(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version


Why Microsoft will fail




2009/02/03

Poor Microsoft. The phrase "caught between a rock and a hard place" tells exactly where they are right now. The "rock" here is that Microsoft desperately needs to fix the horrible security they are famous for and the "hard place" is that their user base doesn't want them to do that.

Oh, of course the Microsoft users want to be secure. They are sick to death of worrying about viruses and zero day attacks. They are sick of virus software bogging down their work. Users WANT security. They just don't want to have to do any work.

Microsoft went a long way toward fixing security with Vista. They added User Access Controls (UAC) that pestered users with "Do you want to allow this action?" type prompts. Users hate them and no wonder: most of the time we have no idea WHY we are being asked such questions or what the effect might be if we answer yes or no.

The complaints about this feature were legion. Everybody hated them. Even people who should know better want them gone: ItWire, writing about how Windows 7 may well be a do or die effort, begs

please no more endless UAC dialogue boxes

Microsoft, ever anxious to satisfy its customers, decided that users should have control of this feature. After all, if you are always going to just hold the door open and invite any program that asks to do as it pleases, why bother to ask? So Windows 7 includes user settings to eliminate those silly questions. Do I want stuff to just install? Why, yes, thanks. Ask me no questions and I won't have to admit my woeful ignorance.

But - oops! - apparently someone has found a way to change those setting without your knowledge: Code aims to bypass UAC security in Windows 7 says that two kids came up with a way to do that. That's not too surprising by itself, but Microsoft's reaction is. They say that's OK: (from Microsoft Denies Windows 7 UAC Vulnerability)

"However, Microsoft is standing by the change to UAC's default setting, saying it was the result of "a great deal of usability feedback on UAC prompting behavior," and that the feature cannot be exploited unless there is already malicious code running on the machine and "something else has already been breached.""

Well, yeah, and we all know THAT will never happen.


;


Click here to add your comments




Tue Feb 3 21:18:08 2009: Subject:   BrettLegree
http://6weeks.ca
gravatar
Maybe Microsoft should read your last couple of posts on virtualization... :)

Thank the gods for Fusion on my Mac, when I just can't do without that Windows app. And for my work laptop - well, tis their problem we run XP and IE6... I am a "good boy" and keep my data on the servers, so at least when - not if, but when - the whole house of cards crashes down, I can point to the procedure and say "not my fault!"

Your choice of words ("They just don't want to have to do any work.") seems very appropriate. I was saying to a friend of mine (Eyeteaguy) one time, "is it just me or is the average user less computer saavy today than they were in the days of DOS?" - and I know the answer is "yes".

People seem to want everything to just work, and be absolved of any responsibility when it does not...



Tue Feb 3 22:00:07 2009: Subject:   yungchin
http://oei.yungchin.nl
gravatar
Haha, there was this poll on the Dutch forum "tweakers.net" about the issue (see http://tweakers.net/poll/971/uac-in-windows-7.html but it's in Dutch), and about a third of the 7500+ respondents replied "Who cares? I already disabled UAC anyway..."




Tue Feb 3 22:08:24 2009: Subject:   TonyLawrence

gravatar
While exactly what I'd expect, it still makes me shake my head!

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar


numly esn 62490-090203-979622-76
numly barcode

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments



Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.


book graphic unix and linux troubleshooting guide

My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!



 I sell and support
 Kerio Mail server




pavatar.jpg
More:
       - Security
       - Microsoft
       - Linux
       - MacOSX
       - Opinion


Unix/Linux Consultants

Skills Tests

Guest Post Here










My Favorites

Change Congress