UAC in Vista not granular enough?
I had the following chat with one of my coworkers yesterday and I thought I would share. . . What are your thoughts?
BTW: if you have already seen Microsoft’s latest product “Mojave” you have got to check it out! http://www.mojaveexperiment.com/
Mr. Smith [8:19 AM]:
Hey what do you think of this? http://www.vnunet.com/vnunet/news/2183507/vista-secirity-hole-discovered
Weisfeld, Shawn A [8:29 AM]:
I think there is a bigger issue
Weisfeld, Shawn A [8:29 AM]:
so from reading that article the user doesn't like the granularity of UAC
Weisfeld, Shawn A [8:29 AM]:
(i.e. either No access, or full access)
Weisfeld, Shawn A [8:29 AM]:
IMHO a bigger problem is that so many people just turn UAC off entirely
Weisfeld, Shawn A [8:30 AM]:
providing no protection
Mr. Smith [8:30 AM]:
I was just reading about that
Mr. Smith [8:30 AM]:
because people get irritated with clicking 'allow'
Weisfeld, Shawn A [8:30 AM]:
ok people dont want to click "allow"
Weisfeld, Shawn A [8:31 AM]:
and Russinovich wants them not only to allow an installer but pick the correct level of access to give it
Weisfeld, Shawn A [8:31 AM]:
I dont know if this is a technical problem or a people problem
Mr. Smith [8:31 AM]:
good point...
Mr. Smith [8:31 AM]:
but to not even have the ability to restrict the authority of an installer seems like a problem
Weisfeld, Shawn A [8:32 AM]:
ok, so he said he could "do this in XP"
Weisfeld, Shawn A [8:32 AM]:
that means in XP he created an account that did not have admin rights
Mr. Smith [8:32 AM]:
granted, I've never bothered to do it
Weisfeld, Shawn A [8:32 AM]:
and ran his installer as that account
Weisfeld, Shawn A [8:32 AM]:
what is preventing him from doing the very same thing in Vista
Mr. Smith [8:33 AM]:
good question
Weisfeld, Shawn A [8:33 AM]:
if a user only has "user" access, I dont care what UAC popup they click on they cannot give anything admin rights, they dont even have them. . .