Microsoft to tweak Windows 7 settings
In a reversal, Microsoft said on Thursday that it will make changes to the way a controversial security feature works in Windows 7.
After getting lots of feedback that Windows Vista too often prompted users to approve changes, Microsoft had decided in Windows 7 to prompt users less frequently. However, in recent days, some enthusiasts and security experts warned that the specific changes Microsoft planned to make with Windows 7 could put users at risk.
Microsoft initially downplayed the risks and defended its choices around the User Account Control feature. On Thursday, though, the company's two top Windows engineers said the company will make some modifications in response to the outcry.
Microsoft won't change the default setting--which is to notify users only when a program is making changes to their system--it will add an exception when changes are being made to the UAC itself. Starting with the upcoming "release candidate" version of Windows 7, changes to the UAC settings will require user approval, senior vice presidents Jon DeVaan and Steven Sinofsky said in a blog posting.
"With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we'll all see," the pair wrote. "First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion...Second, changing the level of the UAC will also prompt for confirmation."
For Windows 7, Microsoft won't change the User Account Control default setting--which is to notify users only when a program is making changes to their system--it will add an exception when changes are being made to the UAC itself.
(Credit: CNET News)When the issue was first raised last week, Microsoft issued a terse statement that basically said the feature was working as it was supposed to.
"This is not a vulnerability," Microsoft said. "The intent of the default configuration of UAC is that users don't get prompted when making changes to Windows settings. This includes changing the UAC prompting level."
However, the criticism around the setting continued to build.
In an interview on Wednesday, DeVaan told CNET News that the company would consider changes, but he also said that it believed that the discussion had lost sight of the fact that the issues being discussed only applied if a system was already compromised by malware.
Rafael Rivera, who along with blogger Long Zheng was among the first to write about the UAC issue, praised Microsoft for its eventual action on the issue.
"I'm happy to hear of the changes upcoming in the public Windows 7 Release Candidate build," Rivera said in an email. "Regardless of the reasons (behind the changes), the increase in security is a win for all Microsoft Windows users."
Zheng also praised Microsoft's move in a blog posting late Thursday.
In their post, DeVaan and Sinofsky acknowledged their communication on the issue had been less than ideal.
"Our dialog is at that point where many do not feel listened to and also many feel various viewpoints are not well-informed," the pair wrote.
Sinofsky and DeVaan said they expected a breakdown in communication to happen at some point, but said that they hoped the dialogue around Windows 7 would continue.
"We don't want the discussion to stop being so lively or the viewpoints to stop being expressed, but we do want the chance to learn and to be honest about what we learned and hope for the same in return," they wrote. "This blog has almost been like building an extra product for us, and we're having a fantastic experience. Let's all get back to work and to the dialog about Engineering Windows 7. And of course most importantly, we will continue to hear all points of view and share our point of view and work together to deliver a Windows 7 product that we can all feel good about."
Reviews of the beta version of the product, which came out last month, have been largely positive, particularly around the performance and reliability of the product. The company has seen the first significant criticisms about Windows 7 this week, both in regard to the UAC feature as well as some dismay that the company will again offer at least six different versions of the product when Windows 7 is released.
Officially the product is due out before the end of January 2010, although Microsoft is still believed to be aiming to have Windows 7 out in time to be on computers sold during this year's holiday shopping season.
During her years at CNET News, Ina Fried has changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley. These days, most of her attention is focused on Microsoft. E-mail Ina. 
Not being snarky, I'm genuinely curious. After all, the simple act of using it means you have a security hole that no product can fully plug. Me, I take the risks when I have to, as sometimes there is no choice. OTOH, I'll use as many tools as I can find to keep the damned thing from getting owned.
Shouldn't that be "tenatively"? I don't think they'll likely DELAY it, but it wasn't never "We will absolutley come heck or high water release the next version of windows 3 years from general release of Vista". It was more a timeframe :-/
I think the intention here is good, clearly Microsoft have learned from Vista (where UAC is next to useless - because it bombards the user with too much information). If this change to UAC works properly (and they seem to have addressed the specific issue) then UAC can actually be useful.
Now clearly, UAC is something we shouldn't need - but in the real world, we do. This is all about making Windows more secure (or less insecure - depends if you're a "half-full person" or a "half-empty person") it isn't going to raise productivity or make using the computer "more fun". Assuming they have this right, this will improve the situation from either XP or Vista (and you could argue that Vista didn't - I think I have elsewhere).
I'm glad the outcry over this situation got Microsoft to change their mind. After all, it's a fundamental staple of security for users to know when malicious software is trying to alter their basic security settings.
Windows 7 might be better than Vista, but I doubt it will ever be as good as Mac OS X (or even Ubuntu) security-wise.
I know you can run Windows on the Mac, but realistically to get the best out of owning a Mac you need to be running applications on Mac OS X most of the time (hardware wise a Mac isn't that different to a PC - you might argue that Mac hardware is better designed, and I think you'd have a strong case). The real point of owning a Mac is the applications that run on Mac OS X. Mac OS X is great, but using a computer is all about running applications on it. Now if you're business is running some Windows app, and there is no Mac equivalent getting a Mac won't help you much. If you're going to be running Windows most of the time, you might as well have a PC. Now I think this situation is actually quite rare, but it does exist. If you run Office most of the time, then switching to a Mac isn't usually a problem. There is Microsoft Office for Mac (though the latest version doesn't run VBA - but really, if you're using VBA you've probably got bigger problems) and that is pretty nice. Personally I think users coming from Office 2003 (and before) will find the Office 2008 for Mac less jarring than Office 2007 on the PC (my suspicions are based on seeing people try this, and my own usage). Apple's iWork '09 suite is much more capable that it might appear. Personally I think for a lot of users this move worthwhile. The iWork '09 suite is significantly different to Microsoft's Office (though if you're on Office 2003 you'll face a similar disorientation with Office 2007) but can read/write Office files (including the newer XML based formats). Personally I have a huge soft spot for Numbers '09 (iWork's spreadsheet). If you use PowerPoint for sales presentations - Keynote '09 could justify the switch all on it's own (the animations are super slick, and given how many PowerPoint presentations we've all been subjected to the fresh "newness" you get from Keynote makes your presentations really standout from the crowd).
But if you're a "hardcore gamer" a Mac is probably not for you (games support isn't as good). There isn't much wrong with the technology (though all the "bleeding edge" stuff happens first on the PC) and the OS is much better set up for supporting games. But fundamentally, the games just aren't there.
Interfacing Macs with PCs isn't a problem at all, they work just fine of PC networks, they can interface with ActiveDirectory and Exchange (the support is "good" - not perfect, but good enough). You can use them as clients, you can use them as servers. You can treat them like Unix/Linux you can rely on "point and click" administration. Nobody needs to be "afraid" of the Mac, even if you've only ever used the PC.
But no, they are not right for everyone.
VBA is a nightmare just waiting to bite you. If it isn't a virus embedded in a document it's changes between Office versions that shop your in-house applications working when you upgrade. Truly I do know what I'm talking about. VBA is best avoided (like many things in this life, that's not always possible... but best if you can).
Microsoft never learns
Slowly, but still, it's a beginning.
Just askin'.
The difference is that application programmers were lazy and refused to write applications that worked like they do in unix. As a result, users typically had to run with administrator permissions to use the apps. The operating system does have the capability. All it needs are applications and users willing to run under user permissions to be very, very secure.
Yes. Notice the difference, a password is required in the ONE prompt you get versus a "click this button" dialog that repeats itself ad-nauseam specifically to annoy the user. Consider the ease of writing a script that looks for certain dialog boxes and automatically clicks the "continue" button, versus the complication of writing a script that first has to fire up a keylogger in order to capture all keystrokes in the hopes that you'll be entering your root password at some point ...
@Seaspray0
The registry. You know that's one of the main reasons the rest of the computing world is laughing at winblows apologists, don't you. Your argument is already lost, but enjoy that disaster area you're defending.
Does this even make sense?
If you want to run Windows 7, you don't need to buy a PC - you can run it on your Mac (either "like you are" in a VM) or dual boot (where it will run just like on any PC). There isn't any need to spend any money on a PC (no matter how "cheap" it is).
I just get the impression you're attempting to hoodwink us. I'd also contend that spec for spec Macs aren't expensive. Sure Apple don't make low spec systems (and that can be a genuine problem, if you only need low spec systems in your business and you need a lot of them - well then it can be impossible to justify buying Macs). But $ for $ Macs aren't expensive, I know a lot of people think they are, but seriously, take a Mac then spec out a Dell like that one, there won't be much in it either way. I agree if you try and do this in reverse you often find you can't (if I start with an entry level Dell, the Mac I end up comparing it too is far more expensive - but it's a nicer machine). For business customers, this IS a problem (sometimes). For normal consumers, this is less of an issue - you can argue that mid-range systems have better TCO and there is overlap between Apple and everyone else in the mid-range.
Now back to your specific point, the reaction to this has been a bit overblown, but UAC has become a "hot button" since Vista, where UAC got a bad name. But Microsoft have communicated this very badly indeed. It's good they have make this change (which is actually quite small) and UAC seems much more useful as a result. This is great news for people looking to migrate from Windows XP/Vista to Windows 7, but to try and spin this into something that should make Mac users switch - come on! If you've got a Mac now, stick with it. If you're currently a Windows users, changes to UAC will make Windows better. But none of this means that the PC has something like iLife (or whatever) or that Mac can suddenly play the latest games or you can get a crabby one for a pittance.
Also, there are iLife like applications available for Windows. It might not be 'iLife' but its not like that class of application is only available on Macs.
Re: Mac VS PC prices - You make a good point, but that's only for some systems. If you are doing anything that requires a larger desktop resolution (like 1920 X 1200) for working in apps like Photoshop, Flash, Dreamweaver, etc, then the low-resolution of the regular Macbooks is not sufficient. You would need to move to a Macbook pro, at which point the prices really differ.
For example, when I priced out my new Dell laptop this time last year, I also priced out the exactly equivalent Macbook Pro, feature for feature, even settling for a less powerful CPU and slower HD. It still came out to about 60% more. The Dell is great, and it was 2/3 the price of the last Dell I had bought three years earlier. Quality of the thing is just fine. Sure, it's not as pretty, but I don't buy computers to be pretty.
Shortly after, I built my desktop system, once again comparing prices for a MAC, an the the equivalent machine was twice as much. To be fair, I built this system using well-researched, top-notch parts, albeit with a "budget" Q6600 Quad Core. There was nothing in that same price range that would have been suitable from Mac. Also, I bought the CoolerMaster Cosmos 1000 case, which is pretty much the most awesome looking machine I've ever seen :)
Not to mention that for most people who have actually bought software (such as $5000 worth), a switch to a Mac includes upgrading all of it to Mac versions. A very expensive switch indeed.
I've said it before and I'll say it again: Yes, Macs are cool, but not worth the extra $$ for most people who just want to get work done.
A MacBook will do 1920x1200 on an external display. And the point I was making was only for "some systems" - Apple's range isn't big enough to give a total overlap. You can find PCs at price points both below and above Apple's where no Mac exists. Personally I think Macs exist at the best value price points, but YMMV. Of course, this is on no help if you need a number of cheap machines you may not need to keep over the long haul (start-ups are often like this).
Well the Mac is the only legal way to run Mac OS X and Windows. Using a VM is always going to be slower (the mistake most often made is insufficient RAM - more RAM giver much better performance, this isn't a Mac thing, it's true everywhere).
It also depends when you make the comparison, if you make it just after Apple have launched a new system then the story for Apple is better, if it's done just before then it's worse. This is to be expected. It's also why people trying to make the case for the Mac talk about OptiPlex vs Mac (the OptiPlex is "managed" and that damps the effect).
I think assuming nobody finds another shortcoming with UAC in Windows 7, we'll get a feature that will help the security of Windows. We can argue about semantics all you want, but an application modifying Firewall settings, for example, is a security issue - if UAC stops that from happening without the explicit consent of the system administrator (or a nominated deputy), then the system security has been enhanced.
Now I don't understand why everyone is jumping up and down about a change to a Beta OS so much (what the hell are Betas for if not to be changed where necessary before a product ships?!) But Microsoft have communicated their side of the story very badly.
But for users of Windows who are looking to move to Windows 7, this change is a "good thing". The intent of Microsoft's changes to UAC (from what they had in Vista) make UAC more useful (I'd argue that UAC in Vista was pretty useless) and the change they are making now seems consistent with that objective. Yes, this does mean more "pop-up UAC alerts" but not having this would have rendered UAC completely redundant in Windows 7 (all Malware would have switched it off, only legitimate applications would have triggered it - the worst of all worlds). Isn't this what we have Betas for?!
UAC is as much a security feature here as any of those examples. If it didn't let you know there is a potential malicious action then how would you know? If it didn't alert you that something was trying to attack your computer, burrow into the registry, find your personal info and transmit it, how would you know?
UAC is an awareness feature, I agree. However, awareness features are security features.
since vista, i my friend got a mac, so i tried it an there easy to use , just simple but powerful
macs just work
getting a macbook in a couple days
just my take
[explitive deleted]
Well unless you have an IQ slightly lower than that of a gerbil that is.
...
Oh, I see your problem.
As for being an annoyance, I just don't see that. In the 3 weeks after loading a new PC with software, the spouse hasn't seen one UAC popup on vista.
Microsoft should have done this with Vista, and actually they were told that their system was useless (which is was). Their reaction to this wasn't great, but at least they are fixing the problem (even they don't admit it actually IS a problem).
But fundamentally UAC is a good idea, it IS useful and you would be better off NOT switching it off. Malware is very hard to keep off PCs, especially for users who see computers as a mere tool (and not a way of life!) "Good" Malware will stay out of your way, not alerting you to its presence. You be amazed how few PCs are actually totally free of it. But UAC as implemented (now) in Windows 7 represents a huge step forward.
the UAC in vista annoyed me , personally so i turned it off, i have a security suite so figured i dont need more warnings.
vista is ok, if you use it for heavy stuff its a mess, just my take,
goin to switch to a mac in the next week or so
osx
Well the problem is Vista's system is so damn chatty, the system on the Mac isn't. Hopefully the system in Windows 7 will be more "Mac-like", it seems that's where they are headed. Do I think UAC is worth switching for? No, of course not. Mac or PC it's all about the applications you want to run. If the application you want/need to run is only on one platform, well that's the platform for you. Mac users sometimes forget this. But the number of applications on a platform is irrelevant too (really how many word-processors do you need?!) If you want to run the latest games (especially if money is no object) then you want a PC. If you want to run Final Cut Pro, you need a Mac. Just because you want/need a particular computer, it doesn't make you an idiot - anyone who thinks it does is missing the point of having a computer.
Make it seem as bad as M$'s idiotic and massively failed attempt to reinvent the wheel.
UAC is and always will be an utter failure for one reason shown here - M$'s customers, the same customers that can't be trusted to understand anything, understands security better than M$ does.
Honestly, I don't see all the fuss. I'm definitely a power user, but after you've customized the OS to your liking, it doesn't really bother you all that much. I actually forgot I had turned it back on until I read this.
That said, I welcome the option to "fine tune" UAC to some degree. I like what MS is doing with Win7 and the public beta... However, I do think that Vista runs just fine except for a few small annoyances (such as Windows Explorer view settings ). I don't know if I'll be in a hurry to upgrade to Win7. It ain't really broke, so I don't really need to fix it.
To all the Mac folk who comment here about how everyone should just "Get a Mac", please face reality and at least try to get paid for doing Steve Job's marketing work. Most of us are just fine with our Windows machines, and will not be getting a Mac anytime soon. "Just get a Mac" has become one of the most annoying phrases in the English language. As if it's something everyone should do. I HAVE a Mac. I like my PC better. Deal with it.
http://www.istartedsomething.com/20090130/uac-security-flaw-windows-7-beta-proof/
Win7 sucks just like all other previous versions, per usual.
Source: http://news.cnet.com/8301-1009_3-10154662-83.html
"The Macintosh and base Linux kernel operating systems have dominated the top spots for vulnerabilities by operating system over the past three years"
There are lies,damn lies and statistics. It all depends how you count and classify them. Should be count vulnerabilities or are some more serious than others? What you're quoting seems to fall into the former camp. The high showing of Solaris should be a warning sign that these stats are questionable.
Seriously, even the most proud PC owner must be able to see that those numbers don't reflect the day to day experiences of computer users?
With XP, I had an infestation of over 300 viruses and other forms of malware all from one site (no, not porn or hacking). I had to call MS support and the guy wasn't even vaguely surprised at the number.
I switched to Ubuntu Linux less than 2 months ago. As of yet, I've not seen a single virus and yes, I run antivirus software, the same antivirus software I ran with XP.
I'm not looking at statistics, I'm looking at real world experience.
Do you just pick up any thread with Microsoft in it to TROLL? I'd say the same thing to a MS person trolling in an Apple thread.
- by jfalsken February 6, 2009 11:35 AM PST
- Uac doesn't give you any information about what it reports. You have no idea what the actual problem is or where it came from and what installed it. Just that there is a notice of change in settings. It doesn't explain the problem or show a solution to the problem. Any time you click on the links it doesn't take you anywhere near the topic and never finds a solution. Try and remove a virus or a program you don't use any more and it reinstalls it without allowing you to over ride, unless you shut it off all together. What protection is that? Most of the bugs come from Microsoft themselves in their releasing beta software as full versions. When in fact we are all beta testing the full release versions and just when we work out and find solutions to the buggy software they release a new product. Windows 7 should be a patch for Vista instead of a new product. Who can afford upgrading all their software to accommodate the new operating system? Are they nuts? Just make one version and let us turn off what we don't need. I going to turn off this crappy feature on day one. It doesn't stop or fix any security problem, just creates more problems.
- Reply to this comment
-
-
- by Jeremy Chappell February 6, 2009 2:45 PM PST
- I'm not quite sure what you're getting at, but I'll try and answer.
-
-
Showing 1 of 2 pages (83 Comments)Some say buy Mac. If it was so simple the pricing is higher just because of the name and one has to pay to play for everything on a mac. You this or that to work then you pay more to unlock those features. Back with other companies making copy mac with a mac license. They made better mac's than apple did and it cost them their licensing. The customer lost any or all upgrades to the software. Apple nickels and dimes you for everything to belong to their little special club of users. You have to be a special class and only the rich can afford them. Cutting off a market of us less fortunate, because were not good enough and not rich enough to own one. You just look at apple I-tunes to see an example of overcharging. You pay to be a member then pay for all the downloads too. In effect paying for everything more than once over. All systems crash or lockup and that is true even for mac's. I think most mac users are sold on a ponzie scam and need more buyers so they still have Apple around. Apple doesn't listen to it's users it tells them what they will sell and when. Then it's open your wallet because it's going to cost you for every little thing to be in their little club. Simply because Apple wants to control everything on their systems and that includes the price. So their costs may go down to produce their products, but it isn't reflected in the price you pay one bit. I bought a new pc for just 699.00 with a quad-core processor the same system as a mac would be over 3000.00. The savings is allowing me to upgrade my software. So go join your little club and pay extra for everything you use the box for. Watch your market share shrink as fewer people buy into the little ponzie scam.
UAC should happen right after you do something that makes the change it is reporting. If it "just pops up" then that's suspicious (and that's exactly what it's supposed to do - alert you to something making changes to the system without your consent). Anti-Virus software is installed deep in the system - it has to be, otherwise it couldn't hope to be effective, this means that when you're installing/removing it UAC is going to go crazy. The solution is to switch it off while you do that, then switch it back on. No this isn't a perfect solution, but it's about as good as you can hope for. On Windows Vista UAC was far too "chatty" and users were bombarded with too many alerts, this was: (A) Very annoying (B) Hard to understand as often seemingly benign changes brought about UAC alerts (C) It made it hard to connect your action to a particular alert. Windows 7's UAC has won't be anything like as "chatty", this should allow it to be much more effective.
On the subject of the Mac, advice to "Just buy a Mac" is far too simplistic. Sometimes getting a Mac is a good thing to do, sometimes not. It depends what you want to do with your computer. If you're an avid games player, a Mac isn't a good thing. If you run some particular Windows application that you can't get for the Mac, then a Mac isn't a good idea.
For a Mac to be a "good idea" you have to want to run applications designed for Mac OS X most of the time. A Mac running Windows isn't any different to anything else running Windows.
However, the Mac isn't some "con", and owning one isn't an exercise in self flagellation. On the Mac Apple "give" (include in the price) you the current version of iLife, the full development suite (xCode, which is Apple's answer to Microsoft's Visual Studio) a set of tools much like Microsoft's Outlook (Apple split the functions into separate applications: "Mail", "iCal", and "Address Book"). You also get tools to create and manipulate PDFs. These are not cut down versions, they are full featured applications.
Macs TCO isn't what you'd expect - Mac have traditionally had longer useful lives than PCs (it is highly debatable if that will continue, but in the past it has been true). Mac require few things right "out of the box". Most Mac users don't use Anti-Virus software. All versions of Mac OS X are created equal - unlike Windows Vista.
You're misinformed about iTunes, you don't pay to be a member, you pay for paid content which is yours in perpetuity (not all content is paid, some is free - but in reality most has a fee). There is no idea of "membership".
If you're looking at a Mac Pro, it is a twin socket quad-core Xeon processor - in short: a beast. There is simply no comparing that to a Core2Quad. To be fair, Apple don't make a quad system with a non-server class processor, so a direct price comparison isn't possible. Many pundits expect this to change very soon.
So life is (as is usually the case) a bit more complex than "Get a Mac" or "Mac is a ponzie scam". What is the right computer for you isn't obvious to me, I don't know enough about what you do with it.