It appears to have out performed earlier Windows versions?
Interesting that a lot of the improvement seems to rely on you re-booting.......... so much for "up time" bragging rights :eek:
http://www.snpx.com/cgi-bin/news55.c...0850710?-11434
Printable View
It appears to have out performed earlier Windows versions?
Interesting that a lot of the improvement seems to rely on you re-booting.......... so much for "up time" bragging rights :eek:
http://www.snpx.com/cgi-bin/news55.c...0850710?-11434
Interesting....but I freaking hate it kinda.
I put vista on my laptop and its always asking "Are you sure you want to Continue?"
If I click on device manager, I get that popup....change network settings, change the time, open a properties window, connect to a network, uninstall a program.
Hell, if I go to a command prompt and type
ipconfig /release
it tells me I need to have administrator privilges to execute that command, but my account is the adminstrator account!
Its pretty, but I don't like it...to much hassle for a power user i believe.
Yes, I can imagine that it all seems rather alien to people who are used to using the command line, and having an all omnipotent account.
Microsoft have always been criticised for producing insecure operating systems. Actually they were mostly insecure out of the box and could be hardened by changing the settings and/or installing third party software. Now they have changed their approach.
I have been running a variety of third party software since the days of Win 95 that do pretty much the same thing :D
I don't think our Royal Navy will be adopting it (see "Windows for Warships" thread) as I can just imagine the scenario..................
PWO: "Action stations! Action stations! air alert red! incoming! incoming! don antiflash"
Vista: "Launch countermeasures? are you sure you want to continue?"
This is a true story from my days in Electronic Warfare and Countermeasures:
Two Strathclyde (Scotland) police officers were out with their shiny new hand held radar speed trap hoping to bag a few motorists.
Along came a Convair Tornado GR4 all weather, all terrain, low level strike fighter going to his live firing practice.....................
One of the police officers wondered how fast he was going so turned his radar on him..............
My mob's ECM detected this "unmapped" radar with an unknown "signature" that was similar to those of shoulder launched surface to air missiles.........
It jammed the radar in the "on" mode and prepared to automatically launch a Maverick air to ground missile at the offending signal............
The pilot was warned of this and aborted the launch..........."are you sure you want to continue?" :eek:
The real problem was that it was a Royal Dutch Airforce Tornado and did not recognise the new British radar.
The moral of the story:
Always keep your signature/pattern files up to date, and your OS and applications patched. :D
And if you are a traffic cop and your radar suddenly locks at 350mph .............. throw it away and run like hell!
Ahahah, that is the most entertaining thing I have read here nihil in ages, and it gives me lots of ideas that were I to entertain them beyond my mind and into the real world would probably wind me up with a lot of 20mm holes in my body.
Back on topic that has to be a very annoying feature to be asked every time if you are sure about something, reminds me of the joys of being asked by w2k3 why i was rebooting or shutting down, damn annoying when you are trying to get the server shut down to get the hell out of class in a reasonable amount of time.
Well I am sure you will think me cynical here, but I suspect that this is very much a case of Microsoft "covering their six"...........
They have had a lot of criticism over the years over the "poor security" of their systems. If you look at the history, you will see that this was never an issue back in the days of DOS? computers were damn expensive back then, and generally only people who were knowlegeable and needed them spent the money. They were also unconnected, and there was no real "internet" as such.
Malware tended to spread through sharing infected media between machines. So, if anyone got infected, it was their fault for putting the infected media in the machine?
Now MS are going back along this route. "If you got infected you must have clicked yes, and you don't reboot your machine often enough to let Vista clean itself" that is your problem not ours.
The real problem is that I would suggest at least 75% of purely Windows computer users are neither computer literate nor security aware.
We just know that they are going to click "yes" don't we? and that they will always log on as administrator:eek:
Whilst I would say that Vista has greatly improved security capabilities, and certainly seems more secure "out of the box", the only way you will actually improve the overall security picture is by user education or giving them a dumb terminal ;)
Naturally, these "improved" security features are annoying to computer professionals, but that seems to be the price you have to pay?
As for your W2K3 experience, I would say that it was quite reasonable behaviour. The majority of servers are not in a classroom environment and are not shut down that regularly? This is a Win 2000 client box, and when I tell it I want to power down it throws a popup and asks me what I want to do. Log off, shut down, restart, standby?
I just checked my Wife's Win ME box and even that asks if I want to:
Shut down
Restart
Standby
Hibernate
I believe that Win 98SE does the same but I haven't got one of those powered up at the moment.
:)
Welcome to linux when running in user mode.Quote:
Back on topic that has to be a very annoying feature to be asked every time if you are sure about something,
I don't mind the Shutdown Event Tracker in Server 2003. It can come in handy if you're looking to analyze downtime (via server shutdowns). Also, if it's that annoying, you can just disable it via Group Policy.
Open group Policy
Computer Configuration --> Administrative Templates --> System
Disable "Display Shutdown Event Tracker"
The same goes for the constant "press to continue" in Vista. If it bothers you, just turn it off ;) (It bothered me, so I did... :P)
Just go to your usersettings and disable UAC.
I do use the shutdown event tracker, btw... I find that it can be handy at times to be able to know why a server has rebooted.
Shutdown event tracker is cake. Meaning I like it.
Yes, you don't have to endure UAC - turning it off was about the first thing I did in Vista. I also stopped it giving me balloon messages about less than ideal security settings.
Hmmm,
I hope you are reading all this Billy Boy.............. you set your "finest" to deliver an operating system (late, and underfeatured, just like Win95) that is supposed to be secure?
What do we read.................. people are just looking for ways to turn the security features off?
Just buy lottery tickets my friend ;)
Not me. ;) But this relates to a comment HT raised in another thread. People do tend to remove default higher security settings. Either Windows UAC, anti-phising technology or even running as root in Linux day in day out.Quote:
people are just looking for ways to turn the security features off?
I try to strike a balance between secure and irritating. I don't need a message box asking me if I want to open control panel when I just double clicked the control panel icon!
Strange though it may seem, that would be one element of Vista that I would have no real problem with. I have tested and run several third party applications that do much the same sort of thing............maybe I am a control freak :D
Seriously though, I cannot see a way round it........... the software doesn't know what you clicked on as opposed to malware or a remote hacker?
Yeah, I can see the theory behind it, just on the surface it looks dumb to be asked if you want to do something you just specifically indicated that you did.
Technically it's doesn't ask if you want to open control panel, it asks if you are the one that initiated the request. ;)
Blah !
Well, do what everyone else does, and has always done in a sense, and turn UAC off. I mean, all these people can't be bothered to use a non-Admin account when they surf the web with F*C*I*G Internet Explorer, why the hell should they be bothered with simple prompts from the security subsystem verifying they did indeed do something, and not the spyware crap they just loaded for the 5th time?
Clicking that thing 3 or 4 times a day, when I use Vista 8-12 hours a day, is not that big of a deal. Sorry, I don't have a lot of sympathy for people who bitch and moan about a legitimate attempt by M$ to respond to the increasing security threats, but who can't be bothered to learn about the system or use it; the features, and their management options, are well documented in the Help & Support section of Vista.
/* EDIT */
Sorry, that wasn't a troll/flame. This is the 10th or 11th time I've had this discussion in the last week. I'm tired of lazy users with half a clue bitching about something that is going to protect them more than most other "security applications" out there. I'm frustrated and touchy. My apologies.
Can't say I blame you. I certainly wouldn't complain having loaded software with somewhat similar functionality on earlier versions of Windows.
Microsoft aren't stupid, they will have seen these applications and are trying to build similar sorts of protection into the OS.
I also think that it is a rather neat exercise in CYA.............. they pass the responsibility on to the users, which is really where it belongs........ at least they are being given the option, without having to understand the issues and then have to search for third party solutions.
I know that there will be those who disable it............maybe they don't need it, and there will be those who just click through.............but they would do that anyway?
For the average home or small business user I think it is a good idea. OK I built a system the other day (not Vista) with no AV, no firewall and no security software at all. If it had been Vista I would have disabled it as well.
All the thing does is locally manage a couple of external security cameras :D
Head over to Rock Bottom and try some Fire Chief Ale. 25 cents goes to charity. BEER FOR CHARITY! Love it...Quote:
I'm frustrated and touchy. My apologies.
I like UAC. Not to mention that UAC is proof that even an admin doesn't have carte blanche control over system access. Case point I was trying to unzip zsnes (lee7emulator) to a folder I created under c:/program files. The zip file was on the desktop and every time I tried to unzip the file I got an access error for the destination. Frustrating, yes. I looked at access controls and the local user account is locked to only executing and reading. Interesting. My account has full access, so this means programs are not granted the same access rights as the person initiating them. Also interesting.
I had to extract the files to the desktop and them copy them to the destination folder using explorer, which must default to my admin privy since it is the file system interface. In some ways this (vista) is more secure than linux.
UAC is Microsoft's attempt to implement the Principle of Least Priveledge for the everyday user. It's actually a very good idea and if you're finding it this annoying, it probably means you normally run as Administrator on your Windows machines (and are nor accustomed to running as a User account) and that is a Bad Thing(tm.)Quote:
Originally Posted by Moira
Plus, by turning off UAC, you're losing out on the benefits of the Protected Mode of Internet Explorer 7. Protected Mode gives IE7 the ability to become a browser more secure than any other current browser that I know of. First bit is a good read: http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx
Protected Mode in Action: http://www.microsoft.com/technet/sec...ry/935423.mspx
Quote:
Customers who are using Internet Explorer 7 on Windows Vista are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode.
Hear hear.Quote:
Originally Posted by zencoder
IRRC, when you log on with an Administrator account, the account is given two tokens: an administrative token and a restricted-access token. Programs are automatically run with the restricted-access token and only use the administrative token when either a) you tell it to (Right-click the file -> Run as Administrator) or b) it needs administrative priveledges (And then you are prompted to give them to it.)Quote:
Originally Posted by RoadClosed
Explorer.exe also starts with with the restricted-access. (Example: Create a basic text document. Open an explorer window. Edit -> Move to Folder -> C:\Windows\system32. It will prompt you for administrative access in order to complete the move.)Quote:
Originally Posted by RoadClosed
- Xierox
Don't know if that was aimed at me, but I did turn UAC off thanks.Quote:
Originally Posted by zencoder
Moira,
The two basic issues are:
1. Do you understand what you are doing?
2. What environment are you operating in?
For the average home user with little computer knowledge it is probably important to have it turned on, because it is a significant part of frontline defences.
In a situation where I am using the PC for development, testing and software evaluation, I would probably turn it off, as it would drive me nuts.
In a corporate or institutional environment it is not so clear cut. One part of me says that I would turn it off, because you do not provide network security at the desktop level, and if something bad gets that far, your security model is fatally flawed.
The other side of me says that zencoder's three of four clicks a day are trivial, or should be, in a properly locked down environment, and this would be a final "tripwire"
At the end of the day I take the view that it is still a question of threat analysis and risk evaluation, and you need to build your security model accordingly. UAC is not a universal panacea, it is just a software tool?
An obvious situation where I would certainly turn it off is where I have a machine performing "process control" type tasks in an unattended environment.
Examples would be monitoring laboratory equipment, security cameras, access control systems, fire and burglar alarms, lighting control, and licence control..............to name but a few :)
I'm sure I'm not the only person to turn UAC OFF. Like you said nihil it drives you NUTS!
My XP systems never had UAC and somehow we survived, so I don't think the lack of it in Vista is going to be critical. In any case, this is a home computer not something containing military secrets. Let's keep things in proportion.
I only use IE where I have to anyway - Firefox is my browser by choice, so losing the protected features of IE has little impact. And I still say that with something as irritating as this, the temptation to simply click "yes" to everything will water down any real benefit of UAC.
You're right xierox, I and all my users have admin privileges, I don't believe in unnecessary restrictions. I want to use my computer and I want my users to be able to learn what the PC is capable of too. I know I can trust the other people who use my system and if they do accidentally break something - well, it's all in the name of progress and I can always fix it anyway.
kind of like an outnound firewall. ;)Quote:
My XP systems never had UAC and somehow we survived, so I don't think the lack of it in Vista is going to be critical.
Have fun explaining to your boss why the rootkit sniffing CC numbers on a billing machine had access to system files in the first place. ;-)Quote:
Originally Posted by Moira
- X
This is a home network !
Ah, ok. My mistake.Quote:
Originally Posted by Moira
- Xierox