SuperSite Blog

Annoyed was right.  I have to say though, I agree that the UAC issue has become less of one recently.  I don't know if it is for the reasons listed in the article or if I just know what to avoid doing better.

The average user is just going to hit OK no matter what, so I don't think it makes a huge difference in preventing people from running things they shouldn't.  I am with Brandon in that I rarely see UAC prompts any more, or at least I don't notice them as much.

Annoying or not, UAC needs a password prompt a la Linux to be truly effective.

I remember seeing this in early Longhorn screenshots, why did it get dropped?

Pingback from  Windows Vista News  » Vista's UAC feature was designed to annoy users. Good. It worked

"Annoying or not, UAC needs a password prompt a la Linux to be truly effective."

It does - if you're running as a limited user.  If you set your user accounts up with Administrator access, they just prompt to notify that it's a system-wide setting without requiring that you enter your credentials (you're already logged in, so why ask for them again?).

@RunTimeError:

It does require a password but only if you are on a non-administrator account.

UAC is annoying... at first. Of course when you do a fresh install of Vista you're going to have to update a few drivers and install your software, codecs and whatever else and that's when it bugs you the most.

After that you're only going to see it when you're installing something, and that's going to not happen every week.

Now... al that remains to be done, for Windows 7, is to find a sercure way to install those apps somewhere so that you won't see UAC everytime you install something. IIRC, on Mac OS you aren't prompted for administrator privileges when installing software, right?

Maybe a "Install only for me/all users?" option ?

Pingback from  Najlepsze Programy, Recenzje, Informacje.  » Blog Archive   » Vista's UAC feature was designed to annoy users. Good. It worked

There will always be the individuals who install anything at any time for any reason. As for my wife and daughter, they are much more wary installing applications than in the past. People are *slowly* getting the message. UAC is a nice in your face way of warning of you of administrative configuration changes. I'll trade a little annoyance in exchange for helping to eliminate silent installs. I think Microsoft's comments about UAC are to emphasize that UAC is a warning, not a cure.

Auras:  OSX doesn't prompt you for a password as long as the install will only put file limited to the user's folder area, or if it's just a drag and drop App install in the Application folder and provided you have Admin privilege in your account. Now if you launch an installer that will put stuff in various folder shared by many users (General Library Folder) in that case OSX prompts you for a password. But that's about it. 90% of the installs in OSX are drag and drop and don't require password.

Pingback from  UAC VS People | Unexpected

UAC can be setup via GPO to prompt for a password even for admin accounts.

For once I totally agree with MS.  XP is a great OS, but I make good money off of rebuilding XP because of Admin accounts, some with out even a password:)

I think once the stupid developers change the way they code, and get on board, then the next version of windows should NOT allow you to turn if off...and require a password for every account.

"I think once the stupid developers change the way they code, and get on board, then the next version of windows should NOT allow you to turn if off...and require a password for every account."

Agreed.

But I'd like to add that they should be "5TR0nG" passwords too.

I asked about the require a password thing years ago... probably when Windows 2000 was in development. And I think the answer says a lot about Microsoft and speaks to the whole "differences between Microsoft and Apple" thing that pops up here a lot.

The reason they don't require a password is that there are certain governmental and military customers who install Windows in highly physically secure locations. They absolutely positively don't want to be forced into requiring a password. Doing so, literally, would cause them to look elsewhere.

So here we. I agree it's dumb. But that's what they told me.

Waethorn,

Strong passwords are overrated, I honestly believe that passwords should be replaced by pass phrases.   For example, (your example which you probably don't use) 5TR0nG is not as strong as many people think that replacing o with 0 and i with 1, s with 5, on first blush this seems smart, yet brute force attacks can take into account these.  Thus, while it may take some additional time to break that password, it isn't much longer than a simple dictionary attack.

I believe a better example might be strongpersonwhosmells,  a dictionary attack against this event without the number replacement would be far more difficult to attack even though it uses plain English language words.

Thurrott,

I believe that you are reporting on the requirement of passwords is accurate but I believe MS lied to you or at least was disingenuous. For example, the whole notion of Apple and MS is absurd.  On a mac which uses unix you can log in as root; which, is essentially the same as admin under XP.  

Admin in OS X is essentially sudo which temporarily elevates the user power to super user status.  It usually requires a user to input a password.  I honestly believe that Windows will eventually fully embrace this model.  I believe they didn't do it in the case of Vista because they did not want users to get into the habit of blindly entering a password.  After all what could possibly be worse for security than teaching users to enter a password whenever prompted.  

Vista at least upon initial installation still requires too many UAC prompts.  As stated above this seems to mainly a problem of poor choices made by third party developers.  

Regards

Joe Dokes

Pingback from  Windows Vista News  » re: Vista's UAC feature was designed to annoy users. Good. It worked

Pingback from  Najlepsze Programy, Recenzje, Informacje.  » Blog Archive   » re: Vista's UAC feature was designed to annoy users. Good. It worked

"I believe a better example might be strongpersonwhosmells,  a dictionary attack against this event without the number replacement would be far more difficult to attack even though it uses plain English language words."

not really.  if anything, it would be harder for a brute force attack to get through that.  dictionary attacks don't assume you use spaces.  nothing will stop a brute force attack unless the security system locks you out after so many tries.  Windows Vista supports that on an Active Directory domain.  the strongest passwords are alternate ASCII characters anyway though.

if you're really paranoid about security, you should be looking at using security cards or hardware security keys.

Pingback from  It’s been a pretty busy week for me