• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Jimmy-UAC

K

Kerry Brown

#1
I think that when Vista first comes out many early adopters will turn off
UAC. I agree this is a shame but it is a reality. As new computers are
purchased by people who are not early adopters but just average consumers
buying a computer this may change. The vast majority of these people will
not be able to figure out how to turn it off. They will phone their OEM
supplier, software comany, or whomever they can find a phone number for for
support when things don't work. Eventually this will cause companies to make
their products work with UAC. It will probably take a few years. This has
been the pattern in the past when new versions of Windows broke old
applications and ways of doing things. It will most likely be the pattern
for the future. There are still many "experts" who insist that Windows XP is
crap, all anyone needs is Windows 98.

--
Kerry
MS-MVP Windows - Shell/User
http://www.vistahelp.ca


Jeff wrote:
> Jimmy,
> Back to the UAC issue.
> As you have been seeing;and as I discussed with you long ago; UAC
> is causing people grief;and their first tendency;in many cases;is to
> turn it off.
> Granted; a nice security feature; but when the initial reaction is
> one of frustration;which then causes users to disable it; it then
> becomes a moot point. UAC is;at that point; irrelevant.
> Sure;what people should do;and what actually happens;can be two
> completely different things.
> As you are aware;from our previous discussions;UAC can be a pain.
> I have heeded your advice; and learned to live with it. In
> fact;ran it for every build;until 5728. One noticeable
> difference;other than the obvious;the annoyance going away; is the
> freeing up of system resources. Running with UAC on/off shows a
> noticeable difference in my system. We shall see; I still think
> UAC will be abandoned;by lots of folks. A good idea;which I fear will go
> the way of XP;as in everyone running
> as admin.
>
> Jeff
 

My Computer

J

Jimmy Brush

#2
> Jimmy,
> Back to the UAC issue.


My favorite :)

> As you have been seeing;and as I discussed with you long ago; UAC is
> causing people grief;and their first tendency;in many cases;is to turn it
> off.


Agreed.

> Granted; a nice security feature; but when the initial reaction is one of
> frustration;which then causes users to disable it; it then becomes a moot
> point. UAC is;at that point; irrelevant.


I agree that the initial reaction is that of frustration; however, I don't
agree that this causes all such frustrated users to turn it off. I think a
majority of the people that post here regarding UAC are requesting
information about it because they are frustrated by it and do not understand
it... only a (strong, vocal) minority ask how to disable it without wanting
to know anything about it.

I feel this is a good sign ... it means people are seeing that it is more
than just a nag screen, even if they don't really understand how it works.
Hopefully, these people will find the information they need through whatever
source to understand and effectively use UAC.

> Sure;what people should do;and what actually happens;can be two
> completely different things.


Of course; the actions people take will vary through a wide spectrum. I
believe that there will be small chunk of users who immediately turn it off,
a small chunk that immediately understand it and live with, and a large
chunk of users that only understand it to a certain point but don't turn it
off.

I think the challenge Microsoft faces is informing that large chunk of
people what UAC is, how it benefits them, and how they should use it.

> As you are aware;from our previous discussions;UAC can be a pain.
> I have heeded your advice; and learned to live with it. In fact;ran it
> for every build;until 5728. One noticeable difference;other than the
> obvious;the annoyance going away; is the freeing up of system resources.
> Running with UAC on/off shows a noticeable difference in my system.


Fascinating. I wonder why that is.

> We shall see; I still think UAC will be abandoned;by lots of folks.


I think in relation to everyone using Vista, there will only be a small
percentage overall of people who choose to turn it off, and I agree with
Kerry that this percentage will decline and the effectiveness overall of UAC
will increase dramatically as application vendors take advantage of it and
the public becomes more informed about it.

> A good idea;which I fear will go the way of XP;as in everyone running as
> admin.


I certainly hope not. It is a possibility; however, I think compared to
other security initiatives that Microsoft has pushed that have failed to
take hold, this one has a very good chance of success.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/
 

My Computer

J
#3
Jimmy,
Back to the UAC issue.
As you have been seeing;and as I discussed with you long ago; UAC is
causing people grief;and their first tendency;in many cases;is to turn it
off.
Granted; a nice security feature; but when the initial reaction is one of
frustration;which then causes users to disable it; it then becomes a moot
point. UAC is;at that point; irrelevant.
Sure;what people should do;and what actually happens;can be two
completely different things.
As you are aware;from our previous discussions;UAC can be a pain.
I have heeded your advice; and learned to live with it. In fact;ran it
for every build;until 5728. One noticeable difference;other than the
obvious;the annoyance going away; is the freeing up of system resources.
Running with UAC on/off shows a noticeable difference in my system.
We shall see; I still think UAC will be abandoned;by lots of folks.
A good idea;which I fear will go the way of XP;as in everyone running as
admin.

Jeff
 

My Computer

R

Robert Moir

#4
Jeff wrote:
> Jimmy,
> Back to the UAC issue.
> As you have been seeing;and as I discussed with you long ago; UAC
> is causing people grief;and their first tendency;in many cases;is to
> turn it off.
> Granted; a nice security feature; but when the initial reaction is
> one of frustration;which then causes users to disable it; it then
> becomes a moot point. UAC is;at that point; irrelevant.


Well it's quite poorly implemented in comparison to similar features in
Linux or Mac OSX so you could be right. However, it's nice to see Microsoft
trying to do something, and of course if you turn it off and your PC gets
rooted, they'll be in a good position to shrug and say "told you so".


--
Robert Moir

www.robertmoir.com
 

My Computer

J

Jimmy Brush

#5
<snip>
> Well it's quite poorly implemented in comparison to similar features in
> Linux or Mac OSX


I'm going to have to disagree here ... I think the implementation is
excellent. The problem is that of application compatability, something that
OSX and Linux don't have to worry about.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/
 

My Computer

J
#6
Well,
I give ya one thing Jimmy;you're persistent. Gotta like your effort. :-)
Jeff

"Jimmy Brush" <JimmyBrush@discussions.microsoft.com> wrote in message
news:9C37B5F0-B606-429D-9913-CB522E9790AF@microsoft.com...
> <snip>
>> Well it's quite poorly implemented in comparison to similar features in
>> Linux or Mac OSX

>
> I'm going to have to disagree here ... I think the implementation is
> excellent. The problem is that of application compatability, something
> that OSX and Linux don't have to worry about.
>
>
> --
> - JB
>
> Windows Vista Support Faq
> http://www.jimmah.com/vista/
 

My Computer

J
#9
Umm,
Yup,
I DID, didn't I? LOL
Jeff :-)
"Jimmy Brush" <JimmyBrush@discussions.microsoft.com> wrote in message
news:AF112274-441F-4898-A07B-0663A0E6CE92@microsoft.com...
> And you're the one who started this discussion back up, too ;)
>
>
> --
> - JB
>
> Windows Vista Support Faq
> http://www.jimmah.com/vista/
 

My Computer

R

Robert Moir

#10
Jimmy Brush wrote:
> <snip>
>> Well it's quite poorly implemented in comparison to similar features
>> in Linux or Mac OSX

>
> I'm going to have to disagree here ... I think the implementation is
> excellent.


Maybe, maybe not. We'll have to agree to disagree, if you can agree to that
;-)

> The problem is that of application compatability,
> something that OSX and Linux don't have to worry about.


Hmmm, I'm fairly sure that Mac and Linux users expect their apps to work, in
fact I'm a Mac user some of the time and I'm certain I expect my Mac apps to
run on my Mac laptop. With technologies like Rosetta and the BSD
environment, I'd actually say apple have done a lot of work in that area
actually.

What I'm talking about is UAC as a direct comparison to how OS X and a
modern Linux such as Ubuntu implement the 'sudo' command in the GUI. Much
less intrusive than in Vista in my opinion, especially in OS X. Have you
seen how that does it?
--
Robert Moir

www.robertmoir.com
 

My Computer

K

Kerry Brown

#11
Robert Moir wrote:
> Jimmy Brush wrote:
>> <snip>
>>> Well it's quite poorly implemented in comparison to similar features
>>> in Linux or Mac OSX

>>
>> I'm going to have to disagree here ... I think the implementation is
>> excellent.

>
> Maybe, maybe not. We'll have to agree to disagree, if you can agree
> to that ;-)
>
>> The problem is that of application compatability,
>> something that OSX and Linux don't have to worry about.

>
> Hmmm, I'm fairly sure that Mac and Linux users expect their apps to
> work, in fact I'm a Mac user some of the time and I'm certain I
> expect my Mac apps to run on my Mac laptop. With technologies like
> Rosetta and the BSD environment, I'd actually say apple have done a
> lot of work in that area actually.
>
> What I'm talking about is UAC as a direct comparison to how OS X and a
> modern Linux such as Ubuntu implement the 'sudo' command in the GUI.
> Much less intrusive than in Vista in my opinion, especially in OS X.
> Have you seen how that does it?


If you run as a standard user the security works much the same as in Linux.
In FC5 if I try to do something that needs elevated privileges I'm asked for
the root password then the program runs. It is the same in all the other
distros I've tried in the last couple of years. In Vista the same happens
when you are a standard user. I realise there are differences in what
actually happens under the hood but the user experience is very similar.

--
Kerry
MS-MVP Windows - Shell/User
http://www.vistahelp.ca
 

My Computer

R

Robert Moir

#12
Kerry Brown wrote:
> If you run as a standard user the security works much the same as in
> Linux. In FC5 if I try to do something that needs elevated privileges
> I'm asked for the root password then the program runs. It is the same
> in all the other distros I've tried in the last couple of years. In
> Vista the same happens when you are a standard user. I realise there
> are differences in what actually happens under the hood but the user
> experience is very similar.


Hmm.
In OS X, which I use much more than Linux, when you authorise admin rights,
that authorisation continues for a couple of minutes, to give you a chance
to complete a two or three step operation without getting hassle about it on
the way.

I recently bugged how UAC interupts even an admin twice when you tidy up the
start menu (something I've always done, and I suspect more people will do it
given the mess in Vista). If you try to create a folder to put some
shortcuts away tidily, it asks you for auth twice. Once to create the folder
(as 'New Folder') and the second time when you've typed in the folder name
and hit enter.

Now I know how Windows works and I know that is two distinct file operations
(creating an object, renaming the object) so logically from the point of
view of a computer scientist, asking you twice makes perfect sense.

Out here in the real world, however, that has got to be the most obvious
example of a very bad user experience that I've seen since the last time I
installed OS/2. Has anyone at Microsoft actually _used_ this product?

--
Robert Moir

www.robertmoir.com
 

My Computer

J

Jimmy Brush

#13
<snip>
> Maybe, maybe not. We'll have to agree to disagree, if you can agree to
> that ;-)


I always agree to disagree. However, that doesn't mean I won't share my
opinion ;).

> What I'm talking about is UAC as a direct comparison to how OS X and a
> modern Linux such as Ubuntu implement the 'sudo' command in the GUI.


I assume you are talking about the availability of options such as 'always
run this application as root' or 'always sudo applications for the next X
minutes after this prompt'. Other than that, I don't see any difference
whatsoever in the implementation of UAC compared to sudo and any graphical
implentation thereof.

In the defense of Windows, those options pose great security risks that may
be acceptable in those other operating systems but will immediately be taken
advantage of if implemented in Windows, pretty much rendering any security
afforded by the system practically useless.

At their core, they are both pretty much the same abstract model, and the
implementations only differ slightly, with the Windows implementation being
slightly more complex (there are 3 states instead of 2 - admin, highest
rights available, and non-admin).

Now, in another post in this thread you talk about the USE of the
implementation of UAC *by the Windows shell*. This is different than the
implentation of UAC itself - this is how the shell has decided to use UAC.

And for the record ... I disagree with it myself! It is rediculous! I would
have picked a much different solution.

As for my application compatability comment - I was referring to app
compatability in relation to UAC - primarily the fact that most Windows
applications have never been designed to work in this type of environment
(even though MS tried their best to get them to move there voluntarily
*sighs*), whereas this has always been the way things worked in *nix, so
they don't have to worry about this particular problem.

This is 99% of the issues people have with UAC - not the implementation of
UAC itself, but the way applications choose (or choose not) to interface
with it.

--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/
 

My Computer

K

Kerry Brown

#14
Robert Moir wrote:
> Kerry Brown wrote:
>> If you run as a standard user the security works much the same as in
>> Linux. In FC5 if I try to do something that needs elevated privileges
>> I'm asked for the root password then the program runs. It is the same
>> in all the other distros I've tried in the last couple of years. In
>> Vista the same happens when you are a standard user. I realise there
>> are differences in what actually happens under the hood but the user
>> experience is very similar.

>
> Hmm.
> In OS X, which I use much more than Linux, when you authorise admin
> rights, that authorisation continues for a couple of minutes, to give
> you a chance to complete a two or three step operation without
> getting hassle about it on the way.
>
> I recently bugged how UAC interupts even an admin twice when you tidy
> up the start menu (something I've always done, and I suspect more
> people will do it given the mess in Vista). If you try to create a
> folder to put some shortcuts away tidily, it asks you for auth twice.
> Once to create the folder (as 'New Folder') and the second time when
> you've typed in the folder name and hit enter.
>
> Now I know how Windows works and I know that is two distinct file
> operations (creating an object, renaming the object) so logically
> from the point of view of a computer scientist, asking you twice
> makes perfect sense.
> Out here in the real world, however, that has got to be the most
> obvious example of a very bad user experience that I've seen since
> the last time I installed OS/2. Has anyone at Microsoft actually
> _used_ this product?


I agree that there are some awkward workarounds required because of the way
ACLs have been changed. Again, if you run as a standard user and use Run as
administrator when you need administrator rights a lot of this awkwardness
disappears. A big part of the problem with UAC is that people insist on
running as administrators. This is the main reason UAC even exists. If
everyone ran as standard users (as in OS X and Linux) UAC wouldn't be
needed.

--
Kerry
MS-MVP Windows - Shell/User
http://www.vistahelp.ca
 

My Computer

R

Robert Moir

#15
Jimmy Brush wrote:

> I assume you are talking about the availability of options such as
> 'always run this application as root' or 'always sudo applications
> for the next X minutes after this prompt'. Other than that, I don't
> see any difference whatsoever in the implementation of UAC compared
> to sudo and any graphical implentation thereof.


Yep. I'm not trying to focus on getting deep down and dirty with technical
details, I'm thinking of what John and Joan Q. User will think when they buy
a new PC with Vista preinstalled.

> In the defense of Windows, those options pose great security risks
> that may be acceptable in those other operating systems but will
> immediately be taken advantage of if implemented in Windows, pretty
> much rendering any security afforded by the system practically
> useless.


True. I wonder why that is...

> At their core, they are both pretty much the same abstract model, and
> the implementations only differ slightly, with the Windows
> implementation being slightly more complex (there are 3 states
> instead of 2 - admin, highest rights available, and non-admin).


Yeah. Of course, in OS X at least, a user with administrative rights is not
Root.

> Now, in another post in this thread you talk about the USE of the
> implementation of UAC *by the Windows shell*. This is different than
> the implentation of UAC itself - this is how the shell has decided to
> use UAC.


Absolutely. Again, I'm thinking about end user experience. Think of it from
the point of view of a user who doesn't know how their computer works
internally and doesn't really care as long as it _does_ work. They'll
probably not understand why the shell isn't "the OS", let alone the rest of
it.

> As for my application compatability comment - I was referring to app
> compatability in relation to UAC - primarily the fact that most
> Windows applications have never been designed to work in this type of
> environment (even though MS tried their best to get them to move
> there voluntarily *sighs*), whereas this has always been the way
> things worked in *nix, so they don't have to worry about this
> particular problem.
> This is 99% of the issues people have with UAC - not the
> implementation of UAC itself, but the way applications choose (or
> choose not) to interface with it.


Yes, I think there will be blood on the floor with this one. No doubt we'll
have lazy companies telling people to turn UAC off rather than fix their
software, and all kinds of fun and games.

--
Robert Moir

www.robertmoir.com
 

My Computer

R

Robert Moir

#16
Kerry Brown wrote:

> I agree that there are some awkward workarounds required because of
> the way ACLs have been changed. Again, if you run as a standard user
> and use Run as administrator when you need administrator rights a lot
> of this awkwardness disappears. A big part of the problem with UAC is
> that people insist on running as administrators. This is the main
> reason UAC even exists. If everyone ran as standard users (as in OS X
> and Linux) UAC wouldn't be needed.


You're right of course. One thing - it isn't the users as much as the
vendors. The users are simply caught in crossfire here.

If you're feeling very brave, pop onto SBS MVP Susan Bradley's blog and post
asking her if she knows whether or not quickbooks will run as a non-admin
user in Windows XP. I _dare_ you to! (warning, wear ear defenders).
 

My Computer

K

Kerry Brown

#17
Robert Moir wrote:
> Kerry Brown wrote:
>
>> I agree that there are some awkward workarounds required because of
>> the way ACLs have been changed. Again, if you run as a standard user
>> and use Run as administrator when you need administrator rights a lot
>> of this awkwardness disappears. A big part of the problem with UAC is
>> that people insist on running as administrators. This is the main
>> reason UAC even exists. If everyone ran as standard users (as in OS X
>> and Linux) UAC wouldn't be needed.

>
> You're right of course. One thing - it isn't the users as much as the
> vendors. The users are simply caught in crossfire here.
>
> If you're feeling very brave, pop onto SBS MVP Susan Bradley's blog
> and post asking her if she knows whether or not quickbooks will run
> as a non-admin user in Windows XP. I _dare_ you to! (warning, wear
> ear defenders).


I agree with Susan completely. Intuit is evil. Sage is a close second.

--
Kerry
MS-MVP Windows - Shell/User
http://www.vistahelp.ca
 

My Computer