Vista User Account Control

Did I hear something about iPod during a fade away? Heh. :O

Nice contrast between making beer and developing software.

Engaging interview. (Although I did miss a couple of minutes after the beer remark while I went to get some pretzels.)

Good work guys.  Finally dragged Windows and the 3rd parties kicking and screaming into standard user world.

Welcome to a better life.

bliz wrote:



Did I hear something about iPod during a fade away? Heh.

Was that iPod or tripod? 

No more running as administrator...Wa wa wi wa!

Just registered to say,

Ever since Scoble left, the interviews have been pretty boring. But your interviews, Rory, are the best. Keep up the good work. Loved the one with Mike Hall, and this one was the best.

V.B.

I don't really think that those two guys really understand how user accounts work in the mac. Pretending that the mac has a sinple log in/log out that puts you in an administrator account with full privileges is just a big lie to the face of the camera. Those guys do not seem to know that OS X is a Unix like system, and for this reason it uses exactely the same model for users accounts. It works as follows: OS X as Unix or Linux uses threee different levels of permissions: - The super user or root. If a user log in as a root, he has full provileges, full power to modify anithing in the OS. He can modify OS vital files or directories without any prompt. Well full power!!! The root is BY DEFAULT disactivated in OS X or Linux, or any other Unix. Th user need to activate the root account manually by providing the admin password. Most of the users on mac don't even know that such account exist, only Unix users know how to activate it. - The administrator account; This is the owner account. When people install a new version of OS X or Linux or buy a new mac, the is the default account which is created by the system. Why? Those are multiusers OS, so it needs to create at least one administrator account in order that the owner can manage the system. Of course the owner can disactivate the admin privileges if he/she wishes. However the admin account works quite differently than windows admin accounts. On Unix a admin user can yes manage the system, set the preferences, etc, but it does not have full freedom to modify the system. If an admin user tries to modify any OS vital files or directories, he will be prompted before. The idea is that you get the power to change things as your are the owner of the password to administrate the machine but system does not give full freedom to do anything you want before being sure that it is reeally what you want to do. If you try to install a application that put files in protected directories, an admin will also be prompted before to do so. The difference with windows is that the admin account on Unix does not open all doors as it does in windows, any vital change can not be done without entering a password even if your log in as admin. The admin account in windows is more similar to the super user on Unix. That means that a worm or virus will not be able to modify any protected files or directories without the approval of the user even in an admin account. If it tries to do so the system will ask the user to prompt. In windows, under admin acccount it just go through without the user noticing that something is changing the system. It also does mean that the admin account under OS X (UNIX) is more secure than the one in windows, because again, yes you are logged in as an admin but the system will still ask you to to enter a password if you try to make something dangerous to the system. - The non-admin account: This the default account that is created outise of the initial adnin account. Any account which is created on OS X is by default a non-admin account, ie., with the smallest privileges. So i don't get why one of those guys says that user accounts on mac are by default admin account, no they are not, only the orginal account created after installing the OS or starting up for the first time the mac is admin for the reason that i explained. Other created accounts are by default non-admin with smallest privileges. That means that a user in such an account can not set the system or change any shared directories betweenn users like the Application directory. He can only change what is inside his home directory. This is quite a quick explanation of how it works but man!! this is basic Unix. I can not just understand why those two guys seem to know very few on how accounts work on Unix and particularly on mac. Again OS X use the Unix model that i exposed. Trying to make people believe that logging in as an admin in mac is the same as windows is just showing that he really doesn know what he is talking about. Not surprising that UAC is quite badly implemented.

Hakime wrote:

I don't really think that those two guys really understand how user accounts work in the mac. Pretending that the mac has a sinple log in/log out that puts you in an administrator account with full privileges is just a big lie to the face of the camera. Those guys do not seem to know that OS X is a Unix like system, and for this reason it uses exactely the same model for users accounts. It works as follows: OS X as Unix or Linux uses threee different levels of permissions: - The super user or root. If a user log in as a root, he has full provileges, full power to modify anithing in the OS. He can modify OS vital files or directories without any prompt. Well full power!!! The root is BY DEFAULT disactivated in OS X or Linux, or any other Unix. Th user need to activate the root account manually by providing the admin password. Most of the users on mac don't even know that such account exist, only Unix users know how to activate it. - The administrator account; This is the owner account. When people install a new version of OS X or Linux or buy a new mac, the is the default account which is created by the system. Why? Those are multiusers OS, so it needs to create at least one administrator account in order that the owner can manage the system. Of course the owner can disactivate the admin privileges if he/she wishes. However the admin account works quite differently than windows admin accounts. On Unix a admin user can yes manage the system, set the preferences, etc, but it does not have full freedom to modify the system. If an admin user tries to modify any OS vital files or directories, he will be prompted before. The idea is that you get the power to change things as your are the owner of the password to administrate the machine but system does not give full freedom to do anything you want before being sure that it is reeally what you want to do. If you try to install a application that put files in protected directories, an admin will also be prompted before to do so. The difference with windows is that the admin account on Unix does not open all doors as it does in windows, any vital change can not be done without entering a password even if your log in as admin. The admin account in windows is more similar to the super user on Unix. That means that a worm or virus will not be able to modify any protected files or directories without the approval of the user even in an admin account. If it tries to do so the system will ask the user to prompt. In windows, under admin acccount it just go through without the user noticing that something is changing the system. It also does mean that the admin account under OS X (UNIX) is more secure than the one in windows, because again, yes you are logged in as an admin but the system will still ask you to to enter a password if you try to make something dangerous to the system. - The non-admin account: This the default account that is created outise of the initial adnin account. Any account which is created on OS X is by default a non-admin account, ie., with the smallest privileges. So i don't get why one of those guys says that user accounts on mac are by default admin account, no they are not, only the orginal account created after installing the OS or starting up for the first time the mac is admin for the reason that i explained. Other created accounts are by default non-admin with smallest privileges. That means that a user in such an account can not set the system or change any shared directories betweenn users like the Application directory. He can only change what is inside his home directory. This is quite a quick explanation of how it works but man!! this is basic Unix. I can not just understand why those two guys seem to know very few on how accounts work on Unix and particularly on mac. Again OS X use the Unix model that i exposed. Trying to make people believe that logging in as an admin in mac is the same as windows is just showing that he really doesn know what he is talking about. Not surprising that UAC is quite badly implemented.

But you know what we can all agree on? Paragraphs.

BryanF wrote:


But you know what we can all agree on? Paragraphs.

Indeed ....

At a guess, I'd say he's using the forum on a Mac. I've used to Safari here, and I've noticed that it doesn't render the message editor.

Since so many Mac and Linux users seem to hang around here, perhaps someone could make it easier for them to vent their spleens in a format that is much easier for everybody to read?

I'm pretty sure it is fixable.

Cool Vid!

Lots of good info on the UAC model.

Some white boarding on how this works would have been cool.

But overall good stuff.

return the game?  ever tried to *DO THAT?*

most places will not take an opened box back....

I don't get it. When you install Vista, the first and only account created is an administrator account. No prompt to create a restricted account. So people who don't need more than one account will still be using an admin account all time, right ?

izzy wrote:

I don't get it. When you install Vista, the first and only account created is an administrator account. No prompt to create a restricted account. So people who don't need more than one account will still be using an admin account all time, right ?

You're an admin, but you get prompted whenever you're about to modify the system, or something restricted. The rest of the time (99% of the time) you're running with regular user privileges. It's pretty much similar to being a sudoer in the UNIX world. From what I've seen, it's the same policy used in popular Linux distribs (Ubuntu or OpenSUSE) or MacOS.

Hakime wrote:

Not surprising that UAC is quite badly implemented.

Is it really that bad compared to the UNIX model?

stunna wrote:



Hakime wrote: Not surprising that UAC is quite badly implemented.

Is it really that bad compared to the UNIX model?

well I tried to read that un-formatted mess and from what I could read they do not know how UNIX perms work.

Is UAC done wrong? I don't think so -- but time will tell.

BTW:  UNIX has USERS and GROUPS

the user "ROOT" is the one true administrator.

you can edit stuff based on permisssions....

so in many ways WIndows and UNIX both have the idea of an "ACL"
each implimented differently.... each with different issues and benefits.

like how UNIX uses OCTAL
777 -  everyone can do anything to this object
I forget which way to read it but
World,Group,Owner - each gets a number that is the bits that they have
Read
Write
Execute
and a few others

been a while since I did UNIX admin --

I don't really think that those two guys really understand how user accounts work in the mac. Pretending that the mac has a sinple log in/log out that puts you in an administrator account with full privileges is just a big lie to the face of the camera.

That's not what they said, they said it used a "Lock/UnLock" model where your default account type was "administrator", but in the same way a standard Vista admin works - ie. you run as a regular user most of the time & are prompted for elevations when running changes that require Admin access.

Hakime wrote:

It also does mean that the admin account under OS X (UNIX) is more secure than the one in windows, because again, yes you are logged in as an admin but the system will still ask you to to enter a password if you try to make something dangerous to the system.

This is not always true.

"There exists a pretty significant interface problem with the Apple Installer program such that any package requesting admin access via the AdminAuthorization key, when run in an admin user account, is given full root-level access without providing the user with a password prompt during the install. This is even explained in Apple's Installer documentation as proper behavior. The distinction between the AdminAuthorization and RootAuthorization keys is, simply, whether or not the admin user is prompted for a password; the end powers are exactly the same and it is up to the creator of the package as to if he will be kind enough to ask for a password."

http://www.macgeekery.com/tips/security/how_a_malformed_installer_package_can_crack_mac_os_x

http://www.codepoetry.net/2006/09/20/thwap_thwap_is_this_thing_on

Good information, well presented.


I'm missing the link to the Vista Logo document. The one that tell me where I can write the user files, etc.

I've looked on the Visa Logo site and have seen allot but not what I'm looking for.

Thanks

edit: Rory, didn't you say you would put up a link?

FWIW - The iPod comment during the fade was most likely related to the windows virus that was accidentally shipped by Apple on some Video iPods.

http://www.apple.com/support/windowsvirus/

Microsoft have got account Control spot on now, this setup really fits in well to my current working enviorment where I use a admin and guest account for other people to log onto.

Josh Chandler
www.techilious.wordpress.com

Great subject.  

Here's a link the Windows Vista Logo for Software page.  There are a number of resources there including the document referred to in the talk.  I did have to logon using a live account as a member of the partner program. 

Heads-up,

Matt Ortiz

UAC has helped a lot - especially the shim functionality of having .ini and .dll be installed in a user's "program files" directory.   What has turned out the be a real pain is that firefox (update.exe) and other application I trust need elevated privaleges on a frequent basis.  I have to run to everyone box to allow the update to happen.  Is there a way to automatically grant certain apps to install (auto-elevate) as admin?

I know, I know, I hear the criticism - but If I blindly let the update happen anyway for some apps, I rather the user standard user just handle it.  Then when they get their apps UAC compliant, then we'll all be happy.  Till then.....

Hakime wrote:

I don't really think that those two guys really understand how user accounts work in the mac. Pretending that the mac has a sinple log in/log out that puts you in an administrator account with full privileges is just a big lie to the face of the camera.

This is the sort of comment that diminishes discussion and holds civilistaion back.  Hakime may be browsing in Safari but that's no excuse for presenting failed logic.  If those two guys don't understand then how can what they say be a lie?  It's like the accusations of lying when holding imperfect knowledge (as we do most of the time) over WMD when dismissing Saddam.  An error isn't a lie.

But what interests me here is the recent suggestion I saw saying that UAC won't prevent misuse of system resources by people who plant malware in our machines.  It seems that some code just doesn't NEED admin rights to perform its work.