Main Area and Open Discussion > General Software Discussion

Windows 7 — first impressions

<< < (15/18) > >>

f0dder:
UAC is just a poorly designed fix - it is slightly less poorly designed in 7 than Vista but nevertheless it is and always will be an excuse for not doing the right thing.-Carol Haynes (December 12, 2009, 05:37 AM)
--- End quote ---
I don't agree fully with that - it has some problems at the API side, but IMHO it's basically A Good Thing. Even if all poorly written software was fixed to follow the Windows coding guidelines, there'd still be a bunch of applications legitimately requiring admin privileges... requiring every such application to be split into a service and an end-user UI is overkill.

Few, if any, user level applications NEED admin rights to run and if they do they can be written properly so that the relevant parts can be elevated to admin status during setup.-Carol Haynes (December 12, 2009, 05:37 AM)
--- End quote ---
Yep, apart from installation, most user level applications shouldn't ever need admin privs.

How about having a system similar to secure layer certificates for website so that any application requiring elevated privileges has to have a certificate (not necessarily from MS) so that you can clearly identify the source of the software. If SSL cert providers broadened their scope to include this kind of cert then it wouldn't cost developers much to certify their apps and it would be a real incentive to get the apps correct in the first place. Multiple certs for different applications from the same developer could be very cheap because the initial identification would go through with the first registration.-Carol Haynes (December 12, 2009, 05:37 AM)
--- End quote ---
Interesting idea, and applications have had AuthentiCode signing for quite a while now (though usually you only see it for installers and ActiveX objects). I'm not a super big fan of whitelisting in this context, though... it would definitely have some good uses, but there'd be the risk of opening up backdoors, and crappy software vendors would just require an UAC exception to be added, rather than fixing their software.

cmpm:
in XP I always was running in admin mode
still got a prompt to allow an install
but not of drivers within the install like W7

now with UAC turned off
I still get the driver prompt/warning
which is good

I never had a problem with programs trying to install without me clicking install. XP or W7.

I wonder if UAC would catch opencandy.
That would be a good test I think.
But I won't try it.

Carol Haynes:
How about having a system similar to secure layer certificates for website so that any application requiring elevated privileges has to have a certificate (not necessarily from MS) so that you can clearly identify the source of the software. If SSL cert providers broadened their scope to include this kind of cert then it wouldn't cost developers much to certify their apps and it would be a real incentive to get the apps correct in the first place. Multiple certs for different applications from the same developer could be very cheap because the initial identification would go through with the first registration.-Carol Haynes (December 12, 2009, 05:37 AM)
--- End quote ---
Interesting idea, and applications have had AuthentiCode signing for quite a while now (though usually you only see it for installers and ActiveX objects). I'm not a super big fan of whitelisting in this context, though... it would definitely have some good uses, but there'd be the risk of opening up backdoors, and crappy software vendors would just require an UAC exception to be added, rather than fixing their software.
-f0dder (December 12, 2009, 06:14 AM)
--- End quote ---

I wasn't thinking white listing so much but rather accountability. If something similar to SSL certs were required it would force developers to identify who they are and how to contact them. If they are identifiable then it will cut down on the crapware and malware that  wants admin access level to be malicious. The good thing about SSL certs is that they are only issued when you provide concrete proof of who you are and where you are - that way if any problems arrive the license can be revoked and for malware pedlars they can be prosecuted.

f0dder:
Carol, AuthentiCode already lets one do that - afaik it's the same process as SSL certs (plus a bit more?), CAs are definitely involved.

Carol Haynes:
Yes you can do that but what I am suggesting is that it beo=come mandatory and that only applications with such a certificate be allowed to install if they require admin access level. Either that or a massive warning pops up warning users that they are installing or running something that requires admin rights but it comes from an untrusted source.

Anything really to force the hand of developers to sort out the issues people are encountering and to stop everyone blaming the operating system for developers poor coding practices.

Navigation

[0] Message Index

[#] Next page

[*] Previous page