Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Operating Systems Software Windows

Microsoft Caves, Will Change UAC In Windows 7 249

CWmike writes "Reacting to intense criticism of an important security feature in Windows 7 (which we discussed a few days back), Microsoft today said it will change the behavior of User Account Control in Windows 7's release candidate. In a blog post, two Microsoft executives responsible for Windows development, John DeVaan and Steven Sinofsky, said 'We are going to deliver two changes to the Release Candidate that we'll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. Second, changing the level of the UAC will also prompt for confirmation.' They said the changes were prompted by feedback from users, including comments on an earlier post Thursday by DeVaan in which he defended the modifications Microsoft made to UAC in Windows 7."
This discussion has been archived. No new comments can be posted.

Microsoft Caves, Will Change UAC In Windows 7

Comments Filter:
  • Intense? (Score:5, Insightful)

    by jamesl ( 106902 ) on Friday February 06, 2009 @10:12AM (#26751103)

    Intense criticism? Define "intense."

    Isn't this how it's supposed to work? Release pre-production code to the community. Listen to comments. Respond to comments as appropriate.

    Now define "over the top."

    • Re:Intense? (Score:5, Funny)

      by Winckle ( 870180 ) <mark@winckle.co . u k> on Friday February 06, 2009 @10:48AM (#26751525) Homepage

      You take your logic and you get out of here!

    • by tb3 ( 313150 )

      That's fine for the colors of a window frame, or the number of items on a pull-down menu, but OS security should not be driven by marketing and 'community feedback'. Microsoft's development methodology is fundamentally broken, and they don't seem to realize it.

      • Re: (Score:3, Informative)

        by thethibs ( 882667 )
        Dilbert?! Is that you?
      • That's fine for the colors of a window frame, or the number of items on a pull-down menu, but OS security should not be driven by marketing and 'community feedback'.

        Why not? Security levels in many cases(especially UAC) is a tradeoff between usability and security. People have spoken on the Microsoft blogs that they are okay with some inconvenience of elevation prompts for UAC changes and are not willing to sacrifice the security. Microsoft listened to them. This actually looks like a sound development methodology to take into account user feedback.

    • Yeah - but apparently some of the less-technical MS brass preempted the engineers with a knee-jerk reaction something in the line of: "There's nothing wrong; it is as it is by design; you asked for it; move along!"

      What's significant here is that they actually did an about face very shortly thereafter. Presumably when the real engineers and UX experts had told the brass what they thought.

      Which is actually pretty significant as it hints that the actual MS engineers powers are growing.

    • Re: (Score:3, Interesting)

      by aj50 ( 789101 )

      User: Ummm, this seems wrong...

      MS: Nah, that's by design

      Lots of users: WTF? No, it's wrong you idiots!

      That last bit was somewhat intense but was only brought about my MS's initial attempt to wave away the problem.

    • Personally I'm just baffled by Microsoft listening to the community. I think that guy that got a job to spy on them also must have started putting something in the coffee. They're obviously in an altered state of mind at the moment. They'll go back to normal in a week or two and realize this was all a mistake. At that point we can look forward to our usual dose of, "we're microsoft and you're not" when we complain.
  • by landimal_adurotune ( 824425 ) on Friday February 06, 2009 @10:13AM (#26751111) Homepage
    With the initial Vista UAC people were trained to just click yes to everything or they would turn off the function entirely. With Windows 7 it is far less frustrating but the User part of the UAC is what is broken, there is no substitution for actually educating users. That is something that is far out of MS's reach IMHO.
    • Here's the secret: UAC has nothing to do with protecting users. Instead, it exists (at least in Vista) to reveal old programming problems lazy developers often made (such as writing within Program Files).

      Of course the argument can be made that MS should've locked down Program Files from the beginning, but that's another discussion.

      • Re: (Score:3, Insightful)

        by Nursie ( 632944 )

        The argument also exists that they should tell the user what's going on rather than silently redirect stuff.

        Tell me the program's broken, tell me there's a problem, block writes to PFs, whatever. Don't just silently squirrel stuff away somewhere else and then show different users different versions of the same file...

        Just wrong.

    • The concept is also out of anyone's reach. As computers become more and more ubiquitous, a smaller percentage of computer users are specialized. The typical user nowadays expects a computer to just work like a TV or microwave. They just want to use the wonderful computer and do not have time to read instruction manuals or even prompts. But when computers do not work, they freak out and blame the computer.

      No one is immune once you reach out to average users. As Apple starts to penetrate the market, you will

  • by v1 ( 525388 ) on Friday February 06, 2009 @10:18AM (#26751161) Homepage Journal

    The pain threshold, it turned out, was just two prompts in a session, which DeVaan defined as the time from turning the PC on to turning it off, or a day, whichever is shorter. "If people see more than two prompts in a session they feel that the prompts are irritating and interfering with their use of the computer," DeVaan said.

    I get asked for my password when I do something in terminal that requires sudo, but other than that, I don't get a security prompt more than once a day on the average. Again depending on what I'm doing. I can go an entire day and not see one sometime.

    I suppose I'd like to spend a day watching a windows7 user and see WHY they are getting all these UAC popups. I can't believe that if the OS is engineered properly if there would be any reason for it with ANY frequency unless you're doing things that *I* might find common, which is not Joe User.

    I have my mother's main account on her machine as a limited user, and she knows the admin l/p when needed. I bet she gets asked for it once every 2 weeks at most. (like when a firefox update wants to install, and then it's behaving exactly as expected and desired) THAT'S how I'd expect ALL "typical" computer users to want to see. I'm absolutely certain I'd be getting a phonecall after she got prompt number two (for no good reason) in the same day. Why does it keep doing that? Fix it!

    • by jgtg32a ( 1173373 ) on Friday February 06, 2009 @10:43AM (#26751453)
      There was an article a while back about some application programmer complaining about the security model in Vista and what a pain it was to develop for.

      What it actually came down to was the programmer was complaining about having to separate privileged code from non-privileged code.

      Just about every app made for Windows run in admin mode and UAC will complain about it.

      In *nix it would be like requiring root to run the tar or ls commands.
      • by NSIM ( 953498 )
        "just about every app runs in admin mode" is the most utter rubbish I've seen for a while. I have a wide selection of apps installed on my system, the only ones that trip UAC are:
        DVDdecrypt (runs without admin, but bitches about it)
        Core Temp (has to run as admin)
        Handbrake (can't update profiles unless it's running as admin)
        Everything else runs just fine. (Office, Paintshop Pro,Firefox, Thunderbird,utorrent, Omea RSS reader, and dozen or more other applications that I'm too lazy to list)
    • Re: (Score:3, Insightful)

      by 0123456 ( 636235 )

      "I can't believe that if the OS is engineered properly if there would be any reason for it with ANY frequency"

      Yes, but this is Windows, which has been so poorly engineered for so long that roughly 97% of applications expect to be run as Admin; and thanks to the delights of 'backwards compatibility', Joe Sixpack will be running many of those applications for many years to come (heck, I have a copy of Word from the Windows 3.1 era on my Windows PC because I had to open old Word files and current versions woul

      • by v1 ( 525388 ) on Friday February 06, 2009 @11:06AM (#26751855) Homepage Journal

        but this is Windows, which has been so poorly engineered for so long that roughly 97% of applications expect to be run as Admin; and thanks to the delights of 'backwards compatibility'

        ya, but wasn't that what Vista was all about? Causing 80% of the existing windows apps to spontaneously combust and force the developers once and for all to fix their crap? What happened to that? (guessing... public outcry from the users and lazy devs pointing at MS as the blame) I thought that was the reason that Windows7 was going to make an even more solid, committed attempt to force the developers to adopt good coding practice. MS can't just continue to roll over on this issue.

        • by 0123456 ( 636235 )

          "ya, but wasn't that what Vista was all about? Causing 80% of the existing windows apps to spontaneously combust and force the developers once and for all to fix their crap?"

          Well, that was kind of my point: even if they get developers to fix their broken applications that expect to run as Admin for generic tasks that shouldn't need it, the old versions of those applications will still be around for years to come, and people using those applications will complain until Microsoft have to do something to make

        • by Rycross ( 836649 )

          What happened to it? UAC was panned by Slashdot, panned by the press, panned by Apple, panned by developers, and hated by users. Everyone blamed Microsoft for "breaking things" and "annoying prompts" when it was the crappy application developers' fault in the first place.

          The moral of the story is that people don't care what's technically correct. They just want their apps to work. Microsoft absolutely can roll over on this issue, because their customers want them to.

          • by Touvan ( 868256 )

            They only panned UAC, because of it's incredibly flawed implementation. All of it was justified.

            Before SP1 (which did quiet it down a bit) it came up way more frequently than it should have, and even after SP1 usually you had to click two dialog boxes with no password (and sometimes 3 or 4), instead of just one with a password, like on Ubuntu and Mac OS X.

            On report (with a quote) even suggested that MS made it annoying on purpose, to get devs to fix it. That's a horribly disrespectful way to treat people wh

      • Current versions all read the old formats, you just need to select the obsolete formats you want to be able to open on install. Not realizing this cost you your computer literacy card. Tear it up or burn it within 24 hours, please.

    • by clodney ( 778910 ) on Friday February 06, 2009 @11:12AM (#26751975)

      I've been running Vista on my home/gaming rig for over a year now. It runs Steam, Fallout, Oblivion, Half-Life, Office, DevStudio, Firefox, Thunderbird, KeePass, Paint Shop Pro, Python, AV, iTunes - lots of stuff, some old, some new, some MS, lots of ISV.

      I probably encounter a UAC prompt every week or two. Going into the control panel is pretty much guaranteed to trigger it, ad does updating a device driver, or installing/updating software.

      That's pretty much it. I have at least one app that writes settings into its program files directory, but Vista silently redirects that to somewhere in the profile directory without requiring UAC.

      The reality is that MS has been pushing ISVs for years to stop relying on admin access. Look at the requirements for getting the Windows logo on your app - one of the reqs is that it has to run as a normal user.

      Between that pressure and the fact that Vista does trap and redirect some of the most common accesses to HKLM and Program Files, most shrinkwrap userland apps work fine in Vista.

      When you start talking about things that a guy in the IT group whipped up in a few days back in 1998 thinks aren't nearly as rosy, but most home systems don't have to deal with that crap.

    • by Aladrin ( 926209 )

      The problem is that Window isn't doing uncommon things, the programs are. They are designed with WindowsXP-do-anything-you-like-as-admin philosophy, instead of restricting their business to their own areas.

      In my experience, Vista seems to Admin Popups than Linux because the apps are doing stupid things, not because Vista was designed wrong. When I think about when Vista pops things up, it's the same times I'd be required to sudo in Linux: Installing/changing/deleting stuff globally for all users.

      I don't

    • I can't believe that if the OS is engineered properly if there would be any reason for it with ANY frequency unless you're doing things that *I* might find common, which is not Joe User.

      I can believe that a properly engineered OS would prompt that frequently, assuming enough improperly engineered applications. And there are plenty of crappy Windows apps floating out there to make this thing believable.

    • My wife stole my old cool acer ferrari 3400 when I got a new dell. It wasn't that it was faster than what she had, but she really liked the color of that thing (all shiny Ferreri red).

      Anyways - she runs Vista Business. She's on a user account and she does not know my admin pw. She went a good 6 months using it every day before she experienced the UAC prompt. She had to install a new homebanking app.

      I'd say it works as intended. For everyday work - even with Visual Studio 2008 - I don't get UAC prompts.

    • by Yunzil ( 181064 )

      I suppose I'd like to spend a day watching a windows7 user and see WHY they are getting all these UAC popups.

      Hell, I'm running Vista and I'd like to know what people are doing to get all these popups. Pretty much the only time I see one is when I'm installing a new game. And for some reason when I start Steam.

    • I work with Vista, develop software on it, and run in standard user mode (not administrator). I seldom get asked for elevation. The times that I do are when I am installing software, and changing a system setting. Other than that I never get prompts. My wife uses Vista also and she has never gotten a prompt.

      I think the complaints about UAC revolve around the unfortunate set of users that think they are "administrators" or power users and run that way and then complain that every time they install the latest

  • Caves? (Score:5, Insightful)

    by ukyoCE ( 106879 ) on Friday February 06, 2009 @10:19AM (#26751167) Journal

    This is hardly "caving". Microsoft was alerted to a security issue, and they're fixing it. How did this get spun into an anti-microsoft story?

    Did I miss some story where Microsoft said they absolutely refused to fix the problem, but now a few days later they're giving in and fixing it?

    • Re:Caves? (Score:5, Insightful)

      by Lostlander ( 1219708 ) on Friday February 06, 2009 @10:24AM (#26751233)
      I agree, I hate Microsoft as much as the next Linux user but seriously agreeing to change something in a beta isn't caving it's feature adjustment. The tittle of the summary is just flamebait. Windows 7 seems to be a functional Microsoft operating system for a change and people are freaking out looking for something to hate about it.
      • by Rary ( 566291 )

        Not only that, but this very forum is overrun with people complaining about how many times UAC prompts appear in Vista, and this story is about Microsoft responding to users' complaints and reducing the number of prompts, only to then be told that now it had too few prompts. So, they're listening to users' complaints again and rolling things back.

        But apparently that's "caving".

        • Re:Caves? (Score:4, Insightful)

          by Hal_Porter ( 817932 ) on Friday February 06, 2009 @11:07AM (#26751867)

          A true slashdot user believes all these things

          1) The flaw in XP was that everyone run as admin. Unix's system of running as a limited user and doing a privilege escalation via sudo each time you do something that requires admin rights.
          2) The flaw in Vista was UAC, where you do a privilege escalation each time you do something that requires admin rights.
          3) The first Windows 7 beta had a flaw where it was possible for malware to disable UAC programatically and thus bypass it.
          4) Microsoft have 'caved' and changed UAC in the Windows 7 release candidate.

          and he believes them simultaneously too.

    • Re: (Score:3, Insightful)

      by Cro Magnon ( 467622 )

      This is hardly "caving". Microsoft was alerted to a security issue, and they're fixing it. How did this get spun into an anti-microsoft story?

      This is slashdot. Nuff said.

    • You want to know why? Microsoft eats babies and worships the devil! That makes them EVIL! Ergo, whatever they and anyone else associated with them does anything, it must be spun negatively no matter what.

    • Re: (Score:3, Informative)

      by DavidR1991 ( 1047748 )

      "This is hardly "caving". Microsoft was alerted to a security issue, and they're fixing it. How did this get spun into an anti-microsoft story?"

      They stated it was by design a few days ago, immediately after the issue was posted, that's why

      • Ya, you're point? It WAS by design. People complained, apparently enough that they responded by CHANGING THE DESIGN. Yes, that's valid to do.

        Of course had they done nothing, I'm sure you'd be posting "see, M$ doesn't listen to their customers!"

    • Re:Caves? (Score:5, Informative)

      by BRSQUIRRL ( 69271 ) on Friday February 06, 2009 @11:05AM (#26751833)
      Yes, that is exactly what happened [winsupersite.com]. Microsoft's previous comments on the matter basically boiled down to "What problem? This works exactly the way we intended it to."
    • by Touvan ( 868256 )

      I thought the criticism was that the way they are reducing the popup frequency, is by "auto-escalating" applications to higher access levels. From and engineering standpoint, that sounds like a huge glaring security hole. I would think that's why this is getting "spun".

      Think of it this way. I install some app that accesses a file in program files. In order to do that I have to grand access privs, so it's now been escalated. Now that program has a browser component, that can be exploited. The exploit can tak

  • Still missing... (Score:4, Insightful)

    by Mascot ( 120795 ) on Friday February 06, 2009 @10:44AM (#26751479)

    the one thing that will make me consider not turning it off. A "do not ask again for this application" checkbox.

    Come on. Every firewall/HIPS system I can remember trying the past decade or so has an option to remember the answer.

    This obviously won't work for settings, but for when starting an application? God, it's so needed.

    • Re: (Score:3, Insightful)

      by MBCook ( 132727 )

      Why should any application need that checkbox?

      No application should be asking for privileges that much, unless it accesses special hardware (easy example: something akin to WireShark). A normal application (like FireFox) shouldn't need to ask for permission all the time. If it does, it probably has a design flaw.

      If you grant full permissions in the way you are suggesting be made possible, then if a new version of the application alters it's functionality (or some time-bomb kicks in) then it can do things

      • You're almost there!

        UAC was never about the user; it was about the developers. For ten bloody years now, everything necessary to write apps without admin requirements, without needing to write to places like program files, and so on, have been in Windows.

        You could do it in WinME, you could do it in Win2000, you could do it in XP. Developers didn't bother. I *still* find programs that want to write user data to program files. Hell, I just about fell over when I discovered,installing the 'network' version

        • This issue is exacerbated by the stupid security policies that Microsoft introduced (I think they came with the UAC) which prevent developers from debugging stuff unless they're an administrator. So you see, it's not all the developers fault after all.
      • by Mascot ( 120795 )

        At some point you have to trust something. I've installed and ran thousands of applications over the past few decades, never has one included a time bomb that suddenly turned it into an evil machine-destroying demon.

        If this by some miracle became a common thing to do for application developers, well, that's what we have anti-malware software for.

        Point is, it _is_ an issue. It wouldn't be if UAC would let me tell it I trust the application I'm about to run, and accept that I won't be changing my mind about t

        • by Mascot ( 120795 )

          I should add that I'm fine with all of this being UAC settings and keeping it working like now by default.

          That way UAC specifying _what_ the application is trying to elevate in order to do won't confuse the average user, while giving me the information I need to make a judgement.

    • But what happens if an application that you previously trusted is then discovered to have a fault that can be taken advantage of?

      Suppose you trust Firefox, and then a few months later someone finds a vulnerability that allows some script to be run or whatever.

      With the way people like to "set it and forget it", I don't think that would be a very good idea. I would rather know whenever an application is trying to do something critical. And for how rare that is, I'm happy to confirm that with a UAC prompt.

  • UAC is useful (Score:5, Interesting)

    by DarthVain ( 724186 ) on Friday February 06, 2009 @10:47AM (#26751509)

    While many may scoff at UAC, it does do something very well. It foists responsibility on the user. While this may not be the nicest thing to do, it enforces perhaps the most difficult ideal. That being of awareness of security. User that have no idea, will not be aware of how to protect themselves. Perhaps I am being too forgiving but perhaps someone in Microsoft has actually come up with the philosophical crux of security argument in that no matter how well you design a system, no mater how many updates, patches, or how secure a system you make, someone at some point is going to break it. If DRM, or adware, malware, virus, or Trojans have taught us anything, is that no matter our perceived security we are all vulnerable at some level and all that it takes is someone willing to go the distance and break it. I think microsoft would be correct in its thinking that they will always be target #1, and for the foreseeable. That said, how do you protect yourself from all the bad guys in the world. Well you could create some wonderbar new technology that will secure your systems, and update it constantly to try and keep up with attacks, knowing that it will eventually fail. Or you can implement that and make your users aware of basic security issues, which would probably be about a thousand times more useful as most of the time these things happen when a stupid user opens a file he shouldn't or downloads something sketchy, etc...

    I mean when you hose your box you have no one to blame but yourself. Usually it become apparent shortly after you tell UAC to go screw itself. Then you know. Now in the future when you download that mp3 and try to open it with media player, which doesn't reconize the file type, you might actually think. "Ok this may be a codec it doesn't know, or it is a very bad idea to get it to try and open it anyway, perhaps I will just update my codecs and see what happens".

    Anyway I am sure some security professional (both IT and otherwise) will attest to having a user informed and aware of potential threats is far more useful than anything else.

    Of course perhaps I am just giving Microsoft too much credit.

    • Re: (Score:3, Insightful)

      by Tom ( 822 )

      While many may scoff at UAC, it does do something very well. It foists responsibility on the user. While this may not be the nicest thing to do, it enforces perhaps the most difficult ideal. That being of awareness of security.

      I challenge you with the claim that you understand neither users, nor security.

      Or, to bring up a car analogy, UAC is like asking the user for tire pressure, the mixture rate of gas and air, and the precise timings of ignition in order to drive a car. Then telling drivers they're stupid fucks because most of the cars on the streets stutter around or burn up.

      Security education is an utter and total failure and most serious security professionals have long moved away from it. Today we train security awareness,

  • Home of Microsoft Trolls?

  • by HisMother ( 413313 ) on Friday February 06, 2009 @12:05PM (#26753065)
    It's been years, and I still chuckle when I see a reference to Microsoft's UAC. They couldn't have chosen a more appropriate name for it!
  • There is another feature that auto-elevates that can and will be used.

    When you use Explorer to drag and drop files into a directory you don't have write access to, Explorer will ask whether you'd like to use your Administrator permissions to complete the task. If you say yes, it will launch a program as Administrator that does the actual copy.

    The problem is, this program in Windows 7 is one of the special ones that self-elevates without the UAC dialog box. Because Explorer doesn't run with Administrator p

  • ZDNet's flash player sucks and didn't load so I found the actual flv.

    http://media.cnetnetworks.com.au/video/2009/02/22470997/22470997.flv

  • It's good they've responded, but this change does not fix the fundamental problems with win7's UAC whitelist.

    The problem is that 70 applications are on the whitelist and are allowed to silently elevate without the user's knowledge. You just have to inject code into one of these 70 applications and you have admin rights. There are multiple ways of doing this. You can use the debug API, you can get them to load a DLL, use your imagination.

    Here's a page with a sample exploit and a lot more information:

  • It's simple, really. The concept of UAC is broken, not the implementa... ok, they're both broken, but you can only fix one of them.

    The idea that the user can even make these decisions is fundamentally flawed and shows that MS is run by either geeks (who don't understand that human life is possibly with knowledge of stacks, heaps and pointers) or lawyers (who don't care about users at all and only want to see responsibility shifted to parties outside the company as much as possible).

    90% of windos users can n

  • Comment removed based on user account deletion

Always leave room to add an explanation if it doesn't work out.

Working...