programming and human factors
by Jeff Atwood
Paul Thurrott's scathing article Where Vista Fails highlights my biggest concern with Windows Vista:
Modern operating systems like Linux and Mac OS X operate under a security model where even administrative users don't get full access to certain features unless they provide an in-place logon before performing any task that might harm the system. This type of security model protects users from themselves, and it is something that Microsoft should have added to Windows years and years ago.Here's the good news. In Windows Vista, Microsoft is indeed moving to this kind of security model. The feature is called User Account Protection (UAP) and, as you might expect, it prevents even administrative users from performing potentially dangerous tasks without first providing security credentials, thus ensuring that the user understands what they're doing before making a critical mistake. It sounds like a good system. But this is Microsoft, we're talking about here. They completely botched UAP.
The bad news, then, is that UAP is a sad, sad joke. It's the most annoying feature that Microsoft has ever added to any software product, and yes, that includes that ridiculous Clippy character from older Office versions. The problem with UAP is that it throws up an unbelievable number of warning dialogs for even the simplest of tasks. That these dialogs pop up repeatedly for the same action would be comical if it weren't so amazingly frustrating. It would be hilarious if it weren't going to affect hundreds of millions of people in a few short months. It is, in fact, almost criminal in its insidiousness.
We have fairly recent internal builds of Vista for a project we're working on at Vertigo, and we've run into this problem too. Even though you're ostensibly logged in as an "Administrator", you're inundated with a sea of security dialogs if you try to do anything even remotely, well, Administrator-y.
The problem with the Security Through Endless Warning Dialogs school of thought is that it doesn't work. All those earnest warning dialogs eventually blend together into a giant "click here to get work done" button that nobody bothers to read any more. The operating system cries wolf so much that when a real wolf-- in the form of a virus or malware-- rolls around, you'll mindlessly allow it access to whatever it wants, just out of habit. As Rick Strahl notes, this is the ultimate form of nagware:
Then there are the security dialogs. Ah yes, now we're making progress: Ask users on EVERY program you launch that isn't signed whether they want to elevate permissions. Uh huh, this is going to work REAL WELL. We know how well that worked with unsigned ActiveX controls in Internet Explorer – so well that even Microsoft isn't signing most of its own ActiveX controls. Give too many warnings that are not quite reasonable and people will never read the dialogs and just click them anyway… I know I started doing that in the short use I've had on Vista.
But there's an even deeper problem lurking under the surface. Why doesn't Vista respect my choice to be an Administrator? Who is really in control here: me, or my operating system? There's something awfully paternalistic about an operating system that lets me log in as an Administrator, but treats me like a regular User. If you're going to treat me like a User, at least have the decency to create a regular User account for me. That would certainly make more sense.
Rick Strahl confirmed that, indeed, Vista downgrades Adminstrators to regular Users by default, in a misguided attempt to enhance security. He also posted a workaround that applied only to the Vista Beta. But the good news is that in the final, released version of Vista, it's quite easy to disable UAC:
Then log off and log back on.
I seriously hope Microsoft reconsiders these bizarre policies before Vista is released, but sadly they did not.
It could be so much simpler if Microsoft just followed the established conventions.
I think that the approach the KDE environment uses with makes a lot of sense: if I attempt to do something "administer-y" as you put it, I get a popup requesting the admin credentials. Those credentials will work until I stop doing "administer-y" things for long enough, at which point the credentials are invalidated and they will be requested again.
Generally speaking, that means I need to supply rights two or three times a day at most.
The problem on Microsoft's side is the fact that they got so much criticism of the "default insecure" setup that they are swinging way the other direction to try to appease the critics. You can see the same thinking with the Microsoft Command Shell beta. You install it, and when you launch it for the first time, it asks if it can load the required assemblies. Being that not loading them will result in a completely useless endeavor, I fail to see how the installer *shouldn’t* register the main assemblies as loadable.
In the build of Vista that we have, this setting has changed names a bit.
It's still in
Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options
but the names of the keys are all under
User Account Control: Run All Administrators In Admin Approval Mode
Set this to "Disable". You do *not* need to log out for this to take effect in my testing, but again, this is a later build of Vista than Rick had.
All the "User Account Control" settings in this area mitigate the above complaints and are worth investigating. The real question is, what will the default values be for those settings?
Jeff Atwood on April 20, 2006 5:02 AMFirst!
Kurt Koller on April 20, 2006 5:04 AMLOL. Now it's even funnier. Not sure if that was intentional or not, but.. ;)
Jeff Atwood on April 20, 2006 5:21 AMPerhaps this feature is targeted at upgraders - since most people already run as admin, defaulting to "Admin as user" effectively downgrades people to regular users by default( but without mucking with the user account). Definitely annoying, though.
Kevin Dente on April 20, 2006 5:28 AMThis is the first thing I thought of:
The default answer to every dialog box is "Cancel"
http://blogs.msdn.com/oldnewthing/archive/2003/09/01/54734.aspx
thing is, its called the CYA way to do it. If microsoft leaves it up to the user. When they let malware install, its their own fault, not the OS's. Right now, there is nothing, so its the OS's fault. MS learned their lesson, and is putting the owness back on the end users.
Lock everything down by default, let the end users configure, and if they get bitten, it was by their choice.
Steve on April 20, 2006 6:46 AM"..I get a popup requesting the admin credentials..."
People would find a way to bitch about that too. They would claim that it is a security risk because malware could pose as the security prompt and steal the user's administrative user name and password.
MS can't win. People will always find a way to bitch about anything they do. Just like Windows XP, two years from now the bitching will subside as everyone finds that all the new stuff really isn't as big of a deal as they thought in the beginning.
dude mcdoogle on April 20, 2006 7:38 AMDoes the "run as" command still work on Windows Vista? Could you set up a "true Administrator" using the hack Rick S. detailed, log in under a normal user account, and "run as" the true administrator account when you need to do something administer-ey?
Scott on April 20, 2006 10:04 AMCould you set up a "true Administrator" using the hack Rick S. detailed, log in under a normal user account, and "run as" the true administrator account when you need to do something administer-ey?
Absolutely-- this is the default for a standard User account. I don't think it's as smart as what Wesley described (first comment) but you get your choice of an in-place one time admin login popup, or a dialog that says "you must be an administrator, etc".
The way Vista handles User permissions is fine, or at the very least, no worse than the way it's handled today in OS X. It's the "let's silently downgrade Administrators to Users by default" part that is problematic.
Jeff Atwood on April 20, 2006 11:29 AMIf microsoft leaves it up to the user. When they let malware install, its their own fault, not the OS's
That's true. If users want something bad enough they will click through any number of prompts and passwords to get it, eg, the Dancing Bunny Problem:
http://www.codinghorror.com/blog/archives/000347.html
Ultimately you can't solve this problem with technology alone; it takes education:
http://www.codinghorror.com/blog/archives/000119.html
Jeff Atwood on April 20, 2006 11:31 AMI can understand why security can be defficult to implement, and I most certainly will not try to show myself as a security expert... but I dont understand why the user interaction has to be so defficult.
Just take something small like the "you need to reboot your system" popup, that shows in case of a new installed application or some windows update. It is ofcause irritating that I need to restart at all.. but it is nice to know. I can choose "restart later" or "restart now". But I am in the middle of something and I click the "restart later". But 2-3 minutes later it pop's up again.. and again .. bah! The best thing is if I am sitting with a machine where I dont have access to restart, then it still pops up all the time, takes the focus away from my active application.
That would be like my car would pull over to the side and stop driving because I only had short amount of gas left or needed to change my oil.
Peter Palludan on April 21, 2006 2:45 AMMaybe Microsoft is just trying to re-use some of their Microsoft Bob code ;-). Wouldn't want all that hard work going to waste.
Or maybe it is just aerobics for geeks. How many calories do you think you burn up with all the extra mouseclicks?
Joe Brinkman on April 21, 2006 3:59 AMOn the February CTP there was one more problem, that I don't know if later will be risky. Now in XP, an administrator account with no password, can't be accessed from a user account (for example, using runas, etc.). But now you can, you can give an admin permisson without even entering a password, and maybe this could be risky and let all kind of badnameware install by itself...
I use XP on a LUA account, and I'm happy with it, although you need some tricks found on Aaron Margosis' blog to make your life easier.
CharlyChango on April 21, 2006 6:27 AMThey are just trying to follow the unix world's idea of security. Sadly "File operation" isn't too helpful to let me decide. Worse, most people I know click ANY ok button they see just to avoid reading, so yes, this will ultimately be pointless security that results in rapid fire clicking without thought.
Speaking of useless security, can we assume that since the word to post here is orange that I will ALWAYS type orange, and as such, you can just remove the requirement, and we can have the same level of security that typing the word orange provided without all the bother of typing?
Xepol on April 21, 2006 8:32 AMRegarding the "orange" thing. I'm sure it was a quick to implement way to avoid *automated* comment spam. Yes, it only takes one real person to realize it doesn't change and to modify the script, but spammers tend to pull less energy into things like that.
Wesley on April 21, 2006 9:44 AMThis reminds me of a feature in Lotus Notes called Execution Control List (ECL). It pops up a dialog whenever some piece of "untrusted" code attempts to perform a privileged operation. Unfortunately the typical Lotus Notes user will see these pop-ups frequently. And with very little information about what's going on. Users tend to just click "Trust Signer" and get on with their life -- and that includes trusting unsigned code.
Why does Security UI have to suck so much?
Bob Congdon on April 24, 2006 1:10 PMHoly shizz! It's fantastically unbelievable that for all their mountainous resources, MS can't find people who know anything at all about elegance and usability. I guess all those people already have jobs at Apple. [pun intended]
mdj on April 25, 2006 4:17 AMI like the KDE style solution. As for making sure other programs can't mimick it, there are plenty of solutions around that. The windows login provides a couple already.
I heard a comical story of it popping up with a security dialog when you tried to create a shortcut on the desktop.
For some sensible discussion of secure user interaction, read http://www.sims.berkeley.edu/~ping/sid/ and the paper linked there. Windows and UAP violate *all 10* of the suggested principles.
The link that got snipped out of my last comment by the blog software is http://www.sims.berkeley.edu/~ping/sid/
David Hopwood on April 25, 2006 10:17 AMI am not sure what the user is supposed to make of deciding whether RunDLL is supposed be launched (I don't think anyone could answer that question without knowing what was calling it - such information is not provided in the warning dialogs).
The thing that gets me is that Vista requires permission to execute its own files one DLL at time (not third party programs) and has no memory of them. Surely, if I have double-clicked a Control Panel applet I have already indicated that I want to open it!
Oddly enough, this exact behaviour is one of the reasons I threw away 1.5 years of subscription fees for ZoneAlarm when version 6.0 was released (it did exactly the same thing).
Hopefully this is all a side-effect of a half-cooked feature. After all, this is still a 'Beta' we are talking about here. If this 'feature' shipped without a switch to disable it, it would be suicide.
Ok, After giving myself proper admin rights...My control panel doesn't work anymore....reverting back to the default User account settings didn't help, now what...?
Rob on May 7, 2006 5:41 AMSadly disappointed with the 5384 Build of Beta2, I have never been logged on as an administrator, in safe mode and told I cannot install a driver because I didn't have true admin rights. They have a long way to go with Vista although being MS they'll meet the release date for qtrly profits alone, then patch for the next several years.
Oh and if installing drivers wasn't frustrating enough, vista telling me every 3 seconds that a driver didn't install correctly "Would I like to stop or reinstall" really blows considering the error comes along before the installation of said driver is even finished.
Right now, Vista is nothing more than an exercise in patience and frustration. In time I hope that MS works this out because the potential of Vista is huge.
i dont know much about cps, i know how to put them together and some system stuff, but when i heard about Vista, its size... its insanity! i switched to Fedora Core 5 linux. i like not have viruses, and of course the only thing worse than viruses (Norton Antiviruse) and im happy im not going to be a windows user when windows and direct x and the rest of their OS crap get left waaay behind.
Max on August 8, 2006 11:21 AMHmm, maybe thats because you run a warez version ?
GH on November 17, 2006 10:51 AMThe funny thing is now that on the RTM edition, the option of User Account Control: Behavior of the elevation prompt - No Prompt no longer exists. Rather you can only choose either "Display" or "Prompt without elevating." Great Microsoft, great.
MC on November 30, 2006 5:00 AMWhy would you support a Closed Source OS , the whole basis of where people buying Microsoft OS is absurd and psychologically weird- is you pay for something that in reality when bugs and user issues arise they will never be fixed by Microsoft. Ask yourself is that OK are you happy to push your mouse around clicking endlessly to satisfy well no one except your own blunder investing in poor software.
Open Source is the proper direction for computers , you should investigate Linux and its many varied exciting releases. Xandros Mandriva , Red Hat/ Fedora ,Mepis, Knoppix etc , and learn about contributing to them.
I compare Windows - whatever ,to driving in pitch black darkness in a forest of dense trees at 70 mph smashing into trees - denting your car , to Linux that asks however and if and many other questions about its environment and navigates through it all with ease. Its crazy paying for software in a closed source way - there is no better time to stop doing that than now. Support Open Source and or software that contributes provides freely for every OS like the Opera browser .
CD on January 17, 2007 9:43 AMInstalling Vista RC2 and using it for a couple of months has made me a convert... to Mac OSX! (I can run XP using Parallels when I need to do my .NET development work, but I can actually ENJOY MY COMPUTING EXPERIENCE the rest of the time!) So long, suckers.
CD - the problem is that open source OSes are generally not as user friendly as Windows, and those that ARE aren't well known enough to the public at large.
The other problem is that performance powers development, and currently if you want to do the most high-end gaming, you're going to have to do it on a Microshaft OS. They have the majority share, good games and drivers are written for the OS, people see the games, and use the OS. It's a vicious cycle, and holds true for things outside games, as the open-source OSes don't have a killer app. Microsoft does - the Office suite. Linux is great to code on, but that isn't accessible to the common user, or not nearly as much as the original spreadsheet software was.
Mnementh2230 on January 30, 2007 3:06 AMTotally agree Stebe. I installed the final release of Vista on my MacBook Pro, and it works great - wait, no, it works as well as Vista is capable of working. But there's nothing in Vista for Apple to worry about.
As a long time Windows hacker I can honestly recommend switching to a Mac.
Lee on February 2, 2007 9:58 AMApple fan boys make me laugh. Come back the day Apple have the guts to release Mac OS X for all pc's with all the issues that will raise.
It's easy to copy a unix kernel and customize it for specific hardware. Apple is not even in the same league as Microsoft and Job's knows it, why else would he feel the need to talk crap about MS every chance he gets.
PL on February 2, 2007 10:29 AMOh no - Windows Home Basic won't allow you to install the "snap-in" require to run this administrator tool!
Now what? How to turn off these stupid prompts?
ScottZ on February 6, 2007 7:09 AM@ PL
Actually, Apple has the BRAINS to keep its software and hardware under one package. That's the only way to really guarantee the quality of what you're using. And if you think that this is only a game Apple plays, look at Microsoft's Zune and XBox.
Apple's iPod + iTunes works better than Microsoft's Zune + Marketplace. So it's ok say that "Apple isn't in the same league as Microsoft." Apple's in a better one.
And by the way, no apostraphe in "Jobs."
Dave on February 7, 2007 3:26 AMDisabling UAC is much easier in the RTM version of Vista.
Just go to Control Panel, and type "UAC" in the search box in the upper-right hand corner of the window. It's the first result.
Jeff Atwood on February 7, 2007 6:48 AMok... all that aside,,, can anyone tell me how to turn off the information bar that pops up on EVERY page warning me that I am stepping in front of a speeding truck?
Larry on February 14, 2007 5:15 AMOS X doesn't have a "UNIX" kernel. Darwin is a combination of OpenBSD and Mach. Of course, OS X has completely new APIs too, along with a completely new display system.
You Windows fans are just disappointed that Microsoft didn't deliver the revolutionary OS you thought they were going to ship. When Spotlight came out in OS X, you told me that WinFS was going to be the Holy Grail of computing. You showed 3D photo management demonstrations that made Vista amazing.
It turns out Vista has Spotlight, a flawed copy of Expos, a flawed Start Menu, a flawed task bar, a flawed copy of iPhoto, a flawed copy of Mail, a flawed copy of iDVD, a flawed copy of iCal.
Wow, $6 billion dollars of development and six years for a really weak impersonation of OS X.
Bob on February 21, 2007 1:29 AMOh, here we go, another MAC V Windows nutter. I must say that i am a fan of both OS's. IV used both and am comfortable, for both have advantages and disadvantages. Windows has the larger market share currently, with mac a million miles behind. But i see this changing in the comming years. Mac currently has little or no viruses written for it, but then why would you write a virus to attack a small percentage of computers in the world. bus as MAC gets more popular in the comming years, more viruses will be written. the OS will be attacked more, and then it will just be another OS that is as unsecure as the next. So, why cant we all get along, use all OS's for their advantages instead of shoutin off that one is better than the other.
Steve on February 22, 2007 12:29 PMI recently instaled Windows Vista Ultimate...and to tell you the truth...I belive it was worth the hasel and time comsumption...but like the rest of u i do have a MAJOR problem with the fact taht vista does NOT let a admin truly be an admin. I have trouble accessing web sites or downloading updates or patches for games,aplicatins, and other programs. With out vista telling ME the admin..that waht I am doing is "baddd" or can do me "harm". Or tellign me that i cannot 'downlaod patch becuase i do not have administrative powers"
basically..TOO much security
im not suprised that when in plug in my ipod my pc doesnt send an electrcal charge to the device and destroy it for having a bad word in one of the song's lyrics. XD
I am never pleased with the state of the OSs in the world; I am a developer and have to deal with the problems of each system.
It intrigues me how people advocate Free Open software. How do you propose to establish an income source for developers like myself who are independent. It is very simple, if my software, which is my only source of income would become free, then I would not make software anymore and look for some other form of income.
Finally, for all the flaws in Microsoft, both the company and their software, people fail to realize an important difference between Windows and OSX:
-Apple has to worry about a handful of hardware configurations. Development of an Operating System becomes a much simpler task this way.
-Microsoft has to worry about potential millions of configurations, and the user expects them to work out of the box. This is why a company that has the money to buy as many top programmers as anyone in the world, still takes a long time to develop an OS.
I don't like MS, and I don't like Apple, for different reasons. But as a rational person I try to recognize and understand their achievements and limitations.
Brackenridge on March 1, 2007 1:59 AMTo really get an idea of how much of a time waster vista truly is, simply go into "C:\Program Files\" with a default install setting and attempt to create a new folder and give it a custom name. You must go through FOUR confirmation pop-ups. Not two, but four, yet when you give a program permission to run, it can create folders through install with custom names, WITHOUT confirmation. This is basically stating that they are giving more permissions to a program than a user isn't it?
If you sum up the wasted time it takes for people to create a folder confirm through 4 dialog boxes over the span of a year, you are not seeing "the new way of security", you are seeing a lot of needless wasted time to get things done.
I wrote the developers with 1 suggestion, and that was to simply have a check box that says "I would like to have file confirmation", or I would notlike to have file confirmation", and perhaps "I would like UAC", or "I would not like UAC". All you vista robots speak of "more intelligent execution processes for security", yet simply put it's slowly disabling the right of a computer user to make their own decisions. Don't you trust your own judgement?
Ben on March 18, 2007 3:58 AMrun cmd, and type in the following (with path to a valid exe) -
"runas /trustlevel:0x20000 c:\Users\YourName\something.exe"
It bypasses the file confirmation simply because you are running a trust level... how secure is that? Considering you can set the "cmd.exe" and run as an admin with no problem we can really see that vista's security isn't so wonderous.
Typing in "runas usage" will give a full list of the available run options, and considering you could easily code a macro that would set a program to run as trusted regardless, this is pretty damn funny.
Ben on March 18, 2007 5:26 AMgive the solutions to work with vsta like erp,internet,word,wireless device etc
srinivas on March 21, 2007 7:22 AMVista security is so absolutely horriblel I wish i had known about before buying a new computer. I have a Gateway and it is loaded with programs i DON"T WANT....and CAN"T GET RID OF.
No matter what I do, McAfee and other programs are still there and annoying me every few minutes with "Load Now, do this or do that your computer is in danger".
I have a virus program I like very much thank you and DON"T WANT MCAFEE. So how do I get rid of it? And other programs?
I have been wading in and out of the stupid, difficult inane and ridiculous security crap till I'm dizzy.
I recommend NOT getting VISTA...and NOT getting a new computer if you can't DELETE the advertising and proprietary garbage they load it up with.
Commander on March 23, 2007 9:44 AMBill Gates or whomever is running MS is a business genius.
#1 Strong arm all the major computer companies to install Windows whatever on all new computers whether the consumer wants it or not!
#2. Make sure that no other MS OS will install EASILY on these new computers.
#3. Hide the cost of the new OS in the new computers price.
#4. When the consumer finally gives up and wants to install a different MS OS (Most users have no idea Linux or Open Source software even exists) make sure to charge them for the downgrade OS too.
#5. Do this every 3 or 4 years and make millions of dollars because the general public and enterprise users have an amazingly short memory.
Nothing has changed since with MS Windows ME in my book. Every few years MS promises "The greatest operating system ever". And provides crap that takes years of patches and updates to finally work the way it should have in the first place!
How many people remember Bill Gates on TV showing off Windows 98 and USB...He got the BSOD right in front of millions of viewers. But we still bought the OS and every one since then.
Isn't there something criminal about forcing a new computer buyer to except Vista no matter what. I tried to buy a laptop 3 weeks ago without Vista...I couldn't find a one!So I bought a Vista laptop and downgraded to XP Pro, spending hours reading posts from people that bought the same laptop and received no XP support from the manufacturer.
Isn't there something criminal about forcing a new computer buyer to accept Vista. What would happen if Ford or GM created a car that would only run on Citgo gas. Would you buy that car...no! Because Citgo could charge whatever they wanted for gas as they would have a consumer base locked into buying only their gas.
Microsoft is a monopoly...and now with Vista they are controlling the "authority" of those that use their OS. Here is another thought: Weren't third party popup ads something we have been trying to block from comming into our computers? What made MS think that the constant barrage of THEIR popups would be a good thing!
I guess you can tell that I'm a little pissed off...I'm just tried of the same old same old from MS. It would be nice if they could provide us with a decent OS that hadn't stolen and tried to improve the best features of Linux and OS X!
Viva la Knoppix!
Will Banks
willebanks on April 5, 2007 11:00 AM
Thanks for you tips, they helped me out!
Matthew on April 17, 2007 5:10 AMI have a solution to this whole problem:
Step 1. Buy new computer -- ignore the fact that vista is on it.
Step 2. low level format erasing all partitions.
Step 3. Reinstall WinXP
Ben on May 17, 2007 12:27 PMThanks for posting this. I've only had Vista a couple of days and already those warning dialogs were driving me crazy!
Tim on June 30, 2007 3:08 AMThose who said that Apple is somehow doing thing correctly by controlling the OS as well as the hardware are smoking crack. If Apple's software was really all that they would stop whining and release it for PC instead of intentionally breaking the GUI (with their Windows release of Safari we already know what would happen). It is like arguing that you are good at Madden because you can beat your little brother. Why are we wasting time arguing with a vocal and overpriced 5% of the market? Your macs are "secure" because nobody cares enough to try to infect you.
Matt on July 3, 2007 1:25 PMI just have to say "Thank you" for showing me that option to turn off UAC. Vista will definitely suck less now.
tainted on August 31, 2007 1:49 PMHello guys: I'm sorry I used the method you mention up there and it did not work for me. I still have the same problems with the Explorer and not just that, now I cannot even hook my MSN or my Yahoo. I went to the Windows Vista Official Web site, followed instructions.. Naaaaaaaaaa!!! Nothing.. I'm desperate. I don’t know what else to do. Please HELP ME!!!
Zue on September 20, 2007 11:31 AMAnybody, Vista is great, but is driving nuts.
I have administrator rights in my system, but some how there is a security setting that does not allow me to download any programs such as macromedia flash player and other applications. I even turned off the windows firewall and the user account control.
Does anyone know what the problem might be?
Your interest is greatly appreciated...
Gabe, Sounds like the same problem I had with new computer with Vista pre-installed. My user account showed as Administrator but administrator rights "disappeared" after first shutdown, even though still showing as an Administrator account. Found the following the solution online, and fixed the problem within five minutes:
Tap the F8 key as you are booting and select "Safe mode with networking" from the boot menu.
Log into Windows Vista with your personal account that holds the (so-called!) administrator access.
Open a command window (START-RUN-CMD.exe or press Windows key+r). At the command prompt type the following: "net user administrator /active."
That's it. Log out and back in as administrator.
Hope this works for you!
start -- run -- msconfig -- (click) tools tab -- choose "Disable UAC"
A term window pops up, informing you that the command was successfully completed. Close the terminal (don't "exit" out; just close the session). Restart Vista. Your logon user profile will have now have admin rights. Most of the annoying security popups will cease (oh, you'll get one on occasion, but it will be hours or days instead of minutes).
You're welcome.
davis,br on October 11, 2007 1:45 PMThe simplest way to turn off UAC (User Access Control) is to go to Windows Accounts panel, select a user and you'll find the option to turn warnings On or Off.
Waseem Sindhu on November 1, 2007 9:31 AMYour either a Linux zelot or just another number waiting to bring down a giant, I agree UAC can be annoying but theres more to it than meet the eye. It does more to protect the "zombified" user than that said user might think, but if for all funky reasons otherwise. Just disable UAC and life a merry life, theres no reason to complain simply for purpose of complaining.
Vista Pwnz pure and simple,
It's stuff like this I'm glad they made it idiot proof!!
I was thinking about getting vista, now I'm not so sure. What it boils down to for me is that everything we are trying to protect ourselves from is out on the net. Standalone systems need no protection. But no one uses a standalone system. It's the web we need. So what is it this malware does that we are protecting ourselves from? It is always file based mischief. Some malware downloads itself and modifies the MBR, or writes a file which is set up to run in the background. I've seen files in c:\windows\system32 get altered on XP. I don't think the choice should be between being exposed to trojans that give my passwords to crooks, and clicking past vast numbers of dialogues.
Look at how java applets implement security. While runtime java can write files, applets cannot. The web browser should not be able to write any files by default, and to permit the writing of a file, a request should pass through the kernel and result in a dialogue yes allow this file to be written or no do not supplemented with no always don't ask again. Even when permission is granted there should be limits imposed by the environment the browser is running in: any existing file cannot be overwritten, no renaming, and no writing by the browser process in any existing directory. Allow only creation of a new file under "root" c:\newfiles and put new files there if and when permission granted. For a browser to have general access to file function calls, or worse, bios routines that can have power to change OS files is asinine.
To summarize, isn't this a problem of mainly lousy planning during the web browser design process, and not really the fault of OSes which would otherwise work fine when unattached to an untrusted network? Do we really need a new M$ OS when denying many rights the browser now inherits by default from the environment might solve the problem? Can't many system file-related rights be denied the browser without disrupting the customary use of the browser for doing downloads? Any download I do doesn't need access to the entire file structure.
JBK on January 24, 2008 1:12 AMThanks for the tip. I just upgraded to Vista and - sheesh - this bizarre "feature" had me pining nostalgic for Win 2K.
Stephen Ewen on January 24, 2008 2:18 AMI just installed vista and I hope htey keep XP around forever.
John on February 12, 2008 12:01 PMEvery time i click my mouse it makes me feel like im about to walk in front of a bus and it then takes like 3 hours to get through all the warnings that appear when changing the settings!!!!!!
UGH..
ANDY PANY on February 15, 2008 3:17 AMMac is so much better the only problem is its dark in my house now because theres NO WINDOWS
*Nudge* *Wink* Get it?? Because windows sucks and all XD
Shy Ted on February 15, 2008 3:19 AMWindows Vista Home
Control Panel User Accounts Turn User Account Control on or off
cosmic_string on February 27, 2008 6:08 AM
When I use security programs like Zone Alarm, one thing that makes it useful is that whenever a program runs it has not seen before, it asks me if I want to allow, at which point I can choose "always allow". Of course, even then, the same program usually has multiple different scripts I have to allow (which can probably explain multiple checks for the same program in vista) but even then, by choosing "always allow" or "always deny" I don't have to bother with it more than once for each program, and for me, it is perfectly acceptable to answer the questions once and once only for each program I use and then never again have to deal with it. In this scenario, when something else does come up, I am more inclined to read it.
Microsoft can easily solve this problem by having it remember and assume that the user will give the same response the next time the same program runs. Then it won't be so annoying, users will be more inclined to read the messages when they come up since they won't be persistent, and therefore users will also be more inclined to actually use the feature.
It would be very simple for them to enable such a fix. But as it is right now, I agree, totally useless. The "Nagware" factor just makes it impossible to work with and still retain a shred of sanity.
Elliander on March 15, 2008 7:41 AMI think it's the software developers fault for relying on so many administrative actions for even running software. If you get so many warnings in your everyday from UAC. What is the guarantee you'll even be able to use your computer as a regular user without constantly encountering some pop-up saying "you need to be administrator to do this" and NO "make me admin" button?
BmB on March 23, 2008 9:11 AMI am doing beta testing and reviews for pgames/rograms. do you have any idea how much idiotic clicking I've gone through before finding out how to stop it?
Maybe they are just getting ready to launch an OS that is totaly linked trough the net to Microsoft and this is just the get used to it boys, we're the only administrator in town, the rest of you are just users.
cosmin haraga on August 7, 2008 9:10 AMI've been using UAC without administrator access for about a year and haven't had the issue everyone is talking about. I have never had multiple authentication messages. The logon messages only come up when I expect them to. The issues are coming from poorly written 3rd party apps.
If Microsoft had done this a long time ago they would have prevented many security issues.
brador on August 20, 2008 10:02 AMI have to agree with Brador here. I have been using Vista regularly - as a network consultant (my clients use it so I have no choice). Yes, those pop-ups occur, yes, they slow you down a little, but, in all truth - it's a good thing! I only see the pop-up when I expect it, and it's no worse than having to type sudo under *nix. Also, I get calls from friends and family saying this has come up. what do i do - rather than the usual, my pc doesn't work, because they blindly installed a virus. For the computer illiterate/beginner this warning actually has an affect!
I actually think Microsoft did it right, but that's just my 2 penneth worth.
Gribbly on January 22, 2009 4:01 AMthis freaking security shit makes it impossible for me to cut the songs i downloaded to the folder music. let alone delete some trash, it keeps on saying try again..
martijn on April 18, 2009 4:15 AMThank you!
Hugo on May 11, 2009 1:23 PMThis thread is proven true. I have two Vista computers from two friends who do not know each other. Both infected with the same virus miles away. The users clicked ok because that is just how to get things done on Vista. Security....NOT
It very difficult when is hard to know when clicking the close button on a web site actually installs a virus/malware instead of closing the browser! Education is key. I would love it if the spammers and hackers spent thier time annoying the spammers and hackers so we could get on with life... Press and hold the power switch until you begin to enjoy life as you walk away from technology. That is at least once a day to sleep!
Pete Williams on July 21, 2009 8:03 AMHead on. These kind of "Are you sure" dialogs seem to come from one of the following:
1. Intended to protect the software vendor, not the user. They're just there for "we told you so" value when something goes wrong. If They don't really keep me from screwing up my system, the just keep me from blaming someone else for screwing up my system. This applies doubly for virus / malware / security problems; it's a lot harder to bash Microsoft with a "Critical Security Error" news article or Slashdot post if the user needs to click "okay, okay, OKAY" to let the bad stuff happen.
2. Well intentioned, but blunted by the user experience / marketing / product folks along the way. Scenario - technical / security teams design a secure system, user testing shows that novices are confused or annoyed about having to login again or escalate priveleges, and someone wearing a tie decrees that we make the dialog a bit simpler. This way, we warn the user but don't frustrate them. And now that we'be made the dialog more palatable, let's use it all over the place.
Conventions are good, even though those crazy UX guys don't think so... [ a href="http://www.codinghorror.com/blog/archives/000401.html"http://www.codinghorror.com/blog/archives/000401.html/a ]
Jon Galloway on February 6, 2010 9:46 PMI just installed the vista RTm and its an optical heaven, but the pleasure only lasts until the second or third reboot.... now nothing works, my control panel won't show any icons, I can't run windows update anymore, view my system details, or personalize my desktop. this sucks
Jon on February 6, 2010 9:46 PMWhat's the point? The Vista graphics are just to make it look likea Mac, right? And most older programs make you have to auto-downgrade to run. This is on a 4 GB Quad Intel ... WTF are they smoking in Redmond?
curmudgeon on February 6, 2010 9:46 PMWell I'm a regular MS and FOSS user and I must say that, while the MS Vista UAC prompt for limited users is important and valuable for security, from an administrator's POV the feature becomes at least an annoyance. MS says that UAC helps security, and that the internals of UAC are such that it protects the OS from malware. Indeed, if you are running a LU account, having the OS confirm that you have the rights to perform the task that you are doing can be a lifesaver, especially if you are a novice computer user. However, if you are running as an administrator you *should* be able to have unrestricted access to your system, just like running as root in Unix and Unix-like FOSS OSes (ah, the power of having the sharp sign...*sniff*). Honestly, having a dialog first telling me that I will need to supply credentials before, say, deleting a no-longer used folder under Program Files and then popping me another dialog to prompt me to confirm that I'm going to delete it is a, uh, sophomorical approach to security. Of Course I'm doing this, I'm the (expletive removed) administrator, the OS should not ask me this! *pause for breath*. Linux never asked me for permission to rm -rf /dev as root, not that it would be a good idea, of course...
Anyhow if you are running as LUA under vista I can see why you need UAC, but an administrator should not, must not have these annoyances, it's wasted time. There, those are my $0.02.
The comments to this entry are closed.
Subscribe in a reader
Subscribe via email
|
|
Traffic Stats |