"And if you don't like the default settings, you can make a trivial change to increase your prompting level back to where it was in Vista and all these "exploits" go away."
Exploits with quotes around them? So, being able to break a boundary (for whatever reason it's there) with ease is *not* an exploit?
"The ONLY secure scenario is to run as a standard user (with no admin privileges) and use fast user switching to switch to an admin account when you need to make configuration changes to the machine. But most users won't put up with that level of
security. Heck, look at how much people complained about the UAC prompts. Imagine how annoyed they'd be if MSFT forced them to log into another account to change their system configuration."
Hey, exactly! Let me quote Leo Davidson (the guy who discovered the UAC mess):
"Microsoft clearly realise that even the button-click prompts were too annoying for many users as that’s why they removed them for admin users (for their badly-written software which prompts too much only).
You cannot honestly thing that standard user accounts, as they stand today, are a solution that people will actually use after the reaction to Vista’s UAC.
Additionally, standard user accounts are not the default. You have to go out of your way to use them. Almost nobody will, except in businesses where they were already running locked-down accounts since the days of NT4 and where UAC elevation will barely
be used at all.
Standard user accounts are a distraction and an excuse as far as Windows 7 goes. You might as well say “People should use Linux to be more secure” as it’s about as relevant and likely to happen. If Windows 8 (or whatever) actually makes standard user
the default, and makes improves the user experience to one that people might actually put up with, then the argument will hold water.
The thing is, we’re only arguing about the stupidity (and unfairness on 3rd party developers) of Windows 7’s UAC because of the default settings. People can change to Always Prompt and make it like Vista… Unless we explain why Windows 7’s defaults are
the worst of both worlds — annoying prompts for some applications combined with almost zero difficulty in bypassing the prompts for anything that really wants to — and inform people that they can either set UAC to always prompt or to silently elevate (for
all apps), people are just going to use the defaults.
The one thing most people are not going to use in Windows 7 is standard user accounts. It’s more painful than what everyone complained about on Vista, not less."
He is basicaly saying the same thing as you, and THAT IS A BAD THING! Where do you go from here? UAC is now holey as cheese on the default setting, and, as you said, almost no one will run as standard user, because that's more annoying than the old Vista
What now? What is the future of Windows security? Will it be now "forever" that users will work as administrators with a broken UAC? Or will you force in Windows 8 that the default user will be a standard account user? But if you do that, people will be extremely
annoyed! After Windows 7, with its reduced UAC dialogs, people WON'T ACCEPT a standard user account in Windows 8 - because on a standard account there will be much more UAC prompts than on the default administrator account on win7 with its broken UAC.
UAC was a good tool to prepare people for the "standard account future", but now.. it's less likely that normal users will accept that future, after they use win7.
It seems that you guys maneuvered yourselves into a pretty naster corner, just to please the blogosphere.