Efforts to tone down annoying warning prompts in the OS could open the door to attacks, some say. Microsoft, meanwhile, says the changes should make things more secure when it comes to real-world use.
Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.
Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.
During her years at CNET News, Ina Fried has changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley. These days, most of her attention is focused on Microsoft.
Beyond Binary is a look at how technology is changing our lives and the people behind all that life-changing stuff, with an extra emphasis on that which emanates from Redmond, Wash.
Add this feed to your online news reader
As this article accurately reports, "One of the chief complaints with Windows Vista was frustration with all the warnings that the operating system throws up to notify users that changes were being made to Windows 7. "
People were just turning off UAC (the security feature of topic) entirely in Vista leaving it totally vulnerable (to one specific kind of attack). In Windows 7 users will be less apt to turn it off entirely because it's more easy to customize.
Bottom line -- Windows 7 makes it easier to customize security than Vista does. That's not really a story. ...But I guess that's why you wrote what you did. It's all about selling ads and skimming email addresses right?
Now, is this the end of the world? Not at this point, Windows 7 is in Beta, I shouldn't be running this in a production environment. However it does show that Microsoft have a little more work to do in Windows 7 than had been generally thought (I won't say "than they thought" as they may well have expected issues like this).
Probably worth noting that Windows 7 isn't going to be a panacea for all Windows ills. Personally I'd like to see a second Beta with whatever they do to mitigate this (so it can be subjected to the same scrutiny). But this is a reality check, Windows 7 isn't quite ready for prime time, and there are likely to be issues even after it ships.
I agree with you that this shouldn't be that big of a deal since it is in Beta and we will have to wait and see what changes take place between now and final release.
A big portion of "windows ills" as you put it are mainly user related, due in part to their own stupidity and that is something no upgrade or patch can fix.
You're missing the whole point. With the new arrangement in Windows 7, users who use "medium" setting are practically turning them off, because it's been demonstrated that someone can just turn it off for you when you set it to medium. So it is worse than Vista, where only you can choose "no warnings". Again, in 7, as it stands, users believe they're accepting fewer warnings, when in fact someone else can make it so they receive no warnings. How hard is that to understand?
There are more or less two ways to get into a system running as a user: escalation of privileges and getting into the kernel. You might be logged in as a normal user, but there are plenty of vulnerable services running with administrator or worse, ring 0 access.
Administrator in Windows is really on the same level as a normal user. They both run in ring 3, unlike the difference between rings, this difference is completely controlled by software, meaning it has holes. It is very possible to abuse the kernel(ring 0) with MS provided kernel calls and you will never know it and will be completely owned.
In the old days, a really sharp programmer like Peter Norton would invent a great software tool Now, I wouldn't touch anything Symantec puts out.......which incidentally was also a great company once upon a time. They had a great little word processor.....similar to another fine one from a little company called Software Publishing called PFS Write (IBM sold it with Charlie Chaplan ads). John McAfee says he doesn't even know how to set up a computer any more. But, I haven't used McAfee products since he quit writing them. Ah, the good ole days when you really did have to know how to build a computer to use one. ;-))
it's called OSX { but people complain about it being closed}
but yeah it's uniform and does everything in one simple intuitive way !
I don't need a zillion different ways to do stuff and customize the hell out of the O.S
it's one of the reasons why Macs r considered easier to use
and for me far more productive !
Okay this should be about Windows, so I try not to get too far off the point - but this "Finder can't be customised" thing, you're wrong dude.
Now Mac OS X's "Look" can't be changed much (windows are always grey for example) but Mac OS X actually has a heck of a lot you can change. These include:
The toolbar has 14 functions you can add (I don't count the "Separator" or the two kinds of "Space"). You can put folders, files and applications there ("Time Machine" could go there for example, or a server). You can have "big icons" or "small icons", no text, just text, icons and text. The sidebar can have applications, folders, files. You can create AppleScripts (these can be written in an editor, constructed with a drag and drop tool or recorded) and these can be added. You can add folder actions to specific folders (as an example I could create a thumbnail for any picture dropped into a folder and append "_thumbnail" to the name, or copy anything dropped into the folder to a different location as a backup). You can define new keyboard shortcuts for the Finder (or any application or ALL applications) these are then shown in the menus - just like the default ones. You can choose what icons show up automatically in the sidebar or on the desktop. You can customise how all folders are presented, and how specific folders are presented, things like always open in icon view, icon size, grid spacing, text size, if icons show preview, and the background. You can say a lot of things about the Finder, but dude - you can customise it.
So I can't change the window colour and I only have a choice of two themes (that look really similar) there is a lot more to customising that that.
OK I'm sorry - let's get back to discussing Windows 7 UAC now.
Rather than spreading FUD about Linux being difficult to use, why not try some constructive criticism? I've used all three OS's and don't see anything more difficult about Linux than either of the others.
For a good security model (which is what the article was about by the way) MS really should look at how OS X and Linux handle prompts.
As for the OP, perhaps Linux was the solution for him. I know it was a great solution for me. It's not for everyone and I've actually recommended to some people that they don't get it for now because they're simply not ready.
However, they're not the average user. The average PC user has at least some knowledge of how a PC should run, as in, it shouldn't be annoying, it shouldn't require more time to set something up to do than to actually do it and it should be at least relatively secure.
Windows has either been too annoying and so the user turned off UAC and was insecure or it has used a false sense of security, meaning the user didn't bother to set up any firewalls or antivirus protection because UAC would catch the malware before it installed.
You may think that Linux fails in the second part of that grouping, but it's actually very quick to set up, very quick to learn, very quick to customize. I'm currently using Ubuntu 8.10, every program I've needed has either been provided in the repositories or has a .deb file (equivalent to .exe in Windows) already built by another user and provided. The hardest part was setting up an antivirus program and that's just because I prefer one that isn't set up with .deb file for me.
If you think double clicking on a program is too hard for most regular users, then perhaps you shouldn't work around people. They're not as dumb as you think, they're just lazy.
I bet. Anyone want to bet against me?
In addition to backward compatibility on Software, Microsoft has to work with hardware vendors, which again Apple doesn't have to. Advantage for Apple, create much better product tightly integrated with the hardware but the downside is very limited reach and very pricey. Microsoft on the other hand licenses it's Windows to any manufacturer and this way reaches out to anyone and everyone and with competition comes better pricing for consumers but on the downside now Microsoft has to work and support with thousands of vendors so it has to make sure that Windows runs smoothly on all hardware. I think it's doing a darn good job having Windows run on so many platforms.
Finally, I believe there's room for Windows, OS X, Unix and Linux to co-exist because there is no single OS which can provide you with everything. Linux being an open source OS every individual can customize it to their need but that is neither practical or economical solution for consumers.
Maybe in the future when broadband connection is fast enough for us to have WebOS where just have a browser and everything else as a "service"... that would be THE BEST OS fulfilling everyone's needs.
Windows asks questions that the average user is not educated enough to accurately answer and you claim Linux is too hard?
Is that a joke?
Windows is the most user unfriendly OS in existence.
Over what time period?
So if they are going to be useful (and they are desperately needed) then the number must be reduced. This problem is that it's so easy for a program to maliciously turn them off WITHOUT the user knowing.
So yeah, Microsoft have screwed this up. But this is Beta - that's what Beta is FOR, to find then correct such problems. So stop being "ticked off" and be glad that the problem has been found and commented on BEFORE the product goes to market.
What Microsoft is doing is great for people who are and aren't average users, and I personally think the default setting should be the highest security level, since the average consumer today just can't seem to learn how to change anything on there computer without calling up someone from GeekSquad or some other type of computer technician. And some of the holes found in the UAC should be fixed (which can, thankfully, as this is a beta).
They're are too many people who keep complaining about Microsoft when they have no valid reason to complain about them, they just want to badmouth them because there misc. third party software didn't work on Vista or something similar. What people need to complain about is how the average user seems to keep getting dumber and dumber and have everything spoon fed to them on a silver platter. The average user simply needs to learn how to read whenever a dialog box pops up and learn how to at least go to the control panel and make sure there security settings are either on the default or highest settings they should be (or if they're a more advanced user, than they can set it too whatever the heck they want).
People just need to stop blaming Microsoft for there own shortcomings. People wanted more security on there computers, Microsoft gave this to them in Vista. But than they decide that's too much, and start badmouthing it. Microsoft fixes this in Windows 7, and as soon as an actual exploit is found in this new way, everyone decides that the whole thing is messed up once again and that something new should be implemented. The average consumer just can't be pleased at any level, and I for one am surprised Microsoft hasn't given up on them yet, at least with security.
your saying that MS is doing a good job
by making the user spend more time getting things done
remember we buy computers to work for us not the other way around
also Linux and OSX have had UAC type of feature that works better for years
if the Linux people with all there limited resources can do it why can't MS ?
stop making excuses for MS they need a kick in the butt !
they need to start getting things right and make there O.S more productive for the user
1.
For no reason whatsoever, your car would crash twice a day.
2.
Every time they repainted the lines on the road, you'd have to buy a new car.
3.
Occasionally your car would just die on the motorway for no reason, You would have to pull over to the side of the road, close all of the car windows, shut it off, restart it, and reopen the windows before you could continue. For some reason you would simply accept this, restart and drive on.
4.
Occasionally, executing a maneuver would cause your car to stop and fail to restart and you'd have to re-install the engine. For some strange reason, you'd accept this too.
5.
Occasionally, for no reason whatsoever, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key and grabbed hold of the radio antenna.
6.
You could only have one person in the car at a time, unless you bout a "Car 95" or a "Car NT". But then you'd have to buy more seats.
7.
Macintosh would make a car that was powered by the sun, twice as reliable, five times as fast, twice as easy to drive - but it would only run on five percent of the roads.
8.
The Macintosh car owners would get expensive Microsoft upgrades to their cars which would make their cars go much slower.
9.
The oil, engine, gas and alternator warning lights would be replaced with a single "General Car Fault" warning light.
10.
People would get excited about the "new" features in Microsoft cars, forgetting completely that they had been available in other cars for many years.
11.
We'd all have to switch to Microsoft petrol and lubricants but the packaging would be superb.
12.
New seats would force everyone to have the same size arse.
13.
The airbag system would say "Are you sure?" before going off.
14.
If you were involved in a crash, you would have no idea what happened.
15.
They wouldn't build their own engines, but form a cartel with their engine suppliers. The latest engine would have 1 cylinders, multi-point fuel injection and 4 turbos, but it would be a side-valve design so you could use Model-T Ford parts on it.
16.
There would be an "Engium Pro" with bigger turbos, but it would be slower on most existing roads.
17.
Microsoft cars would have a special radio/cassette player which would only be able to listen to Microsoft FM, and play Microsoft Cassettes.Unless of course, you buy the upgrade to use existing stuff.
18.
Microsoft would do so well, because even though they don't own anyroads, all of the road manufacturers would give away Microsoft cars free,including IBM.
19.
If you still ran old versions of car (ie. CarDOS 6.22/CarWIN 3.11),then you would be called old fashioned, but you would be able to drive muchfaster, and on more roads!
20.
If you couldn't afford to buy a new car, then you could just borrowyour friends, and then copy it.
21.
Whenever you bought a car, you would have to reorganize the ignitionfor a few days before it worked.
22.
You would need to buy an upgrade to run cars on a motorway next to each other.
23.
Every time Microsoft introduced a new car, car buyers would have to learn to drive all over again because none of the controls would operate in the same manner as the old car.
24.
Microsoft would require all car buyers to also purchase a deluxe set of Automobile Association Road maps (now a Microsoft subsidiary), even though they neither need nor want them. Attempting to delete this option would immediately cause the car's performance to diminish by 50% or more.
25. You'd have to press the "Start" button to turn the engine off.
Seems just as valid today and just as humorous. Nothing has changed.
Try original thought instead.
What do you expect? Its an Apple user. They will buy anything their God gives them.
1. rides like it is on rails...cause it is a train.
2. when ever you wanted to go somewhere different, you couldn't (unless you bought a car, er PC)
I don't know if I'd call the pop ups annoying, but I thought about my own behaviour and I was probably more blazé and I tended to click through them with an almost dimissive "get out of my way" attitude. And sometimes I didn't totally understand what was asking permission and why.
It is the same thing with SSL certificates.
The system relies on technically ignorant end-users.
I am surprised that this is now acknowledged anywhere in the main article. Windows 7 might be good but it is the poor, unscalable, single user, ancient design that ultimately makes me stay away from it as far as I can.
Unix engineering is quite different, and THIS problem isn't such an issue. Actually Mac OS X sets up the "default user" as an admin - but the system asked them to authenticate whenever admin access is required (which isn't too often) so the system is highly effective (unless the user is a total fool). Windows is actually quite hard for "casual users".
If I don't get my fix of useless dialog boxes popping up in front of my work I don't think I can handle the stresses of owning a windows operating system.....
Come on people the insanity of having alerts popping up on the screen every five mins is crazy.... If you really want to watch everything going on with your PC maybe Microsoft should rewrite the alert box to read every message in your event logs......
ALERT -- Unable to communicate to NTP time Server
ALERT -- UPS is charging
ALERT -- CNET over reacts to Microsoft's Security Changes.
People buy better security software products.... Lookup HIPS.....
Oh, and anybody who mentions Mac OS X's security system loses credibility immediately; the Windows 7 security problems are nothing compared to OS X's well-known design flaws.
Everyone who makes blanket statements about what is and is not acceptable must automatically go back to school.
Seriously, if you want to bring in "well known design flaws", let's start with a list of them. I've looked through many forums involving OS X, Linux and Windows and haven't seen any mention of these "well known design flaws" that you bring up. If they're so well known, why doesn't anyone, including Windows fanboys, bring them up?
(I am currently running W-7 Beta)
Secondly; This whole controversy over UAC being user adjustable is just another "Red Herring" thrown out by the Microsoft Haters Club to create false negative publicity for Windows.
Let's face it; UAC is universally despised as overly intrusive to the user experience. And in the final analysis, none of these notification systems are a subsitute for a proper Internet security / Anti-virus application installed on your computer. I currently use Norton Antivirus because I found - during a generous trial period - that it is compact; installs quickly; and does it's job with minimal - if any - interference in whatever I am doing on my machine.
So: Why don't all these non compos mentus hare brains just go and find something productive to do with their time rather than spreading specious, if not completely false statements, like the ones in the "car analogy" where the Microsoft Windows Automobile freezes; crashes for no reason at least twice a day; won't start-up etc. These comments are total rubbish, uttered by people who, at best, are incompetant and unqualified to review computers / operating systems.
Unfortunately, in this case, the antivirus is only half as effective as the condom, if that.
I ran Windows XP with an antivirus program constantly running and updating. I also had a scanner for malware which I updated daily and ran nightly. I also made sure to keep my cache clean and to clean up my tracks from internet browsing, just in case someone happened to find a way through to get to my data. I also ran spyware scanners nightly, adware scanners and defragged my hard drive, just to make it easier on myself and my huge variety of programs meant to keep my computer clean and safe.
I switched to Ubuntu and have one firewall, one antivirus program and the native security abilities in Linux.
Windows Vista brought in security (which you foolishly turned off), but it was annoying (the reason you turned it off).
The bottom line is that even the best antivirus/security suite available is no match for good native, preventative security in an OS.
MS just needs to learn how not to make it annoying.
You can't tell me you're getting your most productive work done being in the Control Panel all day.
http://news.cnet.com/8618-13506_3-10154494.html?communityId=2017&targetCommunityId=2017&blogId=17&messageId=5103817&tag=mncol
If you already have malware running on your system it's too late for you. Everybody still thinks the kernel is what needs protection from malware. Screw the kernel. I have another copy of that. What does UAC do to protect my data? The answer is nothing.
The only thing malware can do if it can bypass UAC is screw up your system. It's not like the UAC is going to reprogram the kernel and make it better. The malware wants to steal my data or serve me up adds. Malware can do that just fine without getting through UAC. After all, why would it want to mess up my kernel? Malware needs a stable kernel to run on too just like any software program.
Malicious user mode code can do anything a normal user could do without seeing a UAC prompt. Even if it never hacks through UAC it could completely destroy your system. Just think about the damage you could do to your own files without ever seeing a UAC prompt. Malware can do all the same stuff in the background where you never see it.
If can read your files, it can spam mail your contacts, it can send data over the web, it can delete your files, it can fill up and trash your hard drive, and run your system out of virtual memory if it wants to. Anything any normal user could do. UAC does nothing to stop any of that. Do you get a UAC prompt when you browse the web or email your contacts? No. So how is UAC going to stop the malicious software (that's already running) from spam mailing a copy of itself to everyone you know? Sure there are other things that can protect you from all that, but they have not a thing to do with UAC.
One of the major features of UAC is to stop malicious software from running in the first place. If you're not going to use 50% of your security system why would you cry about it when the other half of the SYSTEM doesn't work either? The back half needs the first half to work properly. You can't just ignore your UAC prompts people.
Instead of this pointless perimeter defense, MS needs to rework the core with security as its top priority.
Nothing less will solve their security woes.
This.
I set it to give me a specific warning level - that's my choice. I can choose "bombard me with every little thing" (like Vista) I can choose "leave be totally in the dark" (like XP) or I can choose something in between. So far so good, the default is between the two extremes. However an application can change my settings WITHOUT me knowing (and consenting). That's broken, my choice doesn't stick.
Microsoft have (due to the feedback, since this article) changed that, now any changes to UAC do trigger it. I now know that this setting is being monkeyed around with, and I can choose to allow that or not. These changes but the user in control (as it should be).
Now before you go congratulate Microsoft, just temper that with the fact they denied this was a problem (which is was) and only after quite a lot of critical feedback did they finally make this change. On the other, the initial mistake is understandable, as we're talking about an OS Beta - so much of the reaction was overblown.
The trouble is, I truly wonder if a more measured feedback would have convinced Microsoft to act.
Can you give us an update on infection rates? Last I heard it was about 9 million machines which is slightly less than 1% of the installed base.
I think your locusts must be on a diet.
- by gnutux February 5, 2009 9:20 AM PST
- Easy fix to this, in order to even change the UAC settings, you must first go through a UAC prompt regardless of security setting. Make it mandatory to go through a UAC prompt to change this.
- Like this Reply to this comment
-
Showing 1 of 2 pages (66 Comments)It's a no-brainer. If I had my way, I wouldn't even make turning off UAC an option.