Vista new "security" features more a pain in the butt then anything else

Discussion in 'Windows Vista Installation' started by Adam Albright, Feb 10, 2007.

  1. If I knew which Microsoft Redmond boy wonder wrote the code for
    improving "security" in Vista I'd have my hands around his throat
    about now!

    Just kidding... but damn, in the real world, this is a disaster for
    anybody that moves files around on their system a lot like I do.

    Consider:

    People send me via the Internet or email, video files which I edit and
    return. Simple enough. Well, used to be.

    I have things set up to put raw files in a folder in my E drive.

    I work on files in folders on my F drive.

    I place finished files in a folder on my G drive.

    I just checked the security tab on each hard drive. All are set to
    "everyone" and permissions are wide open. Anybody can do pretty much
    anything. That shouldn't matter anyway since I AM the only user on
    this PC. So unless I'm missing something I should should be able to
    move files back and forth between hard drives WITHOUT Windows nagging
    about it.

    So you would think.

    Not even close!

    This is the silly part:

    In order to work on the files I first move them from drive E to F.
    Windows doesn't nag at all, and with one exception, still unexplained,
    it lets my video editing software write modified files which start out
    as "raw" from the E drive to my F drive without complaining if I save
    under the same name or a new one.

    I just finshed working on one of these files. All I want to do it move
    it to my G drive. Which was in XP a very simple process. Click on the
    file in Windows Explorer, cut, then paste where you want it moved to
    or just drag and drop, whatever...

    A new feature in Vista assuming the file is the same name now brings
    up a more detailed warning box and asks if you want to overwrite the
    older file showing the date and size of each. That's good. However if
    you say yes, it starts, then immediately stops, darken your screen and
    starts to nag for permission to move the file before it actually does
    the move.

    The $64,000 dollar question is why since all drives have 'everyone'
    permission and therefore such operations should proceed without issue.

    Perhaps some Microsoft programmer thought this was improving security.
    Well to test this "security" further I fired up Bounce Back which is
    my automated backup application. It is pretty slick in that it can
    scan my entire system, all 2 TB worth then it presents a detailed list
    of all files that have changed since my last backup. It flags
    everything, deleted files, renamed files, files not backed up, etc..

    Now watch Bounce Back drive a truck sized hole through Vista security.
    Bounce Back tells me 1,427 files have changed since my last backup.
    The number is higher then usual because I was doing some house
    cleaning. Here's the rub. To do the backup Bounce Back needs to read
    files and WRITE newer versions to different hard drives or it adds
    files that previously had no backups or it finds and asks if I want to
    purge files I deleted that at one time I did have backups for.

    Hmm.. I say yes, sit back and watch Bounce Back access and WRITE to
    every hard drive I have and do its thing. Not once did Vista utter a
    peep, yet to move just one file manually as I explained in the
    beginning, Vista goes nuts.

    Somebody explain why this is "good" security. Vista doesn't challenge
    the moving and deleting of over a thousand files some application
    moves around, but screams like a stuck pig if I try to move one file
    manually.
     
    Adam Albright, Feb 10, 2007
    #1
    1. Advertisements

  2. Adam Albright

    Ed Stoddard Guest

    Because "human" are what they are, software programs are what they are!

    For you to do the same as your Bounce Back program, you will probably need
    to turn User Account Control (UAC) OFF, which you can do by going to
    START/CONTROL PANEL/USER ACCOUNTS. You will find "Turn User Account Control
     
    Ed Stoddard, Feb 10, 2007
    #2
    1. Advertisements

  3. Adam Albright

    BobS Guest

    Adam,

    Good post to raise the question about security "Permissions" ..... But....
    it's not just about User Accounts (UAC) in this case, it also involves NTFS
    permissions. Your comments raised some questions I also had about what I'm
    experiencing when moving files manually versus when a program does it. As
    much as I tried to think of a way to explain quickly what I've read in
    "Windows Vista Inside/Out" by MS Press, I can't. If I just copy and past
    from the eBook version (on the CD with the book), it still would not make
    sense unless you read the whole chapter - UAC and NTFS permissions are a
    complicated process.

    Not that I completely understand either of these processes, what I've read
    and seeing for myself - actually makes sense from a security aspect - even
    though you think there's a huge disconnect or security hole here - there is
    not.

    Even as an administrator, you do not have full control until what you want
    to do is elevated and credentials verified. Some of this is automatic and
    dependent on the task being done. When you are being denied access - you
    are then running into NTFS permissions - which change dynamically. The book
    explains the convoluted process but has a note that states"

    " Because the access-denied message is reminiscent of the messages displayed
    by User
    Account Control (UAC), you might think that UAC is causing the access
    problem. In fact,
    this is entirely an NTFS permissions issue, and has nothing to do with UAC
    (Don't believe
    it? You can confirm it by turning off UAC; you still won't have access to
    these folders )"

    While this does not address all your comments - the book does. It may not
    explain every detail but does a good job of providing the security reasoning
    behind it. Now, I'm not defending Vista nor trying to sell you a book but I
    am trying to get educated on Vista so I won't be thrashing around and
    getting all hyper-frustrated when I'm trying to do some vital work - such as
    you're doing.

    You have not discovered a security hole - you have in-fact triggered the
    security processes of both UAC and NTFS. With neither being fully understood
    by most of us, no wonder the frustration level goes up. But keeping in mind
    that we've told MS we want and need more security in the OS, we must learn
    to use it too. Is it bullet-proof, no and never will be - not even a Mac
    can say it is - but Vista is one helluva step forward. It has the good, the
    bad and the damn ugly parts too as I'm learning but so far, the good
    outweighs the bad.

    Please keep posting your comments, I use them as a tutorial for things to
    try next......;-) But do get the book.

    Bob S.
     
    BobS, Feb 11, 2007
    #3
  4. Rubbish! Five years in development and simple things like this the
    world's largest software developer couldn't comprehend the impact?

    By the time I finish turning off every new feature Vista brings to the
    table, all I have left is XP with a new face, not any new features. I
    didn't pay $200 for just eye candy.

    Whoever the product manager is for Vista, he/she should be fired. Its
    a marketing disaster.

    First, nowhere on the retail packaging does it say if you're a XP Pro
    user that you can't install inplace or that you can't upgrade to the
    version of your choice except in tiny fine print nobody reads. In fact
    the packaging goes out of its way to suggest that Home Premium version
    IS the right choice for most people.

    Second, the Vista Upgrade Advisor seems to have one purpose... to
    ADVICE no matter what, everybody should and can upgrade. Then once
    you start the actual installer the program tells you the truth. All
    those things the advisor said wouldn't be a problem turn out to be
    serious enough problems to generate a stop 7B and generate a BSOD for
    many users.

    Third, Microsoft has done a piss ass poor job of working with vendors,
    especially hardware vendors to develop Vista drivers in time for
    inclusion on the Vista DVD. Worse it seems increasingly obvious that
    some XP drivers work fine for many devices, yet it appears the Vista
    installer has been blinded on purpose to these drivers due to
    licensing disputes still not settled causing end users untold
    headaches.

    Yes I know... when you install a major new upgrade you expect a few
    bumps in the road. You don't expect to drive off the edge of the
    cliff. You don't expect to have to literally fight with Windows to get
    it do what you tell it rather then it doing what it wants.

    The problem is what its always been. The 800 pound gorilla thinks it
    can do whatever it wants and if you the public don't like it, too bad.

    There is no joy in Mudville when you invest $200, which is $40 more
    then you planned on spending but get forced into a version you don't
    want or need just to install the damn thing.
     
    Adam Albright, Feb 11, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.