Prompts, prompts, and more prompts...jeez

Discussion in 'Windows Vista Administration' started by alex, Feb 1, 2007.

  1. Not really, no - IOW, the detail's different.

    UAC is the consequence of trying to force a complex and inappropriate
    security model derived for corporate use (NT) into consumerland, and
    having the model largely ignored by users and developers alike.

    Users (myself included) weren't interested in pretending to be
    different employees with different job descriptions when using the
    same PC that they own, and should have full access to.

    The way that user accounts were initially presented to consumers in XP
    "Gold" was arrogant; if you dropped rights to anything less than Admin
    on an account, all settings for that account fell back to MS
    duhfaults. The arrogance is expecting us to find these acceptable!

    So users just carried on with one Admin user account, and as a result,
    developers for this market (who were largely trasitioning to XP from
    Win9x, just as wqe users were) saw no reason to bother with all this
    "limited user rights" malarky either.

    In short, consumerland flat out rejected MS's security model, which
    meant that much of what had been designed in as "security" was simply
    not operating in consumerland. All those "mitigations" like "a
    malware would only have user rights, so if the user wasn't running as
    admin, all malware could do would be trash your data" didn't apply


    What UAC attempts to do, is bring the notional advantages of not
    running as admin, to folks who are in fact ruinning as admin.

    The idea is that developers can avoid user-annoying UAC prompts if
    they write their software to be compatible with reduced user account
    rights. The hops is that this time round, developers will do so,
    given they've sat on their ass through 5 solid years of XP, so that at
    the start of Vista, we're no better off that we were 5 years ago.
    Those are the dice that Netcape rolled with Gekko, when they decided
    to drop the existing code base and start from scratch - and it nearly
    killed them. The new netscape was late and buggy, and they've been
    eclipsed by Firefox since. If that happens with a stand-alone web
    browser, imagine how a full OS would spin out of control?
    Put it this way: If you think that Vista is large, slow, demanding a
    high hardware specification, late to market, and beset with
    compatibility issues... your approach would blow these out even more.
    Vista isn't just XP + UAC. UAC is just one particular component of
    the solution set, and is actually a part of the compatibility
    subsystem - which means it is destined to play a shrinking role in
    daily life as the Vista platform matures.

    It is a bridging technology, in other words... something like the PnP
    wrapper for non-PnP ISA cards that gave PnP so much grief back in the
    days of Win95's first release. Do we care whether ISA cards work with
    PnP today? No. So should UAC be largely irrelevant by 2010.
    They key here is "when the user starts out to do something". UAC is
    there to catch things other than the user, that attempt to initiate
    actions that the user had no intention of doing.

    Yep, it will be Darwin take the hindmost", but no more so than "don't
    open attachments even if from 'someone you know' unless certain they
    are safe and a human sender really meant to send them".

    I see UAC as annoying (especially when trying to clean up the AllUsers
    Start Menu) but I welcome any attept to put the user in control of
    processes automated by software, web sites, "content", etc. as a step
    in the right direction, and a long overdue one at that.


    Saws are too hard to use.
    Be easier to use!
     
    cquirke (MVP Windows shell/user), Mar 30, 2007
    1. Advertisements

  2. alex

    Jimmy Brush Guest

    You still see UAC as a nag screen, as evidented by your analogy.

    UAC doesn't care if you "use soap" or not. It only cares that IF YOU DECIDE
    to use soap, that YOU are the one wanting to use the soap, and not some
    malicious program that is using soap without your knowledge.

    And I do very much hate it when malicious programs use soap without my
    knowledge!
    Again, I disagree here, for the same reason that I mentioned earlier - when
    I am not expecting a UAC prompt to happen (I did not initiate an action), I
    notice it and stop it. When I do expect a UAC prompt to happen (I *did*
    initiate the action), then I allow it to happen much more quickly and
    easily.

    This is what UAC is designed to do - to ascertain whether I started an
    action or not. Nothing else. So, it works as expected, at least for me :).
    If Vista could do this, then there would be NO POINT of prompting at all.
    There would be no prompt.

    The very reason that the prompt exists is because this is not possible.

    The *only* thing the prompt does is determine whether you want something to
    happen or not. It doesn't care (or even know) what exactly you are doing, it
    is just making sure that you want it to happen.


    --
    - JB
    Microsoft MVP - Windows Shell/User

    Windows Vista Support Faq
    http://www.jimmah.com/vista/
     
    Jimmy Brush, Apr 2, 2007
    1. Advertisements

  3. alex

    Jimmy Brush Guest

    Do you know if UAC does have a learning curve -- after NN accesses it
    Forever.

    UAC picks up on whether you are wanting a certain program to run elevated or
    not. That is really the only thing it does, and it has to ask you every time
    in order for this to be effective.
    Again, since UAC is only determining whether *YOU* initiated an
    administrative action, I don't see this happening.

    If I expect a prompt, it is because I initiated an action. UAC is designed
    to determine if I initiated an action, and so this works out.

    But, if I do NOT expect a prompt, then I did NOT intiate an action, and so
    will analyze the prompt and be much more likely to click cancel.

    Now, there is the possibility of a malware throwing up a UAC prompt for
    itself when the user is expecting to see one for something else. This DOES
    become a problem if the user stops reading UAC prompts for actions that they
    expect will throw a UAC prompt, and is something that I worry about.


    --
    - JB
    Microsoft MVP - Windows Shell/User

    Windows Vista Support Faq
    http://www.jimmah.com/vista/
     
    Jimmy Brush, Apr 2, 2007
  4. Oh well -- Nobody's perfect <g>
     
    Hugh Wyn Griffith, Apr 2, 2007
  5. I'd change your analogy slightly since what you write above is what is
    infuriating especially when it also comes up when VISTA prompts you to do
    something and then asks you if you want to. (I know it is still playing safe)
     
    Hugh Wyn Griffith, Apr 2, 2007
  6. Then you not only disagree with me, you also disagree with the two
    principle Microsoft engineeers that wrote UAC. View their 64 minute
    interview on channel 9 and Learn.
     
    Adam Albright, Apr 3, 2007
  7. alex

    gralin Guest

    That is so true, and help from microsoft does not exist.
    A horrible company, makes sense that Apple is doing so well
     
    gralin, Jun 8, 2007
  8. alex

    Gus McTavish Guest

    The point is :
    The user knows what he she wants to do and the opperating system is getting
    in the way.

    I AM the admintistrator on my stsyem for a frioggin reason - BECAUSE I KNOW
    what i want it to do.

    The opperating sytem is wasting too much of my time with this and many of
    the other useless new features in Vista

    I am reading this to find our hos to disable it - which is the point of the
    thread at at this point no one provided clear instrustions to disable it.

    I guess i will find it but KERRY - your arguements are jsut taking up sapce
    in this thread - why not open up a new one called "Vists works" and other
    myths.

    This is nto spell checked because ia m using exlplorer :)
     
    Gus McTavish, Jan 1, 2008
  9. alex

    Swampthing Guest

    --
    Thanks from C-Swampthing.


     
    Swampthing, Apr 10, 2008
  10. alex

    David P. Guest

    Have you tried TweakUAC. It suppresses the UAC prompts but leave the
    underpinnings of the protection UAC provides intact.
     
    David P., Apr 10, 2008
  11. Actually, UAC elevation is explicitly discouraged for Business and
    Enterprise settings. Only home users should really be mixing up admin and
    standard user tasks, with the majority of their daily work done as a
    standard user. Businesses should have most of their users always running as
    Standard Users and only have special admin accounts have admin rights.

    Most of the pain of UAC goes away when applications are updated to work
    correctly without demanding full admin rights (which they really do not need
    99% of the time, and the 1% they do need can be done other ways). This is
    obviously a long-term investment, but until UAC was on by default most
    application writers would continue to ignore the inherent security risks and
    not support the more secure mode (see Windows XP LUA). The Windows logo
    programs are pushing vendors and applications to get updated, and over time
    more of them will be. UAC elevation is still around to get old stuff to work
    as needed.

    There are things that can be done to the Windows shell experience to make
    UAC easier, some of which were done in SP1, but mostly it's user habit and
    lack of understanding that would cause a UAC elevation prompt to come up
    "every 5 seconds". That's not to say teaching non-technical people technical
    skills isn't difficult.
     
    Chuck Walbourn [MSFT], Apr 10, 2008
  12. My sentiments exactly. However there are still some
    applications that require admin rights to register, winamp
    and some burn stack software, ms office, publishers. These
    then will work fine after the registration process on a
    standard account.
    Winamp, in addition , needs to sign the program modules, so
    the nag about unsigned software will vanish.
     
    Lester Stiefel, Apr 11, 2008
  13. alex

    SG Guest

    Have you tried TweakUAC. It suppresses the UAC prompts but leave the
    underpinnings of the protection UAC provides intact.<<<

    David,

    TweakUAC is misleading and your reply isn't exactly true.
    It's best described by Ronnie Vernon MS-MVP and wish I had written this :>)

    Quote:
    This is a fallacy! If UAC cannot notify the user that a program is trying to
    gain global access to the system, then it is effectively 'disabled'. This so
    called 'quite mode' setting just changes a UAC registry setting to
    'automatically elevate everything without prompting'. This means that when
    you click to open a file, it is 'assumed' that you already know that the
    file will have unrestricted access to your computer.

    The main thing that UAC does is to detect when a program or application
    tries to access restricted parts of the system or registry that requires
    administrator privileges. When a program does this, UAC will prompt the user
    for administrative elevation. Without this prompt, UAC cannot warn the user,
    which means that it is effectively disabled.

    Some people will tell you that using "quiet mode" will still let IE run in
    protected mode, but this just isn't true. Without the UAC prompt, a
    malicious file that runs from a website can run, without restrictions, and
    silently.

    Another issue is that with UAC prompt disabled, some legitimate procedures
    will just silently fail to work properly, with no notification, if you are
    logged on with a Standard User account, since the application cannot notify
    you that administrative privileges are required.

    Even the developer of the TweakUAC utility includes this statement about his
    product.
    "if you are an experienced user and have some understanding of how to manage
    your Windows settings properly, you can safely use the quiet mode of UAC."
    In my opinion, if you are an experienced user, the last thing you would want
    to do is turn off the UAC notification.

    If you 'are' an experienced user, then you would already know how to
    temporarily bypass the UAC prompt to perform just about any procedure in
    Vista, such as running programs from an elevated command prompt, or using an
    elevated instance of windows explorer.

    The last problem I have with this so-called 'quiet mode' is that it
    dissuades developers from programming their applications to run in a least
    user privilege environment.
    End Quote

    --
    All the best,
    SG

    Is your computer system ready for Vista?
    https://winqual.microsoft.com/hcl/

    SNIPPED
     
    SG, Apr 12, 2008
  14. alex

    David P. Guest

    Thanks for taking the time to post this! I will take it under advisement.
     
    David P., Apr 12, 2008
  15. alex

    AJR Guest

    Althoug mentioned in SG's post - for "home users" the most important feature
    of UAC is IE7 "Protected Mode" (Indicated lower right corner when active).

    When downloading any item from the Internet which may affect system or
    registry files, proteced mode creates "virtual systen and registry"
    locations to first evaluate actions of downloaded items - if UAC consider
    them safe then it provides access to the "real" system file locations.
     
    AJR, Apr 12, 2008
  16. alex

    Andy [YaYa] Guest

    I tell everyone that buys a Windows Vista PC that when they get the UAC
    prompt that's because something is about to happen that's going to change
    your system. If you are installing a program then hit Continue, but if it
    comes up and you're not sure, err on the side of caution and hit cancel.

    I think UAC is a huge help, espically for home users, but that's just my
    opinion.
     
    Andy [YaYa], Apr 14, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.