SuperSite Blog

This is a major hurdle in Windows 7.  Customers that have bought systems from me (with Windows Vista) don't have the same number of problems with malware that XP has.  It's just very uncommon.  I provide documentation outlining features in Windows Vista, and UAC is one of them.  Customers that choose to follow the recommended option of using a limited user account by default have few problems, if ever.  Customers that use an admin-level account also have few problems, but still want to have that G0D trip are still protected somewhat.

I've had exactly 2 customers in the last ~3 months with spyware problems on Windows Vista.  Both had UAC disabled because they thought it was annoying.  Guess what?  They're now paying $100 each for a malware cleanup.  How less annoying is that?

This has already been addressed by many people though.  This article is my favourite:

blogs.msdn.com/.../the-windows-7-uac-slider-and-what-you-can-do-on-windows-vista-today.aspx

"Now, my friend Crispin would prefer a different UI metaphor than a slider – he’d like to see a pair of pants – the further down you pull the slider, the further down your pants are while you’re computing. I actually think that’s a really good analogy."

PS:  If the OPK allows it, I'm setting the Windows 7 UAC to the Vista default on new installations when I start building systems with it.

Hmm, that's a pretty serious flaw.

Hopefully, this will be remedied by the time it ships.

Dear Microsoft,

Don't listen to those malcontents who say that Vista is crap and user unfriendly, those are Apple fan bois or other losers who NEVER used Vista.

Now listen (for a change) to a Vista user, who has been using Vista for over a year. I like Vista security, I've never complained about UAC, because I know that either you have user friendly system or secure system. So please go back to Vista UAC.

Sincerely,

djRob

One of the first things I did in Win 7 was to ramp up the security with the slider in the new UAC. Although annoying for new installs I have come to prefer the security blanket of UAC as opposed to "Ridden Dirty" with UAC turned off. I run as a limited user when I was using a Unix based OS and the experience is similar .

People running XP as administrators, surfing blindly on the internet, and not patching their OS or security software are the reason so many computers today get compromised. The advantage from day 1 of Vista was the ability to run as a limited user and still install software when you wanted.  Users who complain about UAC are the ones who end up getting hosed, just as Waethorn stated.

Whats funny is I have never found UAC in vista to be overly bothersome after a few weeks.  These days I get bugged more by my Mac to enter my password then UAC ever pops up on my screen. and atleast UAC is just a mouse click.

@Rob:

You should file that with the Windows 7 feedback mechanism.

"Users who complain about UAC are the ones who end up getting hosed, just as Waethorn stated."

It's the ones that complain because they don't know what it's for.  A little understanding is all it takes.  When I explain what it's for, users realize that they benefit from having it there.

Here's a big burning question though:  With Windows 7 offering different levels of UAC, what does that mean for IE's Protected Mode?

Anybody got any thoughts on this?

I complain about the UAC in Vista -- it obnoxiously slows things down *and* prompts me at the strangest things!  Why (oh, why) would I need to "approve" the deletion of a shortcut on the desktop???  HONESTLY??!  I just shake my head and sigh.

That said, I still leave it on because it is an appropriate security measure.  The UAC in Win7, however, has been a real pleasure -- notifying me at appropriate times, while not bogging the system to do so.  Still, I don't see ANY REASON WHATSOEVER that changing the UAC shouldn't prompt me via the UAC.  It just makes sense!

Similarly, our Netflix account is "locked down" to only allow PG-13 ratings and below.  I wanted to add the "Hardy Boys TV Series" which is NR, but (strangely) it wasn't allowed.  I prompted for a password to add it, but I didn't remember what the password was -- my wife does, however.  Instead, I just clicked on our "Account Settings" and changed it to allow *All Movies*.  Guess what?  Changing THAT setting didn't prompt me for a password!  Wha??  Same kinda crap, and really stupid.

I gotta remember to take this up with Netflix.

I can't get the Feedback thing to work!  I'm part of the Connect site, so what am I missing???

"atleast UAC is just a mouse click"

I do find that some programs have a slight bug with the UAC popup in that options may require a second press after getting past the UAC prompt.

One program in particular is OneCare.  When OneCare's firewall option comes up when it detects a new network, it has the Home/Work & Public network option.  Those are system-level options so obviously they require UAC.  Understood.  What I don't understand is that when you click the option, then get past the UAC prompt, it pops up a second time with the same options, sans UAC lock.  THAT'S the annoying part.

As a long time XP and Vista user, the old days of using XP on pins and needles was more of a hassle than a pleasure. XP could be compromised is so many different ways, you had to two different tools of anti-spyware and a competent anti-virus. IE 6 was like the opening of Pandora's box. You never knew what was going to escape. However, IE 7 did really help the situation in XP. However an 8 year old code base with deep flaws needed to be changed.

As much as the Vista bashers hate the OS, most of them have not actually used the OS for a 30 day period to get a good evaluation. Yes it has its issues, but Leopard has had its share of issues. SP1 has made the OS very stable and useable. The UAC does its job very well. To me, I'm use to the one click to authorize when I'm installing software or an Web application. But I very much aware of what I'm doing when I authorize the UAC. At least we're not having enter an admin level password in certain situations for such changes. That would be truely annoying.

However, this has to be tackled aggressively. UAC is the deflector shield for the OS. Its really is Windows Vista's and 7's second line of defense. The first has to be the firewall. Thats why my router's firewall is turned on along with the latest in wifi protected access (WPA 2). That's backed up by Vista's firewall.

I'm glad it was found at this point, so that it can be fixed before it becomes a public OS. This is why that girl advocating the release of Windows 7 in its current form should be ignored. This OS is still at the beginning of the Navy would call a "Shakedown Cruise" to work out all the bugs. Three weeks into this shakedown cruise, we are seeing both the potential and the pitfalls. Windows 7 does need to go back to the drydock for some work but she is seaworthy.

"Why (oh, why) would I need to "approve" the deletion of a shortcut on the desktop???"

The only reason is because the shortcut is in the All Users folder, not just your own.  Any setting that affects all users will give you a UAC prompt.

When you install multi-user aware apps and choose to install it thusly, shortcuts on the desktop get created in the All Users desktop virtual folder.  If you install for only yourself, the shortcuts only get put in your own Desktop folder, so deleting them won't prompt with UAC.

That's why.

"I can't get the Feedback thing to work!  I'm part of the Connect site, so what am I missing???"

The "Send Feedback" link in Windows 7?

You need a product key, and you need to activate your beta, otherwise the link clearly states that they won't accept feedback.  (I don't know if that has any bearing on CEIP or not)

If you have a hardened firewall, that may deter communications too.

yipcanjo said:

" Still, I don't see ANY REASON WHATSOEVER that changing the UAC shouldn't prompt me via the UAC.  It just makes sense!"

This seems like the obvious solution to me.  I think if's well and appropriate that the user should be able to adjust, say, the clock settings without being bugged by UAC, but no one (user, app, whatever) should be able to change the UAC settings without a prompt.

"These days I get bugged more by my Mac to enter my password then UAC"

If I were you I would worry that I have a Trojan or something like that. OSX only prompts you for password on major App install that install stuff in the Library folder or for system updates...

yip:

go take a class on security, user profiles and you'll understand your stupid question of deleting a short cut.

"IE 6 was like the opening of Pandora's box....IE 7 did really help the situation in XP"

Actually, it was SP2's options that introduced those safe browsing behaviours.  Those were for IE6.  IE7 didn't really do much to change that.  It was mostly a feature release.

"SP1 has made the OS very stable and useable"

Again, it wasn't so much SP1, but the application compatibility and performance updates that preceded it that made it better.  SP1 just included them.

"Thats why my router's firewall is turned on along with the latest in wifi protected access (WPA 2)"

WPA2 is only good if you use AES encryption.  Many routers allow you to swap WPA and WPA2 with TKIP and AES encryption, which isn't part of the official spec.  Also, using the "WPA+WPA2" mode won't help, since the WPA mode almost certainly is using TKIP, which is much easier to hack.

If you want hardened protection, using WPA2(AES) with a RADIUS authentication server is the way to go.  That takes a lot of work though, and requires an access point that supports RADIUS, as well as an actual server to do the certificate exchange with domain-joined clients.

"This is why that girl advocating the release of Windows 7"

Kelly is a guy actually.

"The only reason is because the shortcut is in the All Users folder, not just your own.  Any setting that affects all users will give you a UAC prompt."

Yeah but still it's a design flaw. If the icon is on your desktop and you have an admin account, you should not be prompted to delete a file in your own folder...

I'm not familiar with OS X, so I asked my Mac-loving brother about UAC.

He says Macs don't have it. He says he's been using OS X for 8 years, and the only time the Mac asks for his password is when he installs software.

As much as I appreciate uac having my back, has anybody, unlike me, EVER had uac catch an illegitmate process trying to mess things up?

Just wondering.

"the user should be able to adjust, say, the clock settings without being bugged by UAC"

That's a system setting, so it requires UAC.  It affects all users, and can also have adverse effects on software too.  You CAN change the time zone per user though, since it doesn't actually change the time - it just offsets it.

You got bad people out there that wants to do harm to your PC. That's reality.

You have locks on your door. Are people annoyed when it requires a metal key to let you in?

Master,

If only everyone was as logical as you, then they would get it.

Delmont --

There's no need to be an A$$.

I for one do not like the UAC changes in Windows 7.  I think that it should be set the "Always Notify".  If most people had that turned on, I wouldn't have to spend my weekends reloading XP for friends who have torched their machines with Malware.

For all the people that comlained about Vista, you got what you wanted, a far less secure OS.

"If the icon is on your desktop and you have an admin account, you should not be prompted to delete a file in your own folder..."

It's not in your own folder though - it's redirected from the All Users folder.  Windows doesn't make copies of the All Users folder into each user folder as that would be redundant.  What it does is apply shortcuts from All Users, in combination with the user's own desktop shortcuts.  You don't know where those shortcuts are unless you check the properties or try a system command, like deletion (users shouldn't need to know that anyway).

It's not a design flaw either.  It reduces redundancy.

"has anybody, unlike me, EVER had uac catch an illegitmate process trying to mess things up?"

It doesn't recognize the difference between "legitimate" and "illegitimate", it only recognizes the difference between system (affects all users) or user-level commands and programs.

User privileges 101:  When you log into Windows Vista, the filesystem gives you this little sandbox that consists of your "home" folder (the folder under x:\Users that is your login name) and all your standard storage folders under it.  That's the Documents, Pictures, Music, etc., folders.  You can write what you want in there.  *nix users should be all too familiar with this concept.  Deviating outside of that on the system drive usually affects all users.  Similarly, there are options that you can change for your own login only (personalization options such as wallpaper, screen saver, etc.) which don't require UAC.  Any setting outside of that will, however.

Of course, to change any system-level setting, you either need to be an administrator, or UAC will prompt for an administrator to enter their credentials (choose their name from a list and enter their password).

The Windows security Best Practice is to only have ONE administrator level account that IS NOT used for day-to-day purposes WITH A STRONG PASSWORD, and have all users log in under limited user accounts for normal usage.  Passwords should also be used by all users.

@ Wae,

Some websites I read was reporting it as a girl. If its not, mea culpa. Whole hearted apologies. I still think the call to launch 7 is a bit premature.

I would have to disagree with you about SP 2, because there were still issues with XP security long after SP2 was out. There were a string of issues with IE 6 because I would sit there letting Windows Update patch issue after issue with IE 6. You can't tell me that the security issues did not persist long after SP2. SP2 was launched August 6, 2004.

After SP2 was the Zotob worm, Nyxem, Stration, W32 Storm/ aka Storm Worm, etc. So SP 2 was a nice stopgap measure, it didn't cure the problems.

IE 7 had all those issues resolved as well as new features that helped security.

My router doesn't allow WPA and WPA 2 at the same time. Only network cards using WPA 2 can be used, because WPA network cards and adapter's have failed to connect to the network. I've tested this frequently to make sure.

The router also locks out other computers by identification of authorized mac address.

"You have locks on your door. Are people annoyed when it requires a metal key to let you in?"

I like the pants analogy better.  It's funny.

"For all the people that complained about Vista, you got what you wanted, a far less secure OS."

....straight out of Deliverance.

*cue banjo*

:P

Just to stress another point:  software should ALWAYS require admin privileges to install.  User-level software should never be trusted.

"After SP2 was the Zotob worm, Nyxem, Stration, W32 Storm/ aka Storm Worm, etc. So SP 2 was a nice stopgap measure, it didn't cure the problems.  IE 7 had all those issues resolved as well as new features that helped security."

IE6 had security issues later, there's no doubt.  So did IE7.  So does Windows.  You need to check your security info tho:  those worms attacked systems that were missing a specific Windows update.  It didn't matter what browser you had.  What SP2 did was curb drive-by downloads because of the extra ActiveX prompting and download blocker.  That wasn't an IE7-specific feature at all.  That was the major stepping stone in IE security though, because it meant that if you clicked on a link that led you to a malicious website, the site would be much less likely to be able to install software automatically due to flaws in the handling of ActiveX security certificates, which can be bypassed.  IE7 only added what I would consider minor security additions such as the anti-phishing notification.

"Only network cards using WPA 2 can be used, because WPA network cards and adapter's have failed to connect to the network. I've tested this frequently to make sure."

Windows Vista reports WPA2 access points.  You can confirm whether or not WPA works by changing the properties of the wireless network connection to WPA[1](TKIP) with the same password.  If it does, you need to lock it down a little harder in your router web interface.

BTW:  A Sony PS3 will have problems connecting to WPA2(AES) when you use WPA+WPA2.  It will only work with WPA1(TKIP) in that scenario.  The PS3 seems fairly buggy with WPA2 in other scenarios too.  I've tried this with routers from every major manufacturer, so I conclude that it's a problem with the PS3.

"The router also locks out other computers by identification of authorized mac address."

That's not hard to fake actually.  Many routers allow a MAC address of all zeros to connect.  MAC address filtering should never be considered a "security feature", because it's not.  Many wireless cards can just scan connected MAC's and then you can modify the network card MAC to match one that's already connected.

@sub:

One of the key additions to XP SP2 was the Attachment Execution Service which tracks the origin of a file and prevents it from executing automatically.  That was part of what I mentioned in IE6 SP2.

@Waethorn - "It doesn't recognize the difference between "legitimate" and "illegitimate""

I think that what radamanthyspl was asking was if anybody has ever seen UAC catch a process that was initiated by a piece of malware? I haven't...but like others here, I have several layers of protection before it even gets to UAC.

--tayme

Coincidentally, the acronym for that service is also AES.

Funny, that.

"The UAC does its job very well. To me, I'm use to the one click to authorize when I'm installing software or an Web application. But I very much aware of what I'm doing when I authorize the UAC. At least we're not having enter an admin level password in certain situations for such changes. That would be truely annoying."

LOL!  UAC is a very good move for MS.  Its implementation is HORRIBLE.  Because of the way its done, Joe User figures out how to either turn it off, or just clicks through repeated ok's....like they did with XP and a software install.  THAT IS BAD!!!!

OS X and Linux do it right.  Much fewer prompts, no diming of the screen (that seems to kill systems with slower CPU's/video cards on Vista) and ALWAYS asking for a password.  Nothing SCREAMS security more than asking you for your password.

Windows 7 needs to tweak UAC to be OS X like.  BTW there is a cool free product called tweak UAC for Vista.

Also via the registry you can tune UAC to always prompt for a password even as an amdin, and to not do that stupid screen dimming effect that seems to give most Vista boxes a heart attack.

@Waethorn, @tayme

Right there, I'm not debating wheter or not it differentiates between "legitimate" and "illegitimate", I was asking just out of curiosity whether uac has ever saved anybody here.

I've seen it asking my authorisation to actions I inititated countless times, while never have I seen a uac window pop up while I was watching a movie, reading a blog or whatever.

And as tayme said, i too have many a layer of protection, but even in the case of malware being caught, security suite disarmed the culprit before I could see uac react in ANY way.

@Lindy,

I have to agree with you that the implementation of UAC in Vista is horribly done. However, working with that inperfection isn't as hard as many would make it to believe.

However, I would disagree with you that frequently asking for your password would make you anymore safe. You need to be aware of whats going on. If you're just web browsing and all of a sudden you're asked for your computer's password, if you didn't know any better like a lot of users, you could un-intentionally compromise your own system. Much like the iWork 2009 and Photoshop CS 4 pirated copies did. The password alert didn't make users any more protected. This is part of the computer behavoral studies people are looking at. To some folks, they believe the prompting of a password makes it more safe. That can easily be spoofed by any competent virus or code writer.

Like some others here, I looked at Win 7 UAC early on, and concluded I didn't trust the lower settings.  Mine is cranked to the top where it belongs.

As to the seeming "Working as intended" response from Microsoft:  if that is really the official and long term answer, the person who intended it to be that way made an idiotic decision, probably by not thinking through scenarios.  It always surprises me that really smart people--that covers the vast majority of the folks at Microsoft--miss things like this.

"I was asking just out of curiosity whether uac has ever saved anybody here."

It's all up to the user as to whether or not they allow the process to run.  I have had calls from a few people where they didn't know if they should allow a P2P file-sharing program to let other programs install so I'm guessing it works.  Luckily they stopped at that point to give me a call.  I also talked them out of using P2P file-sharing programs since they wanted to download pirated music with it, and I've already had many computers in with MP3's downloaded from Limewire and the like, infected with ID3 tag trojans.

subzero has good info about this too.

The point about the whole thing is to make users aware of what's going on.  If they don't understand what it is and just ignorantly allow it, it's their own undoing.  Anti-malware software should catch the rest though.

Sometimes UAC just helps alert the user to a configuration option that they maybe shouldn't be playing around with.  I get the odd user that likes to play around with MSCONFIG, and disables half of the services and then wonders why they can't do certain things like print, or burn a CD.

I think the reason that we don't see illegitimate applications ask for UAC is that generally users on here are very savvy.  No matter whether I am using XP, Vista, or 7 (or pre-2001,  95/98), I don't encounter any malware problems.  I'm protected, but AVG or VSE is just sitting there never actually blocking anything.  It's called safe browsing and computer practices.  Something I think we all know, but it is something that is hard to teach to users.

Now, MS needs to take care of this situation, since it is a flaw.  I know I've mentioned this before, but it is a good analogy.  It is like the Simpsons episode where Mr. Burns wants to shut down the power to the town, and he and Smithers go through a couple of high security measures to reach the off button, which happens to be in a shack with a screen door hanging off of it with a dog inside.  Same thing with leaving UAC naked like this.

Why can't they get rid of UAC altogether? If we rely on AV suite, isn't it enough?

It's like asking us to either be always irritated or be a security risk. Nice options.

"Why can't they get rid of UAC altogether? If we rely on AV suite, isn't it enough?"

No.

UAC prevents system settings from being modified automatically.

AV software identifies malicious software.

They both work towards the same goals but are completely different in their approach.

I'm sure you understand chess....

Unleash a general STFU tomorrow. Unleash win7 now? Ask Mr. producer what his system/software suite is or 'vista hassles' tomorrow...........

But the upcoming version (free) of OneCare should have the ability to block system settings from being modified. In fact most decent AV suite does that.

Unless UAC prompts me for a password by default, it's still useless. That is why it sucks in Vista - not the frequency of appearance, not speed, but the simple fact that is seems redundant - it's a button click. At least a a password entry justifies its existence to some extent. A button seems a a waste of time

"But the upcoming version (free) of OneCare should have the ability to block system settings from being modified. In fact most decent AV suite does that."

Most just offer those features for the sake of XP users.  What they do is take over the task of UAC in order to brand the entire experience.  Symantec is one of those companies that wants to brand EVERY security experience on the computer to gain the trust of the user.  They do that, even if Windows already provides that functionality.  It's one of the reasons why they wanted Microsoft to open up the kernel PatchGuard in Vista SP1.

OneCare doesn't attempt to take over control of UAC either - it allows Windows Vista to handle it by itself.

Moving forward though, XP is a poor choice for an operating system.

Veteran users should also have a mindset of security and OS'es as perpetural "Works In Progress." I learn something new just reading this blog. From every user and point of view, our use and how we attack security continues to evolve. Wae, Dipsh t, DRWAM, and other's have taught me things that I was greatful and humbled to learn. If we are always learning from each other, we can build a better community.

I even learn from Lindy, Tayme, and many of our resident Mac users. If we are static and just doing our own Windows thing, but not learning from both the successes and failures on both Windows and the Mac side, whats the point of any of this? We should constantly be hungry for new info, better ways of doing things, and just staying alert.

The guys looking to compromise our systems do not take a rest. However, this has identified an urgent problem in our education systems. Computer Literacy is a big issue that needs to be addressed. People aren't patching their machines. They don't know what to look for. I was lucky to actually have an 8th grade computer literacy class and High School Visual Basic class. College also had plenty of courses to help. However, a lot of schools at the middle school and high school level do not offer these courses. Its something that we should all be pushing our elected officials to promote and change.

Any bets on a certain young Apple fanatic quoting the last sentence of Waethorn's last post completely out of context?

--tayme

@tayme,

Honestly, I wouldn't be surprised.

@darkmax

For some reason this reminds me of an old Bill Hicks' routine:

- Believe in me or go to hell!

- Thank you, forgiving Lord, for all these... options

@Waethorn

Guess you're right. If you look at it this way, uac just protecs people from themselves. Wouldn't that be just a perfect reason for some to shut it off?

"Unless UAC prompts me for a password by default, it's still useless. That is why it sucks in Vista - not the frequency of appearance, not speed, but the simple fact that is seems redundant - it's a button click. At least a a password entry justifies its existence to some extent. A button seems a a waste of time"

The point of the UAC prompt isn't actually the OK button, it's the Cancel button.  It gives a clear point where the user can STOP what's going on, rather than really approving it.  Approving it is just saying, I don't want to stop what's happening".

Yip:

then again, do some reading before just tossing out question of that little degree.

Why have passwords? Passwords just get in my way!

Pingback from  Links for January 30,2009 « Steve Mullen’s Blog

@kadarzsolt: "You're like that guy in the "Life without walls" ad prints"

Another nonsensical dumb Microsoft ad.

The other thing about UAC is that it incorporates the Secure Desktop, making it more than just a prompt.  The Secure Desktop provides the under the hood security and prevents window spoofing, which is a big malware attack vector.  Wae is right that user education would be best in this area.  MS has done a poor job educating users to the benefits of UAC, and what really to look for with those prompts.  If a UAC like prompt appears, and the desktop does not darken, you know you have a spoofing attempt (assuming Secure Desktop was not shut off).

"Waethorn said:

"You wouldn't get this sort of stuff with quality Apple bloggers."

That's an oxymoron, as are you."

Most serious Apple bloggers are a much more balanced and interesting read than the old SuperSite for Windows. No posts such as Paul's now infamous (and childish) "ahahahahahha" post. Jumped the shark that day.

"Smart man: media.arstechnica.com/.../x_obama2.jpg

Yeah, at least we know he's not playing any games!"

He could if he used BootCamp and booted that piece-o-crap OS you call Windows.

The whole OS is a sieve to allow viruses, spyware and worms to proliferate. And you're surprised there are problems with parts like UAC?

The anti-virus software industry loves Windows -- taking you all for the chumps you are. Don't forget to buy your anti-virus software, keep it up to date, slow down your machine. How sad.

"Unless UAC prompts me for a password by default, it's still useless....At least a a password entry justifies its existence to some extent. A button seems a a waste of time"

Another person would argue that a flashing red light and a 100db alarm would be the only method to make users think otherwise to changing system settings....

The risk factor lies in the user.

"If you look at it this way, uac just protecs people from themselves."

You just understood the entire point of it all.

"MS has done a poor job educating users to the benefits of UAC, and what really to look for with those prompts.  If a UAC like prompt appears, and the desktop does not darken, you know you have a spoofing attempt (assuming Secure Desktop was not shut off)."

I think the best UI would be a message saying "This process/your system has been PAUSED because the current process needs your permission to continue and can affect the operation of the computer" (and have a "II" pause symbol), and have a play or stop VCR style button on it.  Then have a security info link on it.  People would understand that more.

"serious Apple bloggers"

There is no such thing.  They can't be serious, nor can they be taken seriously.

"Don't forget to buy your anti-virus software, keep it up to date, slow down your machine."

As opposed to Mac OS X upgrades?

Re: The article I posted in the other entry...I just threw it out there for discussions sake.  If you want to know how I feel about Windows 7, I've posted it several times.

>>"serious Apple bloggers"

There is no such thing.  They can't be serious, nor can they be taken seriously.<<

So someone show me some recent evidence of Daring Fireball not being a sober minded pro-Apple blogger.

He even nailed Apple for the multi-touch patent they won...

Another interesting article:

How Much Do You Need Windows 7?

technologizer.com/.../how-much-do-you-need-windows-7

"The most interesting question for every Windows user about a new version of the OS, after all, is “Should I get it?”

I know I won’t give an all-encompassing yay or nay–I’ll make different recommendations for different types of people. Consider the musings below a pre-alpha stab at the tips I may give..."

"So someone show me some recent evidence of Daring Fireball not being a sober minded pro-Apple blogger."

Looking at the 27th (3 days ago), I count 7 out of 11 postings on Apple, not to mention one just to smite Microsoft.

"There is no such thing.  They can't be serious, nor can they be taken seriously."

An Apple blogger that offers even mild praise for Microsoft will get eaten alive by Mac fanatics. There's no way an Apple blogger can be serious.

I have more than high hopes for Win 7, I need it to get passing grades and great PR so that I can stop installing XP on all my partners' Macs [two in the past two days!]. I guess it's less expensive to use the XP key from their dead Dells, but I long for the latest and greatest when using new equipment. My docs are just too dumb to deal with Vista, although I think they would like it and find it easier to use and manage than XP. What hurts is that when I ask if their kids Vista PC has any problems, I always get an answer of 'not to my knowledge'. Then why wouldn't they want to use Vista themselves? It's true that they are lazy [and afraid, which is the answer], but you need to climb on the train at some point. Please don't get me wrong, because XP help make me a lot of money, but the XP has past it's prime. To me, it's like using a CRT. I'm sorry for venting here, but I wanted you all to know why I am really rooting for Win 7. Again, my apologies.

Waethorn said:

"Don't forget to buy your anti-virus software, keep it up to date, slow down your machine."

As opposed to Mac OS X upgrades?"

Every release of OS X has been faster than the previous one. You could certainly argue that 10.0 was dog slow (it was!), but since then, they've just gotten faster and more efficient. So, not much of a debating point from you.

This is too funny, UAC can be bypassed like but I cannot even run programs I have installed without UAC interrupting me (Crysis, VirtualCD, beta's of firefox, etc...)

Generally I disable UAC (on vista) but not being able to run "sidebar" gadgets on win7 with UAC disabled makes it pretty annoying.

But oh well, it's a beta.. nothing is perfect!

UAC is not broken. Windows 7 has the most amazing security in the world. Raf, Long, and Paul know nothing about technology. This site has turned into a joke like the other anti-MS blogs. Posts like this one only serve to strengthen the notion that Paul's an Apple fanboi.

Was that robertsjoe enough?

Please accept my apologies. My post was selfish and insensitive since this is what many of you do many  times weekly or daily. Believe me when I say i respect what you all do, as I know we would be no where without you heroes.

Doc

@subzero.  OS X asks you for a password when you are going to install something into the system area of the OS, library files mostly.  Vista will ask if you going to change your back ground.  Huge difference.  OS X does come to a crawl when it prompts you like Vista does.

Those people that got malware from iWork and CS4 did what was normal and right, except for the FACT they were stealing software and getting from criminals.  They got exactly what they should have gotten.  You play with fire, your going to get burned.

@robertsjoe

"The whole OS is a sieve to allow viruses, spyware and worms to proliferate. And you're surprised there are problems with parts like UAC?

The anti-virus software industry loves Windows -- taking you all for the chumps you are. Don't forget to buy your anti-virus software, keep it up to date, slow down your machine. How sad."

OSX/Krowi.A, OSX/Jahlav, OSX/iWorkServ.A, & OSX.Trojan.iServices.B.

All trojans found infecting Macs. Need anymore proof that the only sucker around here is you?

The anti-virus industry is going to love suckers like you when one day you wake up to your system heavily compromised. Then you'll panic, reformat and restore your system only to find your system compromised again.

Then reality will come in hard.

Your Mac was just compromised by a trojan and you had no anti-virus.

Do us all a favor. Go buy yourself some anti-virus.

Your anti-virus will not protect you from a trojan that's not been seen before. Get a clue, please! Neither on a Mac or Windows.

Your point of view on things really shows that you've bought in to the whole sales pitch from the anti-virus industry. No wonder they (internally) refer to people like you as "chumps".

@subzerohitman721: What's that a handful of trojans. Don't forget to mention ZERO viruses and WORMS. How many on Windows? Why so many!? Because you're using inferior technology. Simple as that. Chump.

@robertsjoe - I don't expect you to understand this, since your young and simple mind is not fully formed yet; but even thought the latest OS X trojans were delivered in pirated software, it proves that it won't be long until you are browsing *** in Mom and Dad's basement and a trojan is delivered that way. It proves that OS X is not as invulnerable as you and millions of other simple minded individuals like to say it is. Believe what you want and keep being spoon fed by Steve Jobs and Tim Cook. All the while, they (internally) continue to refer to you as "chumps" for being so gullible.

--tayme

@tayme: No matter how you spin it, OS X is much more secure. And no, we don't need to run anti-virus software. Why? Because it's more secure and there aren't the thousands upo thousand of viruses like on the system you run. Makes sense.

Please don't start that Apple-Windows nonsense. Frankly it is annoyingly childish.

1. If OS X is so good why isn't everyone else converting to it? They certainly have bought into the inferior quality of the iPhone.

or...

2. If Windows is so good, why is it copying OS X's interfaces?

How many of these dumb questions are there going to be? Apple has a fan base. In fact I started my life in computing with the Apple IIe. Does anyone even know what that is now? Apple lost a lot of ground over the years and only manage to pick things up again in the lst decade. Windows however has been on a very steady climb in the market.

As I said before, if Mac OS X is as ubiquitous as Windows is today, they will face the same number of problems with malwares.

Anyone has any clue how to sync Firefox Bookmarks with the Live Skydrive Favorites???

I use the Windows Live Toolbar in IE8 to do this, but now I want to switch to Firefox, which won't run the Windows Live Toolbar! :((((

i would rather not complain about UAC in vista..safety first please amigos!!!

"And no, we don't need to run anti-virus software. Why? Because it's more secure and there aren't the thousands upo thousand of viruses like on the system you run. Makes sense."

Cars from Lamborghini have probably been in lot fewer accidents than, say, Honda Civics, mainly because of marketshare. I guess that's justification enough for not wearing seatbelts or getting rid of airbags when you buy them.

Wow. Talk about hubris. Well since robertsjoe had to resort to calling me a "chump" it really proves that his ad hominem attacks prove he really has nothing to say. Just saying over and over that OS-X is more secure, doesn't actually make it so. Where's your proof or studies that show that OS-X is more secure? Yet I've shown from the N.V.D., Secunia, iThreats, and many other sources that the threats against OS-X are growing. Apple's OS does a lot of great functions and services, however I do think the security needs to be re-evaluated. Just as Microsoft really has its handsful with Windows Security.

@shark, your analogy is perfect. Kudos.

@darkmax, I agree. I am quite comfortable in Tiger and Leopard as I am in Windows. Its robertsjoe who is becoming Rush Limbaugh of this blog.

I'm glad that Apple is making a come back. That doesn't mean acting a fool with your OS, and possibly risk infecting other machines. Frankly, I believe the competition os great for everyone. It will keep Apple, Microsoft, Canonical, and other OS makers on their toes. However, ignoring good computing practices simply harms everyone.

this shows Paul's double standard.  He happily roasts anyone but Microsoft when they do anything remotely distasteful according to his whims of the day.  But what does Microsoft get?  simple chiding with 'Umm right. Microsoft?'  That's some rough talk he has for them.

shark, good car/airbag analogy.  That's exactly what I've been saying for a long time.  There is money to made creating malware.  As you would operate any business you concentrate your efforts on the biggest portion of the population, which is Windows.

rj, check the security vulnerabilities in OS X on Secunia.  There is plenty of potential to exploit those vulnerabilities, as they exist in all software.  As the marketshare increases, so will the malware risk.

You can check it out when Saturday morning cartoons are over.  So, how many Webkinz you got?

why isn't paul doing commentary on Microsoft's return to DRM.  He could have paired it in with his story lambasting Apple for actually doing what he wanted them to do, just not sooner!

www.pcpro.co.uk/.../qa-microsoft-defends-its-return-to-drm.html

Pingback from  Windows 7 UAC - we have a problem &laquo; Longing for a break

Pingback from  Windows 7 Help & More

Pingback from  A A Help Desk Software | Powellfurniture