Converging on Microsoft
by Mitchell Ashley
Wow, that was a fast turn around from Microsoft, something we're definitely not used to. Microsoft quickly changed their position on the UAC notification default setting issue in Windows 7, due to the vulnerability River and Zheng found where malware could change the notification setting on a compromised computer without the user's knowledge. Rather than going back to the same setting Vista used, which would have created the Vista UAC nightmare all over again (resulting in users disabling UAC altogether), Windows 7 will require user prompting whenever this notification setting is changed. Microsoft is being less specific about a second change to Windows 7 that "prevents all the mechanics around SendKeys and like from working". The two changes effectively renders the problem River/Zheng found moot. But this solution doesn't solve the core user experience flaw with UAC, as I'll talk about in a moment.
More;Windows 7 UAC Fix Doesn't Address UAC's Fatal Flaw | NetworkWorld.com Community
If they want users to keep UAC turned on Microsoft will need to have a program approval system for the programs we use most often. This would keep us from having to click a program once to open then click again to approve. If they don't do that UAC will continue to be turned off by users. I like the idea of UAC but it needs to have some type of program approval system or it will always be too much trouble to use.
I can handle having to confirm that i want that crap turned off . Better than having to confirm every other thing i do. Probably a good thing for the Noobs though .
I have been running XP for about 4 years without installing a single MS security update and never have security probs. My third party software has always been up to the job .
i know the perfect fix for this and MS would only have to change a little thing...
it would be to force a UAC prompt when changing the UAC...
and it has to make the message more reasonable...
something like it has been detected that are changing the UAC...
unless your are changing it yourself you should not allow this unless your are changing the UAC (and for a bonus [unless you know what UAC even means you shouldn't change it as this a security measure that is there to protect you without getting in your way])....
something like that...
which is what they did and this breaks the flaw...
now that cake flaw....
I don't understand this.... People will install third party security anyways. It's not like XP had UAC...
True but XP has serious security flaws, if it wasn't for 3rd party software XP would have died a long time ago. The UAC is making security a little tighter & more reliable but it has its flaws that M$ denies are there & we know, I mean come on. What I'm trying to say is that even though we still install 3rd party antivirus, try living without any AV for a week with the UAC turned all the way up & then give me your results.
BTW, welcome aeriolewinters, nice to have you.
Mike :)
I understand, but I think it's an overreaction on the part of the end-users.... As switching off UAC is the problem, which requires the user to do it. And this is actually key, since as we said... XP has no UAC... but 3rd party software is the reason XP was afloat. This issue is a non-issue, since you can probably install 3rd party software on top of Windows 7 for security. And anyways, It's the vista whiners society that caused this problem in the first place, It's not like UAC isn't in Linux...True but XP has serious security flaws, if it wasn't for 3rd party software XP would have died a long time ago.
I think a lot of people feel they need the same security as financial institutions etc, or large networks with lots of people yapping to their friends on Messenger .
Nobody is going to bother trying to use some exploit to hack me when they would be better off trying it on the local grocery store.
The security industry, just like the weapons makers, have made zillions of dollars by exploiting peoples fears.
I'm not playing their game.
Quote