Sign In
Register
Help
Post your comments for Microsoft to Improve Vista's Problematic UAC in Windows 7 here
Page 1 of 1
Microsoft to Improve Vista's Problematic UAC in Windows 7
MultiQuote
#3
djdjohnson 
- Member
-
- Group: Members
- Posts: 18
- Joined: 25-June 08
Posted 09 October 2008 - 12:27 PM
As a developer, UAC has caused me more than a few headaches. MS needs to add an area to the registry and file system that is readable and writable by all users, including non-administrative users. Right now it just isn't possible to have standard users create files or adjust settings that are global in scope.
Also, is it really necessary to ask me FOUR times to confirm that I want to create and rename a folder in Program Files? Two for creating the folder and two for renaming it. Talk about unnecessary annoyance!
Also, is it really necessary to ask me FOUR times to confirm that I want to create and rename a folder in Program Files? Two for creating the folder and two for renaming it. Talk about unnecessary annoyance!
#4
chipbennett
- Advanced Member
-
- Group: Members
- Posts: 210
- Joined: 05-October 07
- Location:St. Louis, MO
Posted 09 October 2008 - 01:27 PM
The fault doesn't lie totally (or even mostly) with Microsoft.
As the article alluded, the issue very often is a third-party application that was not developed properly to begin with.
Vista begins Microsoft's much-needed effort to cut off applications' ability to use risky shortcuts and to have direct access to parts of the system (e.g. the kernel) to which they should not have access.
As the article alluded, the issue very often is a third-party application that was not developed properly to begin with.
Vista begins Microsoft's much-needed effort to cut off applications' ability to use risky shortcuts and to have direct access to parts of the system (e.g. the kernel) to which they should not have access.
#5
pdl1
- Newbie
-
- Group: Members
- Posts: 6
- Joined: 01-October 07
Posted 09 October 2008 - 02:01 PM
I respectfully disagree. Doubtless Windows should have an immutable kernel. But is this the job of the user?
Fact is, Microsoft is trying to combine compatibility with old versions, with speed, safety and new features. Can't be done. We need a new computer model from the ground up. Don Estridge's 640k/360k DOS base has to go. New computer, new BIOS, new drivers, new kernel code. Get rid of HAL.
This will take years, and cooperation between Microsoft and the manufacturers of computers and software. But it is a bit like a bailout: if we don't do it now it will cost lots more later on.
Paul D.
Fact is, Microsoft is trying to combine compatibility with old versions, with speed, safety and new features. Can't be done. We need a new computer model from the ground up. Don Estridge's 640k/360k DOS base has to go. New computer, new BIOS, new drivers, new kernel code. Get rid of HAL.
This will take years, and cooperation between Microsoft and the manufacturers of computers and software. But it is a bit like a bailout: if we don't do it now it will cost lots more later on.
Paul D.
#6
raife1
- Full Member
-
- Group: Members
- Posts: 84
- Joined: 05-November 07
Posted 11 October 2008 - 11:33 AM
Hhhmmm...
>> ...Microsoft... "...acknowledging that the new security feature it built into Windows Vista has caused unnecessary problems for users"
But... but... I remember so many arguments from Microsoft (and its mindless-supporters) that so vigorously denied the "problems" even existed.
>> "Microsoft added UAC to Vista in an effort to improve the security of the system and give people who are the primary users of a PC more control of its applications and settings".
Translation: Another Microsoft, after-the-fact, bolt-on, that failed to address the real, core, issues associated with the fundamental-insecurity of Microsofts fundamental design-approaches.
>> "Vista users said the reason the UAC prompts were so frequent and misguided is because many third-party Windows applications that predated Vista weren't developed to work with UACs "Standard User" designation".
"Vista users", said that..? Really..? Or, was it Microsofts endless SPIN-machine..?
And... Even though the "Windows"-architecture was fundamentally-flawed for years (which was vehemently-denied by, both, Microsoft AND its rabid-defenders... until LONG, after the facts were so, painfully, obvious to absolutely everyone else)... and, even though most of the "third-party" apps were merely written to accommodate Microsofts-OWN, standing, design criteria... It was those same "third-party" software-developers, who, were actually to -blame-..?
You know... this IS a good thing...
But, though its nice that Microsoft is claiming that its finally ready to catch-up with the rest of the computer-industry (UNIX, Apple, Linux, etc.)... Based upon decades of Microsofts actual actions, products, failures, and endless-SPIN, I think Ill wait a bit and see... before I simply believe that this, latest, Microsoft-campaign will actually bear, any, useful-fruit.
>> ...Microsoft... "...acknowledging that the new security feature it built into Windows Vista has caused unnecessary problems for users"
But... but... I remember so many arguments from Microsoft (and its mindless-supporters) that so vigorously denied the "problems" even existed.
>> "Microsoft added UAC to Vista in an effort to improve the security of the system and give people who are the primary users of a PC more control of its applications and settings".
Translation: Another Microsoft, after-the-fact, bolt-on, that failed to address the real, core, issues associated with the fundamental-insecurity of Microsofts fundamental design-approaches.
>> "Vista users said the reason the UAC prompts were so frequent and misguided is because many third-party Windows applications that predated Vista weren't developed to work with UACs "Standard User" designation".
"Vista users", said that..? Really..? Or, was it Microsofts endless SPIN-machine..?
And... Even though the "Windows"-architecture was fundamentally-flawed for years (which was vehemently-denied by, both, Microsoft AND its rabid-defenders... until LONG, after the facts were so, painfully, obvious to absolutely everyone else)... and, even though most of the "third-party" apps were merely written to accommodate Microsofts-OWN, standing, design criteria... It was those same "third-party" software-developers, who, were actually to -blame-..?
You know... this IS a good thing...
But, though its nice that Microsoft is claiming that its finally ready to catch-up with the rest of the computer-industry (UNIX, Apple, Linux, etc.)... Based upon decades of Microsofts actual actions, products, failures, and endless-SPIN, I think Ill wait a bit and see... before I simply believe that this, latest, Microsoft-campaign will actually bear, any, useful-fruit.
#7
djdjohnson
- Member
-
- Group: Members
- Posts: 18
- Joined: 25-June 08
Posted 11 October 2008 - 12:28 PM
The problem lies at the feet of both Microsoft and developers.
A UAC prompt is given to elevate the security privileges of an application to allow it to make changes in folders or portions of the registry reserved for administrative users. There are folders and parts of the registry that are only write-accessible to privileged applications and Vista, in an attempt to increase system security, runs all applications (even if you are logged in as an administrator) with standard privileges. MANY applications released prior to (and even since) Vista store configuration settings, data files, etc. in areas that require elevated privileges.
With XP and previous incarnations of Windows, these areas were fully writable by anyone running an Administrative account, which most people did because so many applications would not run properly if launched under a Standard user account.
I blame developers for not storing their files and settings in user-specific folders and registry keys. I also blame Microsoft because they don't provide any folders or registry keys that are writable by all users without administrative privileges. But I honestly believe the fault is mostly at the feet of developers for not storing files in the folders that they're supposed to. So MS is correct in stating that a lot of applications are to blame; they're not storing stuff in the right place, forcing a UAC elevation prompt.
I develop and sell a backup application (FileBack PC) and it makes a lot of sense for much of its configuration to be global across all users, and to be configurable by any user. However, MS doesn't provide a way of doing that without running under an administrative account. Even with User Account Control there isn't an acceptable solution to this problem. The best I've been able to come up with is to present the user with two options: run the program under an administrative account, or virtualize the settings so they are specific to each individual user. Neither is really ideal.
Another issue is Vista's attempt to simulate an environment where applications have full write access to restricted folders and registry keys. If an application does not indicate that it is Vista compliant and it attempts to write to a privileged area of the computer, UAC redirects the requests to a virtualized file system and HKLM registry hive. Apps think they're making global changes, but they're really being redirected to user-specific storage. This behavior causes a lot of confusion if you aren't aware of it.
As far as the duplicated prompts within Windows itself there is absolutely no excuse. I shouldn't be asked FOUR times to confirm that I want to create a folder in C:Program Files... Two prompts for creating "New Folder" then two more to rename "New Folder" to whatever I want it to be. That is where the flaw in UAC exists. Not necessarily in the basic concept (the idea is similar to "sudo" on Linux) but in its implementation. If W7 could include the ability to say "always allow this action for this application" much of the problem goes away. I'd be able to authorize Explorer.exe to modify C:Program Files one time and never be asked again.
Hopefully Windows 7 will eliminate the duplicated and unnecessary UAC prompts. I'd also love to see something like a "sudo" command that allows elevation of a command prompt. It would also be really nice for MS to offer a solution for developers who want to have per-machine configuration options and folders accessible to all users. I don't see it happening, but it would be nice, and it would solve a lot of the need for UAC prompts in the first place.
A UAC prompt is given to elevate the security privileges of an application to allow it to make changes in folders or portions of the registry reserved for administrative users. There are folders and parts of the registry that are only write-accessible to privileged applications and Vista, in an attempt to increase system security, runs all applications (even if you are logged in as an administrator) with standard privileges. MANY applications released prior to (and even since) Vista store configuration settings, data files, etc. in areas that require elevated privileges.
With XP and previous incarnations of Windows, these areas were fully writable by anyone running an Administrative account, which most people did because so many applications would not run properly if launched under a Standard user account.
I blame developers for not storing their files and settings in user-specific folders and registry keys. I also blame Microsoft because they don't provide any folders or registry keys that are writable by all users without administrative privileges. But I honestly believe the fault is mostly at the feet of developers for not storing files in the folders that they're supposed to. So MS is correct in stating that a lot of applications are to blame; they're not storing stuff in the right place, forcing a UAC elevation prompt.
I develop and sell a backup application (FileBack PC) and it makes a lot of sense for much of its configuration to be global across all users, and to be configurable by any user. However, MS doesn't provide a way of doing that without running under an administrative account. Even with User Account Control there isn't an acceptable solution to this problem. The best I've been able to come up with is to present the user with two options: run the program under an administrative account, or virtualize the settings so they are specific to each individual user. Neither is really ideal.
Another issue is Vista's attempt to simulate an environment where applications have full write access to restricted folders and registry keys. If an application does not indicate that it is Vista compliant and it attempts to write to a privileged area of the computer, UAC redirects the requests to a virtualized file system and HKLM registry hive. Apps think they're making global changes, but they're really being redirected to user-specific storage. This behavior causes a lot of confusion if you aren't aware of it.
As far as the duplicated prompts within Windows itself there is absolutely no excuse. I shouldn't be asked FOUR times to confirm that I want to create a folder in C:Program Files... Two prompts for creating "New Folder" then two more to rename "New Folder" to whatever I want it to be. That is where the flaw in UAC exists. Not necessarily in the basic concept (the idea is similar to "sudo" on Linux) but in its implementation. If W7 could include the ability to say "always allow this action for this application" much of the problem goes away. I'd be able to authorize Explorer.exe to modify C:Program Files one time and never be asked again.
Hopefully Windows 7 will eliminate the duplicated and unnecessary UAC prompts. I'd also love to see something like a "sudo" command that allows elevation of a command prompt. It would also be really nice for MS to offer a solution for developers who want to have per-machine configuration options and folders accessible to all users. I don't see it happening, but it would be nice, and it would solve a lot of the need for UAC prompts in the first place.
#8
papaduke
- Newbie
-
- Group: Members
- Posts: 2
- Joined: 23-January 07
Posted 13 October 2008 - 06:22 AM
There we go again microsoft bashing, I love UAC, it gives me control over what goes into my computer. Anyone that have a problem with it should throw away there keys from there car and home because it is a pain.
My mac have the same thing & I do not here anyone complaining about it, I wonder why.
My mac have the same thing & I do not here anyone complaining about it, I wonder why.
#9
rgreen4
- Moderator
-
- Group: Moderators
- Posts: 7,722
- Joined: 22-October 06
- Location:S. Georgia
Posted 13 October 2008 - 07:27 AM
First, I have never encountered a single UAC prompt on Vista Home Premium when creating a folder, re-naming a folder or even deleting a folder, except in the Program, Users and Windows area. Then it was only 1 except in Windows when you get a confirm request to delete a folder (not UAC) followed by the UAC. Yes, UAC is on. When a program tries to do such an action, or write to the protected areas, then yes, I get the UAC which I am grateful for. BTW the confirmation box on deletion is the same one that has been in XP from the beginning.
I received a UAC request one morning while on the machine. No program that I was running generated the UAC and when reading the information in the box, it was an unknown process. I clicked on no. I then closed my browser and ran full scans of the machine.
As Papaduke has mentioned, othes OS's are moving in this direction, and their users are not complaining.
I received a UAC request one morning while on the machine. No program that I was running generated the UAC and when reading the information in the box, it was an unknown process. I clicked on no. I then closed my browser and ran full scans of the machine.
As Papaduke has mentioned, othes OS's are moving in this direction, and their users are not complaining.
#11
raife1
- Full Member
-
- Group: Members
- Posts: 84
- Joined: 05-November 07
Posted 13 October 2008 - 09:07 PM
Sorry... But other -OSes- (referring to multiples of the phrase "OS", not the possessive-form of the word) are NOT, "...moving in this direction".
Microsoft (with their, poorly-implemented, bolted-on, approach to process-compartmentalization, "UAC")... is, actually, the one who is merely, finally, catching-up (rather poorly from a technical-standpoint), to the "other" Operating Systems. Those Operating-Systems which are based upon the UNIX-architecture (which include BSD, OS-X, and all flavors of Linux), actually, are (and always have been) designed, from the ground-up, as true multi-user OSes (designed, specifically, to isolate individual-users, processes, and administrative system-authority). So, frankly, any assertion which implies that Microsoft is, somehow, leading the way... is simply ignorant, at best... and down-right deceptive a worst.
Furthermore, many, many, technologists, IT-professionals, and consumers HAVE been complaining about "UAC" within "Vista" (amongst its many other issues) since "Vista" was introduced (even Microsoft has finally, very-reluctantly, begun admitting the scope of some of the problems, and the lack of consumer-acceptance).
And, finally... once again... merely pointing-out such basic facts, and recounting direct personal, and professional, experiences, is not "...bashing". However, Id say that trying to, rhetorically, dismiss such an overwhelming preponderance of negative facts and opinion... in such an intentionally-dishonest manner... IS, a true sign of intellectual, and factual, desperation.
Microsoft (with their, poorly-implemented, bolted-on, approach to process-compartmentalization, "UAC")... is, actually, the one who is merely, finally, catching-up (rather poorly from a technical-standpoint), to the "other" Operating Systems. Those Operating-Systems which are based upon the UNIX-architecture (which include BSD, OS-X, and all flavors of Linux), actually, are (and always have been) designed, from the ground-up, as true multi-user OSes (designed, specifically, to isolate individual-users, processes, and administrative system-authority). So, frankly, any assertion which implies that Microsoft is, somehow, leading the way... is simply ignorant, at best... and down-right deceptive a worst.
Furthermore, many, many, technologists, IT-professionals, and consumers HAVE been complaining about "UAC" within "Vista" (amongst its many other issues) since "Vista" was introduced (even Microsoft has finally, very-reluctantly, begun admitting the scope of some of the problems, and the lack of consumer-acceptance).
And, finally... once again... merely pointing-out such basic facts, and recounting direct personal, and professional, experiences, is not "...bashing". However, Id say that trying to, rhetorically, dismiss such an overwhelming preponderance of negative facts and opinion... in such an intentionally-dishonest manner... IS, a true sign of intellectual, and factual, desperation.
#12
rgreen4
- Moderator
-
- Group: Moderators
- Posts: 7,722
- Joined: 22-October 06
- Location:S. Georgia
Posted 14 October 2008 - 06:26 AM
raife1 said:
Microsoft (with their, poorly-implemented, bolted-on, approach to process-compartmentalization, "UAC")... is, actually, the one who is merely, finally, catching-up (rather poorly from a technical-standpoint), to the "other" Operating Systems. Those Operating-Systems which are based upon the UNIX-architecture (which include BSD, OS-X, and all flavors of Linux), actually, are (and always have been) designed, from the ground-up, as true multi-user OSes (designed, specifically, to isolate individual-users, processes, and administrative system-authority). So, frankly, any assertion which implies that Microsoft is, somehow, leading the way... is simply ignorant, at best... and down-right deceptive a worst.
Vista is built on the NT architecture which from the beginning (NT 3.1, to match Windows 3.1 the single user version) was designed as a multi-user OS to be used primarily in the workplace. The single user version of Windows ended with Windows 98 and the much maligned Windows ME.
And the UAC is not a process-compartmentalization, but an approval authorization of any process affecting the system. The process is compartmentalized whether UAC is turned on (default) or off.
#13
raife1
- Full Member
-
- Group: Members
- Posts: 84
- Joined: 05-November 07
Posted 14 October 2008 - 03:35 PM
rgreen4 wrote:
>> "Vista is built on the NT architecture which from the beginning (NT 3.1, to match Windows 3.1 the single user version) was designed as a multi-user OS to be used primarily in the workplace. The single user version of Windows ended with Windows 98 and the much maligned Windows ME".
>> "And the UAC is not a process-compartmentalization, but an approval authorization of any process affecting the system. The process is compartmentalized whether UAC is turned on (default) or off."
An interesting bit of nit-picking, and superficial re-hash of "Windows" history...
...However, true "multi-user" OSes are "...designed, specifically, to isolate individual-users, processes, and administrative system-authority" at the most fundamental-levels. And, this is implemented from the inception of the OS-design, and maintained as an absolute architectural-stricture (as a fundamental, over-riding, design-criteria... as I stated earlier). This MUST occur throughout the ENTIRE evolution of the software (hence the reason such, after-the fact, software-design is usually referred to as, "bolted-on", by most software-professionals). I also mentioned that UNIX (and its descendants; BSD, OS-X, Linux, etc.) IS designed (and maintained) this way, from its inception/core. Furthermore, this approach has been successfully-demonstrated to be the -most- successful approach, for decades. The problem is that Microsoft has NOT really designed any of its consumer-OSes this way. The basic fact is simply that; merely, including the superficial ability to create, "user-accounts" (with different "authorities")... using such bolt-ons as; "user profiles", "ACLs" etc. and attempting to isolate -access- to resources and system-authority, after the fact, across a hodge-podge of cross-linked sub-processes, and add-ons... as "Vista" STILL does (but, not very adequately) does NOT make it a TRUE "multi-user" OS. And, Microsofts approach has proven itself to be seriously, if no completely, problematic. And, the plain fact is that; "Vista" IS trying to -bolt-on- "UAC" (over an entirely fragmented-architecture of processes, elements, and authorization-levels)... as a patch, to even larger problems.
And, this, IS only one set of the, fundamentally-unsolvable, PROBLEMS with "Vista".
...Which, is what consumers, and IT-professionals, are (and have been) pointing-out, all along.
Furthermore, Id suggest that, any person defending "Vista" (from any technological/engineering/programming perspective)... might want to look up the definition, and history, of the term: "KLUDGE".
>> "Vista is built on the NT architecture which from the beginning (NT 3.1, to match Windows 3.1 the single user version) was designed as a multi-user OS to be used primarily in the workplace. The single user version of Windows ended with Windows 98 and the much maligned Windows ME".
>> "And the UAC is not a process-compartmentalization, but an approval authorization of any process affecting the system. The process is compartmentalized whether UAC is turned on (default) or off."
An interesting bit of nit-picking, and superficial re-hash of "Windows" history...
...However, true "multi-user" OSes are "...designed, specifically, to isolate individual-users, processes, and administrative system-authority" at the most fundamental-levels. And, this is implemented from the inception of the OS-design, and maintained as an absolute architectural-stricture (as a fundamental, over-riding, design-criteria... as I stated earlier). This MUST occur throughout the ENTIRE evolution of the software (hence the reason such, after-the fact, software-design is usually referred to as, "bolted-on", by most software-professionals). I also mentioned that UNIX (and its descendants; BSD, OS-X, Linux, etc.) IS designed (and maintained) this way, from its inception/core. Furthermore, this approach has been successfully-demonstrated to be the -most- successful approach, for decades. The problem is that Microsoft has NOT really designed any of its consumer-OSes this way. The basic fact is simply that; merely, including the superficial ability to create, "user-accounts" (with different "authorities")... using such bolt-ons as; "user profiles", "ACLs" etc. and attempting to isolate -access- to resources and system-authority, after the fact, across a hodge-podge of cross-linked sub-processes, and add-ons... as "Vista" STILL does (but, not very adequately) does NOT make it a TRUE "multi-user" OS. And, Microsofts approach has proven itself to be seriously, if no completely, problematic. And, the plain fact is that; "Vista" IS trying to -bolt-on- "UAC" (over an entirely fragmented-architecture of processes, elements, and authorization-levels)... as a patch, to even larger problems.
And, this, IS only one set of the, fundamentally-unsolvable, PROBLEMS with "Vista".
...Which, is what consumers, and IT-professionals, are (and have been) pointing-out, all along.
Furthermore, Id suggest that, any person defending "Vista" (from any technological/engineering/programming perspective)... might want to look up the definition, and history, of the term: "KLUDGE".
#14
rgreen4
- Moderator
-
- Group: Moderators
- Posts: 7,722
- Joined: 22-October 06
- Location:S. Georgia
Posted 14 October 2008 - 07:05 PM
Rehashing and repeating a statement does not refute the fact that NT 3.1 was a multi-user OS. Or do you refute the Wikipedia reference:
"Windows NT is a family of operating systems produced by Microsoft,
the first version of which was released in July 1993. It was originally
designed to be a powerful high-level-language-based,
processor-independent, multiprocessing, multiuser operating system with
features comparable to Unix. It was intended to complement consumer versions of Windows that were based on MS-DOS. NT was the first fully 32-bit version of Windows, whereas its consumer-oriented counterparts, Windows 3.1x and Windows 9x, were 16-bit/32-bit hybrids. Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Home Server, and Windows Server 2008 are based upon the Windows NT system, although they are not branded as Windows NT."
This community has seen many requests for help because a user with one log on could not access files under another user ID. And the UAC had nothing to do with this separation.
h2.
"Windows NT is a family of operating systems produced by Microsoft,
the first version of which was released in July 1993. It was originally
designed to be a powerful high-level-language-based,
processor-independent, multiprocessing, multiuser operating system with
features comparable to Unix. It was intended to complement consumer versions of Windows that were based on MS-DOS. NT was the first fully 32-bit version of Windows, whereas its consumer-oriented counterparts, Windows 3.1x and Windows 9x, were 16-bit/32-bit hybrids. Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Home Server, and Windows Server 2008 are based upon the Windows NT system, although they are not branded as Windows NT."
This community has seen many requests for help because a user with one log on could not access files under another user ID. And the UAC had nothing to do with this separation.
h2.
Page 1 of 1
