While this could have been a really interesting article, it is much too long and far too wordy. Shorter to the point articles please.

See:

http://www.betanews.com/...r_31_Release/1187978144

Perhaps they need a new system, whereby clicking an article link brings you to the quick and dirty summary (short and to the point), with a details link leading to the, well... 300 page, er... details.

Cuz when they want it detailed, they want 300 pages. ;)

No, well-written and informative.

This isn't USA Today's technology section. Want less? Go there.

$750 price for this darling product.... mmmhhhmmmmhhhhhmmmm!!!!!!!!!!!!! Sooweeeeeeee.........

Uh, it's $30. What are you talking about?

LOL.... missed the 25 computers part(for that stated price).

Perhaps I'm missing something here, but after perusing all these comments (I'll ignore those pertaining to nix, not relevant) it seems to me peeps must be sharing their rig's. Not me I'm running Vista Business on 3 notebooks, first thing I do after installing NOD32 is disable UAC, then run TweakIV in agressive mode to disable the various services that enable vulnerabilities. Then I do my own manual tweaks to make it as locked down as possible whilst still being able to surf.
Absolutely nothing gets installed on my systems without conscious aforethought by myself.
This I have been doing no matter the OS, albeit got caught by "vstub" about 3.5 years ago yet booting to safe made in XP was easily removed.
What is puzzling me is that the posters here are generally astute dudes, yet from many of the comments it seems their rigs are configured in such a manner that allows permissions which make a system somewhat "open".
Bottom line UAC IMHO is a waste of resources in its current form, concept is great but needs a lot of work.
Feel free to flame this post.

I found your post to be intelligent, informative, and even grammatically correct. It shows real insight into the OS.

UAC seems to be a fix for those uninformed, especially at home, who don't know what a firewall is or even that they should have a/v software, let alone keep it up to date. Maybe now they will see the name of the zombie software and botnet stuff they are installing when they unconsciously say Allow. Of course, if they don't allow it, we're all safer on the internet.

Since you asked for a flame...

First thing I do is uninstall Vista and install XP. More stable, more compatible and faster at this stage - and as an intelligent user, the 'alleged' increased security of Vista is a moot point. Actually, the increased security is more of a hindrance than a help.

I concider ´nix comments relative since one Windoze poster made the initial comparison.

(Not a flame, btw, just a point of order)

IHS

I love UAC. UAC is the best. No other OS has a so good thing like UAC.
On linux you have a lot of denied access errors due insufficient privileges; instead on Windows Vista you have an elevation prompt and so you're able to easely execute your administrative task.
I don't know why people complains about UAC, unless you execute an administrative task, change system settings or install applications, you'll never see an UAC prompt!
Do you spend your life to change system settings? Do you spend your life to install applications?
Stop complaining about UAC and learn to use your PC! (If you get an UAC prompt, a valid reason exists: you executed an administrative task! Is it so difficult to understand it? Do you prefer a denied access error like on Linux? Do you prefer browsing Internet with full privileges administrator like in XP and get a present in your back orifice?)

don't use Linux much, do you?

su whips UAC easily.

On linux you have a lot of denied access errors due insufficient privileges

Wrong.

"Do you prefer a denied access error like on Linux?"

ummm....sure. Why don't you actually try using Linux, then get back to us on that one.

Error: please try using software before making assumptions about it's functionality.

Want a complaint about UAC? Try deleting a folder from Program Files (after an uninstall fails, which is quite common). 3 prompts, each and every time you want to delete a file. WTF is that? :P

It's in a protected directory.

Duh?

Or do you want any app to be able to just go into the Program Files folder and delete anything it wants?

I'm glad you know what to delete and what not to delete within that folder. I can tell you from personal experience that most users haven't a clue.

I agree that 3 prompts is a tad excessive, and was hoping they'd have toned it down a bit more upon release. Perhaps this BeyondTrust is a decent step in that direction.

A simple sudo will do on linux. When I sudo, I know _exactly_ what I'm doing, and that I need super user priviledges to do so.

IHS

linux:
$>sudo rm -fdR ./directory

I rest my case.

IHS

CLUE: Command Line User Experience

IHS

Don´t nix the *nixes until you´ve tried ´em.

IHS

I always wanted MS to release the Networking tools SDK for the UAC system for Domain class networks...

Basically the system sends a UAC alert for that user on that machine to an admin console MMC/log on the server. On the user side if it is not allowed it says the either you have to do the Normal UAC thing, OR the admin has to allow it on the MMC on the server. This allows an Admin to set many allowed permissions in 1 place and it effects the entire network... So if the question is asked 1 time its asked for the whole network at once. Thus no more UAC popup for THAT program anywhere... And the option is visible on the MMC in the server so later if it has to be disallowed it can be easily turned off and its functionality goes away across the network... I know it makes use of some of the new active directory options, but the SDK has not been released as yet to do this from MS, they just talk about... Its prob an option for their new Windows server editions...

I know if people had a known good list to use of programs it could be implemented even on a home version of Vista with a custom MMC. then the UAC only pops up for UNKNOWN items, and once you add it its added as a user option and remembers it... Thats what MS needs to do with it, to make it more end user friendly. Cause god knows we get enough UAC prompts now that people just reflexively allow it without looking at it anyway... So that makes it almost useless in the long run... Most techs I know have it disabled, cause they just do not want bothered with it all the time... And it has no really good admin interface for allowing massive tweaks to it for a network condition. So instead an IT staff has to go around to each machine and allow it manually. that takes too much time IMHO...

just run buffer zone and never worry about any internet problems again.

see trustware.com

Just to add something.

MS can fool programs into thinking that the Default Install Dir is “$User_Name\Program Files” instead of \Program Files. All they have to do is modify their API that returns \Program Files. So, when a program calls this API, I forgot the name of it...There is ONE function only that returns the user directory, the Windows dir, the system dir etc and I am pretty sure this same one returns the Program Files dir (but no guarantees). This function would return “$UserName\Program Files“ instead of \Program Files. This way, all programs will be installed in the users’ home dir – thus avoiding to write outside the home dir. So current programs will continue to work…

Oh man, what am I talking about. This is complicated. It’s not gonna work. Here is why, the installation will still need to write files to system32 and the registry. Ahh well, this only shows bad OS design!

*IF* each user had a separate registry to save the settings to and a separate sub dir called “system32” and “windows” that will serve the same purpose as C:\Windows and C:\Windows\System32 things would have been much better and more secure…

Already done like this - Vista transactional NTFS.

Also developers are TOO lazy to study new api's. So REAL vista problem - is lazy developers.

Actually. UAC is a very good idea. You may hate how frequently it ask you to click. But it because the software itself.

Programer will learn how to write a more safety software that doesn't need admins permission that much.

For ex: By default mIRC save files on "Program Files/mIRC/download". Why don't save them in My Document folder? It doesn't need admins permission.

"Windows has detected a mouse movement. WARNING, mouse movements can be very dangerous. Someone can remotely move your mouse from another PC and take over your PC. Please provide the administrative password to continue."

:D Jokes, aside.

1. UAC is *NOT* a bad idea. It is a good idea, badly implemented. Windows should be smarter and be able to detect whether the user launched a particular process or whether an automated process did.

2. How about asking for password once and remember it for the rest of the session? But there is a flaw with this. Windows will still need to be able to detect whether an action or a process was launched automatically or directly and *THEN* if the action was initiated automatically, prompt the user for a password.

There's an image floating around of a fake XP error.

Something along the lines of:

Mouse movement detected. System must restart for changes to take effect. {OK} {Cancel}

April issue of Windows IT Pro. They like to have actual error messages (in the back of the magazine) that are funny or odd and for the April issue they like to make up their own.

That's a good one :)

Let's face it Windows would be practically unusable without 3rd party software to get rid of all the crap that it comes with.

Let's face it Windows would be practically unusable without 3rd party software to get rid of all the crap that it comes with.
Because after all, Linux has nothing that resembles a UAC prompt when wanting to perform similar level tasks does it?

If you think UAC is anything like what Linux has you really have no idea what you are talking about. Try again.

Linux can be a pain in the a** with permissions too.

Not really, open a terminal and type su and your password and you can do anything you want and never be asked again during that terminal session. It's very rare that you have need to have root access anyway. You do not even need it for installing programs for example, while Vista prompts you for the most ridiculous little things. Linux software is written properly, normal programs do not prompt you for root access ever.

Not only that, but the only thing that requires a reboot in Linux is updating the kernel. Windows _still_ requires an absurd number of reboots and Vista boots almost as slowly as my floppy-disk-based Amiga 500.

I always thought UAC was a kludge anyway, because it foists responsibility on the user. The kinds of people who open unknown e-mail attachments and are victim to spyware, viruses and all the other woes of modern computer use aren't in a position to make an informed decision, and the people who know what to do never had those problems in the first place.

Personally, I find it possibly the most irritating feature ever put in Windows (and I've been a user since Windows 2), regardless of how effective it is.

I only keep Vista installed on my laptop for the occasional game anyway. Ubuntu rocks.

Ubuntu rocks. ha ha ha ha! Vista for the occasional game. That's good.

The only reason to pay the M$ tax is to play games. No need for it otherwise...just wasting money.

The M$ tax? What would you have them do, give it away? You're not living in the real world old chap.

Linux handles this sort of feature much better already.

BTW, UAC is the corporation that opens the gates to Hell in the game Doom....

Haha... good call! I always wondered why that acronym sounded familiar!

I've been thinking that all allong! HAHAHAH YAY Doom!

I really think the bottom line is that UAC's nagging is not an effective solution. IE6 and IE7's info bar proved this as well, because people ignore these prompts.

It's not that running with fewer privileges is a bad thing. In fact, it's a very good idea. It's the excessive need for interaction.

If it only prompted for scripted processes and installations with an option to validate an administrator password, it probably wouldn't be an issue... as long as Windows also required all accounts to HAVE a password.

But I had to delete a file from the Start Menu the other day, and it took 5 clicks from the time I right clicked and chose Delete. Why? Why do I have to confirm I want to load Event Viewer? Change the system clock? View Device Manager? It's absurd!

UAC was never designed as a security barrier. It's goal was to move software developers to stop requiring admin privlidges to function. The interaction helps drive by elevations and if for any reason that is helpful. It cannot prevent a sophisticated phishing attack from obtaining the admin creds, but that was possibly long before UAC so I cannot see how you can blame that on UAC. UAC is a step in the right direction, it will help reduce people running in admin mode and will drive the software houses to write Standard User based apps.

Well, it would be nice if it were to move _Microsoft_ developers. The number of times you are smacked in the face by UAC when engaging in simple Windows-only operations is absurd. But then, Microsoft never were the best developers of Windows software, which is why they had to acquire SysInternals just to get some decent system tools.

MIcrosoft is currently in talks to acquire Beyond Trust, thereby making more money on another bad design.

Will UAC be lifted by default in SP1?

UAC was pathetic. A normal user running one of the *nix or BSD varients (including OSX) doesn't have to put up with that crap while running their computer.

A normal user running one of the *nix or BSD varients

*laughs*

Normal user and *nix do not belong in the same sentence. ;)

What the hell is *nix? I guess it sounds better than nux.

You know--Unix, Linux, or (whatever)nix. That's *nix.

I meant normal user as in not running as root. :)

*nix to that. but thank you for pointing it out out..my bad.

I know. I was just trying to make a funny. :p

Why not just do the following?

TO TURN OFF UAC
— Control Panel > Security Center > Other Security Settings > User Account Control > Turn Off

TO CHANGE THE WAY SECURITY CENTER NOTIFIES YOU OF A PROBLEM
— Control Panel > Security Center >
- on the Left side of the Security Center window, click on the "Change the way Security Center alerts me"
- "Do you want to be notified of Security issues?"
- Select "Don't notify me and don't display the icon (not recommended)"

Security center will no longer notify you of any Security issues. To re-enable notification select "Yes notify me and display the icon (recommended)" option.

This is great for users of Betanews. I wouldn't go suggesting this to the general populace quite yet, though. ;)

Because turning UAC off turns off the security as well, which means some programs will fail as they'll all run with standard priviledges. Turning it off is actually worse.

There's another product that does the same thing, TweakUAC

http://www.tweak-uac.com/

Msconfig utility has a quick checkbox option for whether you want to enable UAC as well.

When UAC is turned off, you can no longer write to the /TEMP/ directory... therefore it pretty much has to remain ON for normal use.

Your average user who run as Administrator in XP and who upgrade to Vista will probably try to get UAC turned off, because Microsoft has taught users to not be security minded. Most users don't care about the Security tab in file and folder property dialogs (this is usually the key to minimizing UAC prompts as well, when used properly!)

However I am familiar with the security model of Windows and so I was able to get UAC to be far less annoying while still protecting myself against potential vulnerabilities.

One UAC component I ultimately disabled was the secure desktop... because Vista is so bloated and slow I've found that UAC dialogs take too long to pop up... so I go to do something else. But then the secure desktop sometimes comes up and blocks me from doing what I was doing! Fortunately most of the time it won't until you click its taskbar button. But still, when the secure desktop comes on, if the CPU is busy it may take up to 15 seconds for the dialog to appear, during which time your computer is useless. With the secure desktop off I am able to use my computer while I am waiting. Although this technically could allow a malicious program to request UAC elevation and click the Allow button for itself, I considered this. It all depends on how good the users are with not downloading viruses and malware, really.

Some other things you can try to reduce prompts or to get more programs which don't support UAC working is to adjust security in the file and folder properties dialogs for files and folders programs need access to. When you view the security properties for a file or folder, the Administrator group's access you see only applies when a program is elevated. Otherwise, one of the lower groups (Users, Authenticated Users, Everyone, or specific usernames) is used for permissions. The easiest way to give programs access when not elevated is to add the Users group (which represents all user accounts) and give it Full Control.

Of course you need to use UAC to change security permissions, but this is a one-time dealie.

If you open the properties for C:\ProgramData\Desktop and add Users with Full Control you can stop UAC prompts relating to desktop shortcuts. C:\ProgramData\Start Menu can eliminate Start Menu shortcuts.

I also recommend doing it to the root of any non-C: hard drives.

Some caveats: You might want to remove Users from Start Menu\Programs\Startup after you're done if you don't like having surprises launch on startup. Also remember that opening Desktop to Users means any program can plop an icon (usually only installers try it, and they're elevated anyway so changing security settings won't matter).

Also when applying settings to drive roots, you may want to go back and remove all Users and Administrators (and individual user access) that may be present on System Volume Information folders... these hold System Restore points, and there is no need for users to access them (System Restore uses system accounts and so Administrators access wouldn't matter), furthermore allowing Users to access this folder increases the chance of a System Restore point becoming infected with a virus or trojan. Securing that folder will increase the chances of being able to use it successfully against a virus or trojan.

the first three words of your post describe the problem when attempting make any OS secure. "Your average user". No matter how many locks you put on your front door, if you leave it open at night, they aren't doing you any good. User says: Why do you have to format my computer AGAIN? You just did that last month? tech: well it may have something to do with all the porn sites you go to, free poker you play, and all the free screensavers you get.

Having worked as helpdesk support for nearly 4 years--you hit the nail on the head, dude.

A-freakin-men, bud. That's practically a daily occurrence for me at our shop.

I remember when working on PC's used to be fun, exciting, and challenging... now it's more boring and uninteresting than ever.

SS-DD...

Using PC's is still fun when you aren't forced to use Vista. XP is decent to use, not horrendously bloated and is reasonably secure with proper precautions. Vista offers nothing but eye candy (and very garish eye-candy at that) over XP. It is, IMO, a complete failure.

I agree, but being ugly isn't it's only problem. The layout is horrible, they've moved all the settings and they're completely non-intuitive now. In XP all the settings are easy to find, usually displayed together in one tabbed window (Display Properties for example). In Vista they are scattered all over the place, and they now use hyperlinks to get to them. It's ridiculous. The new Windows Explorer sucks big time also. The whole OS is dumbed down, from Defrag to the new Picture Transfer utility. In XP you can see all the pictures on your camera and choose which pictures you want to transfer. Not with Vista, it's all or nothing. This is the worst excuse for a new OS I've ever tried to use.

WoW. dont say that here...all the M$ drones are going to flame you!

I at first liked the UAC feature, until I could not save Notepad items and several other things. So it got turned off shortly after, if it were fixed to only prompt standard users or just password protected users then thats another story, it should be on auto disable with admins thats for sure. I like Vista now but still needs alot of work to be perfected.

It's funny that the general consensus is that Vista needs so much work and was released too early. We started from scratch and put a man on the moon in not much more time than Vista was in development, and MS was starting from the baseline of a reasonably well-working system to begin with.

This is the fruits of Modern Management. The world won't be destroyed by nuclear weapons, radical Islam or natural disasters, Mankind will, through the application of 21st-century management techniques, gradually destroy our ability as a society to do anything useful. Corporate Management does more harm to American productivity than illness, bad education or Reality TV combined.

love the articles as of recent scott, well written with quotes and all.

Thank you very much, dlab21, I'm honored by your comment.

-SF3

Heh.. Capt. Kirk.

Nice touch.

This was might thought too.

Actually, he's there for a reason. I've been demonstrating the principle that even the main user of a computer should think of himself as a standard user and not the overall administrator. And I've been saying, if it helps, picture someone else as the administrator whom you'd happily follow into the gates of hell. Someone fictional, preferably, to exemplify the fact that the administrator account doesn't actually apply to a real user.

Well, when I think "gates of hell," I think of debugging Windows...but I could perhaps count on one finger the number of people I'd say, "Aye, aye, sir" to without a moment's thought.

-SF "Risk...is...our...business! 3

You'd follow Capt. Kirk into the gates of hell?

huh...

ARGH! This fixes nothing in VISTA. All it does is make a hair more sense, but does nothing to help the real problem of a bad idea in the first place.