| Subject: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/11/2008 8:10:00 AM |
| From: =?Utf-8?B?U1BFbnRodXNpYXN0?= [Email Address Protection] |
Please take a look at this: http://www.tmcnet.com/usubmit/2008/07/11/3541592.htm Numerous articles like this have appeared on the Web about businesses and government organizations not wanting to deploy Vista in their environments. The one above is about the FAA not wanting to do so, and I read one article recently about Intel not wanting to deploy Vista either. It has become common knowledge that security features like UAC and Windows Defender in Vista have put a lot of thieves out of business. Obviously these people have a lot of influence, if they can convince the FAA, Intel, etc. that Vista is bad for their employees. And now the consensus that they want to reach that they'll keep XP and keep ripping people off until Windows 7 is released. So, here's my question: Is Microsoft being pressured to retract features like UAC and Windows Defender from Windows 7? And will Microsoft cave in? Thanks. |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/11/2008 8:44:17 AM |
| From: "Carey Frisch [MVP]" [Email Address Protection] |
You are asking a question relating to a future Windows operating system that no one in this peer-to-peer newsgroup can answer. Try back in about a year or so. In the meantime, here is some information you can read and digress: Inside Windows Vista User Account Control http://technet.microsoft.com/en-us/magazine/cc138019.aspx Understanding and Configuring User Account Control in Windows Vista http://technet2.microsoft.com/WindowsVista/en/library/00d04415-2b2f-422c-b70e-b18ff918c2811033.mspx User Account Control http://technet.microsoft.com/en-us/windowsvista/aa905113.aspx -- Carey Frisch Microsoft MVP Windows Desktop Experience - Windows Vista Enthusiast --------------------------------------------------------------- "SPEnthusiast" <SPEnthusiast@discussions.microsoft.com> wrote in message news:0D25230A-2D50-41FC-8FA1-E2421C83CE8D@microsoft.com... Please take a look at this: http://www.tmcnet.com/usubmit/2008/07/11/3541592.htm Numerous articles like this have appeared on the Web about businesses and government organizations not wanting to deploy Vista in their environments. The one above is about the FAA not wanting to do so, and I read one article recently about Intel not wanting to deploy Vista either. It has become common knowledge that security features like UAC and Windows Defender in Vista have put a lot of thieves out of business. Obviously these people have a lot of influence, if they can convince the FAA, Intel, etc. that Vista is bad for their employees. And now the consensus that they want to reach that they'll keep XP and keep ripping people off until Windows 7 is released. So, here's my question: Is Microsoft being pressured to retract features like UAC and Windows Defender from Windows 7? And will Microsoft cave in? Thanks. |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/11/2008 9:04:39 AM |
| From: Nonny [Email Address Protection] |
On Fri, 11 Jul 2008 08:10:00 -0700, SPEnthusiast <SPEnthusiast@discussions.microsoft.com> wrote: >So, here's my question: Is Microsoft being pressured to retract features >like UAC and Windows Defender from Windows 7? And will Microsoft cave in? Your guess is as good as anyone's here. We're all just commun Vista users and don't work for MS. |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/11/2008 9:56:31 AM |
| From: "Pete Delgado" [Email Address Protection] |
"SPEnthusiast" <SPEnthusiast@discussions.microsoft.com> wrote in message news:0D25230A-2D50-41FC-8FA1-E2421C83CE8D@microsoft.com... > Please take a look at this: > http://www.tmcnet.com/usubmit/2008/07/11/3541592.htm > > Numerous articles like this have appeared on the Web about businesses and > government organizations not wanting to deploy Vista in their > environments. > The one above is about the FAA not wanting to do so, and I read one > article > recently about Intel not wanting to deploy Vista either. The reasons many govenrment institutions and businesses don't want to upgrade are many and they don't all center around UAC. For some, hardware budgets and training come into play. For others, legacy applications that are critical to the business are the concern. For some, waiting for Windows Server 2008 and all the related technologies so that all the interrelated technologies can be implemented and configured is the reason. Finally, for some the sage advice "if it ain't broke, don't fix it" is at play. To state that UAC is the reason many have not upgraded is an oversimplification and completely ignores the history of such major upgrades. -Pete |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/11/2008 11:41:56 AM |
| From: John Amendall [Email Address Protection] |
On Fri, 11 Jul 2008 12:31:32 -0500, Fmjc001 <guest@unknown-email.com> wrote: >I hope they keep the UAC. It means you can feel safe on your computer. I turned it completely off. I feel safe AND I don't get all those damned popup screens every time I try to do something more complicated than surf the web or do email. |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next |
| Group: microsoft.public.windows.vista.security |
| Date: 7/11/2008 3:30:32 PM |
| From: Charlie Tame [Email Address Protection] |
SPEnthusiast wrote: > I don't think a company like Intel is restrained by any kind of budget that > would not allow an OS upgrade across the enterprise. > > These "legacy applications that are crtical to the business" that you've > mentioned are engineered to spy on people and rob them, which is why these > businesses and government organizations can't deploy Vista. UAC would break > those apps. > > I'm using Vista with Windows Server 2003 as my domain controller, and > everything works fine. I'll soon deploy Windows Server 2008, but it's no > excuse to not deploy Vista. > > Like I said, Vista exposes a lot of thieves. > How the hell does UAC expose thieves? |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next |
| Group: microsoft.public.windows.vista.security |
| Date: 7/11/2008 3:35:09 PM |
| From: Charlie Tame [Email Address Protection] |
Fmjc001 wrote: > I hope they keep the UAC. It means you can feel safe on your computer. > > But you're not safe, you are no safer than you were before, there is nothing new about UAC, it just used to be called common sense. If you answer yes to everything UAC has done nothing, you are infected. Very similar safeguards were possible with XP, almost nobody used them. So all it has done is make you "Feel" safe, and if that is what it takes you make you feel safe you likely never will be. |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next |
| Group: microsoft.public.windows.vista.security |
| Date: 7/11/2008 5:40:10 PM |
| From: "Beoweolf" [Email Address Protection] |
It's a common misunderstanding - what you don't see can't hurt you. Similar to an outdated image of an Ostrich with his head in the sand, thinking if he can't see you - you can see him. Vista UAC, security exposes many of the "hidden" (surreptitious) uses/users of administrator level rights and/or attempts to access network resources. As mention, if you know what you are doing, if you take the time to study/research/learn your system and most importantly - if you care...you can be just as "safe" using XP. What Vista does is makes secure, the default option. This is in line with any Security professional training, not to mention common sense. The average user, those that have enjoyed the benefits of blissful ignorance, have also enjoyed the ability to blame the Evil Empire for leaving so many holes in Microsoft Clients and servers. Generally speaking, the absence if page upon page of complaints about Microsoft security have come at the expense of numbers of users, companies and Govt's now complaining that Vista is somehow flawed as a result of it being built to insist on security, from installation thru production use. Thou dost protest too much? There obviously is a learning curve, for hardware vendors - who chose to ignore years of warning, reams of documents explaining how this OS would not allow "shortcuts" which expose the Kernel to compromises. Software vendors and users were and are painfully made aware of the same issue Business as usual - Ain't no more. Take the time (better use, just use pre-configured policy and templates) to configure your system (do yourself a favor - give those 8, 16 and off brand 32 bit cards a fitting funeral, they earned it); yes, become the informed user who has complained about security for so long - now that it is here ... whining about "It's too good" just doesn't make sense. "Charlie Tame" <charlie@tames.net> wrote in message news:err97W64IHA.1420@TK2MSFTNGP06.phx.gbl... > SPEnthusiast wrote: >> I don't think a company like Intel is restrained by any kind of budget >> that would not allow an OS upgrade across the enterprise. >> >> These "legacy applications that are crtical to the business" that you've >> mentioned are engineered to spy on people and rob them, which is why >> these businesses and government organizations can't deploy Vista. UAC >> would break those apps. >> >> I'm using Vista with Windows Server 2003 as my domain controller, and >> everything works fine. I'll soon deploy Windows Server 2008, but it's no >> excuse to not deploy Vista. >> >> Like I said, Vista exposes a lot of thieves. >> > > > How the hell does UAC expose thieves? |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/12/2008 5:15:04 AM |
| From: f/fgeorge [Email Address Protection] |
On Fri, 11 Jul 2008 17:35:09 -0500, Charlie Tame <charlie@tames.net> wrote: >Fmjc001 wrote: >> I hope they keep the UAC. It means you can feel safe on your computer. >> >> > > >But you're not safe, you are no safer than you were before, there is >nothing new about UAC, it just used to be called common sense. > >If you answer yes to everything UAC has done nothing, you are infected. >Very similar safeguards were possible with XP, almost nobody used them. > >So all it has done is make you "Feel" safe, and if that is what it takes >you make you feel safe you likely never will be. It has also started to create an awareness by the causual user to some of the things that spyware, etc can do to our machines that in the past we have had no clue about. NO it is NOT going to stop an infection! BUT hopefully it is a first step in getting users to stop being Admins on their pc's and to just be Users like on the Mac's. Sure Mac's have viruses etc, but they are not a problem because they can't self install because the indivual is logged on as a User not an Admin by default. Sure the User can say yes and the viruses will install, but for some reason people don't do that. Education by MS would solve alot of the problems they are seeing! |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/12/2008 5:32:52 AM |
| From: Fmjc001 [Email Address Protection] |
Charlie Tame;773818 Wrote: > Fmjc001 wrote:> > > > > > I hope they keep the UAC. It means you can feel safe on your > > computer. > > > > > > > > > > > But you're not safe, you are no safer than you were before, there is > nothing new about UAC, it just used to be called common sense. > > If you answer yes to everything UAC has done nothing, you are > infected. > Very similar safeguards were possible with XP, almost nobody used > them. > > So all it has done is make you "Feel" safe, and if that is what it > takes > you make you feel safe you likely never will be. I have it prompting for my password, so even if someone killed me before i locked my computer they still cant do anything without the password. Full drive encryption (256-AES), 3 firewalls. Only one on but have 2 backups just in case. Have 2 AV one on realtime other is for backup. Network Intrusion Detection, fingerprint USB and Local Security Policy is set to disable any sort of security flaw that i can see. GP disabling USB drives and CD drives for standard users and to top it all off if you click one of my Icons that i made it will do an emergency force shutdown. For eg, Registry or Local Security Policy have been renamed and if you click on something saying "Regedit" You get a "shutdown /s /f /t 1" command. Then you need my encryption codes. Oh i have memory firewalls and Auto backup sync that updates every 5 hours. Thats why i feel safe :). But the thing is, I dont have any sensitive data on my computer lol. But, i feel like i could keep CIA secrets for them :) -- Fmjc001 ::*Regards,*:: ::*Fmjc001 *:: |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/12/2008 10:50:47 AM |
| From: "Tom Allen" [Email Address Protection] |
"Fmjc001" <guest@unknown-email.com> wrote in message news:e3026f3496ec7c2c453480c47456a588@nntp-gateway.com... > > > . . . 3 firewalls. Only one on but > have 2 backups just in case. Have 2 AV one on realtime other is for > backup. > > . . . > -- > Fmjc001 I'm puzzled by your term 'backup' here. Are they just alternatives or is it something more subtle ? When would you go to the backup of each ? I also tend toward belt plus braces myself. Regards Tom |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/13/2008 2:14:15 AM |
| From: "SG" [Email Address Protection] |
"John Amendall" <jamend@spaceout.com> wrote in message news:v9af74pk7cj62of9f782ljn0hdp4uv0goo@4ax.com... > On Fri, 11 Jul 2008 12:31:32 -0500, Fmjc001 <guest@unknown-email.com> > wrote: > >>I hope they keep the UAC. It means you can feel safe on your computer. > > I turned it completely off. I feel safe AND I don't get all those > damned popup screens every time I try to do something more complicated > than surf the web or do email. Safe? well I hope something like this never happens to you. Quote from Ronnie Vernon MS-MVP It it only annoying until you run into something unexpected. Right after Vista was first released, we went through all of the debates about users getting to the point where clicking on the prompt became an 'automatic' response. One user told us about a utility that he downloaded and installed and he got the expected 'security warning' about the file not having a digital signature. He clicked to run the file anyway and the utility installed. He then got a message to 'click here' to configure your personal settings. He then received this prompt. http://i196.photobucket.com/albums/aa86/rvmv/UACPrompt2.jpg Without UAC, he never would have been aware of the second file being installed, since he had already permitted the program to run. Needless to say, he decided that he would leave UAC on. End Quote -- All the best, SG Is your computer system ready for Vista? https://winqual.microsoft.com/hcl/ Want to keep up with the latest news from MS? http://news.google.com/nwshp?tab=wn&ned=us&topic=t Just type in Microsoft |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/13/2008 2:47:17 AM |
| From: Nonny [Email Address Protection] |
On Sun, 13 Jul 2008 05:14:15 -0400, "SG" <sorry@nomail.com> wrote: >> I turned it completely off. I feel safe AND I don't get all those >> damned popup screens every time I try to do something more complicated >> than surf the web or do email. > > >Safe? well I hope something like this never happens to you. >Quote from Ronnie Vernon MS-MVP [snip] I have been online since late '90 and have yet to have my system infested with either a virus or even the simplest form of malware. So I install Vista two months ago and suddenly I need UAC to keep me safe? Bull. That said... I have so many freakin' backups of my system it would make your head explode trying to figure out how I keep track of all of them. I'm safe. |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/13/2008 3:07:52 AM |
| From: "Daniel Petri [Email Address Protection]" <daniel@petri.co.il.removethis> |
If I may add my $0.02 here, UAC is good for most "lame" or "security-insensitive" users. You could argue till the sun sets down on the question is the OS is "supposed" to prevent idiots from acting as such, with many to argue that if someone wants to act as an idiot, they should be allowed to do so. The fact that companies don't adopt Vista easily has nothing to do with UAC or with a bunch of influential "theives" as SPEnthusiast put it. There are many more reasons for not adopting Vista, and this is not the right thread for it. In my opinion, in next OS versions, UAC should be left on just like it is in Vista. Meaning it could be on by default, and if needed, it could be EASILY disabled while giving all the right warnings and informing the users of the result of their actions. I would even go further and create a "stealth" UAC mode, or perhaps some sort of "auditing" UAC mode by allowing the user to disable it, but still keep track of the activity that would have required the user's input. This way the user could be able to track what processes or actions required UAC interaction, and thus could be persuaded into re-enabling it. I know I would use such an option if it was available, and I don't see how it could place an extra performance penalty on the computer, not more that was required to run UAC in the full mode. -- Sincerely, Daniel Petri MVP, Senior IT consultant, trainer www.petri.co.il "Nonny" <nonnymoose@yahoo.com> wrote in message news:9jjj74pt8fiv076r0tadsaithhbv0er472@4ax.com... > On Sun, 13 Jul 2008 05:14:15 -0400, "SG" <sorry@nomail.com> wrote: > >>> I turned it completely off. I feel safe AND I don't get all those >>> damned popup screens every time I try to do something more complicated >>> than surf the web or do email. >> >> >>Safe? well I hope something like this never happens to you. >>Quote from Ronnie Vernon MS-MVP > > [snip] > > I have been online since late '90 and have yet to have my system > infested with either a virus or even the simplest form of malware. So > I install Vista two months ago and suddenly I need UAC to keep me > safe? > > Bull. > > That said... I have so many freakin' backups of my system it would > make your head explode trying to figure out how I keep track of all of > them. > > I'm safe. |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/13/2008 4:44:44 AM |
| From: "Michael D. Ober" [Email Address Protection] |
"Daniel Petri <MVP>" <daniel@petri.co.il.removethis> wrote in message news:%23abvRBN5IHA.4988@TK2MSFTNGP04.phx.gbl... > If I may add my $0.02 here, UAC is good for most "lame" or > "security-insensitive" users. You could argue till the sun sets down on > the question is the OS is "supposed" to prevent idiots from acting as > such, with many to argue that if someone wants to act as an idiot, they > should be allowed to do so. > > The fact that companies don't adopt Vista easily has nothing to do with > UAC or with a bunch of influential "theives" as SPEnthusiast put it. There > are many more reasons for not adopting Vista, and this is not the right > thread for it. > > In my opinion, in next OS versions, UAC should be left on just like it is > in Vista. Meaning it could be on by default, and if needed, it could be > EASILY disabled while giving all the right warnings and informing the > users of the result of their actions. I would even go further and create a > "stealth" UAC mode, or perhaps some sort of "auditing" UAC mode by > allowing the user to disable it, but still keep track of the activity that > would have required the user's input. This way the user could be able to > track what processes or actions required UAC interaction, and thus could > be persuaded into re-enabling it. > > I know I would use such an option if it was available, and I don't see how > it could place an extra performance penalty on the computer, not more that > was required to run UAC in the full mode. > > -- > Sincerely, > > Daniel Petri > MVP, Senior IT consultant, trainer > www.petri.co.il > > "Nonny" <nonnymoose@yahoo.com> wrote in message > news:9jjj74pt8fiv076r0tadsaithhbv0er472@4ax.com... >> On Sun, 13 Jul 2008 05:14:15 -0400, "SG" <sorry@nomail.com> wrote: >> >>>> I turned it completely off. I feel safe AND I don't get all those >>>> damned popup screens every time I try to do something more complicated >>>> than surf the web or do email. >>> >>> >>>Safe? well I hope something like this never happens to you. >>>Quote from Ronnie Vernon MS-MVP >> >> [snip] >> >> I have been online since late '90 and have yet to have my system >> infested with either a virus or even the simplest form of malware. So >> I install Vista two months ago and suddenly I need UAC to keep me >> safe? >> >> Bull. >> >> That said... I have so many freakin' backups of my system it would >> make your head explode trying to figure out how I keep track of all of >> them. >> >> I'm safe. > The real problem with the UAC is that it pops up when not needed. This is the same problem the Recycle bin has had for years. People get used to clicking the "go ahead" button without realizing the file they are deleting is too big for the recycle bin and won't be recoverable. The UAC pops up when you simply need to review your configuration - heck - it even pops up when you are attempting to start perfmon, which doesn't make changes to the system. MS - fix the overzealousness of the UAC, but don't get rid of it. Mike. |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/13/2008 5:58:41 AM |
| From: "Little Charlie" [Email Address Protection] |
Ik1pY2hhZWwgRC4gT2JlciIgPG9iZXJtZC5ALmFsdW0ubWl0LmVkdS5ub3NwYW0uPiB3cm90ZSBp biBtZXNzYWdlIG5ld3M6cmMyZG5iYm55bzR5ZC1UVm5aMmRuVVZaX2dXZG5aMmRAZWFydGhsaW5r LmNvbS4uLg0KPiAiRGFuaWVsIFBldHJpIDxNVlA+IiA8ZGFuaWVsQHBldHJpLmNvLmlsLnJlbW92 ZXRoaXM+IHdyb3RlIGluIG1lc3NhZ2UgDQo+IG5ld3M6JTIzYWJ2UkJONUlIQS40OTg4QFRLMk1T RlROR1AwNC5waHguZ2JsLi4uDQo+PiBJZiBJIG1heSBhZGQgbXkgJDAuMDIgaGVyZSwgVUFDIGlz IGdvb2QgZm9yIG1vc3QgImxhbWUiIG9yIA0KPj4gInNlY3VyaXR5LWluc2Vuc2l0aXZlIiB1c2Vy cy4gWW91IGNvdWxkIGFyZ3VlIHRpbGwgdGhlIHN1biBzZXRzIGRvd24gb24gDQo+PiB0aGUgcXVl c3Rpb24gaXMgdGhlIE9TIGlzICJzdXBwb3NlZCIgdG8gcHJldmVudCBpZGlvdHMgZnJvbSBhY3Rp bmcgYXMgDQo+PiBzdWNoLCB3aXRoIG1hbnkgdG8gYXJndWUgdGhhdCBpZiBzb21lb25lIHdhbnRz IHRvIGFjdCBhcyBhbiBpZGlvdCwgdGhleSANCj4+IHNob3VsZCBiZSBhbGxvd2VkIHRvIGRvIHNv Lg0KPj4NCj4+IFRoZSBmYWN0IHRoYXQgY29tcGFuaWVzIGRvbid0IGFkb3B0IFZpc3RhIGVhc2ls eSBoYXMgbm90aGluZyB0byBkbyB3aXRoIA0KPj4gVUFDIG9yIHdpdGggYSBidW5jaCBvZiBpbmZs dWVudGlhbCAidGhlaXZlcyIgYXMgU1BFbnRodXNpYXN0IHB1dCBpdC4gVGhlcmUgDQo+PiBhcmUg bWFueSBtb3JlIHJlYXNvbnMgZm9yIG5vdCBhZG9wdGluZyBWaXN0YSwgYW5kIHRoaXMgaXMgbm90 IHRoZSByaWdodCANCj4+IHRocmVhZCBmb3IgaXQuDQo+Pg0KPj4gSW4gbXkgb3BpbmlvbiwgaW4g bmV4dCBPUyB2ZXJzaW9ucywgVUFDIHNob3VsZCBiZSBsZWZ0IG9uIGp1c3QgbGlrZSBpdCBpcyAN Cj4+IGluIFZpc3RhLiBNZWFuaW5nIGl0IGNvdWxkIGJlIG9uIGJ5IGRlZmF1bHQsIGFuZCBpZiBu ZWVkZWQsIGl0IGNvdWxkIGJlIA0KPj4gRUFTSUxZIGRpc2FibGVkIHdoaWxlIGdpdmluZyBhbGwg dGhlIHJpZ2h0IHdhcm5pbmdzIGFuZCBpbmZvcm1pbmcgdGhlIA0KPj4gdXNlcnMgb2YgdGhlIHJl c3VsdCBvZiB0aGVpciBhY3Rpb25zLiBJIHdvdWxkIGV2ZW4gZ28gZnVydGhlciBhbmQgY3JlYXRl IGEgDQo+PiAic3RlYWx0aCIgVUFDIG1vZGUsIG9yIHBlcmhhcHMgc29tZSBzb3J0IG9mICJhdWRp dGluZyIgVUFDIG1vZGUgYnkgDQo+PiBhbGxvd2luZyB0aGUgdXNlciB0byBkaXNhYmxlIGl0LCBi dXQgc3RpbGwga2VlcCB0cmFjayBvZiB0aGUgYWN0aXZpdHkgdGhhdCANCj4+IHdvdWxkIGhhdmUg cmVxdWlyZWQgdGhlIHVzZXIncyBpbnB1dC4gVGhpcyB3YXkgdGhlIHVzZXIgY291bGQgYmUgYWJs ZSB0byANCj4+IHRyYWNrIHdoYXQgcHJvY2Vzc2VzIG9yIGFjdGlvbnMgcmVxdWlyZWQgVUFDIGlu dGVyYWN0aW9uLCBhbmQgdGh1cyBjb3VsZCANCj4+IGJlIHBlcnN1YWRlZCBpbnRvIHJlLWVuYWJs aW5nIGl0Lg0KPj4NCj4+IEkga25vdyBJIHdvdWxkIHVzZSBzdWNoIGFuIG9wdGlvbiBpZiBpdCB3 YXMgYXZhaWxhYmxlLCBhbmQgSSBkb24ndCBzZWUgaG93IA0KPj4gaXQgY291bGQgcGxhY2UgYW4g ZXh0cmEgcGVyZm9ybWFuY2UgcGVuYWx0eSBvbiB0aGUgY29tcHV0ZXIsIG5vdCBtb3JlIHRoYXQg DQo+PiB3YXMgcmVxdWlyZWQgdG8gcnVuIFVBQyBpbiB0aGUgZnVsbCBtb2RlLg0KPj4NCj4+IC0t IA0KPj4gU2luY2VyZWx5LA0KPj4NCj4+IERhbmllbCBQZXRyaQ0KPj4gTVZQLCBTZW5pb3IgSVQg Y29uc3VsdGFudCwgdHJhaW5lcg0KPj4gd3d3LnBldHJpLmNvLmlsDQo+Pg0KPj4gIk5vbm55IiA8 bm9ubnltb29zZUB5YWhvby5jb20+IHdyb3RlIGluIG1lc3NhZ2UgDQo+PiBuZXdzOjlqamo3NHB0 OGZpdjA3NnIwdGFkc2FpdGhoYnYwZXI0NzJANGF4LmNvbS4uLg0KPj4+IE9uIFN1biwgMTMgSnVs IDIwMDggMDU6MTQ6MTUgLTA0MDAsICJTRyIgPHNvcnJ5QG5vbWFpbC5jb20+IHdyb3RlOg0KPj4+ DQo+Pj4+PiBJIHR1cm5lZCBpdCBjb21wbGV0ZWx5IG9mZi4gIEkgZmVlbCBzYWZlIEFORCBJIGRv bid0IGdldCBhbGwgdGhvc2UNCj4+Pj4+IGRhbW5lZCBwb3B1cCBzY3JlZW5zIGV2ZXJ5IHRpbWUg SSB0cnkgdG8gZG8gc29tZXRoaW5nIG1vcmUgY29tcGxpY2F0ZWQNCj4+Pj4+IHRoYW4gc3VyZiB0 aGUgd2ViIG9yIGRvIGVtYWlsLg0KPj4+Pg0KPj4+Pg0KPj4+PlNhZmU/IHdlbGwgSSBob3BlIHNv bWV0aGluZyBsaWtlIHRoaXMgbmV2ZXIgaGFwcGVucyB0byB5b3UuDQo+Pj4+UXVvdGUgZnJvbSBS b25uaWUgVmVybm9uIE1TLU1WUA0KPj4+DQo+Pj4gW3NuaXBdDQo+Pj4NCj4+PiBJIGhhdmUgYmVl biBvbmxpbmUgc2luY2UgbGF0ZSAnOTAgYW5kIGhhdmUgeWV0IHRvIGhhdmUgbXkgc3lzdGVtDQo+ Pj4gaW5mZXN0ZWQgd2l0aCBlaXRoZXIgYSB2aXJ1cyBvciBldmVuIHRoZSBzaW1wbGVzdCBmb3Jt IG9mIG1hbHdhcmUuICBTbw0KPj4+IEkgaW5zdGFsbCBWaXN0YSB0d28gbW9udGhzIGFnbyBhbmQg c3VkZGVubHkgSSBuZWVkIFVBQyB0byBrZWVwIG1lDQo+Pj4gc2FmZT8NCj4+Pg0KPj4+IEJ1bGwu DQo+Pj4NCj4+PiBUaGF0IHNhaWQuLi4gSSBoYXZlIHNvIG1hbnkgZnJlYWtpbicgYmFja3VwcyBv ZiBteSBzeXN0ZW0gaXQgd291bGQNCj4+PiBtYWtlIHlvdXIgaGVhZCBleHBsb2RlIHRyeWluZyB0 byBmaWd1cmUgb3V0IGhvdyBJIGtlZXAgdHJhY2sgb2YgYWxsIG9mDQo+Pj4gdGhlbS4NCj4+Pg0K Pj4+IEknbSBzYWZlLg0KPj4NCj4gVGhlIHJlYWwgcHJvYmxlbSB3aXRoIHRoZSBVQUMgaXMgdGhh dCBpdCBwb3BzIHVwIHdoZW4gbm90IG5lZWRlZC4gIFRoaXMgaXMgDQo+IHRoZSBzYW1lIHByb2Js ZW0gdGhlIFJlY3ljbGUgYmluIGhhcyBoYWQgZm9yIHllYXJzLiAgUGVvcGxlIGdldCB1c2VkIHRv IA0KPiBjbGlja2luZyB0aGUgImdvIGFoZWFkIiBidXR0b24gd2l0aG91dCByZWFsaXppbmcgdGhl IGZpbGUgdGhleSBhcmUgZGVsZXRpbmcgDQo+IGlzIHRvbyBiaWcgZm9yIHRoZSByZWN5Y2xlIGJp biBhbmQgd29uJ3QgYmUgcmVjb3ZlcmFibGUuICBUaGUgVUFDIHBvcHMgdXAgDQo+IHdoZW4geW91 IHNpbXBseSBuZWVkIHRvIHJldmlldyB5b3VyIGNvbmZpZ3VyYXRpb24gLSBoZWNrIC0gaXQgZXZl biBwb3BzIHVwIA0KPiB3aGVuIHlvdSBhcmUgYXR0ZW1wdGluZyB0byBzdGFydCBwZXJmbW9uLCB3 aGljaCBkb2Vzbid0IG1ha2UgY2hhbmdlcyB0byB0aGUgDQo+IHN5c3RlbS4NCj4gDQo+IE1TIC0g Zml4IHRoZSBvdmVyemVhbG91c25lc3Mgb2YgdGhlIFVBQywgYnV0IGRvbid0IGdldCByaWQgb2Yg aXQuDQo+IA0KPiBNaWtlLg0KPiANCj4NCg0KVGhlIHJlYWwgcHJvYmxlbSBjYW5ub3QgYmUgZml4 ZWQgYnkgTVMgb3IgYW55b25lIGVsc2UuIFRoZSBpbmRpdmlkdWFsIHVzZXJzIG11c3QgU0xPVyBE T1dOIGFuZCBSRUFEIHdoYXQgVUFDIG9yIGFueXRoaW5nIGVsc2UgcHV0cyBvbiB0aGVpciBzY3Jl ZW5zIGJlZm9yZSBibGluZGx5IGFuZCByb3V0aW5lbHkgY2xpY2tpbmcgJ29rJy4gVGhhdCBpcyBv bmUgb2YgdGhlIG1vc3QgaGVhdmlseSB0YXJnZXRlZCBhc3BlY3RzIG9mIHBlcnNvbmFsIGNvbXB1 dGVycyBieSBzb2Z0d2FyZSBhdXRob3JzIHdobyBoYXZlIG1hbnkgdGFnLWEtbG9uZyBhbmQgcGln Z3ktYmFjayBhZHZlcnRpc2luZyBhZCBwcm9ncmFtcyB0aWVkIHRvIHRoZSBpbnN0YWxsYXRpb24g b2YgdGhlaXIgYXBwbGljYXRpb24uIFVzZXJzIE1VU1QgUkVBRCB0aGUgRVVMQSBhbmQgaW5zdGFs bGF0aW9uIG5vdGVzIEJFRk9SRSBibGluZGx5IGNsaWNraW5nIG9uICJJIEFncmVlIiBiZWNhdXNl IGFmdGVyIHRoYXQgaXQgaXMgVE9PIExBVEUuICBUaGlzIHdob2xlIGNyYXp5IHVwc2lkZSBkb3du IHdvcmxkIGlzIGluIHRoZSBmYXN0IGxhbmUgYW5kIG5vIG9uZSBoYXMgJ3RpbWUnIHRvIHJlYWQg b3IgZXZlbiB0aGluay4gIERvbid0IGJsYW1lIE1TIGZvciB0aGUgVUFDLiBBcyBNYXJ0aGEgU3Rl d2FydCB3b3VsZCBzYXkgIkl0J3MgYSBnb29kIHRoaW5nISIgSXQgaXMgYSB2ZXJ5IGhvbmVzdCBh bmQgd29ydGh3aGlsZSBlZmZvcnQgYnkgTVMgdG8gdHJ5IHRvIGdldCBwZW9wbGUgdG8gYmUgbW9y ZSBhd2FyZSBvZiB3aGF0IHRoZXkgYXJlIGRvaW5nLi4uLi4udGhlIHByb2JsZW0gaXMgbGF6eSAs IG5vbi10aGlua2luZywgcGVvcGxlLiBOb3QgTVMgb3IgVUFDLg0KDQotLSANCkxpdHRsZSBDaGFy bGllDQpodHRwOi8vd3d3LnJldmVyYm5hdGlvbi5jb20vbGl0dGxlY2hhcmxpZXNibHVlcw0KICAN Cg== |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/13/2008 8:28:06 AM |
| From: "Ken Blake, MVP" [Email Address Protection] |
On Sun, 13 Jul 2008 04:47:17 -0500, Nonny <nonnymoose@yahoo.com> wrote: > I have been online since late '90 and have yet to have my system > infested with either a virus or even the simplest form of malware. So > I install Vista two months ago and suddenly I need UAC to keep me > safe? > > Bull. The purpose of my reply is not to address the question of whether you need UAC or not, but rather to address the implication that because you haven't been infected in 28 years, the protection and care that you've used over those past 28 years are adequate to protect you today. That's simply not true. The threats today are *much* greater than they were 28 years ago. Whether you specifically need UAC or not (I'm not a big fan of the way it works either), you need much more care and stringent protection that you used to, and to protect yourself adequately in the future, you will need still more. The world changes, and we need to change what we do to keep up with it. -- Ken Blake, Microsoft MVP - Windows Desktop Experience Please Reply to the Newsgroup |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next ver |
| Group: microsoft.public.windows.vista.security |
| Date: 7/13/2008 8:33:57 AM |
| From: "Ken Blake, MVP" [Email Address Protection] |
On Sun, 13 Jul 2008 05:44:44 -0600, "Michael D. Ober" <obermd.@.alum.mit.edu.nospam.> wrote: > The real problem with the UAC is that it pops up when not needed. This is > the same problem the Recycle bin has had for years. People get used to > clicking the "go ahead" button without realizing the file they are deleting > is too big for the recycle bin and won't be recoverable. The UAC pops up > when you simply need to review your configuration - heck - it even pops up > when you are attempting to start perfmon, which doesn't make changes to the > system. You took the words out of my mouth. I was just going to write a very similar message. The way UAC presently works, most people get into the habit of allowing the program to run. Once they are in that habit, the risk of allowing any program, even a malicious one, to proceed is magnified, and UAC loses any protection it's supposed to provide. > MS - fix the overzealousness of the UAC, but don't get rid of it. My sentiments exactly. -- Ken Blake, Microsoft MVP - Windows Desktop Experience Please Reply to the Newsgroup |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next |
| Group: microsoft.public.windows.vista.security |
| Date: 7/13/2008 11:54:31 PM |
| From: Charlie Tame [Email Address Protection] |
Kerry Brown wrote: > "Charlie Tame" <charlie@tames.net> wrote in message > news:OYbbM0F5IHA.1192@TK2MSFTNGP05.phx.gbl... > >> >> So UAC is NOT a security feature, it is simply an advisory feature, as >> were the IE settings before it. For many it is a false sense of >> security, because even if the software is malware UAC will still >> permit it's installation if told to. Many expect it to "Know", just as >> they expect Norton (or whatever) to "Know". >> > > I agree UAC by itself is not a security feature. Some of the things that > rely on UAC like IE protected mode, locked down ACLs. etc., are. > Indeed, it is a matter of the "User" realizing what is going on, and many do not. This is no different than any other OS really, but at least default behavior that "Warns" is better than no warning at all. Unfortunately it does get frustrating. |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next |
| Group: microsoft.public.windows.vista.security |
| Date: 7/14/2008 12:02:13 AM |
| From: Charlie Tame [Email Address Protection] |
Well, nice to know I am protected from my own IT department and other legitimate sources, so if I have auto updates turned on and thus "Implicitly" trust Microsoft what is to stop their updates getting, er "Hacked" as you put it? UAC doesn't even ask about those. SPEnthusiast wrote: > I'm sure you know the answer to your question, but I shall explain for the > benefit of those on these forums that don't know that answer. > > UAC protects you from software that you implicitly trust. So, this software > could be from your IT department, or even from well known vendors. In both > cases, there are malicious developers, i.e. hackers, that reengineer that > software in a way so that it can spy on you and rob you. > > Does that outline what you do? > > "Charlie Tame" wrote: > >> My question was how does UAC expose thieves? I see no answer to how it >> exposes thieves. >> >> Numerous people are fooled into downloading and installing malware that >> masquerades as security software. They "Think" Vista is more secure, but >> in those circumstances it is not. UAC asks are they sure, of course they >> are, it is an anti spyware / anti virus program - the website / spam >> email told them so. >> >> So UAC is NOT a security feature, it is simply an advisory feature, as >> were the IE settings before it. For many it is a false sense of >> security, because even if the software is malware UAC will still permit >> it's installation if told to. Many expect it to "Know", just as they >> expect Norton (or whatever) to "Know". >> >> That does not say there is anything wrong with UAC, only that there is a >> lot wrong with the perception people are given that "Somehow" they are >> safer. >> >> >> >> >> >> Beoweolf wrote: >>> It's a common misunderstanding - what you don't see can't hurt you. >>> Similar to an outdated image of an Ostrich with his head in the sand, >>> thinking if he can't see you - you can see him. >>> >>> Vista UAC, security exposes many of the "hidden" (surreptitious) >>> uses/users of administrator level rights and/or attempts to access >>> network resources. As mention, if you know what you are doing, if you >>> take the time to study/research/learn your system and most importantly - >>> if you care...you can be just as "safe" using XP. What Vista does is >>> makes secure, the default option. This is in line with any Security >>> professional training, not to mention common sense. >>> >>> The average user, those that have enjoyed the benefits of blissful >>> ignorance, have also enjoyed the ability to blame the Evil Empire for >>> leaving so many holes in Microsoft Clients and servers. Generally >>> speaking, the absence if page upon page of complaints about Microsoft >>> security have come at the expense of numbers of users, companies and >>> Govt's now complaining that Vista is somehow flawed as a result of it >>> being built to insist on security, from installation thru production use. >>> >>> Thou dost protest too much? There obviously is a learning curve, for >>> hardware vendors - who chose to ignore years of warning, reams of >>> documents explaining how this OS would not allow "shortcuts" which >>> expose the Kernel to compromises. Software vendors and users were and >>> are painfully made aware of the same issue Business as usual - Ain't no >>> more. >>> >>> Take the time (better use, just use pre-configured policy and templates) >>> to configure your system (do yourself a favor - give those 8, 16 and off >>> brand 32 bit cards a fitting funeral, they earned it); yes, become the >>> informed user who has complained about security for so long - now that >>> it is here ... whining about "It's too good" just doesn't make sense. >>> >>> >>> "Charlie Tame" <charlie@tames.net> wrote in message >>> news:err97W64IHA.1420@TK2MSFTNGP06.phx.gbl... >>>> SPEnthusiast wrote: >>>>> I don't think a company like Intel is restrained by any kind of >>>>> budget that would not allow an OS upgrade across the enterprise. >>>>> >>>>> These "legacy applications that are crtical to the business" that >>>>> you've mentioned are engineered to spy on people and rob them, which >>>>> is why these businesses and government organizations can't deploy >>>>> Vista. UAC would break those apps. >>>>> >>>>> I'm using Vista with Windows Server 2003 as my domain controller, and >>>>> everything works fine. I'll soon deploy Windows Server 2008, but it's >>>>> no excuse to not deploy Vista. >>>>> >>>>> Like I said, Vista exposes a lot of thieves. >>>>> >>>> >>>> How the hell does UAC expose thieves? |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next |
| Group: microsoft.public.windows.vista.security |
| Date: 7/14/2008 7:33:32 AM |
| From: "Kerry Brown" [Email Address Protection] |
"Charlie Tame" <charlie@tames.net> wrote in message news:%233m%2345X5IHA.5052@TK2MSFTNGP02.phx.gbl... > Kerry Brown wrote: >> "Charlie Tame" <charlie@tames.net> wrote in message >> news:OYbbM0F5IHA.1192@TK2MSFTNGP05.phx.gbl... >> >>> >>> So UAC is NOT a security feature, it is simply an advisory feature, as >>> were the IE settings before it. For many it is a false sense of >>> security, because even if the software is malware UAC will still permit >>> it's installation if told to. Many expect it to "Know", just as they >>> expect Norton (or whatever) to "Know". >>> >> >> I agree UAC by itself is not a security feature. Some of the things that >> rely on UAC like IE protected mode, locked down ACLs. etc., are. >> > > > Indeed, it is a matter of the "User" realizing what is going on, and many > do not. This is no different than any other OS really, but at least > default behavior that "Warns" is better than no warning at all. > Unfortunately it does get frustrating. I find UAC very similar to sudo, especially as implemented in Ubuntu. It let's you know when you're doing something that may affect the system. The prompt itself is not really a security barrier. With an up to date Vista install I don't see UAC prompts any more than I get prompted for a password with Ubuntu while doing day to day tasks. If anything it's less intrusive if you run Vista with an administrator account with UAC on. I realise they are very different underneath. I'm saying from the user's perspective they seem similar. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration |
| Back |
| Subject: Re: Is MS being pressured to retract the UAC feature from the next |
| Group: microsoft.public.windows.vista.security |
| Date: 7/14/2008 8:41:41 PM |
| From: Charlie Tame [Email Address Protection] |
Kerry Brown wrote: > "Charlie Tame" <charlie@tames.net> wrote in message > news:%233m%2345X5IHA.5052@TK2MSFTNGP02.phx.gbl... >> Kerry Brown wrote: >>> "Charlie Tame" <charlie@tames.net> wrote in message >>> news:OYbbM0F5IHA.1192@TK2MSFTNGP05.phx.gbl... >>> >>>> >>>> So UAC is NOT a security feature, it is simply an advisory feature, >>>> as were the IE settings before it. For many it is a false sense of >>>> security, because even if the software is malware UAC will still >>>> permit it's installation if told to. Many expect it to "Know", just >>>> as they expect Norton (or whatever) to "Know". >>>> >>> >>> I agree UAC by itself is not a security feature. Some of the things >>> that rely on UAC like IE protected mode, locked down ACLs. etc., are. >>> >> >> >> Indeed, it is a matter of the "User" realizing what is going on, and >> many do not. This is no different than any other OS really, but at >> least default behavior that "Warns" is better than no warning at all. >> Unfortunately it does get frustrating. > > I find UAC very similar to sudo, especially as implemented in Ubuntu. It > let's you know when you're doing something that may affect the system. > The prompt itself is not really a security barrier. With an up to date > Vista install I don't see UAC prompts any more than I get prompted for a > password with Ubuntu while doing day to day tasks. If anything it's less > intrusive if you run Vista with an administrator account with UAC on. > > I realise they are very different underneath. I'm saying from the user's > perspective they seem similar. > Yes, Ubuntu does not want you to sign in as root at all, in fact you can but I suspect that so doing can break things, it seems to be assumed you will always use Sudo. You need to type a password (Usually) so I think it is more secure in a way, if someone else has taken your seat they cannot just click okay and install something, but then it does not nag you twice for effectively the same thing. |
| Back |