Microsoft Apologises; To Fix Win 7 UAC Flaw

Status
Not open for further replies.

gsteacy

Distinguished
Aug 3, 2008
4
0
18,510
[citation][nom]Master Exon[/nom]"released their its to address the problem."[/citation]
Whoops, I re-arranged that opening paragraph a few too many times. It's "fixed" ;)
 
G

Guest

Guest
So what about grammar? honestly. Also there shouldn't of never been an article about the security flaw; it was a "bug" and will be lots of them in the beta.
 

randomizer

Distinguished
No, it wasn't a "bug". It was part of the design. Microsoft planned to leave it wide open like that, because they were afraid people would care if UAC settings changes caused prompts. They didn't consider the flip side where people consider security more important than sticking to their new UAC paradigm of less prompts.
 

Tindytim

Distinguished
Sep 16, 2008
506
0
18,930
[citation][nom]Smitty6123[/nom]So what about grammar? honestly. Also there shouldn't of never been an article about the security flaw; it was a "bug" and will be lots of them in the beta.[/citation]
You aren't not a hypocrite.
 

BallistaMan

Distinguished
May 20, 2008
31
0
18,580
This is exactly what Microsoft needed to do. Personally I would have preferred it without the initial "we did it on purpose" rigmarole, but they admitted their mistake in the end.

What they still need to do is allow you to make UAC exceptions for programs. Just have it so that when an exception is made, a prompt pops up. It'll be vaguely annoying when you're adding the exception on purpose, but quite effective at keeping any nasties from doing it remotely.
 

Tindytim

Distinguished
Sep 16, 2008
506
0
18,930
[citation][nom]BallistaMan[/nom]What they still need to do is allow you to make UAC exceptions for programs. Just have it so that when an exception is made, a prompt pops up. It'll be vaguely annoying when you're adding the exception on purpose, but quite effective at keeping any nasties from doing it remotely.[/citation]
And what about fullscreen applications? You can either minimize them (which is extremely annoying, and can cause some problems with the program) or let a the prompt sit there, unnoticeable until the fullscreen app exits.

An overlay would be nice, but I'm not so sure if that could keep compatibility with every application.
 

enforcer22

Distinguished
Sep 10, 2006
330
0
18,930
[citation][nom]truehighroller[/nom]I have been seeing a lot of whining about grammar lately.[/citation]

Its because people need to grab those giant sticks and yank them out of thier anal (no phun intended) ass's. And other which to ignore even a informative messege (which im not saying this is) because a period is out of place. Personaly i ignore both partys becuase they are more annoying then a fly that keeps buzzing in your face. (actualy thats alot more pleasant)
 

frozenlead

Distinguished
[citation][nom]BallistaMan[/nom]What they still need to do is allow you to make UAC exceptions for programs. Just have it so that when an exception is made, a prompt pops up. It'll be vaguely annoying when you're adding the exception on purpose, but quite effective at keeping any nasties from doing it remotely.[/citation]

...which is essentially circumventing the entire UAC. This is a bad idea - malicious programs will be written to automatically make themselves exceptions.
 

BallistaMan

Distinguished
May 20, 2008
31
0
18,580
[citation][nom]frozenlead[/nom]...which is essentially circumventing the entire UAC. This is a bad idea - malicious programs will be written to automatically make themselves exceptions.[/citation]
Which is why it would prompt before making the exception. I'm not saying it's a particularly good idea, just the only one I had at the time. *shrugs*
 

Tindytim

Distinguished
Sep 16, 2008
506
0
18,930
[citation][nom]BallistaMan[/nom]Which is why it would prompt before making the exception. I'm not saying it's a particularly good idea, just the only one I had at the time. *shrugs*[/citation]
So, you're saying it's not a prompt, but more of an alert. Telling you that "that.exe has been added to the exception list", so if an application attempted to add itself to the list, you'd know you didn't add it.
 

V8VENOM

Distinguished
Dec 31, 2007
88
0
18,580
This wasn't a "mistake" by Microsoft. It was done intentionally so that they could then justify the excessive prompts that you WILL get in Windows 7 when released.

Randomizer, you seem to believe that "Prompts" are required to secure an OS. Why? Get out of that box of thinking. It's call user context, Windows 7, yet again, does NOT understand, deal with, or in anyway realize the difference between a user physically moving the mouse and/or using the keyboard vs. some events triggered by malicious code. Why, because "it's too difficult" to change their massive code base to be able to understand user context.

Until Microsoft really step up to the plate and address their OS's inability to determine user context, they will continue to bombard users with prompts and continue to have endless security updates.

Windows 7 is NOT new code base, it's based on Vista code base. Microsoft still have NOT copped a clue and they're doing "Business as usual" with Windows 7. It will be another flop, just like Vista.

Rob.
 

Tindytim

Distinguished
Sep 16, 2008
506
0
18,930
[citation][nom]V8VENOM[/nom]Windows 7 is NOT new code base, it's based on Vista code base.[/citation]
I was completely unaware of this, even though every media outlet has reported this.

[citation][nom]V8VENOM[/nom]Microsoft still have NOT copped a clue and they're doing "Business as usual" with Windows 7.[/citation]
The fact of the matter is, they needed something new, and they needed something fast. So they fixed some issues and added some new functionality.

[citation][nom]V8VENOM[/nom]It will be another flop, just like Vista.Rob.[/citation]
I seriously doubt it. I think Microsoft has learned a bit from Vista, things need to work out of the gate.

They can take this time to create what will be NT 7.0.
 

V8VENOM

Distinguished
Dec 31, 2007
88
0
18,580
Tindytim,

Agree, agree, don't agree, and maybe.

I don't see what they've learned? What I see so far is them trying to figure out a new way to market and "updated Vista". Security is going to be same old same old in your face -- security doesn't have to be coded that way to still be secure.

I hope they at least fix some of the GUI issues -- minimize, maximize buttons should NOT be next to the close button (X) -- bad design just begging for people to move over 1 wrong pixel and click the wrong button. Huge chunks of screen real estate used with thick borders and empty space. Explore is horrible -- it's a nightmare interface with a ton of wasted space yet again. Will they fix the numerous "stopped responding" bugs? The Event Viewer crashing if you try to select a log before it's loaded? Many situations where something is happening (long task) but the user is NOT made aware, so they think the OS has just locked up...list goes on and on.

Windows 7 is a name change, similar how GoldStar became LG (Lucky/Goldstar) because GoldStar is perceived as a discount brand, yet LG is new and fresh -- even though the electronics are the same. This is Microsoft doing classic business 101 -- they failed so now they quickly get a new face/name out on the same code base and hope the consumer doesn't notice. Problem with that is it still doesn't bring the consumer what they want -- they don't want prompts, the don't wanna think about security (it's not their job), they wanna to be productive with an interface for a human not a Microsoft troll.

Most computer users don't want endless choices, they want their tool (OS) to make an intelligent decision without their involvement -- this allows the user/consumer to get on with their task and not FORCED to get involved with the OS. I don't see any signs of Microsoft learning this lesson??

Rob.


 

tenor77

Distinguished
Jan 22, 2009
396
0
18,930
Most computer users don't want endless choices, they want their tool (OS) to make an intelligent decision without their involvement -- this allows the user/consumer to get on with their task and not FORCED to get involved with the OS. I don't see any signs of Microsoft learning this lesson??

If by most users you mean most Mac owners, then yes, you are right. The vast majority of people actually like Windows (XP anyway). I'm not a big fan of playing in the Mac sandbox. It's great for what it does but I don't like playing by their rules. I have huge flexiblity on what hardware and software I use. I can customize to my hearts content and I don't need my OS to protect me from myself. Hence I don't use Vista.

Anyway, an appology after a denial isn't an apology, it's a case of "Oh crap, no one bought a BS spin"
Why can't a company just admit when their wrong the first time?
 

V8VENOM

Distinguished
Dec 31, 2007
88
0
18,580
No, not taking Mac into this debate at all. Keeping this to Windows 7 and Vista.

Sorry for the double post, Tom's doesn't seem to like Vista IE7 either.

You should see how many times Microsoft have gone back and forth admitting Vista is a flop. Like I said, I don't see anything "new" coming out of Microsoft other than they have asked the Federal Government to increase their maximum allocation of H1B VISA -- 65,000 apparently isn't enough, yet they're laying off 5000 people even with a profitable year??

I'm not sure what Microsoft is these days, far removed from the company they used to be. I can't see many forking out $200 for Windows 7 Starter -- hate to think what their premium version will cost.
 

randomizer

Distinguished
[citation][nom]V8VENOM[/nom]Randomizer, you seem to believe that "Prompts" are required to secure an OS.[/citation]
Really? Where did I say that? The last thing I want is prompts and passwords, that's why I don't use UAC. However, most people don't have a clue about security, so adding a thin extra layer isn't so much of a bad thing. But if that layer can be removed by someone who copied and pasted a VBScript off the internet then it might as well not exist. At least with a forced prompting in this case the only thing responsible for system "security", or lack thereof, is the user and not the script. The prompt should CLEARY state what is happening though, not just "Do you want to make changes to UAC?". It should also make sure the user is aware that if they did not explicitly make changes themselves then they should click "No". If they still click "Yes" for whatever reason, then PEBKAC.

I definitely agree with your point that most users, including myself, don't want to get involved with the OS. It is there as a layer between my applications and my hardware, it is NOT my applications and therefore I don't want to have to do anything with it. I don't care if Vista runs good when stripped of its services and other garbage, I don't want to have to tweak it (beyond preferential things) to make it run well.
 

V8VENOM

Distinguished
Dec 31, 2007
88
0
18,580
9 out of 10 Vista users don't under what the UAC means nor why they are being asked. Even if you cleared up the text of the prompt, it wouldn't help. Based on the current Windows 7 flaw, it would have to rely on the application or pasted source (aka malicious code) to provide information -- no reason the Malicious source couldn't say it was some Microsoft source. Or it could be a legit source - who knows.

Will an end user be able to determine a legit source from a malicious one, maybe but most likely not. Microsoft's approach to security is wrong and they know it, hence the BS factor being dished out "by design". Sadly, they have not or will not take responsibility for security in their OS.

But I do agree, if you're gonna prompt an end user to respond to a security concern, Microsoft MUST provide a lot more info -- something like:

1. Context source (copy paste operation, message event, application)
2. Is the source certified by any legit certificate service?
3. What exactly is the source attempting to do?
4. Is the source registered so I can obtain details?

Microsoft also need to provide the services (free) for folks to get legitamized -- current system is ridiculous and borderline extortion. Justify the cost of this new OS beyond fluff and hype.

Rob.
 
Status
Not open for further replies.