Tumblr 101: Tips And Tricks To Get Started
WATCH: Shredding On The Google Guitar!
Windows 7 's quieter UAC a security risk? Of course it is.
So with Windows 7, Microsoft decided to respond to the complaints and ease up on the prompts. Now, there's an uproar because doing this has caused security problems.
The problem: by default, UAC in Windows 7 doesn't notify you if you make changes to Windows settings. Of course, that means that a script that can impersonate you and send keystrokes can make changes and you won't see notifications.
To make things worse, that includes disabling UAC completely. From there, a malicious script could perpetrate all kinds of badness.
In his post, Long Zheng states that the solution could be as simple as forcing a prompt whenever attempts are made to change UAC settings. Also, if you crank up the notifications to always notify, that will solve the problem as well.
Correct me if I'm wrong, but that makes sense, right? I'm not prepared to slam Microsoft over this just yet. Windows 7 is still in Beta, and the changes to UAC were made as a response to outcry from their user base. If you're responsible and keep your machine properly protected, this shouldn't pose a significant risk.
Don't get me wrong - I completely understand the implications and the potential for this to cause trouble. It's just that I don't see this as that big a deal considering the huge number of people still beating the Windows XP drum, and it's even less secure than Windows 7 - even with a "flaw" like this.
Comments
15
Subscribe to commentsDrew GreenJan 30th 2009 3:26PM
You have options. UAC with full annoyance, UAC off, or in the middle, with UAC bothering you sometimes. There are trade-offs. More annoyance, better security, and vice-versa. I wish people would stop bitching about every little thing. UAC works as it is intended; to notify the user of system changes. If you don't want to be notified, then disable it or tone it down, and suffer the consequences. I use Vista with UAC off and use the Spybot Search and Destroy Resident program to notify me of registry changes and the like.
SDreamerJan 30th 2009 3:33PM
Honestly, I actually put UAC back all the way up on Win7. It doesn't bother me, nor pops up really in both Vista and Win 7. Only on CCleaner and when I clean out my prefetch after installing a buncha things. Bout it.
intellerJan 30th 2009 3:42PM
hey listen, i don't want to hear it. All the naysayers poo poo'd UAC in vista....and now this article poo poo's lack of UAC security in 7? You can't have it both ways.
I love UAC in vista....it has stopped quite a few apps from phoning home in my absence.
PeterJan 30th 2009 4:31PM
UAC isn't half as bad as most people make it out to be. The problem is one of perception because UAC is at its most annoying when you first get and set up the machine, so that's your first impression of it. After you get all your apps installed and configured you almost never see UAC again.
Ask those same people how they feel about it in 2 weeks and they'll probably say "What's UAC?" I can go days without seeing a prompt and then only when I perform some geeky admin task. Most people will never see prompts except when installing something.
NeoprimalJan 30th 2009 4:46PM
The life of Microsoft.
They're damned if they do, and damned if they don't.
DanJan 30th 2009 4:49PM
How about this... UAC is really only annoying on a new PC when you're installing software for the first time. After all is installed, how often do you honestly get a UAC alert?
If there was an "Installation Mode" and then a "Normal Mode" slider option of some sort, I think people would have no issue at all. I will personally see a UAC maybe once a week, IF I go into the Control Panel and make some system changes. Other than that, not a peep.
alahmnatJan 30th 2009 5:06PM
The only safe computer is one that's turned off. Win7's default security setting is still going to be quite reasonably effective against malicious software because you're probably going to have to install and run it first (requiring its own UAC prompt) before it can start doing malicious things to your machine (and if you're auto-approving every UAC prompt you see, you're about as smart as the iWork trojan victims).
While Vista's UAC was annoying enough for long enough that I ended up turning it off (I don't care if it gets less annoying "after a while", it didn't get out of my way fast enough for my liking and it didn't stay out of my way well enough given how much I tinker with Windows), I actually quite like Win7's default behavior of not second-guessing my every move in the control panel but prompting me if I try to install or - on rare occasion - run an application. Stick a password field on the administrator account prompts and it'd behave just like OS X (which I use as my primary OS).
ElaineJan 30th 2009 7:04PM
I used Vista for the first time after having been a Linux user for quite a while. I didn't find the UAC much more intrusive than the prompting for the root password I was used to on my Linux machines. I found it much more reassuring than installing stuff on Windows XP without and sort of security notification.
NightwishJan 30th 2009 9:07PM
UAC doesn't work because it asks you every time you change a single icon in the Programs menu. You know, to avoid the usual mess that it becomes. If it had a way to be shut down for 5 minutes, it would be the perfect compromise.
But I don't care anymore, XP works much better for me.
wintersoulJan 30th 2009 10:53PM
Yeah, so maybe looking at Mac OS X would be a good idea. It has excellent security and a system that is totally like UAC - but it's not onerous. The thing that really sucks about UAC is the entire screen going black and everything being interrupted and the Continue prompt popping up.
Mac OS X, when installing or making major changes, pops up an admin login prompt that is not invasive. If you type in your password (if you're an admin already) it continues to install - boom, done. Very easy and doesn't stop you from doing anything else on the system. If you need to do anything else with the prompt up, go ahead, no problem. It doesn't turn the screen black as if doomsday has arrived.
Microsoft has copied such a vast amount of strategy and features from Apple, why can't they just copy this?
BananaBoatJan 30th 2009 11:52PM
The bulk of Windows users don't have any sort of password protection, so doing it that way would be pointless. If they forced people to pick a password, people would pick something too easy to bruteforce. If they forced people to pick strong passwords, people would whine and moan about how it's so invasive, etc. The real problem here is that people just don't have any clue as to what they should be allowing, and what they should be blocking. What good is a UAC popup, if the person on the other end clicks ok every time? Why would they click no? There is absolutely no education being done to tell people when they should and should not allow things to make changes to their system, and the result is an ineffective system that really should work just fine if people were using it properly.
They really can't win, and it isn't a function of the insecurity of their OS, but rather the very poor Info-sec practices of their users, combined with the high profile nature of their OS.
Eric C Rusch JrJan 31st 2009 2:31AM
Yeah I'm with everyone else saying "Damned if you do, damned if you don't." Everyone was bashing uac when it appeared in vista, apple even made fun of it in their commercials. Now they turn it down and people are complaining about that? That's ridiculous. I was someone who thought I knew better and turned it off, eventually I turned it back on (after a virus hit my system.) Though I agree with the proposed change causing notification when UAC is adjusted
StuartJan 31st 2009 8:40AM
The OS should strive to make the absolute best security measures available. Then, it should accept the user's decision on what level of security to operate at. This looks like a pretty good compromise. I am a Linux user, with the occasional return to XP land. Vista was designed by people that forgot the OS is a tool for people, not the other way around. This, however, looks like someone made some great calls. I like it.
ManoloMar 18th 2009 11:45PM
Banana Boat is right about the education point. The average end user is a layman, & isn't even reading this post.
Regarding the UAC... A complete waste of time. If you are using windows you HAVE TO protect yourself. Firewall, anti this anti that. & of course the ever trusty ipblocker.
I switched off UAC & have never had problems. But then I I don't hit up porn sites either. Don't use windows & then complain when you have a problem, everything malicous is written for windows.
Just switch off UAC & strap on some protection.
If you are that bothered about security, I have one word for you, LINUX!
ManoloMar 18th 2009 11:45PM
& also... How many years was it that computers have been around & there has been no UAC? We were okay before, & we were running crap like windowsXP before SP1... Kind of...