Comments on: Windows 7 less annoying, but also less secure?

A prominent blogger notes that efforts to turn down the dial on security alerts could leave Windows 7 more vulnerable than Vista to attack.

[gnutux]

Maybe forcing people to consent to edit the UAC no matter what the setting is. Once the UAC is being changed by something, you prompt up the UAC to prevent unwanted UAC changes?

gnutux

[gabeheim]

Anyone who is planning to upgrade to win 7 needs to borrow or install ubuntu or nearly any other linux distro for an hour or two (you're welcome to keep it of course :), and explore how system administration works. Then tell MS you want that. What Linux distro's do:

Create you a non-root (root equals admin in windows) login so you can't do any serious damage just by running something.
When you want to install software or perform a system admin task, prompt you for your password (or a separate root password). At this point, you will know if you need to proceed or not. If you don't have a root password (or sudo privileges, which allow you to use your password), well, that means you're probably not considered competent of managing that system by its owner.

Once the password is accepted, it won't nag you anymore.

Bottom line: Don't run as admin. Vista did at least encourage that little nugget of security. Second, tell MS you want UAC by default to behave as it does on Mac and most Linux distros. It really isn't that hard. Now, regarding the other insecurity, that exe's, .bat's, and other binaries and scripts are executable by default... Well, that's gonna take a while to fix that mess on windows, so still be careful what you click...

[SJ2571]

It doesn't matter if you get a UAC prompt to install an app, because as soon as you elect to continue, that app can hose your system, even if it came from a "reputable" company. You can warn and prompt all you like, but a wolf in sheep's clothing will still always get through.

[Guru Master]

<p>Ina,
<p>Please see <a href="http://www.istartedsomething.com/20090131/microsoft-dismisses-windows-7-uac-security-flaw-insists-by-design/#comment-69120">http://www.istartedsomething.com/20090131/microsoft-dismisses-windows-7-uac-security-flaw-insists-by-design/#comment-69120</a> and see if you can't get people to understand what the 'news'&nbsp; should be, which is that too many people are running as an admin, <strong>and should not be</strong>.
<p>The whole tech blogosphere and many mainstream media sources have picked this up and are not doing people justice.&nbsp; The news today should be <strong><em>'Run as a user, and avoid Long and Rafael's issue'</em></strong>.
<p>Thank you,
<p>MG</p>

[Guru Master]

Again, let's work on getting your text entry boxes to work with simple html tags.

[SJ2571]

It's extremely easy to make a vulnerable-free PC, but Microsoft don't have the foresight to do it. I'm a coder but not experienced enough to implement my idea, which is sad because it'd work. Oh well.

[sjsobol]

DustoMan:

"You know. Changing UAC is a bad idea. People exaggerate how much UAC "nags" them. Just leave it on. It's a good thing."

Sorry. This is NOT PRACTICAL where I work. We do remote support for various clients and if we are working on a UAC-enabled computer and do something that requires elevated privileges, the UAC prompt comes up and we get knocked off the computer.

[hunkyboi69]

Strange, I've never had any issues with working remotely on a Vista box with UAC enabled, or Windows Server 2008 for that matter...

Must be user error at your end, or the software you are using because if that is happening you obviously aren't using RDP.

[superswiss]

For all those of you who don't really understand UAC and the related IE 7 Protected Mode (As evidenced by those of you who turn it off), google TweakUAC and read up on Silent Mode. I've been running UAC in silent mode ever since I used Vista. They have an excellent explanation on their website why silent mode isn't really less secure than keeping the annoying prompts. Windows 7 essentially ships with UAC in Silent Mode. The difference is that Windows 7 gives you a nice GUI to change these settings where as in Vista you either have to know where to change it in the registry or you have to use TweakUAC. I encourage everybody to read up on IE 7 Protected Mode as well, which you lose if you turn of UAC completely.

[Guru Master]

Ina,

Please see http://www.istartedsomething.com/20090131/microsoft-dismisses-windows-7-uac-security-flaw-insists-by-design/#comment-69120 and see if you can't get people to understand what the 'news' should be, which is that too many people are running as an admin, and should not be.

The whole tech blogosphere and many mainstream media sources have picked this up and are not doing people justice. The news today should be 'Run as a user, and avoid Long and Rafael's issue'.

Thank you,

MG

[QMT]

Why "Power User" isn't the default is anyone's guess.

[Indoubt]

I really do not understand what the fuss is about... This is an extract from Joanna Rutkowska's blog called Invisible Things and it happens to be about UAC under Vista (same goes for Win7):
One thing that I found particularly annoying though, is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges. So, when you try to run such a program, you get a UAC prompt and you have only two choices: either to agree to run this application as administrator or to disallow running it at all. That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing e.g. to load kernel drivers! Why Tetris installer should be allowed to load kernel drivers?
Personally, I am not convinced that Win7 is any different to Vista apart from the GUI and the rumour that it is lighter. Under these circumstances I am not going to spend my money on an OS I have already got.
Can we get a bit more serious than raising fake security questions please?

[andurilan]

I've seen all the arguments over Long's blog, and here on CNET. But for me, its really not an issue. As long as Win7 is safer than XP, which with Defender+Firewall, it currently is. I've used XP Pro/x64, Vista since beta, and Win 7 on netbook and now using it as my primary os. I always turn off UAC as it is not useful to me whatsoever.

During my time of using Windows since XP SP1 to Win 7 Beta 7000, I've gotten no more than 5 viruses (*virii). I've only used Anti-Virus Once, and this was during the the XP SP2 Summer of Worms. Want to know how I did it? A little experience and common sense (don't open the omgbritneynude.exe's)

PC Security has a lot more to do with the person sitting between the keyboard and chair, than it does with UAC Prompt defaults. I'm chuckling to myself because of all the ruffled feathers this has caused.

From indoubt
"Personally, I am not convinced that Win7 is any different to Vista apart from the GUI and the rumour that it is lighter. Under these circumstances I am not going to spend my money on an OS I have already got. "

If your not running Win 7 over Vista , then your a fool. Thats my honest opinion. Go read up on how Win 7 outperforms Vista and almost XP on netbooks. The slimmed down nature of Win 7 is like a breath of fresh air from Vista, and Leopard. Yes even Leopard has a bit too much bloat for my liking.

The GUI changes are also a godsend. I was helping my co-worker navigate through Vista the other day, and without the innovative gestures that win 7 has, I felt like I lost a limb.

Win 7 run's smoother, faster, and more intuitive than Vista. Yes it's true, its what Vista should have been. But My thinking is better late than never. Don't knock Win 7 until you've tried it people.

[Indoubt]

From andurilan:
?I always turn off UAC as it is not useful to me whatsoever?
I am sorry but I don?t understand what your sense of security is. The whole topic is about security if I am not mistaken and the main reasons Vista and Win7 are more secure than any previous Windows versions are UAC, Address Space Layout Randomization plus better implementation of DEP. Whoever runs Vista or Win7 with UAC turned off downgrades these operating systems to XP security wise.
Why don?t you stick to XP then? It is much lighter than Vista & Win7 but of course you will have to live without the Bells and Whistles of Win7 beta and it sounds like that you will not be able to.
Do you really want to talk about security?

[UITD]

As long as it allows me to view a folder, doesnt constantly ask me "Are you sure?" and permits me, the signed in user, to USE my computer the way I want - fine. Security is in the hands of the beholder, it shouldnt be dictated to me like a government dictatorship!

[Seaspray0]

My spouse got a new comptuer this christmas running vista. I did not assist in the setup in any way. After a month of use, I asked for an honest opinion. The result: It's pretty good. As for the UAC, it poped up 4 times (for installing 4 programs). The UAC is NOT a nag that will daily pester you. If it pops up anytime other than you intentionally installing programs, then pay close attention to it. It is a very good thing.

[nikalston]

nice job - would have been nice if you'd published this early last week like everyone else but apart from that - well done NOT

[weeman17]

Look we can argue all we want. The main issue is that Microsoft doesn't really seem to give a dang what the consumers think (apple is just as guilty). i am a mac user and i like the computers. the draw back is that software is not always compatible with it. for that reason i have windows also installed through bootcamp. long story short OS companies are never going to take a hint.