Is it just me, or is 7's UAC MORE annoying than Vista?

logicearth said:

ExNavy11 said:

The most annoying thing with UAC is when I click on a program to install or set up, and I have to give permission.

HELLO, I JUST CLICK ON THE INSTALL PROGRAM! So YES I am ok with it.

But you see the computer does not know if YOU are the one who ran the application requesting administrative privileges. So it is going to ask before it grants privileges to make sure YOU requested it.

Alternatively Micro$loth could get their asses in gear and create an OS that is actually safe to use instead of inventing layers of obfuscation that doesn't actually do anything for the user and is really only to protect the OS from itself. Plenty of articles have been written to show that a user exposed to a recurring prompt clicks it without thought after only a few times. So what has UAC actually done at that point? Nothing. We did a blurb on it as part of a presentation for Black Hat last year (08). We showed that a user who is exposed to the recurring pop-up eventually just clicks it mindlessly and when our malicious code is injected into the stream of clicks... gets run just fine.

Gorf said:

Alternatively Micro$loth could get their asses in gear and create an OS that is actually safe to use instead of inventing layers of obfuscation that doesn't actually do anything for the user and is really only to protect the OS from itself. Plenty of articles have been written to show that a user exposed to a recurring prompt clicks it without thought after only a few times. So what has UAC actually done at that point? Nothing. We did a blurb on it as part of a presentation for Black Hat last year (08). We showed that a user who is exposed to the recurring pop-up eventually just clicks it mindlessly and when our malicious code is injected into the stream of clicks... gets run just fine.

Safari falls in 10 seconds at hacking contest | News | PC Pro

I don't think that task can be accomplished unless the the typical omnipotent-wannabe user is willing to sudo all day long. Most Windows users aren't, that's why they hate UAC, and pay for Windows instead of using free Linoox.

Gorf said:

Alternatively Micro$loth could get their asses in gear and create an OS that is actually safe to use instead of inventing layers of obfuscation that doesn't actually do anything for the user and is really only to protect the OS from itself. Plenty of articles have been written to show that a user exposed to a recurring prompt clicks it without thought after only a few times. So what has UAC actually done at that point? Nothing. We did a blurb on it as part of a presentation for Black Hat last year (08). We showed that a user who is exposed to the recurring pop-up eventually just clicks it mindlessly and when our malicious code is injected into the stream of clicks... gets run just fine.

I disagree completely and do not feel that UAC is completely useless. According to your profile, you are a Gentoo user...and as a Linux user I would expect you to better understand the UAC system as it's similar to the use of sudo under Unix/Linux.

Microsoft "HAS" improved on the # of prompts that the end user gets. And even as an educated and certified Windows/Linux systems admin..I find value when
1). An application wants admin privs and I don't have any idea why. Makes me reconsider using said application
2). Something pops up in the middle of nothing that I am doing and wants to run. Gotta wonder about what is going on here.

While average or below average users won't consider the consequences or wonder what is actually happening...simply not including UAC because of these lessor users would be a massive step in the wrong direction.

Gorf said:

Alternatively Micro$loth could get their asses in gear and create an OS that is actually safe to use instead of inventing layers of obfuscation that doesn't actually do anything for the user and is really only to protect the OS from itself...

So you are running on your Linux box as root and never have to elevate to do administrative task?

If you are a domain admin and you let your end users have administrative rights over their local machines, you have already failed basically. I'm not going to tell you to turn UAC off or give them admin rights because thats just a plain bad practice.

Well I have to agree to a large extent, but that is why I run a domain at home, so that I can debug these issues on my own terms without exposing users at the office to unnecessary security hazards.

It is difficult to find the right mix of security that still allows the end users to be safe and still get their work done without having to call me every time they need to install some piece of software. I've tried being strict before, and it just doesn't work, so I let them do pretty much anything they want on the workstations, and just warn them that I reserve the right to restore their computers to a default configuration if it gets screwed up. All important data is stored on the server, so this is not a problem.

This is really my first time in on 7, so I'm still experimenting with finding that mix of security/functionality. I know that I should remove my domain admin status, but it always seems to cause problems when I do.

So, yes, I recognize that this is not the best forum for my "true" question, but it is Win 7 specific, and indeed, I am finding useful info here.

Jordus said:

If you are a domain admin and you let your end users have administrative rights over their local machines, you have already failed basically.

If you are a domain admin and self proclaimed Windows Guru,
then I don't have to tell you, there are scenarios where best practice is to give them admin rights on their own machines.
Maybe when I say laptops, it rings a bell?

EDIT: I was hoping some nix/OSX fanboy would open their mouth and then not realize that UAC is actually very much on the same page as SUDO (only better actually).

If you are in the mood for picking a fight, relax, get a nice cup of tea, and remember where you are.
We are here to help, not to talk down to the lesser experienced.

EDIT2: Sorry if i seem harsh in this post, but no relf respecting domain admin should be on this forum, which is more home users/beginners, asking such basic questions about their job.

You say sorry for a harsh remark and then you make an even harsher one.
Who are you to tell who can or can't be on this forum?
Take another cup of tea.

There are some pretty common sense best practices to follow in a domain environment and if someone can't meet those then I have little reason to try and help them circumvent them.

You made that last point painfully clear.

Luckily the OP is not scared away easily, even though you tried your best at it.

You have a poweruser badge, you should set a better example.

CoastalData said:

If you are a domain admin and you let your end users have administrative rights over their local machines, you have already failed basically. I'm not going to tell you to turn UAC off or give them admin rights because thats just a plain bad practice.

Well I have to agree to a large extent, but that is why I run a domain at home, so that I can debug these issues on my own terms without exposing users at the office to unnecessary security hazards.

It is difficult to find the right mix of security that still allows the end users to be safe and still get their work done without having to call me every time they need to install some piece of software. I've tried being strict before, and it just doesn't work, so I let them do pretty much anything they want on the workstations, and just warn them that I reserve the right to restore their computers to a default configuration if it gets screwed up. All important data is stored on the server, so this is not a problem.

This is really my first time in on 7, so I'm still experimenting with finding that mix of security/functionality. I know that I should remove my domain admin status, but it always seems to cause problems when I do.

So, yes, I recognize that this is not the best forum for my "true" question, but it is Win 7 specific, and indeed, I am finding useful info here.

Hi CoastalData,

Please feel welcome and don't mind Jordus.

He was probably having a bad day.

Greetings,

Michel