Larry Osterman said:
Ray7 said:
*snip*

***DING*** ***DING***  Give the man a ceegar.

UAC has never been a security feature.  Microsoft has NEVER claimed that UAC was a security feature.  It's a convenience feature that acts as a forcing function to convince software developers to get their act together. 

And if you don't like the default settings, you can make a trivial change to increase your prompting level back to where it was in Vista and all these "exploits" go away.

The ONLY secure scenario is to run as a standard user (with no admin privileges) and use fast user switching to switch to an admin account when you need to make configuration changes to the machine.  But most users won't put up with that level of security.  Heck, look at how much people complained about the UAC prompts.  Imagine how annoyed they'd be if MSFT forced them to log into another account to change their system configuration.

 

 

Larry Osterman said:
that acts as a forcing function to convince software developers to get their act together.

Except now it doesn't. We're back to the bad old days where the path of least resistance is to assume users have Administrator rights. Sure you have to hack around UAC, but that's relatively trivial compared to properly architecting your application. Sure, your app will then break horrendously if someone runs as a Standard User or changes the default settings, but that's their own fault right? Nobody bothered worrying about that with XP, so why should they with 7?

And the amazingly dumb thing is that all Microsoft have to do is follow their own guidelines[1] and change the default UAC setting to the highest level. They can leave the slider in place, they can even leave the dubious "Microsoft signed code elevates silently" as long as it isn't the default behaviour and we'll all be a lot better off for it.

Sure UAC has never been a security boundary and shouldn't be thought of as one, but it is still a security feature (it even appears under the Security options in Action Center FFS!) so it ought to be set at the most restrictive level by default. That's what Trustworthy Computing was supposed to be all about and it's disturbing to see that thrown out of the window so quickly in response to a minority of whingers who are going to make noise whatever you do.

I really hope the voice of reason hits home at the eleventh hour, I honestly do. I don't think it'll happen though and that's bad for everyone. Windows 7 will ship with a dumb UAC default and nothing seems likely to change that now.

[1] The Trustworthy Computing Security Development Lifecycle