Condividi tramite


UAC Feedback and Follow-Up

When we started the “E7” blog we were both excited and also a bit uneasy. The excitement is obvious. The unease is because at some point we knew we would mess up. We weren’t sure if we would mess up because we were blogging about a poorly designed feature or mess up because we were blogging poorly about a well-designed feature. To some it appears as though with the topic of UAC we’ve managed to do both. Our dialog is at that point where many do not feel listened to and also many feel various viewpoints are not well-informed. That’s not the dialog we set out to have and we’re going to do our best to improve.

This post is an attempt to get both the blog right and the feature right. We don’t like where we are in terms of how folks are feeling and we don’t feel good – Windows 7 is too much fun and folks are having too much fun for us to be having the dialog we’re having. We hope this post allows us to get back to having fun!

To start we’ll just show representative comments from the spectrum of feedback. We’ll then talk about the changes we’re making and also make sure we’re all on the same page regarding how we move forward. In terms of comments we’ve heard the following:

@sroussey says:

You have 95% of the people out there think you got it wrong, even if they are the ones that got it wrong. The problem is that they are the one's that buy and recommend your product. So do you give them a false sense of increased security by implementing the change (not unlike security by obscurity) and making them happy, or do you just fortify the real security boundaries?

And @Thack says:

Jon,

Thanks for sharing your thoughts.  I understand your points.

Now, I want add my voice to the call for one very simple change:

Treat the UAC prompting level as a special case, such that ANY change to it, whether from the user or a program, generates a UAC prompt, regardless of the type of account the user has, and regardless of the current prompting level.

That is all we are asking.  No other changes.  Leave the default level as it is, and keep UAC as it is.  We're just talking about the very specific case of CHANGES to the UAC prompting level.

It will NOT be a big nuisance - most people only ever change the UAC level once (if at all).

Despite your assurances, I REALLY WANT TO KNOW if anything tries to alter the UAC prompting level. 

The fact that nobody has yet demonstrated how the putative malware can get into your machine is NO argument.  Somebody WILL get past those other boundaries eventually.

Even if you aren't convinced by my argument, then the PR argument must be a no-brainer for Microsoft.

PLEASE, Jon, it's just a small change that will gain a LOT of user confidence and a LOT of good PR.

Thack

With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.

@mdaria510 says:

Sometimes, inconsistency with your own ideals is a good thing. Make an exception, if only to put people's fears to rest.

That sums up where we are heading. The first change was a bug fix and we actually have a couple of others similar to that—this is a beta still, even if many of us are running it full time. The second change is due directly to the feedback we’re seeing. This “inconsistency” in the model is exactly the path we’re taking. The way we‘re going to think about this that the UAC setting is something like a password, and to change your password you need to enter your old password.

The feedback is that UAC is special, because it can be used to disable silently future warnings if that change is not elevated and so to change the UAC setting an elevation will be required.  To the points in the comments, we also don’t want to create a sense or expectation of security that is not there—you should still not download code and run it unless you trust the source. HTML, EXE, VBS, BAT, CMD and more are all code and all have the potential to alter the environment (user settings, user files) running as a standard user or an administrator. We’re focused on helping people make sure that code doesn’t get on the machine without consent and many third party tools can help more as well. We want people to be comfortable with the new UAC control and the new default setting, so we’ll make the changes outlined above as the feedback has been clear.

While we’re discussing this we want to make sure we’re all on the same page going forward in terms of how we will evaluate the security of Windows 7. Aside from the UAC setting, the discussion of the vulnerability aspects of the Windows 7 Beta  have each started with getting code on the machine, which the mechanisms of Windows have prevented in the cases shown. We have also heard of security concerns that involve multiple steps to demonstrate a potential exploit. It is important to look at the first step—if the first step is “first get code running on the machine” then nothing after that is material, whether it is changing settings or anything else.  We will treat very seriously the ability to get code on a machine and run without consent. As Jon’s post highlighted briefly, the work in Windows 7 is about the increased protections in place to secure your PC from acquiring and running code without your consent, and of course we continue to make sure Windows code is secure from both tampering or circumventing the protections in the system.

We want to reiterate the security of the system overall. Windows 7 is SD3+C and is designed to be more secure that Vista—that’s our priority. None of us want to have Windows 7 be perceived as being less secure than Vista in any way, because our design point is to make sure it is more secure that Windows Vista, by default.

We said we thought we were bound to make a mistake in the process of designing and blogging about Windows 7. We want to continue the dialog and hopefully everyone recognizes that engineering, perhaps especially engineering Windows 7, is sometimes going to be a lively discussion with a broad spectrum of viewpoints expressed. We don’t want the discussion to stop being so lively or the viewpoints to stop being expressed, but we do want the chance to learn and to be honest about what we learned and hope for the same in return. This blog has almost been like building an extra product for us, and we’re having a fantastic experience. Let’s all get back to work and to the dialog about Engineering Windows 7. And of course most importantly, we will continue to hear all points of view and share our point of view and work together to deliver a Windows 7 product that we can all feel good about.

--Jon and Steven

Comments

  • Anonymous
    February 05, 2009
    Thank you very much. This is awesome!

  • Anonymous
    February 05, 2009
    Thanks for this, Steven and Jon. I took the liberty of blockquoting you guys directly.

  • Anonymous
    February 05, 2009
    Thank you. This is a great example of listening to customers, reacting to their concerns and finally providing what they need. In fact, this is just par for the course for what the Windows team is delivering with Windows 7: A sophisticated general purpose OS that suits the needs of a great many people and one that has been designed, from the very beginning, with their feedback front and center. Outstanding work, Windows team! Thank you. Charles Channel 9

  • Anonymous
    February 05, 2009
    Sounds good. You definitely need to work on your communication about these though.  The exploits relied on the UAC page not being elevated - the critical part was the SendKeys, not the lack of UAC mesage; clear communication about the bug rather than long explanations about "this is by design" would've done a lot to defuse this situation. I would also suggest that a change of mindset in terms of the idea that "once an app gets code running on the machine, it's game over".  People shouldn't have to give an installer full access to their system just to try out a new browser, media player, or photography app.  Yes, if its an app running with the user's permissions, it'll be able to destroy the user's data; but it shouldn't be able to render the machine unusable or access other people's files on the machine.   The concept of "partially trusted" code is hardly a new one.  Will there be vulnerability that permit unprivileged processes to elevate?  Of course.  Those are bugs, and should be fixed like any other security issue. Google Chrome is an excellent of example of an app installation which doesn't require full admin permissions.  I would suggest you should be encouraging these scenarios and figuring out how to make them more secure.  It would be awesome if an app could be installed without being granted full control to a system (as per Google Chrome/ClickOnce) and have its binaries be secure against tampering by other non-elevated apps (as Program Files-installed apps are). Thanks for listening...

  • Anonymous
    February 05, 2009
    Thank you not only for listening but also for the awesome communication.  

  • Anonymous
    February 05, 2009
    John and Steven, I think nobody here expects that you make design decisions in realtime based on feedback in this blog. In fact it even makes me feel a little uneasy. This sounds paradoxical but especially with security you want somebody on the other side, who knows, what she is doing and does not give in to user demand too easily. Also if people knew about the sendkey fix in the making, the discussion here would probably have been far more relaxed. What I would like to here now is a clear technical statement what kind of security I get from the UAC as it is in vista versus using a standard user account versus using the windows 7 default UAC settings. Are you planning to protect other dialogs in windows 7 from simulated user input? Regarding telemetry to measure system security: The point here is to realize that malware to exploit the new UAC settings has to be written first and this is likely to happen only, when windows 7 becomes mainstream.

  • Anonymous
    February 05, 2009
    I am blown away (pleasantly surprised) that you're making this change. I feel that this topic would really benefit from an in-depth interview on Channel9.  Ideally you'd have someone like Mark Russinovich playing devil's advocate and asking you tough questions. There are 2 issues that I would ideally like to see discussed:

  1. I thought the whole point of UAC is to limit the damage that malware can do if it somehow gets to run.  So it seems besides the point to argue that malware can't really get into the computer without the user's consent.  If you are so sure that malware cannot possibly get into a Windows7 machine, then why bother having UAC at all ?
  2. Before this latest change in UAC behavior, the following scenario was thought to be possible:
  • user has configured UAC to "Notify only when..."

  • malware somehow gets to run

  • malware can use some kind of trick to change UAC settings without the user finding out

  • malware can do whatever it wants Was that scenario possible ? And if so, did that render the "Notify only when..." setting useless ?  If not, why not ? Thanks !

  • Anonymous
    February 05, 2009
    wow jon and steve, i'm blown away by how gracious you have been in the discussion! Also thank you for changing UAC settings to now require elevation. that was all i was after (and i bet many others) However regarding your quote; "That was already in the works before this discussion", its a pity this wasn't communicated earlier

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    @ncgloy: That's a great idea! :) C

  • Anonymous
    February 05, 2009
    UAC should be set to Always Notify. Protect us from System Changes. I was thrilled in a bad way to find Windows 7 left by default that option to a lower level... That's the purpose of UAC. I don't see anyone complaining on Other OS about Credential Mechanism. Do you really want to please Whinning XP users at all ? I bet not ! Keep Up the excellent Work there !

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    I just wanted to discuss this quotation a little further: "We have also heard of security concerns that involve multiple steps to demonstrate a potential exploit. It is important to look at the first step—if the first step is “first get code running on the machine” then nothing after that is material, whether it is changing settings or anything else." Isn't it slightly naive to say "nothing after that is material"?  There's an implied assumption that ALL you need to worry about is that first step. But wouldn't it be fair to say that, even with your very best efforts, one day some malware might come along that DOES overcome that first step.  In that case you want it to face another barrier, and another. So I think it's kinda risky to dismiss those scenarios which begin "first get code running on the machine".  They are not silly scenarios, or contrived.  They are simply saying "If the first barrier has fallen, how well do the remaining barriers work?". And I think it is legitimate to explore those scenarios, even though they OUGHT not to arise, and you've designed against them. Just my thoughts!  :-)

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    @p_rynhart What scenario would they be preventing? Allowing an elevated program to do things that elevated programs are allowed to do?

  • Anonymous
    February 05, 2009
    @a688 If a third party installer is downloaded to the desktop and launched then UAC will kick in and prompt for elevation on the secure desktop.  Yet, this can all be circumvented within 30 seconds by starting up Task Manager. This doesn't seem right to me (particularly when UAC is set to require a password along with "Notify me when programs try to make changes to my computer"). Regards, Patrick

  • Anonymous
    February 05, 2009
    On my W7 beta 1 machine I have no option in the task manager create new task window to elevate its rights. But I agree if there's a series of steps which a program running with UAC on could elevate to admin rights without prompting from UAC, it needs to be eliminated.

  • Anonymous
    February 05, 2009
    Could someone please explain to me why regedit.exe requires elevation under the default UAC settings whereas taskmgr.exe does not ? It seems to me that neither are directly related to "Windows Settings" (which is the text associated with the UAC slider). taskmgr.exe concerns terminating processes, starting/stopping services, etc.  "Windows Settings" (in my view) concerns changes to font dpi, adding/removing programs etc. In my opinion, taskmgr.exe should require elevation the moment that a shield icon is pressed in this application (with the default UAC settings). On the contrary, why does UAC force me to use a full administrative token to invoke regedit ?  What if I only wanted to make changes to HKCU ?  I should be able to open this application using my "standard user" token. Things seem very inconsistent. Regards, Patrick

  • Anonymous
    February 05, 2009
    Oh, finnally we were starting to worry that you wern't listning. My thoughts exactly expressed here http://community.winsupersite.com/blogs/paul/archive/2009/02/05/microsoft-backtracks-on-windows-7-uac-pretends-it-was-all-part-of-the-plan.aspx

  • Anonymous
    February 05, 2009
    p_rynhart: If a third party installer is downloaded to the desktop and launched then UAC will kick in and prompt for elevation on the secure desktop.  Yet, this can all be circumvented within 30 seconds by starting up Task Manager.


Care to elaborate further what you mean. I don't see how it can be circumvented by starting the task manager. One way or the other you need to be elevated. If the taskmanager is elevated it cannot be touched by the non elevated installer (which it will be, but without a prompt). Try this and you will see that your non elevated app cannot touch it anylonger Set WshShell = WScript.CreateObject("WScript.Shell") WshShell.SendKeys("^{ESC}") WScript.Sleep(1000) WshShell.SendKeys("taskmgr") WshShell.SendKeys("{ENTER}") WScript.Sleep(2000) WshShell.SendKeys("{TAB}") WshShell.SendKeys("{TAB}") WshShell.SendKeys("%s") WScript.Sleep(1000) WshShell.SendKeys("%f") WshShell.SendKeys("{ENTER}")

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    Steven and Jon, THANK YOU! I'm glad you guys are listening. You just insured that I will be purchasing at least two copies of Windows 7 Professional with an Ultimate upgrade. Thanks for listening to the bloggers, testers, and concerned users. This is why I'm a Windows user. You'd never get this kind of open and honest discourse from Apple. Thanks guys.

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    My main issue with UAC is not the prompts (though they can be annoying) it's the behavior changes that occur without any prompts to elevate. i.e. some (possibly) bad stuff I'm asked to confirm first, other (possibly) bad stuff is just forbidden.

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    @ababiec Surely frequency of use shouldn't be the sole determiner as to whether an application should trigger a UAC prompt. Regards, Patrick

  • Anonymous
    February 05, 2009
    Google Reader doesn't show this post. Your RSS feeds must not be being updated properly.

  • Anonymous
    February 05, 2009
    The UAC in the Windows 7 beta is very nice, and the default settings are quite pleasant! I would be interested if you could do a write-up on Windows Defender development.  The last comparison reviews I've seen about it were a couple of years ago, and it was shown to be not as effective as some other antimalare products at that time.  I wonder if there is any telemetry to share in this regard.

  • Anonymous
    February 05, 2009
    Great ! Microsoft is listening :D

  • Anonymous
    February 05, 2009
    I was also hoping that Microsoft would provide a way of installing software as a local user, or perhaps a sort of forced emulation (redirecting the install to C:UsersCurrentUserAppDataLocalVirtualStoreProgram Files), or wherever is deemed necessary. Part of this is simply providing functionality that existed under XP (installing WinRAR to non-C:Program Files was possible as a standard user) and part of this is to provide additional protection. Sometimes I'm not sure I trust an installer enough to give it administrative privileges, but enough to take the chance that it may trash my personal account. I would like to be able to test out a program before taking the plunge.

  • Anonymous
    February 05, 2009
    @MrDiSante and Mech9t8 Yes - I couldn't agree more with your comments.   Currently, UAC forces users to continue with an administrative token for installers (and other applications such regedit.exe for that matter). The UAC dialogs should have an advanced section (or similar) that allows a user to deny access to the administrative token, but to continue with the Standard User token. Currently, you have to continue with an administrative token or not at all.  (Unlike on Windows XP where you could choose to install software from an admin account or a limited user account and obtain an admin or limited token respectively.) Regards, Patrick

  • Anonymous
    February 05, 2009
    I was very disappointed with previous blog entry, due to which I was made to think that I, the consumer of the product, am wrong. However, this one resurrects some faith in your promise of 'great experience'. Do know it is highly apreciated. I understand you can't listen to everyone every time you hear complaint, but this special time I'm quite proud of your announcement. Keep going like this and we really may enjoy Windows 7. (Now awaiting RC with fixed UAC)

  • Anonymous
    February 05, 2009
    Great news, especially after yesterday's extremely dissapointing blogpost. Was that part of the underpromise, overdeliver campaign? :P

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    Excellent news, good to see that you are listening to feedback! Windows 7 is shaping up to be awesome and it would have been a shame to let something like this tarnish it.

  • Anonymous
    February 05, 2009
    You shouldn't do that... almost everybody is missing the point. UAC is not here to protect you from malware, it's just saying this code require admin privileges, you can have a more or less aggresive prompt. The setting we are talking about allow system modifications without prompt and allow users as code to do thoses changes. This is not an issue! If you want a prompt on every modification just adjust your UAC setting. By doing this change, you let everybody think "UAC is here to protect us from bad code that try to get elevated rights". Now geeks are happy to say : "there is a vulnerability, I can change settings, run a service, whatever and this way I dont have an UAC prompt". Of course... you have choosen to! If you want to protect yourself against malware go buying an antivirus/antispyware. Moreover, a malware doesnt need admin privileges to spam, get information about you, to listen your keyboard and send it over internet.

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 05, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    http://community.winsupersite.com/blogs/paul/archive/2009/02/05/microsoft-backtracks-on-windows-7-uac-pretends-it-was-all-part-of-the-plan.aspx Yep. But at least you made the chance - it doesn't matter if it helps. The customer is king.

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    There is a reason why every other operating system uses a UNIX permission structure - it's because UNIX is truly secure by design. Perhaps Microsoft should think about that as they redesign the security wheel for the millionth time. Microsoft, do what you do best for once; copy someone else's design. Your users' won't even notice the difference: http://www.zdnet.com.au/insight/software/soa/Is-it-Windows-7-or-KDE-4-/0,139023769,339294810,00.htm

  • Anonymous
    February 06, 2009
    Second post ever: if it's important enough to post about, it's important enough to say thank you! Some will point to this as an example of how you guys are finally listening.  In fact, this is an example of how you all have been listening for years and we appreciate it and it shows. It is also an example of you talking, though.  Without that, we would not know that you were listening.  You always said you were and of course you were but no one can see it unless you show it.  For that I also thank you. I am running the Beta but I can't wait for RTM so the rest of my family can enjoy the benefits as well.

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    David Of Michelangelo It is said that when the work was nearly completed, the gonfalonier Piero della Repubblica Fiorentina Soderini went from Michelangelo to admire the statue. After long observed with interest, he turned to the teacher saying that in his opinion, the nose of David was too big. Michelangelo then seized a handful of powdered marble and a chisel with which to pretend to correct the alleged error. slow slow 'at a time he dropped the powder from the hand, then asking the opinion of gonfalonier, who met, finally declared the perfection

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    I just had a thought, instead of just requiring the user to click "Continue", why not force them to enter their password.  I know I've been victim to just clicking "Continue" because I wasn't paying attention.  Requiring a user to enter their password really makes them think before they do something.  What I find is also weird, if you have UAC set above default, buttons that would normally require a consent, still have the shield on them even though they don't produce a prompt.

  • Anonymous
    February 06, 2009
    I'm glad to hear you've decided to change your mind on this issue. Let's about some new features (some we haven't heard from for months like WARP) now :) !

  • Anonymous
    February 06, 2009
    @marypcb > It would be bad practice for Microsoft to change > the resources given to a program on request; > giving a standard token when an admin token was > requested would lead to a lot of unexpected > behaviour. I was not referring to applications/installers specificially marked with "requireAdministrator" in their manifest - but to setup progams (e.g.) that Windows 7/Vista assumes require full administrative privileges. Surely some mechanism should be available for a user-based install ?  I don't see this as being any different to the "Protect my Computer and data from unauthorsied program activity" option which is available in the Windows XP runas dialog.  Note that in the case of XP, the trust level is even lower (i.e. a constrained token as opposed to a Standard User token). Regards, Patrick

  • Anonymous
    February 06, 2009
    @What I find is also weird, if you have UAC set above default, buttons that would normally require a consent, still have the shield on them even though they don't produce a prompt. That's because the button is telling you that what you do will cause the dialog to elevate when you select it, even though you have chosen to hide the elevation process.

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    @PatriotB Exactly. You are only listening to the feedback, you want do hear, Microsoft. Btw., do the contributers to this blog get their free copy of windows 7 for help designing your product? :-)

  • Anonymous
    February 06, 2009
    What you really should have done is leave the basics concept of UAC as it is and tweak the details of UAC to avoid double prompts, avoid prompts for uncritical changes like changing DIP and avoid prompts, before an actual change is made.

  • Anonymous
    February 06, 2009
    well, I'm looking into all opinions and have few comments: Windows 7 developers have to make some compromises. But the truth is, that UAC will do only, that normal non technical users will understand less, what is going on. I will repeat some other words about build 7000:

  1. no easy info for user, that something is working with admin privileges (no different window color or title with "(admin account)" or something like that)
  2. Task Manager should display info about all processes by default (when run without admin privileges, it will naturally not display everything about some of them - like currently Process Explorer from SysInternals)
  3. default tools should work with non admin privileges - like chkdsk, which in such situation should be able at least to show some info about partition Currently Microsoft will be maybe less interested in making more deep changes, but imagine such situation:
  4. startup files, kernel, some drivers, etc. are working in admin ring.
  5. whatever you try to run installer for some runtimes (like .Net) or antivirus, it must be signed and user is always asked by something like UAC to run it.
  6. when you run application (installer or executable), it runs in own sandbox (with some virtual system directories in real subdirectory of Program Files containing files and libraries). it doesn't have access to system directory or other apps, it can share only some Registry keys with other (for example responsible for registering some extensions). When application try to add driver to driver database, user is always asked by something like UAC.
  7. when you want to increase priviligies of application, you are always asked by something like UAC to run it.
  8. when you do some actions (changing time), you are always asked to do it.
  9. admins are allowed to block these few actions (adding new drivers to driver codebase, setting time, etc.). additionally it will be possible to allow/block users run non installed software (not run from virtual sandboxes) When are profits ? you will be able to install for example many different versions of IE, applications can be easy uninstalled, there will be less questions from various antiviruses (for example: do you want application X to read Y key ?), no need of using WinSxS, etc. Additionally user should have ability of setting some network access to concrete processes and should have clear info, what servers can his system connect to (when is making updates for example) Current solution is going to nowhere and that's why can't give any real additional security than Windows XP. Non technical users will have problems with understanding it, technical users can configure old system, that it will have (almost) the same functionality + security for daily usage. Compatibility is very important, but making prosthesis will make only, that it will be more difficult to fix situation in the future. Making good roots will help much more....for customers. Imagine, that Microsoft will do secure system at last. It will difficult to sold next version. I don't want to believe, that this is reason, but...
  • Anonymous
    February 06, 2009
    and some other word about security in build 7000: Microsoft seems to be removing some other things, which could help especially technical users to see, that something is wrong in system. I speak about ability of displaying icons for each network card near clock (with animation, when data is transferred). Very useful and could notify very fast, that something is transferred, when user doesn't do anything. Such details should be returned... Without them even the best UAC will be incomplete.

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    Thank you listening. Now one last major issue which is on the UI:

  • When a window or program is maximized boarders and superbar stays transparent. This causes a problem when a user has a changing background, bright background, or an animated one. Because it is distracting, and feels like Windows wants the user attention, but it does not. I think it would be best to either set Vista behavior or at least have an option to change the behavior from Win7 to Vista.
  • Anonymous
    February 06, 2009
    "UNIX is truly secure by design" ? Bull. It's another academic OS that did at least have multiuser capability baked in. One all-powerful account which, if hacked, gives you the keys to all kingdoms ? Come on. A truly secure system would be more like VMS with an ACL for everything; the operators can install new drivers but not add accounts, the auditors can read logs but not write them etc. etc. Microsoft is going in the right direction with some of the system file permissions - administrator is not omnipotent. So is Linux with SELinux etc., but we're not there yet.

  • Anonymous
    February 06, 2009
    @Leo Very good work. They already admitted it in their earlier blog by saying that UAC is not a security feature. The new UAC level is only the imitation of a security feature created for marketing purposes. With a little irony you could say they created it with the ingenious plan in mind to make users demand for the stronger UAC settings.

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    One other thing I'd like to see - the install process say "now create a standard account for day-to-day use". There's nothing to tell a naive home user to use the account manager. Using a nonprivileged account is effective against zero-day malware, and free. It is also a good defense against accidental damage by other users, such as children, and is I believe a prerequisite for parental controls to work. With all the work that Microsoft has put into the UAC and virtualization, there is no reason not to use a standard account by default.

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    The comment has been removed

  • Anonymous
    February 06, 2009
    Um, Guys, we have a SERIOUS problem with windows 7 - can we focus on the BLUESCREEN issue with tdx.sys?  A lot of us are running windows 7 without antivirus!!! HELP??!!!

  • Anonymous
    February 06, 2009
    http://www.pretentiousname.com/misc/win7_uac_whitelist2.html Microsoft, please read that site. You need to come up with a fix for this in order to call UAC secure. Unelevated processes are still capable of doing anything.

  • Anonymous
    February 06, 2009
    A perspective offered first as a suggestion to improve had then to take on the role of being a dogmatic approach to make engineering understand that the true intentions of releasing a product that harbors an ecosystem as vast and immaculate as Windows is not always to dictate a technical accuracy. It is in essence a die hard effort at preserving the good will and pristine faith that close to 90% of the tech savvy world vests in to Microsoft. I am privileged both as a technologist and as a consumer to have patronized Microsoft for over a decade now.

  • Anonymous
    February 06, 2009
    Why don't you simply solve this misunderstanding with UAC's newbies improving communication? IMHO, a rolling video that explains in deep UAC and its settings would solve the problem, using a 2 level terminoglogy: one for expert users talking about admin rights etc., and one for newbies (so both will be pleased). Would be so simple...

  • Anonymous
    February 06, 2009
    PS This video obviously should be played during Win7 installation..

  • Anonymous
    February 07, 2009
    The comment has been removed

  • Anonymous
    February 07, 2009
    Read Mark Russinovich's take on this. It explains a lot of Microsoft's thinking. http://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx The key statement is, that UAC (as in Vista) is not a security feature, but just a convenience. I think this is tech speak for the UAC being not perfect in the sense that certain attack vectors can not be excluded by design. And he explains the possible gaps in detail. From Mark's point of view everybody who wants real security should go with a standard user and even use no elevation. Maybe I am wrong, but I thought and I still think that UAC as it is in Vista gives me some security and is it fact a good compromise between security and convenience for a home user. But I think, that the new UAC level in windows 7 does give close to zero security over switching UAC off completely. But then after reading the article above it is clear to me: The new UAC level is not for the user, for him it is as good as switching off UAC completely. The purpose of the new UAC level is to give home users the convenience of XP back while still force windows programmers to write programs, which can be run as a standard user. And from this point of view it might even meet its purpose. But to get this message out is of course an immense communication task.

  • Anonymous
    February 07, 2009
    > Read Mark Russinovich's take on this. > It explains a lot of Microsoft's thinking. [...] > The key statement is, that UAC > (as in Vista) is not a security feature, > but just a convenience exactly ! and this is the problem. One of main Seven 7 advertised features will be UAC (changes) - MS can't advertise (too many) other security features, because don't have them. Technical people are speaking about it and sometimes only about it - real problems are not discussed. Non technical people will think, that it will resolve everything, many of them will stay on default level and will be more vulnerable. Systems will be more "secure", not more secure. We need to speak about it - when people will know about it, maybe will decide to move to more safe systems (or even stay with XP, which after years has got closed many gaps) and maybe it will force MS to start real work on improving this architecture. At least I hope so...

  • Anonymous
    February 07, 2009
    @marcinw I think this is not about architecture. They had all the architectural pieces together even before Vista and with Vista's UAC also third party program got ready for it. This is about being afraid about losing home users by forcing too much inconvenience upon them. The windows 7 UAC default level is a business decision.

  • Anonymous
    February 07, 2009
    UAC as it stood in Vista was just annoying! UAC when it is set to the previous levels of Window 7 was just about the same! You have it right in the Windows 7 Beta, but It's a fantastic idea to elevate UAC to the requirement of an Administrative Password to modify settings. It's great to see that you are listening and it's to bad that the Fun of using this OS has gone this way but you can't please everyone!

  • Anonymous
    February 07, 2009
    @Mikael3, Everywhere, where I read about Seven, I hear about "great" UAC. This is prosthesis, but I'm sure, that it will be very much advertised as important security feature, when Seven shipping will start (and many people will forget about explanations from Mark). This is wrong. Windows needs some changes. No more excuses.

  • Anonymous
    February 07, 2009
    @Mikael3 I think using "Notify only when..." as the default in Windows 7 is understandable. The point is doing so should not present more loopholes for circumvention than there exist in Windows Vista. If that happens Windows 7's UAC at the default level is not only perceived as "less secure", but is inherently less secure than Vista's UAC by design.

  • Anonymous
    February 07, 2009
    It's a bit off-topic bus are there any plans to prevent this kind of USB stick viruses in 7? http://www.symantec.com/enterprise/security_response/weblog/upload/2007/10/CW_moretibf.jpeg You can't really see it in that image, but the prompt looks really confusing even in Vista: the icon and wording are the same ("Open folder to view files" or somesuch). In XP it was even worse since they could make the legit "Open" and "Explore" options disabled, making very hard to access the stick withouth infection. In any case even in Vista double-clicking it in "Computer" means game over. Every stick I come across is infected, even from machines with antivirus (people disable the antivirus because otherwise they can't open the stick in Explorer!). Something must be done about this. I'd suggest completely ignoring "autorun.inf" files in USB drives, and make executables and such display the same prompt you get with downloaded ones (this one: http://blogs.msdn.com/blogfiles/e7/WindowsLiveWriter/UpdateonUAC_140FD/clip_image004_2.jpg or similar). This might be a bit extreme and there are some legit uses, but I think it's 99.99% vs 0.01% - literally. In any case the user could run the software manually with just one prompt if he really wishes to.

  • Anonymous
    February 07, 2009
    @teoh.hanhui Yes, you are right. When they make this new windows 7 default level work with the same level of security as the Vista level, it would be great. But when I read the stuff that Leo Davidson has posted in the link above, I doubt it. I am not deep into it, but to distinguish reliably between what the user wants to do and what a program wants to do seems impossible to me. It will be good enough to detect malware, which is not explicitly attacking windows 7 and it will also of course be good enough to force programmers of normal programs to work well in standard user mode. But let's see, if Microsoft can pull this off.

  • Anonymous
    February 07, 2009
    @Mikael3, We have thousands of spam emails, because protocols weren't protected against it. We have need of using antyvirus software in Windows (using sometimes a lot of CPU and RAM), because MS was forcing some solutions over years. Wrong architecture solutions make problems. Windows needs some changes. MS started to make them, but for example creating UAC and some changes in IE (Per-Site ActiveX) is only partial returning to some things already discovered... Partial and there is required something more.

  • Anonymous
    February 07, 2009
    Brilliant decision, thanks for listening. Siv

  • Anonymous
    February 07, 2009
    The comment has been removed

  • Anonymous
    February 07, 2009
    "Ever look at the Services manager or the Computer Manager etc? They never ever remember the sizes you make the window previously. They never remember how you set the grid last time. " @Synced - This is so true! I think the problem may be more the MS delivered MMC consoles rather than MMC per se. I've noticed in the past (Win 2003) that if I add a console into a new MMC then it remembers my settings. However I shouldn't need to do that in the first place.

  • Anonymous
    February 07, 2009
    Hi, The changes solves one of the problems, but the bug explained here : http://www.withinwindows.com/2009/02/04/windows-7-auto-elevation-mistake-lets-malware-elevate-freely-easily/ wasn't solved yet. The point is : This bug didn't work in windows vista. This makes UAC in windows 7 less secure than windows vista. All the solutions to prevent malicious code to get in the computer doesn't solve the problem. The user will allow code to run if he was told that's a good program. In windows vista, UAC could block the program if it start to do something wrong (I know I'm simplifing this), but in windows 7, like demonstrated in the link above, the program can bypass UAC. None of the two changes for RC solves this problem, I would like to know how this problem will be solved. Thank you, Dennes dennes@bufaloinfo.com.br

  • Anonymous
    February 07, 2009
    @Synced, I agree in big part with you. But not at all: there are required not only interface experiences, but also some other. (based on various people experiences) When:

  • after uninstalling some software I still can see some libraries and Registry entries from it

  • installed program X can change silently settings from program Y

  • antyvirus software is asking me for approval on changing some Registry keys (it's good, because it's protecting me against changing some system things, but wrong because I don't have to know something about these settings)

  • I can't do the same things in Seven which were possible in XP (like displaying animated icon for my Ethernet card near clock)

  • I get 100% CPU usage in Seven during opening Explorer

  • I can't set up clear, where my system is connecting to during updating (servers + port)

  • system doesn't allow me for installing few versions of the same application (IE for example)

  • I can't reformat my HDD as I want during system install, because I received Recovery DVD

  • I can't delete from system unnecessary default parts

  • in Seven I can set up less precise some options (see ClearType tweaker)

  • I can't precisely set up, that for example application X shouldn't use network interface Z or application X can't use more than 30% of CPU

  • I don't understand meaning of more and more system services

  • my NTFS is hidding some data (alternative streams) and 0 bytes big file (in Explorer) can have many MB for example

  • I need to make more clicks in Seven than in XP (for example in Task Manager I have to click additionally "show processes from all users", although it can show them even when run from limited account; I need to make many clicks, when I want to disable my ethernet card) my experiences are wrong. And I don't blame developers for it only. Architecture. This is key. System should be "self-protected" against problems. I proposed some easy to implement solutions (for example sandboxing), nobody is interested in it. 3rd party solutions are better and better (I like it - Linux and other are very nice now), the best win32 implementation is more and more bloated and more and more "discussed", not improved. This is wrong.

  • Anonymous
    February 08, 2009
    What I would like to see is choice, that simple. If I want to be a true administrator that's my choice.  This was a major problem with Vista and continues to plague Windows 7, Microsoft want to control everything, security, the UI.  Why dose Microsoft feel as though people are incapable of making their own decisions? There is nothing wrong with UAC if that's what you want, but there is also nothing wrong, with being to run as a full administrator with out any interference from the UAC if that's my choice. Stop being a Military dictatorship, or believing that only Microsoft is Omnipotent, you don't need to make decisions for everyone some of us would truly to make the decisions for our selves...      

  • Anonymous
    February 08, 2009
    The comment has been removed

  • Anonymous
    February 08, 2009
    The comment has been removed

  • Anonymous
    February 08, 2009
    I read some articles from paul thurrot lately where he critizes how Microsoft deals with Windows 7 Feedback. quotes: "Beta testers can simply provide bug reports feedback that will largely be ignored. Again and again, I've been contacted by people on the Windows 7 technical beta with examples of bug reports that have been closed by Microsoft because the features work exactly as they intend." (about the public beta) "Microsoft has tested Windows 7 in secret, not allowing its tech beta participants, reviewers, and others via the public beta to actually impact the final product in any meaningful way." (about the UAC conversation). well, I don't claim that he is necessarily correct. But if there aren't any significant changes in RC, I guess it will at least look like he's right. In my opinion the Beta is great, for a beta and compared to Vista, but it isn't final just a good base. Major changes from Beta to RC would be great for marketing and bring a feeling of progress and innovation.

  • Anonymous
    February 08, 2009
    The comment has been removed

  • Anonymous
    February 08, 2009
    I think this is great. Thanks for listening, taking action, and comminicating openly about it. I don't think you need to apologize. I think that the discussion that was the result of your previous UAC posts is EXACTLY what blogging about the Windows 7 development want intended to do - communicate, listen, and incorporate feedback. Keep up the good work!

  • Anonymous
    February 08, 2009
    While I'm glad MS fixed this one problem with W7 UAC, how about the run32dll issue raised on several blogs including: http://arstechnica.com/microsoft/news/2009/02/the-curious-tale-of-windows-7s-uac.ars Even with the announced W7 UAC changes, it still seems very trivial to bypass all UAC protection in the default mode.

  • Anonymous
    February 08, 2009
    The comment has been removed

  • Anonymous
    February 08, 2009
    OT: in addition to an issue mentioned by marcinw above (explorer process taking up 100% CPU while loading), i've also noted 100% CPU usage while just scrolling through a list of files/folders in explorer. i have a freshly installed copy of win7b1 and a 2.66 GHz CPU with 1GB of RAM.

  • Anonymous
    February 09, 2009
    The comment has been removed

  • Anonymous
    February 09, 2009
    The comment has been removed

  • Anonymous
    February 09, 2009
    @hitman721, Nobody is expecting miracles from MS - everything created by people (can) have bugs. We can go and observe various reports about bugs in various systems, but please note 2 things - in systems with opened source is much easier to find bugs (with closed finding some is impossible without knowledge available for some people only) and in cited by you report there is no word about Debian or other thought as very secure distributions. Because of I would be careful, when look into such reports. When we return to Seven: there are various method of making systems more secure without breaking compatibility. Microsoft even not tried to use them and this is wrong. @bananaman, Such "half-way" solutions are not too good. Do you have for example info, what exactly (with details) is done on each level ? And like I said: UAC WILL BE advertised as very strong security feature. Many non-technical people CAN resign from additional protection because of it. And this is wrong. In my opinion system should not have such prosthesis. There should be done real sandboxing (very easy to implement and possible even before Seven Gold) or other form of virtualization - when some application will not work with it, there should be real admin password or approval asked and windows from such application should be clear marked on the screen.

  • Anonymous
    February 09, 2009
    What's wrong with syndication in this blog? It has stopped on 'Windows 7 Energy Efficiency' (both Atom and RSS 2.0) Please, fix it

  • Anonymous
    February 09, 2009
    Whats wrong with syndication in this blog? It has stopped on 'Windows 7 Energy Efficiency' (both Atom and RSS 2.0) Please, fix it

  • Anonymous
    February 09, 2009
    The comment has been removed

  • Anonymous
    February 09, 2009
    Prompting is good; forced elevation is not necessarily. A standard user should be able to switch between "prompt me for credentials" and "don't prompt me and fail" with a simple confirmation prompt and without needing to elevate (for obvious reasons). The same applies to an admin user, except that they get the additional options "prompt me for confirmation" and "don't prompt me and succeed", both of which should require both user confirmation and elevation in order to change. And this applies regardless of how it's changed -- tweaking the registry setting should either trip the confirmation or always fail. I also disagree with what you're saying about security.  The whole point of UAC is to provide some small layer of protection against code running on the machine (and to retrain developers), so the steps after "get code running on the machine" are relevant.  If there is any way for an unelevated process to get itself elevated silently, then that's a fatal security bug.

  • Anonymous
    February 10, 2009
    I would like to repeat something that has already been said by some (including Microsoft itself), but that most people around seem to not understand: UAC is not a security feature per se: it is something that ease the use of a Standard User account, this, is a security feature or measure. Some may argue that using an account with admin privileges turns UAC into a security feature (I'm talking about the Admin Approval Mode) but this is only transitional, in sight of the ultimate goal: create the first user as a Standard User, reducing (or maybe totally deprecating) the use of an Admin account in most cases, al least, in the ones which regard only one user per machine (most home users). All the exploits posted are such as long as the account used has admin privileges (and UAC set to any other value than Notify All), which should not occur but for administration purposes (and, again, a home user should not have these purposes). I firmly believe that Microsoft and his security team have made a giant leap in regard of security with Vista; the Standard User has proved to work well, it should be now the Default. Note: UAC behaves differently, according to the type of the account being used: while an Admin account is more "secure" with UAC turned on (Admin Approval Mode, Notify All), the same cannot be said about a Standard User, which conversely is more "protected" with UAC turned off, utilizing the Fast User Switch for the tasks that require admin privileges. Hence, in the case of a Standard User, UAC is just a convenience, a shortcut for not to switch the user.

  • Anonymous
    February 10, 2009
    The comment has been removed

  • Anonymous
    February 10, 2009
    The comment has been removed

  • Anonymous
    February 13, 2009
    @Matteo Gazzoni > While an Admin account is more "secure" with > UAC turned on (Admin Approval Mode, Notify All), > the same cannot be said about a Standard User, > which conversely is more "protected" with UAC > turned off, utilizing the Fast User Switch for > the tasks that require admin privileges. Hence, > in the case of a Standard User, UAC is just a > convenience, a shortcut for not to switch the > user. i.e. What we had with Windows XP! IMHO, Microsoft went on an enormous tangent with UAC.  All they needed to do was to change the installer so that it set up all accounts as a Standard User along with an admin account (to install software via RunAs and/or fast user switching). Regards, Patrick

  • Anonymous
    February 15, 2009
    The comment has been removed

  • Anonymous
    February 24, 2009
    Thanks for clarifying that Hairs, especially for that link!

  • Anonymous
    February 26, 2009
    In regards to UAC, it seems there is no protection for an uninformed user. In fact, I don't see how this will ever be built into any product. There will be some users that will disable the pop-up because they do not want to be bothered with it. To this point, I agree with Matteo that this is a choice between "convenience vs. security".

  • Anonymous
    April 02, 2009
    The comment has been removed

  • Anonymous
    April 07, 2009
    The comment has been removed

  • Anonymous
    May 04, 2009
    I turned UAC off. Because it has no "exclusions list" or "remember my choice" functions.

  • Anonymous
    June 14, 2009
    One all-powerful account which, if hacked, gives you the keys to all kingdoms ? Come on. A truly secure system would be more like VMS with an ACL for everything; the operators can install new drivers but not add accounts, the auditors can read logs but not write them etc. etc.

  • Anonymous
    June 14, 2009
    There will be some users that will disable the pop-up because they do not want to be bothered with it. To this point, I agree with Matteo that this is a choice between "convenience vs. security".

  • Anonymous
    June 14, 2009
    if this file's appearance or action is expected, I'd get rid of it in a heartbeat. I need the program to perform it's "security" function without interrupting my real work.

  • Anonymous
    June 14, 2009
    full access to their system just to try out a new browser, media player, or photography app.  Yes, if its an app running with the user's permissions, it'll be able to destroy the user's data; but it shouldn't be able to render the machine unusable or access other people's files on the machine.  

  • Anonymous
    June 14, 2009
    The comment has been removed

  • Anonymous
    June 20, 2009
    I say that when you run application (installer or executable), it runs in own sandbox (with some virtual system directories in real subdirectory of Program Files containing files and libraries). it doesn't have access to system directory or other apps, it can share only some Registry keys with other (for example responsible for registering some extensions). When application try to add driver to driver database, user is always asked by something like UAC.

  • Anonymous
    June 21, 2009
    Windows needs to start innovating on experiences, and standard uses for developers. For example some apps have finger scrolling, but nobody does the scrolling and animation properly anywhere near that the iPhone does. This stuff along with gesture recognition (swipes, etc which do exist somewhat in WPF) need to all be standardized so they all work very well in every app that decides to leverage them.

  • Anonymous
    June 23, 2009
    The comment has been removed

  • Anonymous
    June 25, 2009
    The comment has been removed

  • Anonymous
    June 28, 2009
    This was really a good one.It seems to me that hackers are immune from detection? No programmer can write a reverse program to track them down. So, basically, the world of the dream, a PC on every desktop, is a flawed illusion of continual and increasing network attacks - until civilization breaks down!

  • Anonymous
    June 28, 2009
    This was really a good one.It seems to me that hackers are immune from detection? No programmer can write a reverse program to track them down. So, basically, the world of the dream, a PC on every desktop, is a flawed illusion of continual and increasing network attacks - until civilization breaks down!

  • Anonymous
    June 28, 2009
    Really a good sharing.The setting we are talking about allow system modifications without prompt and allow users as code to do thoses changes. This is not an issue! If you want a prompt on every modification just adjust your UAC setting. By doing this change, you let everybody think UAC is here to protect us from bad code that try to get elevated rights. Now geeks are happy to say.Thanks for the post.

  • Anonymous
    July 13, 2009
    I think its important to note that most Windows Zero Day vulnerabilities are on average patched within 24 hours. That is the fastest for any OS on the planet. No distro of Linux and certainly not Apple is that quick. So I feel quite secure using Windows, because of all the steps necessary to secure Windows.

  • Anonymous
    July 20, 2009
    I'm glad I found this page as it's helped me get over a really frustrating issue. Thank you.

  • Anonymous
    July 21, 2009
    While UAC has somewhat accomplished it's real purpose, (institutionalizing the standard "admin" user and making the user complain to programmers to stop their product from giving them prompts), it has failed at the most fundamental level of helping the user make valid security decisions and has corrupted any future use of this function.

  • Anonymous
    July 23, 2009
    Yeah, I agree with the earlier comments, a think the majority of the negative sentiment seems to derive from poor communication to the public. Nevertheless, thanks for the feedback (although I only picked up on this fairly late in the day)

  • Anonymous
    August 07, 2009
    Thank you for the wonderful conversation. I am really enjoyed this. <a href="http://www.elizabeth-bay.com.au"> Elizabeth Bay</a>

  • Anonymous
    August 09, 2009
    Nothing is lost, in terms of security: Since people seem to be arguing that UAC isn't a security feature and since the UAC prompts in Windows 7 are so easy to bypass anyway (as my code  seems to prove, unless things change, and despite trying to contact Microsoft they haven't even asked me for details).

  • Anonymous
    August 09, 2009
    While UAC has somewhat accomplished it's real purpose, (institutionalizing the standard "admin" user and making the user complain to programmers to stop their product from giving them prompts), it has failed at the most fundamental level of helping the user make valid security decisions and has corrupted any future use of this function.

  • Anonymous
    August 20, 2009
    I hope that IE7 wil have more usability for users. IMHO sometimes, UAC wants to much from users in Vista. Waiting for Windows 7 release

  • Anonymous
    August 23, 2009
    Thanks for sharing your thoughts.  I understand your points. <a href="http://www.compare-creditcards.com.au/"> Credit Cards </a>

  • Anonymous
    August 23, 2009
    The exploits relied on the UAC page not being elevated - the critical part was the SendKeys, not the lack of UAC mesage; clear communication about the bug rather than long explanations about "this is by design" would've done a lot to defuse this situation.

  • Anonymous
    August 24, 2009
    This sounds paradoxical but especially with security you want somebody on the other side, who knows, what she is doing and does not give in to user demand too easily.

  • Anonymous
    August 26, 2009
    Windows 7 look really good, nice to hear your working hard.

  • Anonymous
    October 30, 2009
    I've already using Windows 7 on my home PC. It's great! Fast and beautiful! Great thanks to all developers!

  • Anonymous
    November 06, 2009
    it sounds like your hard work has paid off. I'm hearing very good reports and looking forward to trying out 7!

  • Anonymous
    November 06, 2009
    I'm impressed by the openness evident in this blog - the feedback is going to make Windows 7 much stronger. Good work guys!

  • Anonymous
    November 13, 2009
    yeah windows 7 is definately working well for me

  • Anonymous
    November 13, 2009
    i havent had really any problems with it so far

  • Anonymous
    November 29, 2009
    The amazing breadth of hardware supported for Windows and the broad spectrum of usage scenarios contributes to a vibrant ecosystem with many different goals - from just the basics to the highest frame rates on multiple monitors possible

  • Anonymous
    February 20, 2010
    The amazing breadth of hardware supported for Windows and the broad spectrum of usage scenarios contributes to a vibrant ecosystem with many different goals - from just the basics to the highest frame rates on multiple

  • Anonymous
    February 28, 2010
    I've already using Windows 7 on my home PC. It's great! Fast and beautiful!

  • Anonymous
    March 01, 2010
    I'm very glad to find your blog. You're real professions in your area. Here I've found many useful articles useful for my essay writing service. I'm going to read your ideas regularly. Waiting for new information.

  • Anonymous
    March 02, 2010
    Like the above mentioned class,

  • Anonymous
    March 03, 2010
    I'm glad to hear you've decided to change your mind on this issue. Let's about some new features (some we haven't heard from for months like WARP) now :)

  • Anonymous
    March 03, 2010
    Thanks for your great work. it is very useful for me to determine the link.

  • Anonymous
    March 03, 2010
    Thanks for your great work. it is very useful for me to determine the link.

  • Anonymous
    March 04, 2010
    Its true if people knew about the sendkey fix in the making, the discussion here would probably have been far more relaxed. <a href="http://www.helpprofitonline.com/">Profit Online</a>

  • Anonymous
    March 04, 2010
    Thanks for inspiring me in this blog seeing your dedication to opening channels to the community.

  • Anonymous
    March 07, 2010
    You are applying for a sales position. What differentiates one sales person from another? Follow-up. Yes. Follow up. Try not to be pushy. Use words like "you" "your" "team" more than "I", "me" and "my". Best of luck!    * 2 years ago

  • Anonymous
    March 08, 2010
    The comment has been removed

  • Anonymous
    March 12, 2010
    This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work.

  • Anonymous
    March 15, 2010
    I do personally thanking you guys for this update. Feels like, im off to go to my new Win7. I wanna make this OS my ultimate tool.

  • Anonymous
    March 16, 2010
    We're having issues with our msi-based push installer and UAC. As long as UAC is set to the default, the push installer can't connect. I know this will work if the client computers are in a domain, but what about all the others? Is it possible that all software vendors with push installers are running into this problem? Thanks for doing this, guys!

  • Anonymous
    March 28, 2010
    like "you" "your" "team" more than "I", "me" and "my". Best of luck!

  • Anonymous
    March 28, 2010
    condiments such as mustard, mayonnaise, and ketchup.These condiments

  • Anonymous
    March 29, 2010
    I would also suggest that a change of mindset in terms of the idea that "once an app gets code running on the machine, it's game over".  People shouldn't have to give an installer full access to their system just to try out a new browser, media player, or photography app.  Yes, if its an app running with the user's permissions, it'll be able to destroy the user's data; but it shouldn't be able to render the machine unusable or access other people's files on the machine.  

  • Anonymous
    March 29, 2010
    就労,就業で必ず必要になるのが<a href="http://www.newfly-culture.com/chinavisa/" target="_blank">上海ビザ代行</a>。

  • Anonymous
    April 01, 2010
     IMHO it is quite interesting information. Simply saying i'm impressed. Thanks and good luck!

  • Anonymous
    April 08, 2010
    condiments such as mustard, mayonnaise, and ketchup.These condiments

  • Anonymous
    April 19, 2010
    This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work.

  • Anonymous
    April 19, 2010
    I know this will work if the client computers are in a domain, but what about all the others? Thanks.

  • Anonymous
    April 19, 2010
    Since people seem to be arguing that UAC isn't a security feature and since the UAC prompts in Windows 7 are so easy to bypass anyway . Great article!

  • Anonymous
    April 19, 2010
    The settings we are talking about allow system modifications without prompt and allow users as code to do thoses changes. This is not an issue! Thanks for these info.

  • Anonymous
    April 19, 2010
    Windows Explorer still likes to prompt twice before changes to protected files or folders are made.  This double prompt also sometimes changes security settings when accessing someone else's files. Nice post!

  • Anonymous
    April 22, 2010
    Thank you for the awesome link - it really goes into detail as to the features added and improving GDI performance because that was a major let down since Windows Vista which resulted in GDI being unaccelerated. With the acceleration hopefully it'll mean greater snappiness. With that being said, however, it would be great if vendors invested some of their healthy profits into porting their applications from GDI/GDI+ to Direct2D and DirectWrite.

  • Anonymous
    April 25, 2010
    The settings we are discussing about allow system modifications without prompt and allow users as code to do those changes. This is not an issue! Thanks for these info.

  • Anonymous
    April 25, 2010
    You are SPOT ON! Thanks for sharing such a nice article, Really wonderful list of creative tactics. I especially like the approaches that are less technical and more behavioral. The models are great too; very understandable. By the way for more information on Ethical Hacking  check this link: http://www.eccouncil.org/certification/certified_ethical_hacker.aspx

  • Anonymous
    April 26, 2010
    Really wonderful list of creative tactics. I especially like the approaches that are less technical and more behavioral. The models are great too; very understandable. By the way for more information on Ethical

  • Anonymous
    May 03, 2010
    Its very helpful conversation i really like it. Thanks for the tips.

  • Anonymous
    May 04, 2010
    Really wonderful list of creative tactics. I especially like the approaches that are less technical and more behavioral. The models are great too; very understandable.

  • Anonymous
    May 05, 2010
    I especially like the approaches that are less and more behavioral.

  • Anonymous
    May 08, 2010
    i am currently using windows 7 and i think it is faster than windows vista.

  • Anonymous
    May 09, 2010
    Many thanks for putting your list together. It’s very re

  • Anonymous
    May 15, 2010
    i am currently using windows 7 and i think it

  • Anonymous
    May 27, 2010
    It's really an informative posts. thanks a lot.

  • Anonymous
    May 28, 2010
    awesome. <a href="www.youtube.com/watch costumes</a>

  • Anonymous
    June 24, 2010
    Thank you so much for this one. <a href="http://projectmanagementacademy.net">Project management academy</a>

  • Anonymous
    August 03, 2010
    The comment has been removed

  • Anonymous
    August 19, 2010
    I have some fun reading of this post and comments. I got knowledge and i try to think or analyze how far is Windows 7 from they others. Windows 7 is a newly release product of Microsoft.I am a user of that and I expect that there is a advantage and disadvantage of Windows 7. May be we can say there is wrong but I have lot of fun and excitement of these. And Engineering Windows 7 are now improving of these. And that's another excitement. thanks and more power...

  • Anonymous
    September 15, 2010
    The comment has been removed

  • Anonymous
    September 20, 2010
    Thank you very much for this helpful article and the remarks. http://www.easyessayhelp.com

  • Anonymous
    October 01, 2010
    The comment has been removed

  • Anonymous
    October 23, 2010
    was it against the fair competition law if UAC is blocking auto-update of others vendors but not microsoft's product ???

  • Anonymous
    January 27, 2011
    The comment has been removed

  • Anonymous
    January 23, 2012
    Hats off to Microsoft for delivering another great product.  Love it.  http://www.rvsforsale.co/  

  • Anonymous
    January 23, 2012
    When is Windows 8 coming out?  I am sure it will owe us again. http://www.truckingjobs.co/

  • Anonymous
    January 23, 2012
    Any new products in the pipeline for this year? http://www.boatsforsale.co/

  • Anonymous
    February 26, 2012
    <a href="http://archivenic.com">domain checker</a> I recently came across your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading.

  • Anonymous
    February 26, 2012
    I found your blogs after read topic's related post now I feel my research is almost completed. Thanks to share this nice information. archivenic.com/microsoft.com

  • Anonymous
    May 31, 2012
    The settings we are discussing about allow system modifications without prompt and allow users as code to do those changes. This is not an issue! Thanks for these info. www.mediatouch-online.de/suchmaschinenoptimierung

  • Anonymous
    November 28, 2012
    The comment has been removed

  • Anonymous
    July 11, 2013
    The comment has been removed