Brace Yourselves - I’m About to Agree with Microsoft

How can you say anything about UAC if you never used it? Windows XP unless added in SP 3 doesn’t have it.

We don’t need UAC! Let security software do it job! UAC is attempt to kill 3rd party vendors.

Randall: re-read please. I did not say I’m for UAC so much as the fact that *something* is needed.

Out of curiosity, how are you alerted if something wants your browser to go somewhere or a program wants to change the registry?

Thanks for the comment.

What were you smoking when you said “I think Microsoft had the germ of a good idea with UAC?” (And where can I get some?)

UAC is just the Windows (read, poorly implemented) copy of what sudo has done for many years, and gksudo and whatever the Mac calls it have done for years. Security 101 says to never run as a privileged user unless it’s absolutely required. Of all of OSs I’m familiar with, only Windows prior to Vista makes it virtually impossible to actually comply with that utterly basic security rule. Mind boggling.

I haven’t used Vista either, so I can’t really speak to UAC usability. But I’ll guess that how well or poorly it works is directly related to how well or poorly Windows is architected and implemented. I’ll let you draw your own conclusions. Sort-of in M$s defense, they can’t fix the totally broken architecture without breaking backwards compatibility, which isn’t acceptable. OTOH, they caused a lot of the problems by allowing incredibly insane and sloppy programming practices from day 1. (What sane OS allows any user to install any random app *and* allows that random app to overwrite critical system libraries?!? WTH?)

OK, Win 3.x/9.x aren’t really operating systems, they are just fancy GUIs on top of a single user OS. But NT was (supposedly) an “real” “multiuser” OS (with cooperative multitasking, yeah right, pull the other one…). If they’d enforced non-privileged users and protected system bits they’d be a hell of a lot better and more secure today. But of course at the time that would have been a big change and broken a lot of things. Hindsight…

Randall said “We don’t need UAC! Let security software do it job!”

Umm, yes we do need it. If you are going to follow the basic security rule of least privilege (like every other sane OS and system in the world), then you need a way to temporarily elevate privileges, for certain users, when administrative things need to be done. Call it UAC, sudo or whatever, you need some way to do it. That is certainly a security function, though I supposed it’s arguable if the code that performs the function is “security software” or just common sense.

“UAC is attempt to kill 3rd party vendors.”

I don’t understand that point, but I will argue that the amount of software that is absolutely *required* to protect Windows from itself is completely insane. You (arguably) can’t even operate Windows without anti-virus, a firewall, and probably anti-spyware and other anti-maleware crap. Aside from the system resources (CPU/disk) that consumes (say goodbye to Moore’s law, A/V and all this other crap ate it), there’s the time and money spent researching and buying, the time and effort installing (and praying nothing breaks), and the time/effort spent tracking licenses and upgrades (for things that should not even be necessary!!!). Do you understand how insane that is?

With Windows we keep asking the wrong question. We ask, “What do I need to protect my Windows machine from itself and others?” We should be asking, “WHY do I need to protect my Windows machine from itself or others?” The damn thing should work and be usable out of the box or the manufacturer should be sued for incompetence.

I encourage you to go read _Geekonomics_ which is more-or-less a book-length treatment of the above…

I recently started using Exchange 2007 on Server 2008 and I have to say that it the UAC is absolutly terrible. Everything I could possibly want to do on a server is locked down. While I can understand locking things down on workstation, if I log on to a server as an administrator to administrate something, why would I want to have user permissions.

I cannot even open a blank MMC without it asking for permission to continue. And using an MMC without anything in there does not change anything in the system. The only time I ever log into the server directly is to make an administrative change, it is like the OS is asking me if I am sure I want to do something every time I do something.

I understand the reason for it and I really want to comply with the best practice of having UAC turned on, but I do not know how many more times I can type in a long command into the command prompt only to have it fail because cmd was not opened as an administrator, just as the normal (administrator) user. (And yes, this includes short commands such as flushing the DNS cache).

The UAC is a royal pain in the anatomy. 50 times any hour almost. Kill it.

What would I want instead? How about an internet environment where browsers don’t allow silent background loading of code. No java script. No activeX.

If I need some kind of code so that I can interact with my Bank, then that should be a code module that I actually download from my bank and install on my system. …and that’s the only way it gets on my system. …and that code gets to do one thing and one thing only–interact with that one bank. …and the data stream better be encrypted 87 ways to hell and back.

How about a browser execution space that is sandboxed out of the shrinkwrap?

How about a mail client that works the same way?

If what interfaces with the internet will not execute code from the internet, where’s the threat?

Really, the solutions are simple–but business won’t have individuals operating in a safe environment–there’s no way they can exploit those people otherwise. What business can exploit, the criminals can exploit.