digg

Facebook Connect Join Digg About

Security Feature in Vista Could Drive Users Nuts

usatoday.com An annoying surprise awaits 2 million consumers expected to enthusiastically step forward in the next few weeks to help Microsoft test its new Windows Vista PC operating system.

Who dugg this? Made popular May 17, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

119 Comments

show profanity settings
expand all
  • teamparadox, on 10/12/2007, -10/+52They dont have enough security and they get slammed...they add more security and they get slammed.

    This is a beta people, Microsoft is doing these tests in the publics eye to get peoples opinions and change things. How about we cut them a little slack and if you dont like the retail version then you can whine.
  • zootm, on 10/12/2007, -12/+54"From a user's perspective, this will most definitely kill the prospects of upgrading to Vista."

    Why? Because a pre-release version of a new system pops up security warnings when running applications originally designed for a less-secure system?

    "Protecting OUR computers from US is not the strategy I would have opted for Microsoft!"

    Which proves little other than you know very little about security. Most vulnerabilities *use* you in order to get in there. When you have to specifically allow them to do "dodgy" things, the damage they can do is decreased greatly.

    "Hint: protect OUR computers from YOU and THEM should be your central focus."

    Protecting the computer from Microsoft is silly. They're not malicious against their own software. UAC goes a long way to protecting the computer from the proverbial "THEM" since it prevents programs doing powerful actions without notification.

    I very much hope MS sort out the usability of this soon. It seems likely that it's primarily due to older apps (which are used to having more privileges than they should) requesting resources they didn't have to request before. There's no reason (and, in particular, there's no reason in the implementation of UAC) that UAC should be particularly difficult to use.

    It's beta. The problem is being reported now and should hopefully be fixed before release. That's what beta's for.
  • mrtrick, on 10/12/2007, -5/+26You are absolutely right. To many people, no matter what MS does, they won't do it right. While the interruptions are/will be annoying, it's no different than having to su in Linux to perform "administrator" functions. The *nix's have been doing it for years, I'm glad to see that MS is heading down the "least priviledged" path now as well.
  • munkt0n, on 10/12/2007, -4/+22can't see what the fuss is about, you have to do similar using OS X or Ubuntu..
  • ByteGuerilla, on 10/12/2007, -3/+21Surely it CAN'T be more annoying than

    "Updates have been installed. You must restart your computer for the updates to work properly."

    'Restart Later'

    .... 5minutes...

    ""Updates have been installed. You must restart your computer for the updates to work properly."

    'Restart Later'

    ...5 minutes...

    Repeat ad infinitum.
  • Lynn, on 10/12/2007, -7/+24Turn on Auto-Update and forget about it. Easy.
  • Yazilliclick, on 10/12/2007, -1/+16CamZak I can just about guarantee you that beta and alpha testers of every other OS with this feature ran into the same problem then also.
  • markcrules, on 10/12/2007, -0/+13I'm no Microsoft fan, but I don't see how they can win here... they introduce security features and they get called copycats and get told that the changes are unworkable and will drive users wild, they leave it as is and people say Microsoft don't care about security.

    Personally I would love a truly limited account with some kind of root access password. With that system I could see in the future no need for virus checkers or spy-ware cleaners... nothing would run without permission, especially if you have to give it executable status before you can run exe files etc...
  • ArchAngel21x, on 10/12/2007, -4/+15Welcome to the perfect example of damned if you do and damned if you don't.
  • WiteNoiz, on 10/12/2007, -1/+12I agree.
    The *nix security model was always superior to the Windows "I trust you until I'm told otherwise" route (and then the bolted-on NT authority system that seemed to want to do the opposite). I've always found security far easier to understand in *nix than Windows, but I don't work with Windows every day.

    I'm not a Microsoft lover, but I'm looking forward to Vista - apart from the feature drops, they appear to be getting things right.
  • elfguy, on 10/12/2007, -1/+10All this is simply a prompt asking for confirmation if a program tries to modify system files, just like Unix, Linux and MacOS have. This story is completly bogus.
  • zootm, on 10/12/2007, -3/+11"In theory what they were trying to do was good, but instead of trying to protect a users pc they are just annoying the user of the pc. As long as there is a workaround to disable this, it wont be much of a problem."

    Unlikely. Of course, there's no reason that the popups should be very frequent, unless the software you're using is trying to use insecure functions. This will most likely be fine with software designed for Vista - XP software, especially older XP software, will cause too many popups because it's trying to do things that were insecure in the first place. I expect this is exactly the problem that's causing the complaints.
  • akilleen, on 10/12/2007, -2/+9Uh, it is in beta. I wouldn't worry unless this was an RC or something.
  • stoanhart, on 10/12/2007, -1/+7I don't think they are being slammed for putting in new security - they are being slammed for doing it poorly.

    They should their foot down and say to developers "No more admin priveledges all the time, and if that means your program stops working, then fix it!" However, they choose to try to make the new system backwards compatible with the old. The old is obviously broken, and if the new emulates it, there will be security holes in it as well.

    Plus, tons of exceptions and workarounds leads to more bugs and inconsitencies on which new applications are built, which will then break when microsoft tries to fix their already broken new security system.
  • inactive, on 10/12/2007, -2/+8It really isn't new, they have had this in their beta's for quite a while now. so i dont think it is going to be much of a surprise for those of us who are already beta testing it.
  • LordLucless, on 10/12/2007, -4/+10While I would seriously hate to administer a network of the things, windows works fine on my home PC desktop. I rarely patch it either, definately not with Auto Update. I patch whenever a major new worm hits the streets, but for the most part I rely on my NAT and my own common sense in what I run. Works fine for me.
  • phlll, on 10/12/2007, -4/+10The problem with that is everyone will say they're an "advanced" user on a menu just to avoid the annoyance. They'd might as well continue running as Administrator, and beg for the social engineering attacks that unsophisticated users already fall for.
  • inactive, on 10/12/2007, -3/+8what so they popup the dialoge boxes a little too often in a BETA test of the software.
    OH MY GOD HOW EVIL THEY ARE!!!

    i dislike ms's business practises, but this is not a bad thing, in fact i think it's the best improvment to windows in 10 years.

    forcing applications to require permission to run is definately a must in todays world of stealth sony style root kits.

    and i don't give a ***** how annoying it seems, the less ***** spam zombie virus infected desktops out there the better. "By trying to restrict what people can do, it's going to cause a lot of pain." - what as opposed to all the pain currently being suffered by peopel with computer so infested with viruses and spyware 3ghz and 2gig of ram isn't enough to run word? an idiot write this article
  • paulmdx, on 10/12/2007, -0/+5"I think they should come out with their own Linux distribution and target customers who want to run SQL Server in a linux environment."

    I believe Microsoft will be componentizing Longhorn Server quite a bit and offering pretty Unix-like functionality like command line configuration.

    I've been beta testing Exchange 12 and it's got pretty phenomenal command line functionality that offers functionality even beyond the GUI (MMC) admin snap-in. This command line stuff is based on their Monad technology, which I actually hadn't heard of, but I assume they're going to be plugging it into a lot of their server software.

    As well as that, E12 can also be installed in separate roles, heavily reducing the installation footprint and security risk. I believe they are doing similar with Longhorn Server too.
  • Yazilliclick, on 10/12/2007, -9/+13It's amazing how desperate news sites are for Vista news that they write articles so frequently about a piece of beta software that's still being worked on and not due for quite some time and make such bold claims that this feature will drive people insane, stop the purchases of Vista and is a major policy flaw.

    I'm fine with reporting what's in the OS but can we just leave all the amateur doomsday reporting at the door?
  • paulmdx, on 10/12/2007, -0/+4"Volunteers will test Vista Beta 2, a near-final version of the much-hyped upgrade of Windows"

    Well firstly, volunteers "have" been testing Beta 2 for ages, so why is this suddenly news? Was this reporter bored one day, thought they'd give it a try, and now wants a rant about it?

    Secondly, from testing it myself, it certainly doesn't seem "near-final" to me, which considering we're not going to see the RTM for at least about 7+ months, should be pretty obvious to someone who knows what they're talking about.

    Sorry to sound like a broken record: don't give credit to "technical" articles in non-technical publications.
  • yaosio, on 10/12/2007, -4/+8What do they think this is, a beta product? I'm already running all of my MISSION CRITICAL systems on Vista!
  • neoian, on 10/12/2007, -0/+3You do know you can turn it off in the Control Panel. So if you dont want it, then there ya go!
  • zootm, on 10/12/2007, -1/+4"I agree, don't try and protect our computers from us. We have to learn to not open EXE's that we don't know anything about."

    We should be able to avoid completely destroying our systems when our Godlike powers of determining the trustability of a file fail, though. Or when we trust something with a serious bug.
  • Embassy, on 10/12/2007, -1/+4I really don't know why everybody keeps compaining about UAC. Don't you realise that it's not finished? Do you really think that in the final version of vista UAC will ask you to confirm changing the time, or deleting shortcuts? I have used Vista and it should be pretty obvious to anyone with half a brain that MS has implemented UAC, they just haven't created a list of apps that shouldn't require authorisation to run.
  • sbostedor, on 10/12/2007, -1/+4This is a beta. Feedback and improvement are why betas are released. This just sounds like mindless Microsoft bashing to me. I would understand if it was the final release but the guy who wrote this article is just being a cry baby.
  • threemagic, on 10/12/2007, -2/+5"Most Windows applications are written to take advantage of the fact that the operating system treats users as "system administrators" with carte blanche to alter basic system configurations. Trouble is, this has opened the door for cybercrooks to infect Windows with malicious programs that steal data and use infected PCs to carry out cyberfraud."

    It isn't because there are more of them and they are cheaper... they are just insecure.



    I've used the beta, the popup box is annoying only because the amount of times it shows up. I figure they'll figure out how to deliver the credentials a little more effeciently as time progresses.
  • zencore, on 10/12/2007, -0/+3Isn't this just what Beta tests are suppose to find?

  • BassJunkie, on 10/12/2007, -0/+2Whilst I agree that the basic idea behind UAC is vert good I do agree with one of the past commenters who said that users will get so used to seeing these dialogue boxes they won't read them and just click allow.

    After all the biggest security risk on any system is the user! How many applications (think certain P2P clients) install tons of adware on to the system after mentioning they will do so in the EULA? Are you telling me everyone reads through that before they click "Next"?

    I think the nix system of making all users limited and working on the assumption that they don't "need" admin rights to use the system is much better, after all even when you do a clean install of XP all the user accounts that you create during setup default to a admin accounts and you have to change them manually in the control panel!

  • LordOmicron, on 10/12/2007, -3/+5Here's the deal with this though. First off - it's not PRODUCTION software yet, so yes, it will have bugs. Hence the phrase "testing". Users are going to be testing the software.

    Secondly... if you are a halfway intelligent person, you SHOULDN'T BE LOGGED IN AS AN ADMIN ANYWAY!!! If you have even a portion of brain in your skull you should be running as the lowest possible user on your machine. Running like this you should get prompts for all sorts of things that you can't do as a user that require admin rights. There is no reason for you to run as an admin every day. Need to install software? Runas. Need to change the time? That's what your admin account is for.

    I'm sorry, but I have to actually congratulation Microsoft on essentially forcing users to do what we have been recommending for years.
  • inactive, on 10/12/2007, -0/+2im running vista almost .5ghz under the requirements, on the bare minimum ram, a fairly old laptop mobility radeon 9700, and a 18gig partition on a 4700 RPM harddrive and it runs FASTER than XP. Plus, look at it this way. Come Mid-2007 most people will have upgraded their systems or bought new ones. Then again, most of those who are comfortable with XP will stay with it. Sure, there will be a few people who will think that Vista is going to run on their 500Mhz P3 128Mb RAM system, but not that many.
  • tizz66, on 10/12/2007, -3/+5But there's nothing that forces or even tells users about that. If you install XP, it'll merrily go on its way, set you up an admin account then tell you it's done. Can you blame anyone for not realising or being bothered? On the opposite side, when you install OSX it won't even let you access the admin account, so there's no possible way you can accidently use it without realising.
  • zootm, on 10/12/2007, -0/+2@superkendall
    "Well if you "knew anything about security", you'd realize that an overabundance of automated questions like this begs for users to totally ignore them."

    And it's been said that in the final version that they will not be overabundant. It's worth noting that all of the programs which have had problems with "too many messages" fall into one of two categories:

    1) Unfinished.
    2) Designed for XP and not tested or adapted for Vista.

    Applications which were designed for XP are extremely likely to require privilege escalation at several places, just due to the fact that they didn't need to check for these things previously. When Vista comes out, most software that is worth using will update to work with the default permissions (which are pretty fine, from what I've seen), and the unfinished components will have (hopefully) been polished and behave better.

    Your point is a valid one (and one I think I answered elsewhere, although I don't recall if it was in this comment block) in general, but these examples are largely frivolous. It's beta software - the UAC window popping up more often than it should is the sort of thing that beta programs are supposed to catch.
  • tizz66, on 10/12/2007, -5/+7This article makes it sound like UAC is a fundamentally a bad idea, which it isn't. They make it sound like 'god, MS are taking away control of your own PC'.

    The premise of UAC is good, but having an endless number of dialogues because you want to delete a desktop shortcut is crazy. I really hope they fix it for the final version because as the tech for all our computers at home, it's going to be me that has to deal with other people complaining and I don't even use Windows myself.

    And if there is a way to turn it off...... well, that's a whole other rant.
  • Lagged2Death, on 10/12/2007, -0/+2It just gets better and better:

    "The UAC, although technologically advanced, harbors a certain cheapness. Under its perfect, technological exterior lurks a myriad of wires, leaking pipes, and other assorted systems on the verge of breakdown."

    http://en.wikipedia.org/wiki/Union_Aerospace_Corporation
  • thund3rstruck, on 10/12/2007, -0/+2Ok, enough bashing Microsoft... its about damn time that this feature was implemented. I'm so sick of explaining to family and friends the purpose of the "user" account vs the "Administrator" account. People bash Microsoft for security but they refuse to log in under a user account and use "runas" for admin tasks.
  • JoJoDilio, on 10/12/2007, -0/+2...When will people learn?
    An insecurity in an operating system is a reflection of the power that it wields. You want to access system memory directly? That's fine, but you might BOTCH the whole system up if you change anything.
    You want your virus scanner to look at EVERY file in the computer? That's find, but malicious programs might seek to disguise themselves as virus scanners to access those same files.

    I admit that I haven't used a Mac in a long time, but I'd like to. That having been said, I can't wait till the number of Mac user's increases untill they own a larger market share of the industry and malicious programmers turn their attention to OSX (or OSXII, or whatever it is at that point). I can't wait to see a Mac user complain about a virus.
  • rebrad, on 10/12/2007, -2/+4Having tested Vista beta 1 I can say that unless Microsoft lessens the intrusiveness of security they will extend the life of XP by quite a few years until they come up with an OS that is better than XP besides being pretty.
  • gohoos, on 10/12/2007, -2/+4"In early test versions, the queries crop up so often that they interrupt routine tasks, such as changing the time clock or deleting shortcuts."

    How routine is changing the clock anyway??

    Users that follow common security guidelines - log in with an administration-level user ONLY when performing administration functions - shouldn't even see these dialogs.
  • inactive, on 10/12/2007, -2/+4Well you need to look at it in the light that this was supposed to be released as Longhorn in 2004. They need to stick to their guns and release a platform that everyone is already acquainted to. If you stray to far, you lose customers. And with the popularity of XP and the amount of people who own computers now as compared to 2004, I think they are making the right choice.
  • miaow, on 10/12/2007, -0/+1i can well believe they have made a botch of it. IE Beta has annoying security features that are more likely to be switched off than used. the anti-phishing thing for one.

    Im not sure why they make such a *****-up of it. For me, rule one is : allow users to understand what services do in blocks, and allow them to switch them off. for instance, remote, anything to do with acting as a server, outlook and messenger etc etc. anything that isnt needed and is a way for someone to connect should be easily switched off with the user understanding what they have switched off.

    linux could improve their listing of the security options, but at least i can switch off stuff.
  • matt.rubin, on 10/12/2007, -0/+1How come its annoying when it comes from Microsoft then OSX has it now and nobdy cares
  • biff198, on 10/12/2007, -1/+2Goodness, my biggest fear is something horrible, like, trying to install a game, but having to 'confirm' before EACH AND EVERY FILE is copies from the CD to the hard disk....

    *shudders*

    __________________________________
    -biff198
    http://www.crusaderflash.com/
  • miaow, on 10/12/2007, -0/+1they have went from one extreme to the other, with the user being left baffled.
  • drwtsn32, on 10/12/2007, -0/+1"If I'm logged in as an administrator why do I need even MORE permission to make a change."

    Because in Vista even Administrators run as "limited users."
  • GlassUser, on 10/12/2007, -0/+1The root of this problem is that there are way too many two-bit hacks out there who know nothing about how to work on a multiuser system. If they made their programs right in the first place (eg, don't do things that require admin access), then they wouldn't have this problem. Bottom line is that you shouldn't be coding if you don't know that you can only regularly expect access to the console, user profile, and temporary files location. Anything else requires special priveleges. Oh, and stop making every account a member of the administrators group by default. That would solve almost every "security hole" and quickly demonstrate which programs were written by cretins.
  • Dreaux, on 10/12/2007, -0/+1Having everything turned on from the start is like having your cable or telephone company turn on and charge you for all their services without telling you what they've signed you up for. Then when you want to cancel those costly services they don't give you a clear explanation of what each service does and on top of that all the services are explained in such a manner that you wonder which services are dependant upon one another to work properly.

    (whoops - replied under the wrong post. See the next post.)
  • boson3, on 10/12/2007, -0/+1How many of the "way to go!" "it's about time!" people here using Windows... will load Vista, put up with the UAC BS for a few days, then turn it off? I'd bet most of those who praise this feature are either capable to begin with, or are administrators (knowledgable or not).

    BTW, having to 'runas' all day sucks wind just as bad.
  • GlassUser, on 10/12/2007, -0/+1The problem is that they're not doing it on their own desktop. That wouldn't trigger the dialog. They're trying to change the computer's desktop.
  • Dreaux, on 10/12/2007, -0/+1I think the best approach to having users learn what they're doing and being responsible about it is not to turn things on but to have things that are not necessities turned off from the start and then explain how things work as they opt to turn them on. This might not be the most appealing approach at first but once you have everything that you need turned on you'll find that you not only enjoy knowing exactly what is running on your computer but also enjoy that you learned about features and shortcuts you would have never stumbled across if you hadn't take the responsibility for yourself. If you think this won't work then go talk to people who started out using openBSD as their first operating system.
  • Fetching more discussions...
    Show 51 - 100 of 119 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.