04-30-2006, 12:42 AM
| || |
| || |
Join Date: Mar 2004
Location: Yorkshire, England
Windows Vista Security Joke ?
Well, can't see myself running out to install Vista (when it comes out) on my box. http://www.winsupersite.com/reviews/...ta_5308_05.asp
Modern operating systems like Linux and Mac OS X operate under a security model where even administrative users don't get full access to certain features unless they provide an in-place logon before performing any task that might harm the system. This type of security model protects users from themselves, and it is something that Microsoft should have added to Windows years and years ago. |
Here's the good news. In Windows Vista, Microsoft is indeed moving to this kind of security model. The feature is called User Account Protection (UAP) and, as you might expect, it prevents even administrative users from performing potentially dangerous tasks without first providing security credentials, thus ensuring that the user understands what they're doing before making a critical mistake. It sounds like a good system. But this is Microsoft, we're talking about here. They completely botched UAP.
The bad news, then, is that UAP is a sad, sad joke. It's the most annoying feature that Microsoft has ever added to any software product, and yes, that includes that ridiculous Clippy character from older Office versions. The problem with UAP is that it throws up an unbelievable number of warning dialogs for even the simplest of tasks. That these dialogs pop up repeatedly for the same action would be comical if it weren't so amazingly frustrating. It would be hilarious if it weren't going to affect hundreds of millions of people in a few short months. It is, in fact, almost criminal in its insidiousness.
Let's look a typical example. One of the first things I do whenever I install a new Windows version is download and install Mozilla Firefox. If we forget, for a moment, the number of warning dialogs we get during the download and install process (including a brazen security warning from Windows Firewall for which Microsoft should be chastised), let's just examine one crucial, often overlooked issue. Once Firefox is installed, there are two icons on my Desktop I'd like to remove: The Setup application itself and a shortcut to Firefox. So I select both icons and drag them to the Recycle Bin. Simple, right?
Wrong. Here's what you have to go through to actually delete those files in Windows Vista. First, you get a File Access Denied dialog explaining that you don't, in fact, have permission to delete a ... shortcut?? To an application you just installed??? Seriously?
OK, fine. You can click a Continue button to "complete this operation." But that doesn't complete anything. It just clears the desktop for the next dialog, which is a Windows Security window (Figure). Here, you need to give your permission to continue something opaquely called a "File Operation." Click Allow, and you're done. Hey, that's not too bad, right? Just two dialogs to read, understand, and then respond correctly to. What's the big deal?
What if you're doing something a bit more complicated? Well, lucky you, the dialogs stack right up, one after the other, in a seemingly never-ending display of stupidity. Indeed, sometimes you'll find yourself unable to do certain things for no good reason, and you click Allow buttons until you're blue in the face. It will never stop bothering you, unless you agree to stop your silliness and leave that file on the desktop where it belongs. Mark my words, this will happen to you. And you will hate it.
Sounds like it will be a nightmare. God help you if malware gets on the computer, it'll take 30+ prompts to get rid of it as well.
Edit to add: Looks like it it gets worse as you can't do anything else until allow or deny a prompt.
It actually gets worse. In his review of the latest build, Thurrott points out that Microsoft security people found a bug in the original that spoofed the cursor. It hid the real cursor under a fake one and when the user clicked it thinking that they were canceling a screen, they were actually accepting it thereby allowing malware to install. In order to combat this, Microsoft currently has the dialog boxes pop up in the Secure Desktop mode, meaning everything goes black except the dialog box thereby preventing the user from doing anything else until the dialog box is addressed. Imagine that happening over and over again.
This isn't security for the user, its security for M$, so they can tell you (well you must have "allowed" it), when you're overrun with Malware. http://www.schneier.com/blog/archive...oft_vista.html