Windows 7 default user account control worries experts

Corporate IT departments should be pleased with new security measures in Windows 7, but consumers are still at risk of getting hit by malware despite changes in the User Account Control (UAC) feature designed to help people be smarter when using applications, security experts say.

Probably the most talked about security change in Windows 7, scheduled for public release on Thursday, are modifications to the UAC, which was introduced in Vista. The UAC was designed to prevent unauthorized execution of code by displaying a pop-up warning every time a change was being made to the system, whether by the operating system or a third-party application.

Vista users complained that they were bombarded with the warnings and security experts speculated that as a result, many people were just ignoring them or turning them off.

With Windows 7, users can choose how often they want to be notified and the default is set to notify only when a third-party application is making a change, as well as when a change is being made to the UAC itself.

However, an attacker could use code injection and exploit several components in Windows 7 that auto-elevate to bypass UAC and get full access to the machine, experts have warned.

A Sophos white paper from September says: "Another issue with these default (UAC) settings is that malware could bypass the system by injecting itself into a trusted application and running from there. Indeed, some malware has been observed spoofing UAC-style prompts to obtain user permission to operate unimpeded."

Chester Wisniewski, a senior security adviser at Sophos, reiterated points made in the white paper and said Microsoft should also drop its practice of hiding file extensions by default, which makes it easy for users to be duped by malware.

"The changes to Windows 7 UAC have made it easy for malware writers to turn UAC off entirely without the user's knowledge. Microsoft recommends keeping UAC turned on and yet allows malware to turn it off without the user's knowledge," writes Ray Dickenson, chief technology officer at Authentium, in a recent blog post.

"If malware is on the computer, hasn't the game already been lost? Why worry about UAC if a password-stealing Trojan is on your computer?" Dickenson writes. "The answer lies in the difficulties inherent in identifying a program as goodware or malware."

Jon DeVaan, senior vice president of the Windows Core Operating System Division, attempted to address the concerns in a blog post from February: "We know that the recent feedback does not represent a security vulnerability because malicious software would already need to be running on the system. We know that Windows 7 and IE8 together provide improved protection for users to prevent malware from making it onto their machines... and we know that UAC is not 100 percent effective at stopping malware once it is running."

In a study of two groups of "regular people" testers, one group using the default setting and the other using the "Always Notify" setting, there was "no meaningful difference in malware infestation rates between the two groups," DeVaan wrote.

However, that was a limited test and it doesn't rule out the possibility that malware will find its way onto systems and try to elevate privileges.

David Sancho, a senior antivirus researcher at Trend Micro, noted that while the UAC changes in Windows 7 will improve the user experience by cutting back on the number of alerts, the operating system will be responsible for making more decisions about system changes, which won't always be good for the user.

Going forward, the real test of security in the near future is the browser because so many attacks and malware infections are now coming from the Web, he added.

"Internet Explorer 8 is lagging behind the rest of the browser vendors," Sancho said. "I see that as a pain point in the future...that can hold up the security of the overall system."

Asked to comment on the concerns, a Microsoft spokesman said in an e-mail: "Windows 7 is not designed to be a security boundary that prevents malware already on the system from making changes to a user's system. What it is designed to do is make users running with administrative rights, and software developers, more aware when software is attempting to perform an operation that requires full administrative rights...UAC is a security feature only in so far as it helps an increasing number of home and corporate users run in standard user accounts."

For enterprises, Windows 7 offers several interesting security boosts, experts said.

First off, the new operating system addresses an issue that has created headaches for administrators at corporations affected by Conficker and even the U.S. Department of Defense--viruses that spread via USB drive. With Windows 7, most USB drives will not be able to automatically launch a program using a Windows feature known as AutoRun, also known as AutoPlay.

However, some specialized USB flash drives present themselves as CD or DVD drives to the operating system and will still be able to use AutoRun. Because of that, Patrik Runald, senior manager of security research at Websense, said Microsoft should disable the feature entirely. "I don't think they went far enough," he wrote in an e-mail.

And Windows 7 offers BitLocker to Go encryption support for USB drives for the Ultimate and Enterprise editions. It protects the data in case the USB drive is lost or stolen.

The operating system also features an enhanced security controls interface called Windows Action Center that provides more "actionable advice around how to work with firewalls" and other security issues, Wisniewski said.

To see screen shots from Windows Action Center visit this CNET Reviews slide show.

Meanwhile, several security vendors said that working with Microsoft on product support went well for Windows 7.

For example, developers at Kaspersky Lab found it easier to provide support for Windows 7 than for previous versions of Windows because of the early availability of the beta version and the fact that there were relatively minor changes made in the operating system functionality during the beta testing process. "Microsoft did everything to help developers optimize their products for Windows 7," Kaspersky said in a statement.

Correction at 9:02 a.m. PDT: Patrik Runald's name was initially spelled incorrectly in this post.

[casanegro]

Windoze 7 is just hitting store shelves and now we have this another virus exploit. This is why I love my Mac and will never ever switch to Windoze.

[thydavidcome]

Did you even bother to read the article or are you trying to prove to the world that you are an idiot?

[Tedders85]

I'm going with idiot...

[sparrowhyperion]

I think he is trying for Idiot. I mean, he thinks a Mac is better... nuff said...

[rnaoncfixd]

Well... there were no pictures. And it was all full of words.

[sharmajunior]

NOthing is easy to use. You use whatever you feel comfortable with.

Also no one cares what you use. I am sure there are people here who can easily shoot down everyone of your arguments including myself.

[EarthToApple]

At very least, Windows 7 will not be deleting user account information like Snow Leopard was to kind to do.

Read the article, besides 99% of the people that are using Windows have been for long enough to know how to adjust settings & if not I am sure a few billion people would know how to help them.

[aka_tripleB]

This isn't a security exploit unless the user wants it to be one. This is kin to choosing to run your computer with no security software at all. Tell us, what AV do you use? ;-)

[bosamar]

Go home Mac boy.

[Vegaman_Dan]

Yeow... come on folks, don't all hit on the Mac guy for stating his opinion. Yes, the post was done in ignorance and without much thought put into the comment. Yes, it was done with malice and disrespect intended. But it's his opportunity to post stupidly as much as it is anyone else's. If they want to shoot their mouth off and make it appear that Apple users are idiots, then... well, that is their option.

Everyone gets an equal opportunity to be an idiot. There's no qualification test or application necessary.

[shycelticwitch]

Yeow... come on folks, don't all hit on the MS guy for stating his opinion. Yes, the post was done in ignorance and without much thought put into the comment. Yes, it was done with malice and disrespect intended. But it's his opportunity to post stupidly as much as it is anyone else's. If they want to shoot their mouth off and make it appear that MS users are idiots, then... well, that is their option.

Everyone gets an equal opportunity to be an idiot. There's no qualification test or application necessary.

Well Dan, I guess your statement applies equally well to every band of trolls, yes?

[camster91]

Why are these so called "security experts" saying this now? Windows 7 has been like this for a year. Now on the day it launches they start complaining. If these are real "security experts" they should have been looking in to this long time ago.

[SIGHUP]

They just want to get their name in the news. Unfortunately they did.

[perfectblue97]

They are not "just saying this now", people were complaining about this in the Beta and the pre release client versions. It's an old and well documented problem that security experts have been telling Microsoft about quite some time now, but which Microsoft hasn't done anything about.

Here is a link to an article from February this year in which Microsoft acknowledges that public concerns exist but saying that it wasn't a real issue.

http://www.pcworld.com/businesscenter/article/158722/microsoft_denies_windows_7_uac_vulnerability.html

It's not a knew issue at all.

[Lerianis3]

perfectblue97, Microsoft has not 'done anything about it' because they have RIGHTLY told the security researchers where they could 'stick it'. The average user has spoken.... they wanted UAC TAMED, meaning no more scads of popups when they were trying to just run something.
These people are worrying about something that is not likely to happen, because UAC also checks to see where the file in question is running from.... and to make sure if the file in question has been 'changed' or 'code-injected' before allowing it to run with elevated privileges.

[sharmajunior]

They just thought that since Windows 7 releases today, why not make some money by advertising our product on Cnet.

[n3td3v]

@SIGHUP

I've seen "security experts" more or less beg Elinor Mills for her to quote them in the news.

I guess after a while she feels sorry for them and gives in and quotes them.

[aka_tripleB]

I wouldn't listen too much too Sophos, I've had to try to manage their enterprise security software before. Virus definitions don't get pushed out, you can't remotely clean computers, and it seem not to stop the spread of viruses it already knew about on the network. I would never recommend their software to anyone. It has been the worst I've ever used.

[Vegaman_Dan]

I once installed a firewall on a Mac. Does that make me a security expert?

These same security experts complained about UAC being too forward and persistent. Now they are warning that it isn't strong enough. Um... pick what you want and stick with it please?

[Thranx]

Yea, it's been bounced about since Beta, the reason it's showing up more now is because it's a higher press item since Win7 is launching.

It's a damned if you do, damned if you don't situation. The article should have read "Windows XP's User Account Control leave users at great risk!" My point being that we're far better off that we were. Everyone whined at Vista's Continue/Cancel all the time, so they stepped if off a bit... and now people are whining.

[lkrupp]

Well, there's one thing Windows and OS X have in common. The security "experts" are never satisfied with either of them. I do believe they would like the user to be required to get a notarized permission slip before pressing any key.

[Lerianis3]

Got to agree with that diss against the security researchers. They fail to forget that there is a BALANCE that has to be found between security and usuability.... Windows 7 has gotten it exactly right, and if you are RUNNING ANTIVIRUS, like you should be...... almost all antivirus suites today have code-injection monitors that will stop this code injection IN IT'S TRACKS.

[cloudmatt]

don't forget the MS anti-virus and such

[rnaoncfixd]

Ha ha, so true. Sometimes, there's so much security passwords and what not, that I honestly think that it would be faster if we just went back to type writers.

[Vegaman_Dan]

Security experts don't have a reason to exist or justify their jobs unless they make up reasons to complain or make up threats.

Ank-Morpork doesn't have a fire department for exactly the same reason.

[TotallyMadeUpName]

What's so funny is that it's that it's damned-if-you-do, damned-if-you-don't. Everybody screamed about how intrusive UAC was in Vista, so MS scaled back its default settings. Apparently the security "experts" don't mind if the OS pesters the doo out of you.

[brandonbee]

Really? You SHOULD BE running antivirus? Why do you feel this way? Because your operating system of choice has required you to because of bugs in it's system?

SHOULD YOU also be defragging your hard drive, taking a day each month to make backups, etc. ? If you have these mindsets, it's using the Windows OS that has brainwashed you. These are not normal things that you need to do on any OS, just the Windows OS.

[atriusNY]

What are you talking about? This has nothing to do with the bugs.

There are malware applications and keyloggers for OSX too.

[Lerianis3]

Uh, need I remind you that Linux and OSX tell you to run anit-virus on those systems? So, the problem is not 'bugs in the system' (which any OS is going to have), but your attitude towards things that are NECESSARY. Oh, and guess what: Linux recommends that you have a backup, OSX recommends you have a backup.... so shut up!

As to defragging your hard drive... yes, you SHOULD have to do that every so often (though, I personally have it running on a schedule when I am not using my computer, it runs), because just by deleting and putting files on the hard drive, it gets fragmented.

[rayzoredge]

Just because malware writers don't mainly target the low demographic percentage of Mac users and Linux users doesn't mean that running anti-malware isn't a smart thing to do.

Defragmentation offers a slight increase to performance to ANY machine. But obviously you've read too much into a lot of people recommending Windows users to defragment their hard drives as a "fix" to their ailments. (Psst! A lot of those people that offer this as a "solution" either don't know much themselves or only suggest it because it DOES offer a slight improvement in performance. This goes for your Linux and OSX machine too.)

If you don't back up your crap, you're just stupid or ignorant of the fact that hardware fails. Yes, a MacBook hard drive can die. Yes, any hard drive running Linux can die. Then again, feel free to never back anything up and let me know how it feels to lose years of family photos, music, personal pet projects, and important information.

I'm probably just wasting my breath here on you, but at the same time, I hope that I get to someone else that reads this.

[ballmerisanape]

I think his point was that Time Machine is an elegant backup solution that is practically zero config. As far as defragging... OS X does this automatically... and so should Windows.

That said.. the only way an OS can be 0 maintenance is if you don't use it..

With regard to the UAC.. there has to be a better way. It really is intrusive.... Mom and Pop will be conditioned to click through the popups..

[Vegaman_Dan]

Backing up your hard drive is something *every* person should do. Apple has the TimeMachine. Google makes backups of their online storage systems. Banking industries have backups. Linux hs backup apps built in, as does Windows. Why would it make a difference what OS you use when it comes to physical failure of a HDD or other event where your data is lost?

Defrag your hard drive? It's done automatically on the fly in Windows has been since Vista. No issue.

Antivirus? It's a good idea to always take security precautions regardless of what OS you use.

I suppose you could run naked on the freeway back and forth between the lanes screaming, "I'm invulnerable!" if you really want, but no smart person would consider it.

[Vegaman_Dan]

@Ballmerisanape:

Unfortunately Apple's solution with the Time Capsule has been found to have an unexpected problem of its own- they start dying 18 months or so after use. That's just past the warranty and you have to send the unit in for repair of the power supply. Unfortunately as Apple's standard policy is to wipe systems of data that come in for service, or they just do a product swap for it means you lose everything on the system either way. Thankfully you can open the case up (not easy) and pull the drives to mount in your own USB enclosure to do data recovery.

http://www.tuaw.com/2009/09/11/are-apple-time-capsules-out-of-time/

[ballmerisanape]

Dan... as an IT professional, im sure you know that Time Machine does not require a Time Capsule. It only requires space. I use a 500 gig WD drive plugged into my router... automatic wireless backups.

Thanks for the defrag info... I wasn't aware of the fact that 7 defrags automatically.. It's reassuring to me that MS has gone with a more modern approach. Now.. if they would just get rid of the nightmare registry...

[superswiss]

Windows Vista and 7 have built in backup. It's configured and scheduled for automatic backup with about two clicks. If you want to go the Time Capsule route, Microsoft has Windows Home Server for that. The backup feature in Windows Home Server blows anything out of the water. Automatically backs up up to 10 machines. Wakes them up in the middle of the night if they are in sleep mode, backs them up and puts them back to sleep to make sure no backup is missed. It automatically performs backup retention, too. You just tell it how many monthly, weekly and daily backups you wish to keep and every Sunday it gets rid of old backups. Restoring a machine has never been easier. You boot from the included restore CD, answer a couple of question and your disk gets restored. It also saves a ton of backup space by only storing clusters once that are found on multiple machines. That means if you have the same files on multiple computers, for example all the OS files, they are only stored once on the server. BTW, this is a full image backup, but it's smart to only backup the clusters that have changed every night.

[Vegaman_Dan]

Time Machine is a service, Time Capsule is a device. The marketing is rather confusing between the two products which may cause consumers to be unclear exactly which that Apple is promoting at the time.

The Time Capsules have the hardware failure issues, largely very similar to those that the Mini and AppleTV devices experience due to limitations of cramming hot electronics in a small enclosed space without enough ventiiation.

[sparrowhyperion]

To COMPLETELY secure an OS, you would have to stop ALL changes to ANY files by running apps. Which would turn that nice new $100 machine into the world's most expensive calculator.

[Lerianis3]

Right in one. The security researchers are going to have to realize that the only way to make a OS TOTALLY exploit free is to only have one program that does one thing..... PERIOD!

[Vegaman_Dan]

Didn't we just see an article a few days ago here on CNET about groups who like to hack calculators as well?

"Because it's there."

[Thranx]

The only secure OS, is the one on the box without the power cord plugged in.

[rayzoredge]

Shouldn't code-injection tactics be stopped dead in its tracks BY W7? As in W7 keeping ANY third-party applications from modifying any original code WITHOUT explicit permissions from the user? There should be a dummy mode and an advanced user mode. If you're a dummy, the third-party application is checked against an online database to see if it's good or not. If it's not, then the end-user has the final call or has no call at all until switching over to advanced mode.

And of course, Windows Defender should be worth its salt, along with whatever anti-malware programs that the end-user chooses to run. By those measures, if you STILL get infected with something, then it's just either user error or just a really bad bug.

[tektaktyks]

omg,you people need to take it easy with the virus paranoia,i've had virus before (and i know how i got it,and i knew i can get it there but it was fine with me,no biggie,you gotta experiment,its a way to learn)
the point is,you can get your computer stolen,your car stolen,your bank account cleaned out just by using a hacked atm,or you could be shot or die from a real life virus,stop crying about computer warms,please.

[CyberShepherd]

Four rules I follow - Be careful what sites you visit and what you download, use good antivirus software, and separate any files you really care about on a normally disconnected external drive.

Regarding Apple vs Microsoft virus vulnerability - when Macs were the top dog, viruses were prevalent. I remember well the problems my organization had with Macs in the 80's and 90's. Any hacker worth his/her salt isn't going to waste time on products that only affect 1 of 10 computers ... They'll go for doing more damage to the 90 out of 100 ... and those are the PCs with Microsoft software.

[AluminumMonster]

1st post, and its an uninformed troll who hates on Windows like it murdered his family. Get over it dude Windows 7 is a fantastic OS, and already has more marketshare then Macs do in the 1st 5 seconds of its launch.

[ballmerisanape]

I should hope so.... If 7 didn't... it would be pretty sad to see a company with the largest OS install base fail that miserably. Going from XP to 7 will feel like the equivalent of a Mac user going from OS9 to OS 10.4... so people will be happy. I know I'm looking forward to it. I'll finally have an OS on my PC that will take advantage of the hardware.

[8troya8]

lol, born retarded, the Monopolysoft way of life. My Mac and Snow Leopard have suffered not one problem at all besides a few youtube plugin crashes... nothing else.

Windows 7 is trying so hard to mimic Apple OS interface, but beneath the surface it's still a piece of poop on a stick and everybody nows it. ZUNE HD lol, XBROKE2 lol, whatever... if it's MS made it's a joke trying to undercut the market over and over. YOu'd think with all that monopoly power and money they could hire some halfwits intelligent enough to do something halfway right for a change.

Guess not, when you've got the butt ugliest ****** like Balmer as a spokesman then what can you expect?

[baconstang]

Lighten up. Let them have their little circle jerk. After all, putting up with Windows for so long they deserve a day to enjoy what looks to be a decent OS. I'm sure there will be plenty of issues popping up that you can jump on.

[Vegaman_Dan]

@Baconstang:

You certainly have spent enough time here with your nonstop tirade against all things Microsoft. And here I thought you might take a day off to use your Mac instead.

[baconstang]

C'mon, I'm trying to get him to chill.
BTW, how's the apologies for the Sidekick fiasco going? Paying your bills?

[Vegaman_Dan]

@baconstang:

I'm not sure how the job's going. You haven't mailed out any checks yet. :)

[rayzoredge]

That's all his Mac is capable of: logging onto Cnet and trolling.

Productivity? Gaming? Business? Entertainment? Who cares when your Mac enables you with TROLLING. Systems now available beginning at $999 used or refurbished! Put the power of your Mac into feebly pissing other people off anonymously on the Internet!

[shycelticwitch]

"@ baconstang You certainly have spent enough time here with your nonstop tirade against all things Microsoft."

No more time than you have spent disrespecting all things Apple Dan.

Judging by the non-response to you comments lately (except for me!), no one pays much attention to you anymore. Hope you're not getting paid by the number of responses to your posts.

[Vegaman_Dan]

@ShyCelticWitch:

Typically people do not post a reply to a comment unless they wish to counter or dispute a statement, or perhaps to add additional information to that original comment. Based on the comments here, that would tend to suggest that people aren't replying to my comments because there is no need to. The readers are either in agreement or don't care enough to say otherwise. Your comments, however, commonly get a lot of rebuttals and challenges. I don't see a lot of people saying they agree with you.

As for disrespecting all things Apple as you have made the claim to me- you may want to tell Apple that. I currently have both a desktop Mac and the MacbookPro, three iPods, a Touch and an iPhone. I use OS X as my default OS in use at home. I work at a company that pays me to FIX computers when they break down, so when Microsoft has a bad patch or other issue that comes up, *I make money* as a result.

How does that really sound like I am anti-Apple? I think you may need to rethink your statement.

[baconstang]

All fine and dandy. But that doesn't change the slant of your posts.

[Vegaman_Dan]

@Baconstang:

You have a good point. I suppose you could interpret my comments about Apple as rather negative when I see they have done something monumentally stupid. But then I tend to call things as I see them regardless whose name is on the box.

[The_happy_switcher]

Apple COO Cook: ?Windows 7 is just another opportunity to remind everyone to switch to a Mac?

LOL, so true.

[Vegaman_Dan]

And these days, a lot of Mac users are installing *WINDOWS* on them.

What... does that say about your choice of OS again?

[ballmerisanape]

They (including myself).. simply because they can... Not because they need to.

[rayzoredge]

@Vegaman_Dan: Scarily enough, I was looking for demographics and ran into something that said that out of 3 million Apple users, a little over half of them actually use OSX.

I'm guessing that the other half dual-boot and use Windows for gaming.

[Vegaman_Dan]

I don't think it really matters which OS they use on their hardware. Use what works for your needs.

@ballmerisanape:

You got it- I don't have to use any OS. I *choose* to use OS X at home because I like it for my needs there. I use Win 7 on the machines at the job because it's the best OS for that task.

[The_happy_switcher]

Dvorak spot on:
Windows 7 Vodka and the Microsoft Hangover
http://www.pcmag.com/article2/0,2817,2354446,00.asp

[TotallyMadeUpName]

Dvorak's columnis all about Microsoft's failure in marketing and PR. Big deal. I don't miss the relentless PR campaigns of old.

[Vegaman_Dan]

Even Dvoriak admits his posts are meant to provoke people into thinking. Is it how he personally feels? If you listen to the podcasts he's on, you'll quickly learn the truth behind this. His chosen OS for use isn't OS X or Linux. That should tell you a lot right there when you read his postings.

[A_K47]

Each to their own I guess. I have 4 Computers: Macbook SL; Toshiba: Vista: Asus Netbook and Desktop Win 7.

That said, Win 7 got removed from the Netbook only to be replaced with Ubuntu 9.10(A6).Beat the living ____ out of Win 7 IMO. Though windows 7 is a 'huge step up' for MS, I have been left with the realisation that after all is said and done, it is still windows. I understand the excitement of all the MS Fanboys. Give them a break, they have been under the whip of Vista for so long and that lemming like mentality is exactly what MS love. They done know/are incapable of using anything else as to what they are 'conditioned' to. Sad really.

As for the MS 95% market share that makes the MS drones wake up with a smile each morning, have they analysed where exactly these installs are? IMO mostly Corporate licenses.( and corporates are made up of drones-who the corp can't upset with too much change therefore keep feeding them the same because thats where their money if made. These drones go home, remember what familiar. Apply to their own home...and so the cycle will continue....)

So much for the MS drones who harp about 'their' dominant market position.....

[A_K47]

Oh. the Win 7 desktop is out on the porch-next to the recycle tip

:-)

[Vegaman_Dan]

@A_K47:

Cool, it can join the Macs I put out there earlier. :)

[A_K47]

@ Sad Dan

You loss, little drone :-(

[The_happy_switcher]

AK, Dan the veggie man is a paid MS shill. I thought you knew that. His job depends on lousy Window products so he can 'maintain' them for 50 dollars an hour by running regclean once in an awhile and defrag.

[Vegaman_Dan]

No seriously- I have a pile of these olders Macs- 8100's, some pizza boxs, even a few SE30's that I don't know what to do with. Can't donate the- nobody wants them. The best I have found is where I have to pay $30 per machine to get them recycled. I can't afford to spend several hundred dollars to just clear out a closet.

[The_happy_switcher]

@vega, post your address here and I will tell you the nearest e-waste location. I guess you're not smart enough to figure it on your own.

[rayzoredge]

Don't you mean lost?

Thanks for your post though... I wasn't aware that Ubuntu 9.10 was out and about. It won't keep me away from Windows since I like gaming, but I suppose for casual use, I would appreciate Ubuntu.

And that stupid, stupid cube that I love so much. =p

[Vegaman_Dan]

@The_Happy_Switcher:

"AK, Dan the veggie man is a paid MS shill"

Evidence, please? Unless you have it, then you are just a liar and I am here publically calling you on it. Let's call it the way it is. Bring out your evidence. I'll gladly accept a check stub, electronic records- anything at all that you can come up with. If you can prove I'm a paid MS shill as you say, then I'll gladly accept that as the answer and give you all the details. If you cannot, then I'll let you exit gracefully from the accusation with a simple apology. Anything less than that will result in the title of LIAR applied to any and all comments regarding you.

It's up to you. The gauntlet has been thrown down. Will you be up to the challenge? Your next action will say a lot about your character.

[rookwood]

For what it is worth, I consider myself a power user and run everything from MS Word to the full complement of Adobe products, AutoCad, Impression and Revit for 3D rendering and beta test many Autodesk products. Since the original VISTA release, operating an average 18 hour day, I have never:
1) experienced a BSOD or 2) ever run AV software since the computer's AV bloatware trial period ran out. That virus argument crap is just that...crap
It's unfortunate when the only way to get noticed is to rip the other side - you can usually tell the degree of concern from your opponent by the amount of irrational behaviour they exhibit and circular garbage they promote. It's kind of humorous, but I have to wonder if Macs would still be at 2.7% market share if it weren't for them piggybacking off MS and Intel in order to run any meaningful business software.
These fanboys are like liberals (no offense to the libs), they throw the first volley then run behind mother's skirt when their opponent returns the volley. For those of you who criticize the MS ads, you should see some of the vids the MS Lab crew create for the heck of it - MS would never authorize for public release - hilarious, on target and absolutely brilliant

[The_happy_switcher]

Denial: not just a river in Egypt. Bury your hand in the sand some more, the problems are not real.

[Vegaman_Dan]

@The_Happy_Switcher:

It's 'bury your *head* in the sand'. You should know from experience.

[The_happy_switcher]

@vega, no ****. The coffee hasn't kicked in yet. lol

[The_happy_switcher]

Wow, look a the size of the crowd. Then compare to Leopard launch:
http://www.cultofmac.com/marvel-at-the-huge-crowds-lining-up-for-windows-7/19409#more-19409

[Vegaman_Dan]

Different size venue, different type of event.

Sorry, your comparison attempt fails.

[The_happy_switcher]

Oh really, I though Windoze had 9 times more market share so you'd think the crowd would be at least 9 times bigger, right?

[blackspyder1]

You two make me laugh. Yes, fail comparison, too many variables are different. Anyways, alot of people are now getting software online or having it shipped. Days of retail are receding.

And posting something from a site named "cultofmac" ? why would we take anything from it seriously?

[Vegaman_Dan]

@Blacksypder1

The term 'biased' comes to mind when viewing any site with a name like that.

[baconstang]

@blackspyder...
You might mention that to Redmond since they're about to open 'Appleesque' store.

[edjay3]

I would agree that the more the 'securuty experts' can convince people to be afraid, the more money they are likely to make. Scare-mongering is part of their marketing plan...........and it works!

I also think it is important to try and get people to understand the difference between being a user and an administrator on your own machine. This must be part of the reason for making such a big point of the UAC - a bit like getting people used to the idea of the recycle bin.


I spent some time over the last few years using Linux (Ubuntu mainly) and picked up a few tips:

*Do not use the Internet as an administrator, have a user account for this - the default setup after a Linux installation.

*Stop 'people' coming into your machine with a firewall instead of allowing 'everyone' in and then letting your antivirus program clear up the mess.

*Back up important data regularly - this is obviously not a tip exclusive to Linux

*Take the time to learn how to reinstall your system on a regular basis - also translates as taking control of your machine. All the other tips come under this one.

I have applied all these tips to XP Pro for the last couple of years and been very happy with the results, so I feel sure that Windows 7 will definitely not be any worse.

Another couple of general tips are; to put games and stuff-to-mess-with on the net on a different drive to your important data and............turn off all automatic updates and decide for yourself if and when you need to update.

[Dalkorian]

The concepts of "security" and "windows" don't really go well together, either in the world of construction of in the world of software. If you want to own your machine, if you want a machine that is relatively secure, you stay away from the crapware that's regurgitated from Redmond.

[edjay3]

.....and just who should we trust then Dalkorian?

[Vegaman_Dan]

Elvis. When in doubt, fall back to trusting Elvis. It's the only way.

[shinji257]

Didn't Microsoft fix it so that the UAC process runs in an isolated process? This is supposed to force a UAC prompt regardless of who or what is changing the setting.

[B3Nut]

It still baffles me that Microsoft still sets "Hide extensions for known file types" as a default. I see a similar default enabled on the Mac OS as well (often the "Show all file extensions" in the Finder preferences is often unchecked, I've found.) The dangerousness of hiding file extensions has been known for years, yet supposedly security-conscious OS'es still allow the practice. "Hide extensions for known file types" should have been eliminated outright years ago, or at least disabled out of the box. I for one never could understand why having the file extension visible was such a problem in the first place, frankly....