Partager via

UAC BS

  • Article

Howdy once again from RSA. It's raining. So much for sunny California!

Jeff and I just gave our talk about Windows Vista Security Engineering. It was a packed room. In fact, when we got to the room we saw a bunch of people milling around outside. We went to the door to enter and we were told we could not enter because the room was full. We thought the previous talk had yet to finish, but we were wrong, it was filled with people attending our talk. We asked if we could enter because we were the speakers, and again we were told, "NO" Then Jeff said, "seriously, we're the speakers." So they let us in. So much for security!

Anyway, back to the topic at hand.

There is a great deal of FUD about UAC. Yeah, it was very chatty in beta 2, but we really made a great deal of progress for the final release of Windows Vista. In general, it's a little chatty at the start, but once you settle in, install the apps you need, and the printer drivers and so on, it's pretty quiet.

But there is a perception that it's still very chatty. Here's a case in point. I bumped into a guy I haven't seen in a couple of years (let’s call him Xx) , here’s how the conversation went.

Me: How’s things?
Xx: Good, you?
Me: Kids doing well?
Xx: Growing up! How are Blake & Paige?
Me: Getting into my computers, read my blog.
Xx: What's new? Things going well with you?
Me: Excellent, we shipped Vista. Yay!
Xx: It’s ok.
Me: Waddya mean?
Xx: Too ‘noisy’?
Me: Waddya mean?
Xx: too many pop-ups.
Me: Like what?
Xx: UAC stuff
Me: When do you see the pop-ups?
Xx: all the time
Me: When?
Xx: When I do stuff
Me: Like what?
Xx: everything!
Me: like when? I probably get two prompts a day – and that’s only ‘coz I do geeky stuff. Gimme specifics
Xx: like right when I logon
Me: we suppress prompting on logon/startup, and fail the app load, you will see no prompts as you logon.
Xx: oh.

At this point Xx had a sheepish look...

Perception != Reality.

Comments

  • Anonymous
    February 08, 2007
    The URL to "Jeff" is returning a 404.

  • Anonymous
    February 08, 2007
    MH: really enjoyed your talk today at RSA on Vista but discovered it wasn't in the CD of conference proceedings. Would you be willing to post it? thanks.

  • Anonymous
    February 08, 2007
    I was at the local Best Buy being a "Vista rep" this past weekend.  All of the floor models that had the Best Buy screen saver program had UAC totally disabled. Yes, ALL had UAC disabled.  I hope it's just the floor models and not the OEM units themselves. There were two gentlemen who said they build custom desktops say that one of their customers nearly threw their new Vista computer threw the wall..and they had to disable UAC  "Why?" says I.."Because they want control, way too many popups"  "I don't get prompted hardly at all ..when does this occur"  "She was copying files between her C: and D: drives and kept getting prompted all the time".   I do not remember ever having a UAC popping up during file copying... I gave this gentlemen my card and told him to email me and that I wanted to fully understand exactly when this was occuring. Is there a different window now for copy and paste, sure.  But I cannot for the life of me figure out what process either he or she is doing to get UAC to pop up during a mere file copy process from one drive location to another. I get it when going into management style stuff... but most of the time when using applications, surfing the Internet... I don't. Yes, there is a ton of perception versus reality going on. He's yet to email me... when he does... I'm going to say "prove it".

  • Anonymous
    February 08, 2007
    P.S.  We need the rain..thanks for bringing it with you...

  • Anonymous
    February 08, 2007
    Oh my. Let me guess - probably a "security consultant" of some sort. I fear for his client base.  :(

  • Anonymous
    February 08, 2007
    The comment has been removed

  • Anonymous
    February 08, 2007
    Jesper's Blog : Help: Vista won't let me write to my external hard drive: http://msinfluentials.com/blogs/jesper/archive/2007/01/16/help-vista-won-t-let-me-write-to-my-external-hard-drive.aspx Whadya wanna bet this is what he was hitting..... Now if he'll only email me back...

  • Anonymous
    February 08, 2007
    The comment has been removed

  • Anonymous
    February 08, 2007
    >>For example, right-click Computer, select Manage. It forces a UAC prompt every single time. There's a magic word in that sentence - MANAGE!! You can tweak the OS with the management stuff in that tool! like add new users, and create tasks, and look at the security event log and install device drivers and do I need to keep going! :)

  • Anonymous
    February 08, 2007
    404 is fixed - there's something funky about the way this blog tool builds URLs - it prepends some ControlPanel URl...

  • Anonymous
    February 09, 2007
    The comment has been removed

  • Anonymous
    February 09, 2007
    The comment has been removed

  • Anonymous
    February 09, 2007
    The comment has been removed

  • Anonymous
    February 13, 2007
    michael_HOWARD: "There's a magic word in that sentence - MANAGE!! You can tweak the OS with the management stuff in that tool! like add new users, and create tasks, and look at the security event log..." The magic words you should see in your sentence is "you can". The user doesn't really change anything at the moment you annoy him. How about moving such stuff to the "Apply" and "OK" points, for example? Or how can anybody let his machine be attacked by having Task Manager which remembers "Show processes of all users"? I must admit, you selected surprisingly appropriate title for your post. :)

  • Anonymous
    March 13, 2007
    On my dev machine I had to turn off UAC within an hour of installing it.  The Razzle build scripts do something that repeatedly triggers the UAC prompt.  After entering my password 5+ times in a row with no end in sight, I was relieved that I could disable it completely.  Otherwise I'd still be using Win2003 Server for my dev machine.

  • Anonymous
    March 17, 2007
    In preparation for the job change, I decided to get a spare laptop to use in case my main computer goes down. I bought the Sony Vaio PCG-7M1L last summer at Best Buy, along with the 3-year, drop-in-in-the-ocean-and-we'll-replace-it warranty, so...

  • Anonymous
    March 17, 2007
    I don't mean to be rude, but this whole post is kind of insulting and anti-reason. A lot of people <em>hate</em> how annoying UAC is and your whole response is, "no it's not" or "you're actually not having the problem you say you're having." um...got anything better to offer?

  • Anonymous
    March 17, 2007
    >>you're actually not having the problem you say you're having what he was doing was being a little stingy with the truth - we DO NOT pop-up UAC prompts during logon. We don't. Seriously, we don't. It was a decision we made post beta 2. So he was simply uttering urban myth without knowing the facts, and i hear this all the time.

  • Anonymous
    March 22, 2007
    Vista is still very new in it’s RTM form. For most people that means plenty of application installation

  • Anonymous
    May 03, 2007
    I would like to know a way to Selectively allow some programs to run on start up with elevated privileges With or without the pop up... simply blocking the application from running is not an option, seeing as there is no option in that dialog that allows me to say "Let this run from now on". and I would like to be able to do this without making a scheduled task for it. Is it really that much to ask?