Windows 7

[Gangularis]

UAC (nor the sudo/root model) doesn't protect against all possible malware vector, so I don't see your point.

It doesn't protect against "all possible malware"... Neither does any single anti-virus program. I suppose you don't see the point of those programs, either.

A trojan is going to be destructive on XP, on Vista, or on any OS in the world. That's not what these controls are designed to protect against.

Now you're talking about trojans? I don't think I even uttered the word.

I'm not getting ridiculous, you completely missed (or ignored) my point. UAC and sudo/root are designed to protect against non-user initiated privileged escalations.

AKA.. MALWARE...

Saying that UAC is pointless is like saying that sudo/root is pointless

It's not at all the same.. sudo is used by advanced users, that use an OS that is not targeted by malware on a regular basis... Noob users, that don't know what they're doing, should be FORCED to log into an admin account to install programs, in the case of Windows....


SUDO WOULD BE JUST AS BIG OF A FLAWED CONCEPT IF AVERAGE USERS WERE USING LINUX.. and if linux was the target of malware, like windows is.

Tell your local security guy to ask/declare a derogation.

You're obviously VERY unaware of what it's like to work in a sensitive customer service environment, that largely involves remote connectivity and troubleshooting of average user PCs.
You don't go around changing a bunch of settings on a customer's remote PC if it's not necessary. Turning off UAC is not considered necessary, since we can click on "continue" just like the user. It is, however, annoying.

Some malware, yes. Actually, some propagation vectors. But not all malware and propagation vectors.

Could you possibly try to blur reality here, more? "Some propagation vectors"?? Uh yeah... malware propagates through certain vectors... so do viruses.. Quit trying to minimize it into contrivances.. UAC's main purpose is security - and that security involves preventing the propagation of malware... Just admit it, and quit trying to distort UAC's purpose.

 

[ZouPrime]

It doesn't protect against "all possible malware"... Neither does any single anti-virus program. I suppose you don't see the point of those programs, either.

No, I see the point of these programs. You're the one who have a problem with UAC - which is a kind of "security program", and which is imperfect in its scope, just like others security programs.

Now you're talking about trojans? I don't think I even uttered the word.

A trojan is a type of malware that UAC cannot protect against because it's entirely user-initiated (by definition of what a trojan is).

AKA.. MALWARE...

Some type of malware, yes. Not all of them - such as trojans, or an hypothetical vulnerability in the UAC code for example.

It's not at all the same.. sudo is used by advanced users, that use an OS that is not targeted by malware on a regular basis... Noob users, that don't know what they're doing, should be FORCED to log into an admin account to install programs, in the case of Windows....

I just don't think you understand what root/sudo and UAC are supposed to do. Microsoft wanted to implement a unix-like mandatory access control because it has prove to be quite an effective model in the unix world. In the end they chose not to, and implemented UAC instead. There motivation for doing so has never been quite clear, but one speculation is that they precisely expected users to have difficulties in handling the root/sudo model, and instead they chose to force the higher level users (administrators) to always prompt on privilege escalation (without a password) instead of having to log on a super-user account. Something the average users would quickly abuse - and that's exactly what your suggesting by forcing users to log in an "admin" account.

SUDO WOULD BE JUST AS BIG OF A FLAWED CONCEPT IF AVERAGE USERS WERE USING LINUX.. and if linux was the target of malware, like windows is.

It's not flawed, it's just that most users have never encountered these mechanisms, and there's a period of adaptation to expect. But they are necessary. Microsoft couldn't release anymore all-open versions of Windows like XP with all the problems and the bad press of the security of their product... they had to make a move and implement some kind of privileged escalation mechanism.

Could you possibly try to blur reality here, more? "Some propagation vectors"?? Uh yeah... malware propagates through certain vectors... so do viruses.. Quit trying to minimize it into contrivances.. UAC's main purpose is security - and that security involves preventing the propagation of malware... Just admit it, and quit trying to distort UAC's purpose.

Virus ARE malware.

UAC's main purpose isn't "security", that's a meaningless statement. What's "security"? It's like saying that software XYZ main purpose is functionality. Duh.

UAC is a specific mechanism that protect against specific threats and vulnerabilities. Just like an anti-virus is a specific mechanism that protect against specific threats and vulnerability. I'm not minimizing it into contrivances - it's just that you made a very broad and false statement ("UAC is pointless") but you clearly don't understand well what it is supposed to do and what it protects against.

 

[jsiv]

I just don't think you understand what root/sudo and UAC are supposed to do. Microsoft wanted to implement a unix-like mandatory access control because it has prove to be quite an effective model in the unix world. In the end they chose not to, and implemented UAC instead. There motivation for doing so has never been quite clear

NT has had it since the beginning (although it's ACL-based, which isn't as common in the unixy world). The problem is that Microsoft used to have two different operating systems (with the same APIs), NT and Windows 1-9x. The latter was a consumer OS with no concept of users, and was discontinued in the late 90s. The software written for it, and the developers who wrote it weren't, and brought all their habits with them when NT became a consumer OS with XP.

If standard users had been the default, all this software would have ceased to function. Since it wasn't made the default for compatibility reasons, many developers didn't change their bad habits either, and the reliance on administrator access continued. Even up to the last few years major programs and games still required administrator access to run.

Rather than break all compatibility, Vista ended up with a compromise. When administrator approval mode (in UAC) is enabled and an administrator logs on, he is issued two separate security tokens. One that gives access equivalent to a standard user, and one equivalent to an administrator. The standard user token is default, and the admin token only used when you agree to a UAC prompt. This is technically fairly different from sudo, which just runs code as another user (often root). To the user though, it's mostly the same.

Anyway, this compromise means that certain users get a security benefit while still retaining a level of user friendliness compared to if he had to enter the credentials of an administrator every time he wanted to do something with system-wide consequences. Plenty of people would find that so annoying that they'd just always log on as administrator.

For others, the usefulness of it is questionable since they lack the level of understanding necessary to make an informed choice when prompted by UAC or for administrator credentials. There is not much you can do for this group.

 

[PhreePhly]

NT has had it since the beginning (although it's ACL-based, which isn't as common in the unixy world). The problem is that Microsoft used to have two different operating systems (with the same APIs), NT and Windows 1-9x. The latter was a consumer OS with no concept of users, and was discontinued in the late 90s. The software written for it, and the developers who wrote it weren't, and brought all their habits with them when NT became a consumer OS with XP.

If standard users had been the default, all this software would have ceased to function. Since it wasn't made the default for compatibility reasons, many developers didn't change their bad habits either, and the reliance on administrator access continued. Even up to the last few years major programs and games still required administrator access to run.

Rather than break all compatibility, Vista ended up with a compromise. When administrator approval mode (in UAC) is enabled and an administrator logs on, he is issued two separate security tokens. One that gives access equivalent to a standard user, and one equivalent to an administrator. The standard user token is default, and the admin token only used when you agree to a UAC prompt. This is technically fairly different from sudo, which just runs code as another user (often root). To the user though, it's mostly the same.

Anyway, this compromise means that certain users get a security benefit while still retaining a level of user friendliness compared to if he had to enter the credentials of an administrator every time he wanted to do something with system-wide consequences. Plenty of people would find that so annoying that they'd just always log on as administrator.

For others, the usefulness of it is questionable since they lack the level of understanding necessary to make an informed choice when prompted by UAC or for administrator credentials. There is not much you can do for this group.

Wow, that's actually a really great explanation for a fairly complex issue that many don't seem to grasp. I will borrow from this in the future. As you pointed out earlier in the thread, UAC is not a solution, it is just another tool available to the user. UAC will not stop malware, on it's own, it can't. All it can do is notify the user that elavation is being requested. What the user does with that will dictate whether or not they get infected.

I haven't spent enough time on Ubuntu, but given that it essentially disables Sudo, how does one configure their system? Do you set it up at install, and that's it?

PhreePhly

 

[GreNME]

Yes I do understand what sudo is. You still obviously don't understand the purpose of UAC.

Okay, you're asserting that, but you do nothing to back such an assertion up. Since jsiv already put it into very good detail, I'll just refer you to post #103 for an explanation on what UAC is. As I already stated, ACLs and malware protection software exist to keep malware out, not the UAC controls. Expecting the UAC controls to stop malware is an unrealistic expectation based on a flawed understanding of what it's for.

It's not ridiculous. You're just obviously not an employee of a company that specializes in removing malware from Windows products, via remote connections.

Look, I'm really not interested in getting into a "whose e-penis is bigger" contest with you, so do yourself a favor and spare those types of arguments. It is a ridiculous policy because Microsoft specifically provides methods to complete tasks that would normally trigger UAC prompts for the purpose of remote administration (with which I'm quite familiar, thank you). Not only that, but a number of the systems out there that allow you to remotely manage systems-- whether small-time like DameWare or more enterprise-level like Kaseya-- and at the same time mitigate the UAC prompts with no problems. I'm not stating this in theory: I have direct experience doing as much on a regular basis.

Also, a little side-note: as has been noted, viruses do count as malware. When I mention malware protection I don't just mean any single product or any single type of product. Whether it's spyware-blockers or antivirus or simple script execution prevention, they all count as malware prevention software. Other software exists that can be put into the category of malware removal, but for the sake of consistency it's wise to consider them all as being under the umbrella of fighting malware, which takes several different forms and covers a wide range of focuses.

Still, that's a whole different discussion, and the initial point is that UAC is not there as a malware protection measure.

 

[Cl1mh4224rd]

I haven't spent enough time on Ubuntu, but given that it essentially disables Sudo, how does one configure their system? Do you set it up at install, and that's it?

Whoa. Sudo is not disabled in Ubuntu. It's the root account that's essentially disabled.

And by disabled, it just means that, by default, there's no password on the account, therefore no one can log on as root directly. Code can only be escalated to super-user privileges through the sudo command. There's a GUI equivalent, too, which pops up (just like UAC in Vista and Windows 7) so you don't have to drop to the console every time you want to change settings.

 

[PhreePhly]

Whoa. Sudo is not disabled in Ubuntu. It's the root account that's essentially disabled.

And by disabled, it just means that, by default, there's no password on the account, therefore no one can log on as root directly. Code can only be escalated to super-user privileges through the sudo command. There's a GUI equivalent, too, which pops up (just like UAC in Vista and Windows 7) so you don't have to drop to the console every time you want to change settings.

Thanks. So, if root is disabled and you need to perform something that requires super-user privileges, how do you do that? Do you need to set up a password for root, so that you can elevate, or does Ubuntu have a mechanism to provide super-user privileges to a general user temporarily?

PhreePhly

 

[jsiv]

Thanks. So, if root is disabled and you need to perform something that requires super-user privileges, how do you do that? Do you need to set up a password for root, so that you can elevate, or does Ubuntu have a mechanism to provide super-user privileges to a general user temporarily?

PhreePhly

That is exactly what sudo does.

Su (substitute user) let's you run code as another user provided you have their credentials. This can be the superuser, or any other user. The Windows equivalent to this is the "runas" command. Ubuntu has this "disabled."

Sudo, on the other hand, let's you run code as another user without having their credentials, provided you are on the list of approved users. Windows has no equivalent to this.

Linux distributions like Ubuntu use sudo to let you perform actions as superuser (as the actual user, as most Linux distributions have no such concept as "superuser privileges"). If you open a control panel or something else that requires elevation, Ubuntu will pop up a dialog box asking for your password. It will then hand this to sudo, which will check if you're allowed to run code as superuser, and if you are, run the control panel as superuser. All without ever needing the superuser password.

To the user the experience is about the same as on Windows, except that they have to enter their password. Implementation-wise, it's different like I've explained previously.

Windows has no superuser, and uses access control lists which lets you specify individual access rights (and logging) to an object for any number of users and groups. Administrator users can change any ACLs, but don't have automatic access to everything.

Linux generally only has one user and one group for each object, and one superuser which has full access to everything, which is less flexible.

 

[moopet]

To get back to the OP, I've installed it in virtualbox and think it seems ok. A more natural successor to XP. It runs quite smoothly, too.
I like the way you can drag windows to the top of the screen to maximise them, and unmaximise by dragging down. I like that you cal drag them left and right to take up half the screen.
I think the taskbar stacking is butt ugly.
Doubt I'll use it until I get a machine with it already installed.

 

[PhreePhly]

That is exactly what sudo does.

Su (substitute user) let's you run code as another user provided you have their credentials. This can be the superuser, or any other user. The Windows equivalent to this is the "runas" command. Ubuntu has this "disabled."

Sudo, on the other hand, let's you run code as another user without having their credentials, provided you are on the list of approved users. Windows has no equivalent to this.

Linux distributions like Ubuntu use sudo to let you perform actions as superuser (as the actual user, as most Linux distributions have no such concept as "superuser privileges"). If you open a control panel or something else that requires elevation, Ubuntu will pop up a dialog box asking for your password. It will then hand this to sudo, which will check if you're allowed to run code as superuser, and if you are, run the control panel as superuser. All without ever needing the superuser password.

To the user the experience is about the same as on Windows, except that they have to enter their password. Implementation-wise, it's different like I've explained previously.

Windows has no superuser, and uses access control lists which lets you specify individual access rights (and logging) to an object for any number of users and groups. Administrator users can change any ACLs, but don't have automatic access to everything.

Linux generally only has one user and one group for each object, and one superuser which has full access to everything, which is less flexible.

Thanks for the explanation. That's what I thought. Can you set up the first user without a password, or does Ubuntu require a password? The reason I ask is simply to point out that MS is in a really tough position regarding security.

MS doesn't require the user to use a password. Many users don't want them for logon. My wife is the perfect example of this. I had to really work at convincing her that she needs a login password. Now she rarely turns her computer off because she hates that she has to enter a password. So when it comes time for Update Tuesday, I have to make sure that she restarts her system. Or if the system restarts on its own, she is mad as hell, because she didn't save xyz file.

PhreePhly

 

[GreNME]

That is exactly what sudo does.

Su (substitute user) let's you run code as another user provided you have their credentials. This can be the superuser, or any other user. The Windows equivalent to this is the "runas" command. Ubuntu has this "disabled."

Sudo, on the other hand, let's you run code as another user without having their credentials, provided you are on the list of approved users. Windows has no equivalent to this.

Good explanation. Also, this is one of the final problems I have with Windows as an operating system. It makes desktop administration that much more annoying for me (I'm an IT manager for a small company, meaning I wear several hats), and while on the Vista machines I have UAC able to prompt me for running certain things in a much cleaner interface (where on XP I have to drop to CMD using runas). UAC behaves a bit more like sudo, but it's still not completely like it and that gets in the way of successfully installing/patching some software. If Microsoft could find a way to get this right it would probably make me stop wishing I was dealing with a Mac or Linux at the point in time where I do still run into occasional snags.

 

[GreNME]

Thanks for the explanation. That's what I thought. Can you set up the first user without a password, or does Ubuntu require a password? The reason I ask is simply to point out that MS is in a really tough position regarding security.

As far as I recall, nope. Granted, the last time I used Ubuntu was version 8, but that wasn't too long ago.

 

[jsiv]

Also, this is one of the final problems I have with Windows as an operating system.

I'm not sure if I get it. You're doing administrative tasks on them by using runas/UAC from a standard user? Wouldn't it be easier to just switch to an administrator user instead, and do it from there?

 

[GreNME]

I'm not sure if I get it. You're doing administrative tasks on them by using runas/UAC from a standard user? Wouldn't it be easier to just switch to an administrator user instead, and do it from there?

Not when I need to solve a quick problem or get a patch/install taken care of on an employee's computer at random times during the day. Even moreso for the satellite offices in other states, where my only contact with them is over the VPN. If my choice is to connect to a full RDP session as administrator or just use the mini-remote-control software I have (which allows for interactivity), I usually tend to go with the latter so I don't have to constantly guess about what they're trying to describe. Naturally, if I can't solve the problem through runas (for XP, UAC in Vista), then I RDP back in as myself and take care of things. The goal for me is to get the problem solved with the least amount of work on my part and the least amount of hassle to the users. Since I usually have bigger things to tackle in the server room or business organizational stuff, I really try to minimize the time I have to spend playing desktop support. If Windows had sudo it would save me loads of time with that sort of thing.

 

[malbui]

I downloaded the RC during the week and had a go at installing it this afternoon on an oldish Dell desktop with a P4-2.6 chip and 1 gig of RAM. All went OK except that the display was stuck resolutely at 640x480 and half an hour of fiddling and Googling has revealed that there are no drivers more recent than XP for the onboard graphics chipset and no plans for any for Windows 7 at the moment. Oh well.

 

[tyr_13]

I absolutely love Vista and so far, I don't see much reason for me to change yet. I don't do much programing (not that I ever did much) or 3d work anymore, and the most advanced drawing program I use is MS Paint. Well, I do use Photoshop for actual picture editing though. I play games, download anime, and watch movies.

So far I haven't seen a lot that would benefit me in a switch, but who knows. Better readyboot, graphic card processing, or other new abilities might make me switch later. Still can't beat the fact that I can yell at my Vista desktop and it will open up my Firefox to JREF.

 

[bigred]

General clues and English translations appreciated. "RC?"

And is this the thing that is either a "fixed" version of Vista or replacing it (either way can't get here soon enough)?

 

[Leftus]

RC = Release Candidate. It's the current status of Windows 7.

Being a "new" operating system, it would be a direct replacement for Vista as XP was a direct replacement for 2K.

The media center is far more friendly with my tv tuner than the Vista version, which is to say I can get it to show the digital channels which is something that wasn't going to happen on Vista. The UAC is far less intrusive than Vista. I'm slowly getting used to the start button and the new task bar thing.

 

[aggle-rithm]

General clues and English translations appreciated. "RC?"

And is this the thing that is either a "fixed" version of Vista or replacing it (either way can't get here soon enough)?

From what I've heard, one of the biggest changes is the inclusion of "MinWin", which is basically a refactoring of the kernel to remove tight coupling between DLL's.

In other words, it brings Microsoft all the way up to the late twentieth century in terms of technology.

 

[Z]

Will you Vista users move to 7 when it is released? Why or why not?

I was perfectly happy back with WinME - of course, I was one of, like, four people in the whole world that the OS worked for.

I also loved XP, but of course new machines came with Vista. After spending weeks poking and tweaking Vista, I've come to accept it and even, to a degree, like it; but I have no doubt that it won't be practical to stick with Vista once 7 has been up for a while (since, of course, all kinds of new software will only be 7-compatible after some time).

For me, the practical consideration of price is the determining factor of when/if I switch. Most likely, I'll switch when my new laptop no longer runs the software I need it to - at today's rate of change, about 2012 (I'm always using older software anyway). I just can't justify shelling out several hundred dollars for a new version of a program that seems to work fine in its older form. For example: I still play Civ III (and sometimes Civ II TOT); Sims 2; and so forth. That's largely because I wait until such programs fall to under $20 (by then, the bugs are all worked out). Cheap, I know.

I'd have tried to reinstall XP onto my laptop, but as it turns out, the display drivers at the time were Vista-only compatible (nice and nasty trick, Gateway). That's another consideration these days -manufacturers MAKE you accept the newer version by including hardware that only has newer drivers.

Yay, Capitalism!