Apple mocks UAC. Cancel or Allow?
February 7th, 2007Found via daringfireball.net: this apple ad really gets the gist of why UAC pisses me off.
Watch, feel my burning frustration.
Joe-end-user, running his pre-installed copy of Vista on the $600 dell laptop, is in no position to make a good decision about security. Stop asking him.
This is just like the whole ActiveX fiasco with IE. Walking through the basic scenario:
- Navigate to some site you want to view – www.manyfreesexypics.com
- Site wants to install some ActiveX plugin, which adds all sorts of great functionality [for their ad network provider]
- IE Prompt: “Do you want to install this activeX plugin? Translated by User: “Click yes to see this site”
- User: Hmm — I clearly want to see it, thats why I came here. Of course I hit yes.
People always hit yes.
Vista UAC pushes this culture of always saying yes right into the operating system. Basic tasks like renewing/repairing your IP require elevation. When users are forced to “allow” with such frequency, what is going to get them to slow down and think? How can they be expected to know the difference in risk between renewing their IP address or running a program they downloaded?
February 12th, 2007 at 6:22 pm
At the end of the day, is UAC about security or does it simply allow Microsoft to indemnify themselves when Vista proves to be no more secure than XP for the very reasons you stated?
By continuing to give every application (effective) complete control over the OS, Microsoft continues providing the perfect virus/worm/trojan development platform. Nothing will change that and nothing they can do with Vista will stop the problem because the model is flawed.
Years ago I used to joke that if edlin had been written today, it would be scriptable, have access to kernel functions and subject to security exploitation because that’s what every Microsoft app is like.
We are still seeing new Office exploits on a weekly basis, if not more often. Picture someone saying the following in 1987 (assuming Word and Excel existed at the time, I don’t recall):
In 20 years Word and Excel will suffer from a constant string of security vulnerabilities that will risk data loss and possible remote takeover of the user’s system.
(I won’t even add the absurd idea of Word crashing and corrupting my saved document beyond hope of recovery, even though it happened to me a couple months ago.)
People would have thought that person is nuts! “It’s a word processing program.” “It’s a spreadsheet.” they will argue. That’s ludicrous. But nowadays we accept it as normal because Microsoft’s definition of “word processor” or “spreadsheet” is a complete software development platform capable of anything the OS can do, but for numerous often-explotable security restrictions. I myself would be more than happy to have WordPad as a word processor. In fact, I swore to never again use Wurd (as I call it) and started writing documentation in ReStructured Text. My productivity increased threefold and the end result can be used in more ways (and get translated into HTML without random format and color changes).
In summary, UAC is probably intended more as Microsoft’s way of being able to say, “We didn’t cause your computer to be pwned, you caused your computer to be pwned. Where do you want to be taken today, luser?”
p.s. I run Windows XP on my laptops that came with it, otherwise I run Windows 2000 or Linux. I don’t hate Windows, even though I do hate Office.
February 12th, 2007 at 7:06 pm
I’d have to disagree. I think Microsoft really is attempting to do “the right thing” but is struggling to do so. They really seem to be struggling with a variety of top down design issues — there does not seem to be a commanding vision of how their PC experience should feel or even be composed.
That being said, Office 2007 is really impressive. Word is beautiful, fast, and easy to use with the new Ribbon UI. Excel, despite your valid points about security, is and always has been one of the most amazing programs out there, in my honest opinion. The ease at which non-technical people can grok and do pretty amazing things with Excel is a testament to how well they’ve nailed the overall experience of spreadsheeting. There are players out there who also nail the basics, but when you seem a management consultant who was a history major in college do all sorts of crazy pivoting and scripting – you have to be impressed with how accessible and powerful they’ve made that program.
The bigger issue is that making this HUGE applications that so many people rely on is Very difficult to do. It’s even more difficult to do securely. I know quite a number of very smart people who work at MS and they’re not slackers or unaware programmers. Having more modern developer tools like the .NET platform and other appropriately sandboxed runtime environments with easy to extend widgeting toolkits really does a lot for the ability of a developer to create streamlined and secure applications. This obviously isn’t going to fix some of the top down design problems Microsoft is seemingly unable to solve [9 ways to shut down Vista], but it does a lot to get down the path.
February 13th, 2007 at 10:22 am
You’ve made some good points. First, I’ll agree with you on Excel. Every time I use Word in a non-trivial, I have a negative and frustrating experience. I recently had the same experience with Visio. Microsoft has tried so hard to make the apps behave intelligently that they are, at least in my opinion, complete unpredictable.
However, my experiences with Excel have always been good. I like it, it allows me to do what I’m trying to do. It doesn’t second-guess me and change everything for seemingly random reasons.
With respect to Windows development onsecurity, perhaps I was being overly cynical, and having worked with an ex-Microsoftie, and having read a lot of stuff on-line, and having recently spent 15 months working at AOL, another large company that acts really retarded, I’m completely convinced that Microsoft’s problems (like AOL’s problems) are solely due to management, or lack thereof, and not the technical skills of the developers on the front line. It’s particularly telling when their “spiritual” leader and high visionary Bill Gates is constantly making statement that seem so out of touch with reality as to be laughable. Windows has always suffered from “design by committee” and it continues to get worse and worse as years go on, until they have reached a point with a massive new product 5 years in the making that offers no single compelling reason to upgrade, which much of what it touts has existed in the competition for years. This isn’t a lack of brains, it’s a lack of leadership and a sympton of company so obsessed with business dominance that it has completely lost track of why it’s in business in the first place.
Word could probably lose 95% of its functionality and 95% of its non-casual users would never notice, and it would probably be much easier to use. Why can’t there be a Word “lite” for the casual users, which probably comprise a vast majority of people who use it? Why must every app be a full-blown virus, er, software development toolkit when 995 out of 1000 people only need a little more functionality than provided by WordPad?
Despite OSX and Linux which are evolving faster than Windows ever did, Microsoft’s biggest competition in the OS realm will always remain their own older products, and that’s a problem I don’t think they can overcome. Security issues aside, 2000 and XP still do every thing Windows has to do, minus some better support for newer hardware.
March 30th, 2007 at 4:20 am
Ahh, the old 80/20 rule. That argument is flawed.
But lets run with it. I never use mail merge. Let’s dump it. And I never use columns – those can go too. And I’m great with English (!) so the grammar checker is out.
But oh! The secretary can’t do her work now. What about the kids making newspaper style reports? And the guy who needs help with it’s and its is stuck too.
No one likes bloat and confusion, but everybody uses different parts of programs in different ways. How frustrating would it be if your favourite feature got the chop?
Going back to the subject – how would you prefer Vista to ask for authorisation?
April 24th, 2007 at 10:24 am
Disclaimer: I haven’t used Vista, I quite possibly never will. My work machine runs XP, although I am programming for Linux. My primary home machines runs Ubuntu, but I still use Windows sometimes. My kids’ machine uses Windows 2000 and I run a Windows 2000 VM on my Ubuntu laptop for PaintShopPro and couple games. Despite my harsh criticism of Microsoft, I mostly like using Windows. However, I like using Linux more, on the balance.
It’s not how Vista asks for authorization, but rather how often it has to ask. Having used Linux and/or OSX for a good year now, I find the OS asking for my password to be occasionally annoying, but nothing like what I have read about Vista. And ultimately, I don’t think it will help much, because it is still relying on the judgement of the user. If the judgement of the user was sufficient, then Windows security problems wouldn’t be a tenth as bad as they are.
People don’t know (and to be fair, shouldn’t have to know) what programs are safe to run and what programs are dangerous.
In a corporate environment security will be maintained simply by not giving the user the admin password in the first place, but that can be done with XP or 2000 as well (although there are lots of things you can’t do that you should be able to do).
Ultimately, we are still suffering from bad (or excessively expedient) decisions made by Microsoft over the past 25 years. As a Windows programmer, I used to joke that every bad idea Microsoft has ever had is still in Windows and in a lot of ways that is true.
Microsoft has worked themselves into a corner, which is understandable, but on top of that, they simply are too bogged down in their own bureaucracy and arrogance to offer anything really innovative and compelling about Vista.
I have found since NT 3.51, I have looked forward to each successive OS less and less, and usually with good reason. NT 4 was exciting, and seemed to offer a lot new without compromising too much stability. Windows 2000, which I wrongly predicted would be a disaster, was very useful, and reasonably stable, if a security nightmare. I still use Windows 2000 a lot. XP offers some new things, but nothing worth paying the upgrade price for unless you needed compatibility with older software or newer hardware. I haven’t seen one reason to bother with installing Vista, and having an MSDN license for Vista Ultimate, I wouldn’t even have to pay.
August 25th, 2007 at 6:43 pm
Vista is another Microsoft joke.If they really want to make windows great 1.stop kissing the media conglomerates ass and bloating the system and resource requirements with DRM. 2.windows should By default be restricted or regular user without admin rights and TEACH the people how to properly use the computer. 3.All SDK should be based on the restricted user model>good programming should not require admin rights to run an application unless that application truly needs admin rights.4. you should not have to fully log on as admin to use windows updates or automatic updates it should prompt you for a password to update.
October 22nd, 2007 at 4:50 pm
6010 download free nokia ringtone…
6010 download free nokia ringtone…
December 1st, 2007 at 5:10 am
You have the natural advantage in creditor debt settlement , which may be appropriate for debtors with … Great Solution
December 26th, 2007 at 9:19 am
DIY Software helps engage home…
DIY Software helps engage home improvement customers.ThomasNet Industrial News Room (press release), NY -Jul 25, 2007They combine MCF AI technology with video…
June 4th, 2008 at 3:11 am
geant casino jeux…
Pagar giochi keno gratis in linea achat jeu de poker juego al instante online jeux casino machine a sous crazy game of poker…
June 13th, 2008 at 1:23 am
jeux roulette…
More jeu de poker francais des règles du jeu de poker roulette online online poker cheating jeu gratuites…