Focus on Apple
Re: What's George Ou smoking? Feb 22 2007 05:35PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
Since this compares to OSX, and there are still many misconceptions of how
all this works, maybe the Apple mod will approve this (and I promise to take
anything else to Focus-MS after this for those who really care):

On 2/20/07 2:23 AM, "Michael Dalling" <mtdalling (at) gmail (dot) com [email concealed]> spoketh to all:

> I haven't used Vista, but it seems to me that its UAC differs somewhat from
> how I'd escalate privileges on OS X or Linux. First, as I understand it, if
> I'm running as an administrative user (which users typically do on Windows,
> because that's what they're led to do) I don't need to authenticate; I merely
> click to approve.

If people are really bent on running as admin, yet still think that malware
will run rampant because the default elevation prompt is "click to approve,"
then all they have to do is set the "Behavior of the elevation prompt for
administrators in Admin Approval Mode" to "Prompt for credentials" rather
than "Prompt for consent." Vista will then require username and password
just like OSX.

> Secondly, I've read that it's not always clear what has
> triggered the dialog--if true, that seems a bad thing to me.

No, the dialog not only describes the program calling for escalation, but it
allows you to see the full path of the executable as well.

> Thirdly, I've
> also read that once the dialog pops up the user has to respond to it before
> he can do anything else. On OS X you could certainly carry on working in a
> different application and come back to your authentication dialog. The fact
> that, apparently, you can't on Vista seems another incentive for people to
> click through. One can imagine likely scenarios in home use such as a parent
> leaving the room without locking the screen, a dialog popping up, and a child
> clicking through. He couldn't do that on OS X, because even on an admin
> account he'd need to submit an administrator's password.

Then turn off "Switch to the secure desktop when prompting for elevation" if
the concern is that great. I wouldn't do that of course, as it may expose
the UAC credentials prompt to other processes (like it does on OSX). I keep
my secure desktop enabled during escalated credential entry for added
security. I'd love to implement something like this on OSX, actually. So
if anyone knows how to get OSX to act like Vista in this regard, please let
me know.

You can even turn on UAC for the "real" administrator account if you want
to, though by default, the true administrator account is not available to
the user. But even if you do expose the real admin account and use it, you
can still impose UAC restrictions on it. Can I do that with root if I
enable it? If so, let me know, please.


[ reply ]
Re: What's George Ou smoking? Feb 22 2007 07:34PM
Michael Dalling (mtdalling gmail com)


Privacy Statement
Copyright 2010, SecurityFocus