Coffeehouse Thread

42 posts

Vista Security : This can't be true.

Back to Forum: Coffeehouse
  • User profile image
    Rossj

    I can't believe for a second that this is true, it would be absolutely insane, so I can only assume that someone doesn't know what they are talking about .. I don't have access to a Vista box atm though.

    S Dekorte wrote:

    Vista security is insane. If you name an executable "installer", it gets admin privs... Or "Setup". Or a bunch of other words. Like Symantec.

    - David Fayram on #io


    Like I said, I can't believe it, but there is a little niggly doubt sitting there at the back of my brain saying "it wouldn't be the first time some committee made a dumb decision".





  • User profile image
    cescotto

    No, the UAC dialog appears to ask you to give the application administrator privileges, this was implemented for retrocompatibility.

  • User profile image
    Rossj

    So the name of the file triggers the UAC request? And if UAC is turned off?

  • User profile image
    cescotto

    Rossj wrote:
    So the name of the file triggers the UAC request?


    yes

    Rossj wrote:
    And if UAC is turned off?


    the executable gets the same privileges as the user like on XP.

  • User profile image
    ZippyV

    Rossj wrote:
    So the name of the file triggers the UAC request?


    Yes, because 99% of the installers need admin privileges. It's pure for backwards compatibility reasons.

  • User profile image
    W3bbo

    ZippyV wrote:
    
    Rossj wrote:So the name of the file triggers the UAC request?


    Yes, because 99% of the installers need admin privileges. It's pure for backwards compatibility reasons.


    And uses other heuristics code borrowed from WS2003 Application-Mode Terminal Services, I hear.

  • User profile image
    littleguru

    Rossj wrote:
    So the name of the file triggers the UAC request? And if UAC is turned off?


    Again: did you watch the UAC video that Charles posted a week ago? If you would, you wouldn't have posted this... They mention that some works trigger the UAC to ask the user for admin credentials by default. They are not given automatically, but the standard UAC dialog appears and asks for admin privileges.

  • User profile image
    AndyC

    W3bbo wrote:
    
    And uses other heuristics code borrowed from WS2003 Application-Mode Terminal Services, I hear.


    Some are already in XP also - they trigger a RunAs prompt if you try running an installer from a non-Admin account.

    Note also that the heuristics won't be invoked if the executable has a Vista manifest.

  • User profile image
    Royal​Schrubber

    MrJay wrote:
    Yet another reason why UAC really is nothing more than an annoyance.


    I don't want to repeat myself - read my old post Smiley

  • User profile image
    Rossj

    littleguru wrote:
    
    Rossj wrote:So the name of the file triggers the UAC request? And if UAC is turned off?


    Again: did you watch the UAC video that Charles posted a week ago?


    I stopped watching the videos a while back when I realised that they generally don't go into the level of detail that I am interested in, and I guess I am spending less and less time in Windows so it is only out of morbid curiosity that I am still even here.

  • User profile image
    AndyC

    MrJay wrote:
    

    That is the problem.  It does not exist in *nix.   Even as a normal user in *nix I can use sudo -s and proceed to do all of my admin stuff without being hassled further.  I cannot do this in Vista unless I turn off UAC.


    Poor example. There isn't any difference between sudo -s and running a command prompt elevated under UAC.

    MrJay wrote:
    
    People are not complaining about UAC being like sudo.  We are complaining about the additional functionality it implemented on top of sudo.  That is where it fails.


    UAC and sudo were designed to solve two different, though similar, problems. The problem of "too much prompting" is not UAC though, it's the whole slew of apps on Windows that require admin rights when they shouldn't. If every *nix app required you to be root, I absolutely guarantee that you'd find sudo just as annoying.

  • User profile image
    Charles

    Rossj wrote:
    
    littleguru wrote: 
    Rossj wrote: So the name of the file triggers the UAC request? And if UAC is turned off?


    Again: did you watch the UAC video that Charles posted a week ago?


    I stopped watching the videos a while back when I realised that they generally don't go into the level of detail that I am interested in, and I guess I am spending less and less time in Windows so it is only out of morbid curiosity that I am still even here.


    Jon whiteboards exactly how UAC works. How much more detail are you looking for? What information is missing?

  • User profile image
    shreyasonli​ne

    ZippyV wrote:
    
    Rossj wrote:So the name of the file triggers the UAC request?


    Yes, because 99% of the installers need admin privileges. It's pure for backwards compatibility reasons.


    Ya. And 90% of the common users would just click Yes to remove the annoying thing in front of them. Plain human psychology nothing else.

    Shreyas Zare

  • User profile image
    cescotto

    shreyasonline wrote:
    
    ZippyV wrote: 
    Rossj wrote: So the name of the file triggers the UAC request?


    Yes, because 99% of the installers need admin privileges. It's pure for backwards compatibility reasons.


    Ya. And 90% of the common users would just click Yes to remove the annoying thing in front of them. Plain human psychology nothing else.

    Shreyas Zare



    And? Even if the automatic UAC prompt for the installers wasn't there if the executable was a malware it could be coded in order to require elevated privileges (triggering the UAC dialog). It wouldn't have made any difference.

  • User profile image
    Rossj

    Charles wrote:
    
    Rossj wrote:
    littleguru wrote: 
    Rossj wrote: So the name of the file triggers the UAC request? And if UAC is turned off?


    Again: did you watch the UAC video that Charles posted a week ago?


    I stopped watching the videos a while back when I realised that they generally don't go into the level of detail that I am interested in, and I guess I am spending less and less time in Windows so it is only out of morbid curiosity that I am still even here.


    Jon whiteboards exactly how UAC works. How much more detail are you looking for? What information is missing?


    Well I didn't watch it did I, so I don't know.  I am extrapolating from videos in the past where some of the stuff was not as technical as it could have been, and came across as marketing, in as much as 'this is what we are doing and it may be useful' rather than 'this is what we are doing and here are all the goty details'. Which is why I stopped watching most of them. I still occassionally watch some, but UAC in particular isn't something that I am likely to encounter in my line of work as my software does not have user interaction.

    Getting back OT, why did the team responsible not just ask the user to elevate for those special cases whether UAC is on or off (yes I know it is probably in the video)?

  • User profile image
    Rossj

    AndyC wrote:
    The problem of "too much prompting" is not UAC though, it's the whole slew of apps on Windows that require admin rights when they shouldn't.


    Create a new folder in program files, rename it - you have the uac prompt twice.  Not a very common occurrence I'll grant you but annoying none-the-less and nothing to do with third-party apps.

  • User profile image
    JasonOlson

    shreyasonline wrote:
    
    ZippyV wrote: 
    Rossj wrote: So the name of the file triggers the UAC request?


    Yes, because 99% of the installers need admin privileges. It's pure for backwards compatibility reasons.


    Ya. And 90% of the common users would just click Yes to remove the annoying thing in front of them. Plain human psychology nothing else.

    Shreyas Zare


    Actually, this is wrong. Based on a bunch of usability studies Microsoft has done, most computer users ended up clicking "no" instead of "yes."

  • User profile image
    JasonOlson

    Rossj wrote:
    
    AndyC wrote: The problem of "too much prompting" is not UAC though, it's the whole slew of apps on Windows that require admin rights when they shouldn't.


    Create a new folder in program files, rename it - you have the uac prompt twice.  Not a very common occurrence I'll grant you but annoying none-the-less and nothing to do with third-party apps.


    I honestly wish that UAC would behave at the session level. For instance, if I have windows explorer open and it needs to elevate, prompt me once and then for the rest of the session it is elevated (isn't this the way that sudo behaves?).

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.