|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
12-19-2007
| #1 (permalink) |
| | Re: ANS: "What's the deal with UAC (Windows Needs Your Permission scre "johns" <johns@xxxxxx> wrote in message news:354E0CF5-3A08-441E-9B3F-772392F24BD0@xxxxxx Quote: Quote: >> ok i understand the benifit to uac but you should have made it so when it > every > time you boot up that is why i will stop using it i dont think it built > right yet still needs some work When a program asks for your permission to run with a UAC prompt, this means that program is asking for complete and unrestricted access to every part of your computer. This keeps you in control of what is happening on your machine. If you were able to allow access for this program to run, without notifying you, it would be very easy for a separate, malicious program to gain access to your computer by 'piggybacking' on this programs unrestricted access. At this point, it would no longer be 'your' computer. -- Ronnie Vernon Microsoft MVP Windows Shell/User |
My System Specs |
|
12-19-2007
| #2 (permalink) |
| | Re: ANS: "What's the deal with UAC (Windows Needs Your Permission scre "Ronnie Vernon MVP" <rv@xxxxxx> wrote in message news:C654FD2B-E84E-4A1E-85E2-337484F893BF@xxxxxx Quote: > "johns" <johns@xxxxxx> wrote in message > news:354E0CF5-3A08-441E-9B3F-772392F24BD0@xxxxxx Quote: Quote: >>> ok i understand the benifit to uac but you should have made it so when it >> time you boot up that is why i will stop using it i dont think it built >> right yet still needs some work > This is a misconception that many people have. > > When a program asks for your permission to run with a UAC prompt, this means > that program is asking for complete and unrestricted access to every part of > your computer. This keeps you in control of what is happening on your machine. > > If you were able to allow access for this program to run, without notifying > you, it would be very easy for a separate, malicious program to gain access to > your computer by 'piggybacking' on this programs unrestricted access. > > At this point, it would no longer be 'your' computer. be notified that this is the case. The hijack can then be allowed or denied by the user. Further, if the CRC of the trusted application changes, the user can be notified that's so, and if there is no reason it should have changed it can be forbidden to run by the user. Maybe this is rocket science, but if Sygate could accomplish it with their firewall, then I suppose Microsoft could accomplish it with their UAC. It was simpler to put more of a burden on the user - showing a lack of consideration for the user meant less coding effort. They chose. |
| My System Specs |
|
12-19-2007
| #3 (permalink) |
| | Re: ANS: "What's the deal with UAC (Windows Needs Your Permission scre The misconception is that this method works. 1. The user is frustrated with this method, because: a. Doesn't understand why three prompts must be answered to delete a file in the Programs(x86) folder. b. No useful information is provided in any of the prompts as to what is really being done that requires permission. e.g. "A change to the Programs(x86) folder has been initiated by program xxx." "Program xxx is attempting to create a directory under C:\Users\UserName." Instead we get something like, "Administrator priveledges are required for this function. Do you wish to continue?" What function? 2. End result: a. "Of course I want to Continue." Click 3. All that MS has done is protect themselves by giving themselves the ability to state, "You were warned by a prompt that 'something' was happening and you clicked 'continue.' It's not our fault." I've stated this before: Put UAC on your car's ignition switch. When you select Start, you get a prompt on the Speedometer glass, "Owner's permission required to continue. Do you wish to continue?" And you can feel safe that your car can never be used without your permission by those nefarious individuals out there. "Ronnie Vernon MVP" <rv@xxxxxx> wrote in message news:C654FD2B-E84E-4A1E-85E2-337484F893BF@xxxxxx Quote: > "johns" <johns@xxxxxx> wrote in message > news:354E0CF5-3A08-441E-9B3F-772392F24BD0@xxxxxx Quote: Quote: > >> ok i understand the benifit to uac but you should have made it so when Quote: Quote: > > gets permission for a program that you have installed it stops asking > > every > > time you boot up that is why i will stop using it i dont think it built > > right yet still needs some work > This is a misconception that many people have. > > When a program asks for your permission to run with a UAC prompt, this Quote: > that program is asking for complete and unrestricted access to every part Quote: > your computer. This keeps you in control of what is happening on your > machine. > > If you were able to allow access for this program to run, without Quote: > you, it would be very easy for a separate, malicious program to gain Quote: > to your computer by 'piggybacking' on this programs unrestricted access. > > At this point, it would no longer be 'your' computer. > > -- > > Ronnie Vernon > Microsoft MVP > Windows Shell/User > |
| My System Specs |
|
12-19-2007
| #4 (permalink) |
| | Re: ANS: "What's the deal with UAC (Windows Needs Your Permission scre Mark If you are seeing more than 1 prompt for an action, these are not all coming from UAC. You are probably seeing an 'access denied' prompt first which is comes from the 'Shell' because of the permissions that are set on the destination folder/file. You can click the Details button on the UAC prompt that shows the action is being initiated. You can also bypass the UAC prompt, depending on your use of the program. If this is an application that you are using constantly, you can create a Scheduled Task to start the program. Set it to start with certain triggers, such as at boot time or...., and set it to run with highest privileges. Your example of starting the car is a good one, but you forget that you have already proven ownership and given permission when you insert the proper key. This would only be a good example if every car was equipped with a toggle switch instead of a unique key.  -- Ronnie Vernon Microsoft MVP Windows Shell/User "Mark" <jmhonzell@xxxxxx> wrote in message news:eCRQVtnQIHA.5692@xxxxxx Quote: > The misconception is that this method works. > > 1. The user is frustrated with this method, because: > a. Doesn't understand why three prompts must be answered to delete a > file in the Programs(x86) folder. > b. No useful information is provided in any of the prompts as to what > is > really being done that requires permission. > e.g. "A change to the Programs(x86) folder has been initiated > by > program xxx." > "Program xxx is attempting to create a directory under > C:\Users\UserName." > > Instead we get something like, "Administrator priveledges are > required for this function. Do you wish to continue?" > What function? > > 2. End result: > a. "Of course I want to Continue." Click > > 3. All that MS has done is protect themselves by giving themselves the > ability to state, "You were warned by a prompt that 'something' was > happening and you clicked 'continue.' It's not our fault." > > I've stated this before: > Put UAC on your car's ignition switch. > When you select Start, you get a prompt on the Speedometer glass, > "Owner's permission required to continue. Do you wish to continue?" > And you can feel safe that your car can never be used without your > permission by those nefarious individuals out there. > > > > "Ronnie Vernon MVP" <rv@xxxxxx> wrote in message > news:C654FD2B-E84E-4A1E-85E2-337484F893BF@xxxxxx Quote: >> "johns" <johns@xxxxxx> wrote in message >> news:354E0CF5-3A08-441E-9B3F-772392F24BD0@xxxxxx Quote: >> >> ok i understand the benifit to uac but you should have made it so when Quote: Quote: >> > gets permission for a program that you have installed it stops asking >> > every >> > time you boot up that is why i will stop using it i dont think it >> > built >> > right yet still needs some work >> This is a misconception that many people have. >> >> When a program asks for your permission to run with a UAC prompt, this Quote: >> that program is asking for complete and unrestricted access to every part Quote: >> your computer. This keeps you in control of what is happening on your >> machine. >> >> If you were able to allow access for this program to run, without Quote: >> you, it would be very easy for a separate, malicious program to gain Quote: >> to your computer by 'piggybacking' on this programs unrestricted access. >> >> At this point, it would no longer be 'your' computer. >> >> -- >> >> Ronnie Vernon >> Microsoft MVP >> Windows Shell/User >> > |
| My System Specs |
|
12-19-2007
| #5 (permalink) |
| | Re: ANS: "What's the deal with UAC (Windows Needs Your Permission scre My car analogy was indicating a thief would bypass the ignition and still get the prompt where they simply click Continue. The other details are excellent information, but my point was regarding the "typical frustrated user." "Ronnie Vernon MVP" <rv@xxxxxx> wrote in message news:436500E4-7DE0-4118-AC3B-AD2DDB8D464D@xxxxxx Quote: > Mark > > If you are seeing more than 1 prompt for an action, these are not all > coming from UAC. You are probably seeing an 'access denied' prompt first > which is comes from the 'Shell' because of the permissions that are set on > the destination folder/file. > > You can click the Details button on the UAC prompt that shows the action > is being initiated. > > You can also bypass the UAC prompt, depending on your use of the program. > If this is an application that you are using constantly, you can create a > Scheduled Task to start the program. Set it to start with certain > triggers, such as at boot time or...., and set it to run with highest > privileges. > > Your example of starting the car is a good one, but you forget that you > have already proven ownership and given permission when you insert the > proper key. This would only be a good example if every car was equipped > with a toggle switch instead of a unique key. > > -- > > Ronnie Vernon > Microsoft MVP > Windows Shell/User > > > "Mark" <jmhonzell@xxxxxx> wrote in message > news:eCRQVtnQIHA.5692@xxxxxx Quote: >> The misconception is that this method works. >> >> 1. The user is frustrated with this method, because: >> a. Doesn't understand why three prompts must be answered to delete a >> file in the Programs(x86) folder. >> b. No useful information is provided in any of the prompts as to what >> is >> really being done that requires permission. >> e.g. "A change to the Programs(x86) folder has been initiated >> by >> program xxx." >> "Program xxx is attempting to create a directory under >> C:\Users\UserName." >> >> Instead we get something like, "Administrator priveledges are >> required for this function. Do you wish to continue?" >> What function? >> >> 2. End result: >> a. "Of course I want to Continue." Click >> >> 3. All that MS has done is protect themselves by giving themselves the >> ability to state, "You were warned by a prompt that 'something' was >> happening and you clicked 'continue.' It's not our fault." >> >> I've stated this before: >> Put UAC on your car's ignition switch. >> When you select Start, you get a prompt on the Speedometer glass, >> "Owner's permission required to continue. Do you wish to continue?" >> And you can feel safe that your car can never be used without your >> permission by those nefarious individuals out there. >> >> >> >> "Ronnie Vernon MVP" <rv@xxxxxx> wrote in message >> news:C654FD2B-E84E-4A1E-85E2-337484F893BF@xxxxxx Quote: >>> "johns" <johns@xxxxxx> wrote in message >>> news:354E0CF5-3A08-441E-9B3F-772392F24BD0@xxxxxx >>> >> ok i understand the benifit to uac but you should have made it so >>> >> when Quote: >>> > gets permission for a program that you have installed it stops asking >>> > every >>> > time you boot up that is why i will stop using it i dont think it >>> > built >>> > right yet still needs some work >>> >>> This is a misconception that many people have. >>> >>> When a program asks for your permission to run with a UAC prompt, this Quote: >>> that program is asking for complete and unrestricted access to every >>> part Quote: >>> your computer. This keeps you in control of what is happening on your >>> machine. >>> >>> If you were able to allow access for this program to run, without Quote: >>> you, it would be very easy for a separate, malicious program to gain Quote: >>> to your computer by 'piggybacking' on this programs unrestricted access. >>> >>> At this point, it would no longer be 'your' computer. >>> >>> -- >>> >>> Ronnie Vernon >>> Microsoft MVP >>> Windows Shell/User >>> >> |
| My System Specs |
|
12-19-2007
| #6 (permalink) |
| | Re: ANS: "What's the deal with UAC (Windows Needs Your Permission scre I can't see what all the fuss is about with UAC. I've been running Vista for almost a year, and I rarely get a UAC prompt. Admittedly they were more common during the first couple of weeks, when I was installing all my software and setting everything up as I want it. Since then it has really been a non-issue. Tell you what helps: make your account an Administrator (don't worry, it still runs as a normal user), and set up UAC so you don't have to enter your password. That way you just need a single click to dismiss the UAC prompt, and - provided you are the sole user of your PC - there is no loss of security. Personally I'm quite glad when Windows warns me that something with security implications is about to happen. So: 1/ UAC prompts warn you of possible security risks, so are A GOOD THING 2/ They occur quite rarely, and just need a simple mouse click to dismiss So what on earth is all the fuss and moaning about? SteveT |
| My System Specs |
|
12-21-2007
| #7 (permalink) |
| | Re: ANS: "What's the deal with UAC (Windows Needs Your Permission scre Windows can't tell with any accuracy "if another application" is launching the application. That's why all the separation between admin vs. non-admin is necessary (UIPI, integrity levels, etc). Things that are running on a user's desktop can interact and intermingle to such a point that it isn't really possible to say "i know that process A, uninfluenced by any other process, is launching this trusted app at the user's request". That's why UAC is necessary, and why it is so important not to allow exceptions. -- - JB Microsoft MVP Windows Shell/User "Michael Jennings" <metarhyme@xxxxxx> wrote in message news:OfUL$ZnQIHA.5976@xxxxxx Quote: > "Ronnie Vernon MVP" <rv@xxxxxx> wrote in message > news:C654FD2B-E84E-4A1E-85E2-337484F893BF@xxxxxx Quote: >> "johns" <johns@xxxxxx> wrote in message >> news:354E0CF5-3A08-441E-9B3F-772392F24BD0@xxxxxx Quote: >>>> ok i understand the benifit to uac but you should have made it so when >>>> it >>> gets permission for a program that you have installed it stops asking >>> every >>> time you boot up that is why i will stop using it i dont think it built >>> right yet still needs some work >> This is a misconception that many people have. >> >> When a program asks for your permission to run with a UAC prompt, this >> means that program is asking for complete and unrestricted access to >> every part of your computer. This keeps you in control of what is >> happening on your machine. >> >> If you were able to allow access for this program to run, without >> notifying you, it would be very easy for a separate, malicious program to >> gain access to your computer by 'piggybacking' on this programs >> unrestricted access. >> >> At this point, it would no longer be 'your' computer. > If another application launches the trusted application, Ronnie, the user > can > be notified that this is the case. The hijack can then be allowed or > denied by > the user. Further, if the CRC of the trusted application changes, the user > can > be notified that's so, and if there is no reason it should have changed it > can be > forbidden to run by the user. Maybe this is rocket science, but if Sygate > could > accomplish it with their firewall, then I suppose Microsoft could > accomplish it > with their UAC. It was simpler to put more of a burden on the user - > showing > a lack of consideration for the user meant less coding effort. They chose. > |
| My System Specs |
|
12-22-2007
| #8 (permalink) |
| | Re: ANS: "What's the deal with UAC (Windows Needs Your Permission scre The guys working on the Principle Of Least Authority are aware that there are still problems with their system of dealing with malware, which is to let it run but confine it so strictly it can't do anything, however they have made progress. If Microsoft is too confused to adequately deal with the situation, HP labs is apt to step in: http://www.hpl.hp.com/techreports/20...-2003-191.html "Jimmy Brush" <jb@xxxxxx> wrote in message news:BFAE3C64-297F-4E12-9666-6026F1B70047@xxxxxx Quote: > Windows can't tell with any accuracy "if another application" is launching the > application. That's why all the separation between admin vs. non-admin is > necessary (UIPI, integrity levels, etc). Things that are running on a user's > desktop can interact and intermingle to such a point that it isn't really > possible to say "i know that process A, uninfluenced by any other process, is > launching this trusted app at the user's request". That's why UAC is > necessary, and why it is so important not to allow exceptions. > > "Michael Jennings" <metarhyme@xxxxxx> wrote in message > news:OfUL$ZnQIHA.5976@xxxxxx Quote: >> If another application launches the trusted application, Ronnie, the user can >> be notified that this is the case. The hijack can then be allowed or denied >> by >> the user. Further, if the CRC of the trusted application changes, the user >> can >> be notified that's so, and if there is no reason it should have changed it >> can be >> forbidden to run by the user. Maybe this is rocket science, but if Sygate >> could >> accomplish it with their firewall, then I suppose Microsoft could accomplish >> it >> with their UAC. It was simpler to put more of a burden on the user - showing >> a lack of consideration for the user meant less coding effort. They chose. >> >> "Ronnie Vernon MVP" <rv@xxxxxx> wrote in message >> news:C654FD2B-E84E-4A1E-85E2-337484F893BF@xxxxxx Quote: >>> This is a misconception that many people have. >>> >>> When a program asks for your permission to run with a UAC prompt, this means >>> that program is asking for complete and unrestricted access to every part of >>> your computer. This keeps you in control of what is happening on your >>> machine. >>> >>> If you were able to allow access for this program to run, without notifying >>> you, it would be very easy for a separate, malicious program to gain access >>> to your computer by 'piggybacking' on this programs unrestricted access. >>> >>> At this point, it would no longer be 'your' computer. Quote: >>> "johns" <johns@xxxxxx> wrote in message >>> news:354E0CF5-3A08-441E-9B3F-772392F24BD0@xxxxxx >>>>> ok i understand the benifit to uac but you should have made it so when it >>>> gets permission for a program that you have installed it stops asking every >>>> time you boot up that is why i will stop using it i dont think it built >>>> right yet still needs some work |
| My System Specs |
|
12-22-2007
| #9 (permalink) |
| | ANS: "What's the deal with UAC (Windows Needs Your Permission scre I think that some incarnation of UAC is a very important part of least privilege. Somehow, the OS has to be *certain* that the user is at the root of any action that is being initiated on their behalf. That is what UAC is really doing, albiet at a coarse level as you described. I would be very pleased to see a better implementation of it, regardless of who comes up with it. -- - JB Microsoft MVP Windows Shell/User "Michael Jennings" <metarhyme@xxxxxx> wrote in message news:%23Wplc0FRIHA.4196@xxxxxx Quote: > The guys working on the Principle Of Least Authority are aware that > there are still problems with their system of dealing with malware, > which is to let it run but confine it so strictly it can't do anything, > however they have made progress. If Microsoft is too confused > to adequately deal with the situation, HP labs is apt to step in: > http://www.hpl.hp.com/techreports/20...-2003-191.html > > "Jimmy Brush" <jb@xxxxxx> wrote in message > news:BFAE3C64-297F-4E12-9666-6026F1B70047@xxxxxx Quote: >> Windows can't tell with any accuracy "if another application" is >> launching the application. That's why all the separation between admin >> vs. non-admin is necessary (UIPI, integrity levels, etc). Things that are >> running on a user's desktop can interact and intermingle to such a point >> that it isn't really possible to say "i know that process A, uninfluenced >> by any other process, is launching this trusted app at the user's >> request". That's why UAC is necessary, and why it is so important not to >> allow exceptions. >> >> "Michael Jennings" <metarhyme@xxxxxx> wrote in message >> news:OfUL$ZnQIHA.5976@xxxxxx Quote: >>> If another application launches the trusted application, Ronnie, the >>> user can >>> be notified that this is the case. The hijack can then be allowed or >>> denied by >>> the user. Further, if the CRC of the trusted application changes, the >>> user can >>> be notified that's so, and if there is no reason it should have changed >>> it can be >>> forbidden to run by the user. Maybe this is rocket science, but if >>> Sygate could >>> accomplish it with their firewall, then I suppose Microsoft could >>> accomplish it >>> with their UAC. It was simpler to put more of a burden on the user - >>> showing >>> a lack of consideration for the user meant less coding effort. They >>> chose. >>> >>> "Ronnie Vernon MVP" <rv@xxxxxx> wrote in message >>> news:C654FD2B-E84E-4A1E-85E2-337484F893BF@xxxxxx >>>> This is a misconception that many people have. >>>> >>>> When a program asks for your permission to run with a UAC prompt, this >>>> means that program is asking for complete and unrestricted access to >>>> every part of your computer. This keeps you in control of what is >>>> happening on your machine. >>>> >>>> If you were able to allow access for this program to run, without >>>> notifying you, it would be very easy for a separate, malicious program >>>> to gain access to your computer by 'piggybacking' on this programs >>>> unrestricted access. >>>> >>>> At this point, it would no longer be 'your' computer. >>> >>>> "johns" <johns@xxxxxx> wrote in message >>>> news:354E0CF5-3A08-441E-9B3F-772392F24BD0@xxxxxx >>>>>> ok i understand the benifit to uac but you should have made it so >>>>>> when it >>>>> gets permission for a program that you have installed it stops asking >>>>> every >>>>> time you boot up that is why i will stop using it i dont think it >>>>> built >>>>> right yet still needs some work > |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| RE: ANS: "What's the deal with UAC (Windows Needs Your Permission scre | Vista account administration | |||
| RE: ANS: "What's the deal with UAC (Windows Needs Your Permission scre | Vista account administration | |||
| RE: ANS: "What's the deal with UAC (Windows Needs Your Permission scre | Vista security | |||
| RE: ANS: "What's the deal with UAC (Windows Needs Your Permission scre | Vista account administration | |||
| Re: ANS: "What's the deal with UAC (Windows Needs Your Permission scre | Vista file management | |||
