New
#1
This is really no surprise, but they can harp on about Admin rights until they are blue in the face.
It's to late to change peoples Windows habits
February 3, 2009 (Computerworld) Nine of out 10 critical bugs reported by Microsoft Corp. last year could have been made moot, or at least made less dangerous, if people ran Windows without administrative rights, a developer of enterprise rights management software claimed today.
Of the 154 bugs published and patched by Microsoft in 2008, critical or not, 69% would have been blocked or their impact reduced by configuring users to run without administrative rights (basically an admin running UAC), said the company.
Full Story: Removing admin rights stymies 92% of Microsoft's bugs
This is really no surprise, but they can harp on about Admin rights until they are blue in the face.
It's to late to change peoples Windows habits
Yes and if they gave us the ability to turn off UAC for programs used frequently then we wouldn't have the need to turn off UAC in the first place. Clicking every single program twice might be good for security but it was a huge step backwards as far as ease of use was concerend. I used admin rights in Vista with UAC turned off and never had any problems or bugs so I don't know what the heck they are talking about.
All security has a "price to pay" - in the "nix" environment it means having to type your full password before you can access certain critical processes - before Vista I ran as a standard user not admin so the price I paid was having to "run as administrator" and enter a password to access these similar critical processes.
With Vista, and now Seven I run as a user with both Admin and standard user and the UAC to automate the switch between the two levels - so much easier, just a single click.
I learned my trade in a professional computing environment where data security was one of, if not the, main consideration - so I may not be typical of most home users where security is normally an afterthought but for anybody the odd extra click is a small price to pay for the benefits it provides.
It would be nice if the UAC could remember applications which have been deemed acceptable but this would introduce another potential problem - this list has to be stored somewhere - and malware can be designed to impersonate an item on this list and gain admin rights, so I think that the combination of the system and the users input is the best way.
The education of the users into the "why" of UAC as well as the "how" is the difficult task, but once this is done and developers learn to write for the standard users rights things should be a lot more secure.
The interesting thing is, in my experience, users totally new to computing accept the UAC without a problem, and it's those who grew up with XP and it's bad security design who have most problems.
Just my two cents
I do like the fact that there is more control over UAC in 7 but it still makes it scary to a user that has been using XP & hasn't tried Vista due to its bad press. I have quite a few elderly customers that call me when they get a popup & don't know what to do. I installed Vista for a few of them & they liked it if UAC was off & not asking questions every 5 minutes.
There is such a wide mix of users and abilities, and that's what makes this UAC argument stuff all the more difficult for MS.
They try to insert more security into the system and many long time users yell about the intrusions, many more accept and deal with the intrusions for the added security, and the newer users have no idea what to do...funny mix to deal with 4 sure.
Well put Nigel.
I've been doing this so long now that I don't surf like I used to. I have a few favorite places to go and forums to post too, so the likelyhood that I'll run across a compromised site is almost nill, but that doesn't mean I let my guard down. I do run as Admin most of the time, mainly just to do my normal routines, but if I have to go surfing for some info to help someone with a fix I'll switch to a limited account before I do that.
There may be a better way I know, but this is just how I deal with things, and I have UAC off (i know...bad Chappy.. )