Focus on Apple
Re: What's George Ou smoking? Feb 16 2007 07:35PM
Thor (Hammer of God) (thor hammerofgod com) (2 replies)
Re: What's George Ou smoking? Feb 20 2007 10:23AM
Michael Dalling (mtdalling gmail com)
RE: What's George Ou smoking? Feb 19 2007 02:55PM
Don Rhodes (drhodes mail colgate edu)
You make valid points, and I do not disagree with them. What I wanted to
convey is that the UAC in Vista is a leap forward for security but most
users will just realize that all they need to do is click
continue/allow.

Once program have been updated/created for the new UAC 95% of programs
will act and work just like they did in XP; actually I hope they will
work better.

In the end it will take time for all of the new features to work
themselves out and work as intended; we all remember how 95 was a
change, and then how 2000/XP was yet another change. I'm sure when we
look back at Vista in 2013 we all will think that it would be insane
that we did not use UAC earlier.

--
Don Rhodes
Network & System Administrator - Network, Systems and Operations
Colgate University

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor (at) hammerofgod (dot) com [email concealed]]
Sent: Friday, February 16, 2007 2:36 PM
To: Don Rhodes; Focus-Apple
Subject: Re: What's George Ou smoking?

On 2/16/07 7:53 AM, "Don Rhodes" <drhodes (at) mail.colgate (dot) edu [email concealed]> spoketh to
all:

> However Vista UAC does not behave just like *nix based OSes. To make
> matter worse there are programs out that do not handle running in
> unprivileged mode very well. Firefox for one defaults to downloading
> files to the desktop of the admin account that installed it - I am
sure
> that the FF team will fix this. WinAgents free RouterTweak program (a
> Cisco configuration utility) must be run as an administrator otherwise
> you receive an error about not being able to access a key in the
> registry. At this point I have no wish or desire to see how games work
> under Vista, but I am sure that 90% of them will require they be run
> under an admin account.

If you have no wish or desire to see, then you probably not be so sure
about
it... Vista's UAC and security model offers excellent choices if you
just
exert a tiny bit of effort to configure it properly. Even if you do
have
games that require admin (which is not Vista's fault, of course) all you
have to do is use RunAs from the non-privileged user account, even if
the
program is not UAC aware (does not prompt for admin creds, rather,
errors
out). You still don't have to run the interactive user as admin.

>
> On top of programs not being program correctly for the new UAC, if you
> are using an admin account you do not have to retype your password but
> simply click OK. Granted it is very annoying since many programs
prompt
> you for this at different times the average user will just know if
they
> want it to work to click OK; what a great security model. Hopefully
> software developers will figure out how to make the UAC work for them,
> not against; we all know that the malware creators will.

If you are still running interactively as admin, that is YOUR problem,
not
Vista's. But even so, the prompting is better than not, and if you
really
think it is such a pain, then disable it. I've not been running
interactively as admin for years on my Windows boxes. Vista makes that
even
easier with UAC. And for those things that don't support UAC, I just
use
RunAs and be done with it. It is trivially simple and much safer than
running as admin all the time. You can even join the box to a domain
and
still use "Switch User" functionality to separate user contexts between
domain users and local users simultaneously.

If the real concern is what malware users will do, then don't run as
admin.
Period.
t

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus