Microsoft Exec: UAC Designed To 'Annoy Users'
,----[ Quote ]
| "The reason we put UAC into the platform was to annoy users. I'm serious,"
| said Cross.
`----
http://www.crn.com/software/207100934?cid=CRNFeed
Microsoft: Vista feature designed to 'annoy users'
http://news.zdnet.com/2424-3515_22-197089.html
SuSE Linux presents users who log in as root with the 'bombs' wallpaper, so no
need for real nags there. Ubuntu needn't use root account or nags.
UAC simply fails to deliver (see more details below). It greets the user with
nags that will be ignored by those most vulnerable.
Related:
Security design: Why UAC will not work
,----[ Quote ]
| Pinning all your end-point security hopes on UAC assumes that criminals are
| not as smart as they really are
`----
http://www.infoworld.com/article/08/01/11/02OPsecadvise-user-account-control_1.html
Learning to Live with UAC
,----[ Quote ]
| Like most veteran Windows users, I balked when I first encountered the User
| Account Control (UAC) mechanism in the latter BETAs of Vista. The constant
| interruption of nearly every system or maintenance related task was
| unbearable. Finally, after one particularly frustrating bout of "move the
| file/yes I really want to move the file/please let me move the file/sorry, do
| dice buddy," I did what many early Vista users did: I turned UAC off.
|
| Hint: For those of you who haven't figured it out yet, the option to disable
| UAC is buried under the User Accounts sub-section of the Control Panel.
|
| Ah, the bliss of no UAC! I could now do whatever I wanted, whenever I wanted!
| It was just like Windows XP, but with a cooler UI!
`----
http://weblog.infoworld.com/enterprisedesktop/archives/2007/07/learning_to_liv.html
Researcher Reveals 2-Step Vista UAC Hack
,----[ Quote ]
| A Web application developer has uncovered a two-step process
| (PDF) for exploiting Windows Vista's User Account Control,
| essentially by having a Trojan piggyback on what could be al
| egitimate download.
`----
http://www.eweek.com/article2/0,1895,2131595,00.asp
Vista User Account Control and the Linux Superuser
,----[ Quote ]
| So, when I was researching the way to determine the shadow storage
| size on Windows Vista for my February 23rd entry, I wasn't too surprised
| when I got an error message about needing to elevate my privilege after
| I tried to run vssadmin from a standard command shell. What a Linux
| system would have done right there would be to ask me for the
| administrator password.
`----
http://weblog.infoworld.com/stratdev/archives/2007/03/vista_user_acco.html
Vista's UAC needs an overhaul. Ideas?
,----[ Quote ]
| It seems like everyone, other than possibly Microsoft's Vista team
| itself, seems to believe that the User Account Control (UAC) in
| Vista already needs an overhaul.
`----
http://blogs.zdnet.com/microsoft/?p=277
Windows Vista: Secure Or Just Frustrating?
,----[ Quote ]
| The problem with Vista’s security implementation is that lots of warning
| dialog boxes don't provide security. Users get frustrated and eventually stop
| reading them altogether. They think of them as annoyances, an extra click
| required to get a feature to work. Is Windows Vista really more secure than
| the operating systems that preceded it, or simply more frustrating? Since
| Microsoft left us with no choice but to buy a PC with Vista pre-installed,
| we’re inevitably stuck with it. Let the frustration begin.
`----
http://www.theitarticles.com/windows-vista-secure-or-just-frustrating/264/
,----[Quote ]
| "Oh, excuse me, is this supposed be a joke? We all remember all those
| Microsoft's statements about how serious Microsoft is about security in
| Vista and how all those new cool security features like UAC or Protected
| Mode IE will improve the world's security. And now we hear what?
`----
http://theinvisiblethings.blogspot.com/2007/02/vista-security-model-big-joke.html
Vista's Faux Security
,----[ Quote ]
| At the end of the new Apple ad, the security guard finally asks the
| hapless PC: "You are coming to a sad realization. Cancel or allow?"
|
| Unfortunately, after conditioning the world to click "allow," all
| Microsoft will have accomplished is to pass the buck to the hapless
| PC user, trying to make the user responsible for anything bad that
| happens because they ultimately chose to allow it.
|
| While that may allow Microsoft?s security engineers to sleep at night,
| the rest of us won't rest as easy until Vista's holes are plugged
| with something more substantial than a dialog box.
`----
http://www.esecurityplanet.com/article.php/11162_3660976_2
Vista's UAC security is hopeless, says Symantec
,----[ Quote ]
| A key security feature of Windows Vista, User Account Control (UAC) is
| still nearly unusable, Symantec has said.
|
| At a press presentation last week, Symantec vice president of
| engineering Rowan Trollope said Symantec's customers had found the
| feature so "chatty", that it was a burden on users, potentially
| creating new help-desk calls.
`----
http://www.techworld.com/news/index.cfm?RSS&NewsID=7769
Windows Vista set to overwhelm helpdesks
,----[ Quote ]
| The Windows Vista features that will most benefit end users are
| likely to cause a flood of calls to enterprise IT help desks, it
| was claimed today.
|
| SupportSoft predicted that one of the main areas in which
| end-users are likely to experience problems will be dealing
| with Vista's security features.
`----
http://www.itnews.com.au/newsstory.aspx?CIaNID=44424
Windows Forces you to use UAC to Add a Printer
,----[ Quote ]
| Another bug that got past the extensive RTM testing process? Nope.
| It's a bug that came into existence during the finalization process.
| This bug wasn't there in RC2, but it's most definitely there now. All
| we can say is, hopefully this gets patched before SP6.
`----
http://neosmart.net/blog/archives/326
'Vista's Account Protection: One Click and It's Gone'
,----[ Quote ]
| One of Vista's big security features is 'User Account Protection'
| (or 'User Account Control') which pops up and asks for user
| authentication before software can make any administrative changes to
| the system. But the TweakVista utility can turn off UAP in one click...
`----
http://securitydot.net/news/exploits/vulnerabilities/articles/2661/news.html
The Truth About User Privileges
,----[ Quote ]
| Has the time finally come for the least-privilege user -- you know,
| setting your Windows client machines to run without system
| administrator rights?
|
| [...]
|
| Today, some Windows applications just won't run properly on a
| desktop without administrative rights. "It's a dirty little
| secret people sweep under the rug because they're not able to
| do much about the problem. A lot of applications and pieces
| of environments won't work if users aren't given admin rights,"
| says Steve Kleynhans, vice president for Gartner's client
| platforms group. "If you can get applications to function
| with lower rights, in a lot of cases it hampers the user
| experience."
`----
http://www.darkreading.com/document.asp?doc_id=110225&WT.svl=news1_1
|
|
