gaping whole in security is the computer case.  Rip it open.  Take HD.  Info gone.


f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #51 on: December 03, 2009, 01:16 PM »
Ah, hashing the command and using that as part of the encryption key at least makes the very-trivial attack impossible - at least that's something.
- carpe noctem

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #52 on: December 03, 2009, 01:18 PM »
Ah, hashing the command and using that as part of the encryption key at least makes the very-trivial attack impossible - at least that's something.

Like I said, it's a convenience for taking out the trash.  Not something to connect to your bank account. :)

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #53 on: December 10, 2009, 11:10 PM »
OK - only three days on Windows 7 and already I am turning UAC off. It does NOT only pop when an installer is started; it pops every time I open Everything, and many times again when I simply try to maximize Everything from the system tray. Same thing for Chameleon Startup Manager, and a few others. I tried setting them as opening with admin rights, didn't help w/the popups.

There is no reason for me to be irritated in this way. Sorry folks, I've read about as much as I can on UAC, but it's getting the fourth option here.

Jim

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #54 on: December 11, 2009, 12:43 AM »
OK - only three days on Windows 7 and already I am turning UAC off.

Wow, you really stuck it out....it lasted all of 60 minutes on my machine.

And it's extremely annoying how things just do not want to work under Win7, whereas they work fine under XP with a minimum of fuss.

eg. I have a G15 keyboard, I run LCDMisc, (Run As Admin), to provide feedback as to what a daemon is doing on another machine on the LAN - it also uses the multimedia keys to control the daemon.  Works fine under XP, push a key the daemon stops, push it again it resumes.

On W7 it just happily ignores the keys, I don't use the default firewall and LCDMisc has full access through Outpost - I'm sure this will turn out to be something really simple under W7, I just have to have the patience and time to work out what but in the meantime it's just really annoying.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #55 on: December 11, 2009, 01:11 AM »
Annoying it is!

I think I might have to reinstall the damn thing. Not sure which app did this, though I suspect one of two - CloneCD from Slysoft or, believe it or not, Thunderbird 3 - but one of them borked the system something awful. Had to go into safe mode and ended up restoring a System Restore point. Decided it was probably CloneCD so I went ahead and installed T-Bird 3 again and got the same problems. Basically the system, after restarting, wouldn't go any further. Couldn't access the taskbar or anything else. Spinning thing stayed forever, and no activity according to the lights on the case. Tried bringing up the Task Manager and the screen goes dark. So, started in safe mode again, uninstalled T-Bird 3, and restarted yet again. All seemed OK except the resolution was not quite restored correctly. All icons smaller, text in all programs way too small. Resolution values are correct: 1920 x 12xx (forget exactly), but text/icons off, and I cannot get them back like they were before all this, which was just the damn default that Win7 set up. Setting text size is a percentage. I have it set at what is the claimed default, 125%, but it is still too small, and that's after logging out/in, restarting... Just can't seem to make it like it was. Damn it!

BTW, during all that stuff above, Windows performed a system repair after the first time in safe mode - that's actually when the text size got screwed up. If it were XP I'd have it sorted by now, but Win7 doesn't have everything in the same place, plus it doesn't want to let me do much of anything on my own. F**king presumptive bastards!

Do I sound a little, tiny bit pissed?   >:(

Jim

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #56 on: December 11, 2009, 11:11 AM »
It just occurred to me why some people are having such battles with UAC while I have none. It may be that I have removed one of UAC's most annoying traits when launching apps. In the world of UAC the C: drive, and especially the C:\Program Files\ directory, are sacred areas of the hard drive as far as UAC is concerned and it's more hyper-vigilant monitoring your C: drive (and C:\Program Files and C:\Windows) than it is when monitoring other drives and directories.

I've always (even back in the days of Windows 95) installed everything to D:\Program Files. Tons of programs that will throw up a UAC prompt when installed to C:\Program Files won't utter a peep when installed to a different hard drive.


Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #57 on: December 11, 2009, 11:23 AM »
You might be on to something there - I usually install to D:\Program Files when an installer gives the option and I am not plagued by UAC prompts either.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #58 on: December 11, 2009, 12:01 PM »
Yes, Program Files has proper NTFS permissions set, which is why UAC pops up when poorly programmed applications try to write to their install folder :)

As for Everything popping up an UAC prompt, that's quite natural as well: it reads the MFT directly, which isn't something you want just any application to do... if Everything had been properly designed, it would consist of a service backend and a GUI frontend.
- carpe noctem

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #59 on: December 11, 2009, 12:11 PM »
Exactly! Do not blame UAC for poor application programming. Any modifiable files should be stored in the %appdata% folder of the users profile. Writing to program files is a poor habit spawned by years of Win9X/ME and running as an admin profile in XP/Vista/7/2K

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #60 on: December 11, 2009, 12:44 PM »
I had to go into Control Panel to check ... I get prompts so seldom I keep forgetting UAC is on.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #61 on: December 11, 2009, 02:54 PM »
f0dder, Josh:

I can't seem to use the "quote" button here now - tells me it cannot complete verification, so anyway this is on reply to your most recent posts above:

I don't give a flying **** if those two apps are "poorly programmed" as you two call them. Chameleon Startup Manager and Everything have worked flawlessly for me since I first discovered them - here on DC as a matter of fact! They perform their respective functions exactly as promised, and are exactly what I wish to use. And the two of you are going to tell me that I'm using crapware? Bullshit!

What have they programmed so poorly? Their apps work very well. Is it that they did not add in code to satisfy the UAC program? If that is all they have done so poorly, then I can live with that. If one or both suddenly - after all the use I have given them - rip up my system, well then it's on me. I paid for this damn OS, I paid for the computer and all associated hardware connected to it. And I'll damn well run whatever I please on it, Microsoft be damned... and worse if need be! What do you suggest? That I look around and find something that might be able to replicate what those two apps can do but also made a point to go get their Microsoft Logo Certs? Not me.

Hey, I run only licensed software, I pay for every damn app I use regularly - whether by price or by donation (and I'll match my total donations to independent developers, and not just here at DC, against anyone here) - and I run my machines with licensed Anti-Virus, Anti-Spyware, plenty of diagnostics and system monitors, and I try to practice smart and safe computer usage. I usually customize my systems, but only within my capabilities; I don't download a lot of crap from torrent sites and cross my fingers that they aren't so dirty that they infect my refrigerator, TV, and washer and dryer, too  (  ;D ). But I will not abandon the use of some of my favorite utilities and go buy certified ones because they fail in only one single aspect - getting by Microsoft's admitted "annoyance" alert program UAC.  Ain't happening!!

And dat's da truth...   :P :P :P

XXOO

Jim  ;)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #62 on: December 11, 2009, 03:23 PM »
I use Everything on all my computers (XP, Vista, 7) and never see a UAC prompt (and yes it is enabled).

You just have to setup how the app starts via the task manager (as already mentioned). ANd yes the only reason you have to do this is becuase Everything uses none standard methods to access the filing system and MS quite rightly wanrs you of this if you aren't running in purley admin mode.

At the end of the day the choice is there - if you don't like UAC turn it off. Going back to Windows XP because it is isritating is plain stupid - there is no UAC in XP, so you may as well have no UAC in Vista/7 - at least then you get a better firewall.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #63 on: December 11, 2009, 03:46 PM »
The Edsil was a fine car...but you can't buy one today because they failed to keep up with the changing times. Much so with software. The secure computing environment has changed radically in the past 5 years, and some folks have just spent too much time dragging their feet. They seem to be coding like they're hoping the good ol' Win9x security-less days will return ... and they will not. This is neither good, nor bad, it simply is.

UAC was designed has a half-step to ease people out of the (extreemly dangerous) habit of doing everyday tasks with administrative rights. Many (if not most) of the apps that trigger UAC repeatedly will be just as ill behaved if run in a standard user account.

Hell it took me 5 years to get T-Clock to behave the way I wanted it to, but it had to be done if I was going to be able to continue using it on the newer more security oriented OSs.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #64 on: December 11, 2009, 03:58 PM »
Carol, Stoic: I didn't say I was going back to XP!! Nothing that drastic. And I am using the user account that was automatically setup for me by the system. I believe that has admin privileges when needed to elevate an app but most of the time does not use them. And I think that is indeed a great idea. About three PCs ago - which would be five or six years I guess - I was using the Administrator account. At the time I didn't realize how dangerous it was. The system - either HP Pavilion or Dell Dimension, can't remember which specifically, was preset-up that way and I didn't know enough to change it. When I did learn I started to change it but do you know how hard it is to set up a new user and then actually use it? Clean desktop, none of my apps available to me. All would need to be uninstalled/reinstalled according to their support people, so I left it like it was for another six months till I got a new 'puter.

I prefer it like it is now, though I am certain there are people who still prefer to use Admin account. Their loss, if you ask me. Inexperienced users wouldn't know how to switch and use the Admin account for the most part. UAC is supposedly aimed at such inexperienced users. Anyway, mine is now off.  :)

Jim

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #65 on: December 11, 2009, 05:05 PM »
In my field I frequently run into vertical market software that is exorbitantly priced, slapped together, and rushed to market (prime offenders for permissions headaches). (Client needs security but can't afford update...) So for simplicity's sake I have reset the NTFS permissions on only the program's install directory, which leaves the rest of the system's security intact but lets the program run for users with out making the Admins. Surgical strike as opposed to throwing the baby out with the bath water.

Just a thought ;)

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #66 on: December 11, 2009, 06:24 PM »
And then there are some developers who are apparently trying but it simply isn't working. I use - or use to use up till a few days ago - ACDSee Photo Manager 2009. Worked fine on XP and Vista, but won't work for many on Windows 7. For months ACD Systems was totally silent on the problems but recently they finally posted a warning that the program isn't working for "some users" on Windows 7. However it is certified as Windows 7 compatible by Microsoft. If you had looked at the Windows 7 Compatibility page for ACDSee just a few days ago it showed ACDSee Photo Manager 2009 as fully compatible. Yet some were claiming that the number of users who could not use it on Win7 exceeded 50%, though I don't know of any valid statistics on that. Suffice it to say that the ACDSee forums and other image software-related forums have a heck of a lot of posts about it. It seems that after installation the software runs fine the first time. Then it never runs or runs poorly and usually crashes the system every time after that. Something to do with the file locations and permissions that it uses. Microsoft says it "should" work, and indeed it does for many. But it crashes a lot of folks also.

Anyway that program stayed on the compatible list for months and was just removed yesterday or the day before. Now it shows ACDSee 10 as "Coming soon". Which means I guess that they are not going to fix whatever is causing problems in the current version. And that isn't he only developer with issues like this. So ACDSee gets by UAC because it is officially pronounced as OK, while others, mostly from private developers who can probably least afford the additional programming, get honked by UAC every time. It needs work. No one should need to either install all programs to a different drive than C:\, nor set up programs to start as scheduled tasks to get around this "annoyance".

Jim

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #67 on: December 11, 2009, 07:40 PM »
All a developer has to say to a customer is 'cheange the permission in the shortcut that starts the app'. You can easily set any app to avoid UAC if you need to.

Personally I think it is a good idea that MS have put an obstacle in the way of sloppy software writers. At least the user knows that poorly coded software needs elevated privileges to run properly and have the choice of saying 'yes I trust them' or 'no I don't' on older systems the user is blissfully unaware.

Having said that I presume MS certified that ACDSee was Win 7 compatible because ACDSystems are big enough to cough up for the certification. I don't know how much test MS do on software to get into their list but I bet it isn't much more than run the installer and see if it works.

What I don't understand is why MS didn't simply make the choice of making all new user accounts default to user level security (and they could have done that back from Windows XP). Most of these issues would have been ironed out long ago. Seems to me that they are too lily livered to do the write thing so they introduce UAC as a kludge to fix something that isn't basically broken - just a bad choice.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #68 on: December 12, 2009, 12:46 AM »
Poorly programmed isn't the same as crapware. In this case, it's about not following design guidelines that have been around since, oh I dunno, NT4 or so. It's not about "satisfying the UAC program", stuff throwing UAC prompts simply wouldn't have worked on XP (or win200 or NT4 or anything non-Win9x) when not running with an account with administrative privileges.

And for the case of Everything, it's perfectly fixable: as mentioned before, the program needs to be split into a service running with admin privileges that have access to the MFT, and a GUI frontend that runs privilege-less and communicates with the service. Presto, problem solved. It's been the proper way to handle this kind of thing at least NT4 (I don't have experience with pre-NT4.)

ACDSee breaking probably has nothing to do with UAC but everything to do with poor programming practices... hardcoding locations, doing tings in nonstandard ways, whatever.

What I don't understand is why MS didn't simply make the choice of making all new user accounts default to user level security (and they could have done that back from Windows XP). Most of these issues would have been ironed out long ago. Seems to me that they are too lily livered to do the write thing so they introduce UAC as a kludge to fix something that isn't basically broken - just a bad choice.
I agree fully that MS should have made the default user non-admin a long time ago - preferably at the time of Win2000, and definitely no later than WinXP when people really started migrating from Win9x. Also, WinMe should never have seen the light of day, Win98 should have been the last 9x Windows.

I find UAC to be a pretty nice system, though - the alternative would be having to run applications in admin mode and always supplying an admin password in order to be able to do so...
- carpe noctem

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #69 on: December 12, 2009, 05:37 AM »
I find UAC to be a pretty nice system, though - the alternative would be having to run applications in admin mode and always supplying an admin password in order to be able to do so...

UAC is just a poorly designed fix - it is slightly less poorly designed in 7 than Vista but nevertheless it is and always will be an excuse for not doing the right thing.

Few, if any, user level applications NEED admin rights to run and if they do they can be written properly so that the relevant parts can be elevated to admin status during setup.

How about having a system similar to secure layer certificates for website so that any application requiring elevated privileges has to have a certificate (not necessarily from MS) so that you can clearly identify the source of the software. If SSL cert providers broadened their scope to include this kind of cert then it wouldn't cost developers much to certify their apps and it would be a real incentive to get the apps correct in the first place. Multiple certs for different applications from the same developer could be very cheap because the initial identification would go through with the first registration.

There could be an exception (UAC style) just for installation so you don't have to log out and login as an admin user to do that. But then the installers would need to be certified to run at that level.
« Last Edit: December 12, 2009, 05:39 AM by Carol Haynes »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #70 on: December 12, 2009, 06:14 AM »
UAC is just a poorly designed fix - it is slightly less poorly designed in 7 than Vista but nevertheless it is and always will be an excuse for not doing the right thing.
I don't agree fully with that - it has some problems at the API side, but IMHO it's basically A Good Thing. Even if all poorly written software was fixed to follow the Windows coding guidelines, there'd still be a bunch of applications legitimately requiring admin privileges... requiring every such application to be split into a service and an end-user UI is overkill.

Few, if any, user level applications NEED admin rights to run and if they do they can be written properly so that the relevant parts can be elevated to admin status during setup.
Yep, apart from installation, most user level applications shouldn't ever need admin privs.

How about having a system similar to secure layer certificates for website so that any application requiring elevated privileges has to have a certificate (not necessarily from MS) so that you can clearly identify the source of the software. If SSL cert providers broadened their scope to include this kind of cert then it wouldn't cost developers much to certify their apps and it would be a real incentive to get the apps correct in the first place. Multiple certs for different applications from the same developer could be very cheap because the initial identification would go through with the first registration.
Interesting idea, and applications have had AuthentiCode signing for quite a while now (though usually you only see it for installers and ActiveX objects). I'm not a super big fan of whitelisting in this context, though... it would definitely have some good uses, but there'd be the risk of opening up backdoors, and crappy software vendors would just require an UAC exception to be added, rather than fixing their software.
- carpe noctem

cmpm

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 2,026
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #71 on: December 12, 2009, 09:30 AM »
in XP I always was running in admin mode
still got a prompt to allow an install
but not of drivers within the install like W7

now with UAC turned off
I still get the driver prompt/warning
which is good

I never had a problem with programs trying to install without me clicking install. XP or W7.

I wonder if UAC would catch opencandy.
That would be a good test I think.
But I won't try it.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #72 on: December 12, 2009, 09:51 AM »
How about having a system similar to secure layer certificates for website so that any application requiring elevated privileges has to have a certificate (not necessarily from MS) so that you can clearly identify the source of the software. If SSL cert providers broadened their scope to include this kind of cert then it wouldn't cost developers much to certify their apps and it would be a real incentive to get the apps correct in the first place. Multiple certs for different applications from the same developer could be very cheap because the initial identification would go through with the first registration.
Interesting idea, and applications have had AuthentiCode signing for quite a while now (though usually you only see it for installers and ActiveX objects). I'm not a super big fan of whitelisting in this context, though... it would definitely have some good uses, but there'd be the risk of opening up backdoors, and crappy software vendors would just require an UAC exception to be added, rather than fixing their software.

I wasn't thinking white listing so much but rather accountability. If something similar to SSL certs were required it would force developers to identify who they are and how to contact them. If they are identifiable then it will cut down on the crapware and malware that  wants admin access level to be malicious. The good thing about SSL certs is that they are only issued when you provide concrete proof of who you are and where you are - that way if any problems arrive the license can be revoked and for malware pedlars they can be prosecuted.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #73 on: December 12, 2009, 10:21 AM »
Carol, AuthentiCode already lets one do that - afaik it's the same process as SSL certs (plus a bit more?), CAs are definitely involved.
- carpe noctem

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #74 on: December 12, 2009, 10:43 AM »
Yes you can do that but what I am suggesting is that it beo=come mandatory and that only applications with such a certificate be allowed to install if they require admin access level. Either that or a massive warning pops up warning users that they are installing or running something that requires admin rights but it comes from an untrusted source.

Anything really to force the hand of developers to sort out the issues people are encountering and to stop everyone blaming the operating system for developers poor coding practices.