Please don't disable security features, at least while we are testing them

Interesting Finds: June 26, 2005 AM edition

Jason Haley — Mon, 26 Jun 2006 17:19:53 GMT

re: Please don't disable security features, at least while we are testing them

Jonathan — Mon, 26 Jun 2006 17:44:35 GMT

I would be interested in seeing how many Vista systems get compromised by malware in the first few months after its full release and then comparing that with the number of those systems that have disabled the built-in security and protection systems that the developers at Microsoft have been working on. I would imagine that, while only a percentage of wide open systems will be breached, almost all breached systems will have the security measures disabled. Of course, all the blame for this will go squarely on the shoulders of Microsoft and, being a large corporation with a public image to maintain, they will just have to take it.

Help Jesper Out With UAC in Windows Vista

Geeking Microsoft — Tue, 27 Jun 2006 03:56:42 GMT

I have blogged in the past about how much I hate the current implementation of UAC (User Account Control)...

Living on the beta edge

E-Bitz - SBS MVP the Official Blog of the SBS "Diva" — Tue, 27 Jun 2006 09:45:33 GMT

So you loaded up Vista and you want to try it on a SBS network... so while you 'can' ... I'd read the...

re: Please don't disable security features, at least while we are testing them

Josh Einstein — Tue, 27 Jun 2006 09:55:32 GMT

You convinced me. Good post.

re: Please don't disable security features, at least while we are testing them

Joop — Tue, 27 Jun 2006 13:40:59 GMT

I have a related question. When being a member of the Administrators group most applications do not actually run with Administrator privileges. Is running as an admin with UAC enabled less secure than running as User with UAC enabled? (Assuming there is a user at the keyboard who knows what (s)he is doing and does not click "Allow" blindly.)

The answer is Yes probably because some processes do in fact run with Admin privileges? Which are these?

re: Please don't disable security features, at least while we are testing them

Miguel Garrido — Tue, 27 Jun 2006 15:41:07 GMT

My biggest gripe with Vista (as of Beta 2) is that there is no way to elevate myself to work with control panel applets, I have to start an elevated copy of Windows Explorer, navigate to the Control Panel and THEN work on whatever changes I needed to make (ie. Remove networks from the Network List).

This is mainly a bother with the control panel, but this happens as well in other parts of the OS where there is no clear way of elevating priviledges to accomplish a task.

re: Please don't disable security features, at least while we are testing them

Mike S — Tue, 27 Jun 2006 21:27:11 GMT

"...so none of my users ran as an administrator. The result, nothing installed, including the spyware."

Here's the crux of the problem -- computers exist to be usable for productive work. Systems administrators act like computers exist to make as little work as possible for them.

I realize the author problem didn't mean to write that he has nothing installed on his computer. But really, if no one ever uses an administrator account, more software is unusable than usable.

And this is the user's fault? We're supposed to beta test this stuff so that Microsoft knows what we need to do and what we don't need? I'm not on Microsoft's payroll.

re: Please don't disable security features, at least while we are testing them

Kevin D — Wed, 28 Jun 2006 00:37:44 GMT

If you are not willing to beta test software because you are not on Microsoft's payroll, why are you running Vista? Is it just so you can say "I'm cool - I'm running Vista!"?

Part of the responsibility of running the beta software is to give your knowledge back to the creator of the software. I know of no cases where Microsoft has come along and forced a user to install software from a beta program on their machine - generally people volunteer for the privilege of being in a beta program. However with privilege comes responsibility - follow the test protocol, report errors fully and completely, and give feedback on your experience. It's not just a popularity contest.

Sorry if this seems like a rant - but I have to "support" beta users who think that beta program member = I'm in the cool crowd.

re: Please don't disable security features, at least while we are testing them

Derek — Wed, 28 Jun 2006 00:41:15 GMT

Excellent post Jesper! All these whining people should shut up, help test Vista, and submit constructive feedback to MS. First people blast MS for crappy security, now they blast them for being too secure. No matter what MS does people want to yell at them.

re: Please don't disable security features, at least while we are testing them

Mitch — Wed, 28 Jun 2006 06:22:51 GMT

Microsoft Sucks!! Disable everything and format hard drive!!! Why would anyone use a product that is so crappy unsecure and spys on you as a user and keeps that in a database. MICROSOFT is a criminal company.

re: Please don't disable security features, at least while we are testing them

Philip Colmer — Wed, 28 Jun 2006 10:20:00 GMT

Thanks for posting this, Jesper. It has been picked up by some of the news outlets (e.g. eWeek) so hopefully there will be a wider audience starting to get this message.

I was pretty annoyed when one of the Tech-Ed presenters suggested turning UAC off during testing. As you have said, it is only through proper testing of Vista and getting the feedback to MS that we are going to all benefit and get a version of UAC that works as everyone needs it to work.

UAC is a big improvement - my step-son recently got hit by spyware. Vista can't come soon enough with its tighter security as far as I'm concerned.

re: Please don't disable security features, at least while we are testing them

Tom K — Wed, 28 Jun 2006 12:55:05 GMT

Well this has been a problem for a long time, and it is the software writers that are to blame not Microsoft. A lot of simple programs write temp or other files to protected areas that then require you to run the program as an administrator. We have been using WINDOWS NT long enough to know how to write programs so they Do not need to have administrator rights, why has it not happened? Because NO ONE MAKES THEM FIX THEIR SOFTWARE! Look at PALM sync software, you have give the user ADMIN rights, then install it to a directory they have normal rights to read and write from, then you can remove their ADMIN rights... This is the FIX they posted on their website. It is totally absurd. I should be able to install the software as an administrator for every user on the PC then log off and the software should work. I think what Microsoft is doing with this software is great, one it should give the software vendors more opportunity to see how their software is broken and FIX IT, two it will hopefully stop administrators for given USERS admin rights that they should NEVER have. I wish I could have been in the BETA to see it first hand.

re: Please don't disable security features, at least while we are testing them

Gilles — Wed, 28 Jun 2006 19:17:03 GMT

Second post, it cancel previous one.

I use Vista with standard parameters and I test my application in this mode.
I test installation of my programs, that use MSI technology and a Boostrap setup.exe
I have prerequisite to install. So to avoid nested installation, I use Prerequisite. The Bootstrap launch sub setup.exe before launching the main msi .
But to install each sub setup.exe, I have UAC Windows...
I read that for installation, the high privilege was transmitting from on program to another one. Is it true? Is there something to do to allow sub setup to be installed without any UAC Dialog box?
Thanks for your help.
Gilles

re: Please don't disable security features, at least while we are testing them

Shawn — Wed, 28 Jun 2006 23:35:06 GMT

Why not make the UAC functionality ask only once per logon session but, with a timeout that is configurable. So say you need to do some admin priv stuff, you enter your credentials and after 5-10 minutes the credentials expire. If that is not long enough or is too long, let the use configure the timeout.

The best of both worlds.

re: Please don't disable security features, at least while we are testing them

SEO Rules! — Thu, 29 Jun 2006 02:15:20 GMT

Jesper,
On one hand I gotta admit, you are now thinking of security which is good, ofcourse.

On the other hand, these features are from the stone age (in *nix). Vendors SHOULD be pressed!
If microsoft doesnt take this task serious who will?

Backward compatibility is not everything.

Old software must be unsupported until rewritten.
Security is too big of an issue to wait for lots of lazy people.
Sure enough, when their software won't run anymore because of the need for an admin account, the get off their bums and redesign their software so that it is compatible.

Microsoft should set a date, deliver proper info both online and offline (to the top 100 software developers with compatibility problems).

After this date, there is no excuse for the developers.

I also heard microsoft stopped developing their FS.
http://ozy.student.utwente.nl/projects/dbfs/

This is a simple FS idea. But a 2-layer database will be more prone to errors.
SEO Rules!

Windows Vista User Account Control (UAC)

Think Security - Jeff Jones Security Blog — Thu, 29 Jun 2006 03:24:17 GMT

Jesper apparently stirred up things a bit with his latest post, Please don't disable security features,...

re: Please don't disable security features, at least while we are testing them

Molly C — Thu, 29 Jun 2006 04:56:49 GMT

In the next beta release, Microsoft should simply not allow UAC to be turned off, thereby forcing the "beta testers" to actually test the feature and report feedback rather than turning it off.

Hoe zet je UAC uit? Niet!

La Vista è bella . . . — Thu, 29 Jun 2006 08:47:19 GMT

Een vraag die vrij snel gesteld wordt,&nbsp;ik denk dat een deel van de testers deze gedachte wel eens...

Hoe zet je UAC uit? - Niet!

Windows Vista blog — Thu, 29 Jun 2006 08:47:37 GMT

Een vraag die vrij snel gesteld wordt,&nbsp;ik denk dat een deel van de testers deze gedachte wel eens...

re: Please don't disable security features, at least while we are testing them

David V — Thu, 29 Jun 2006 18:23:28 GMT

This feature is ill-considered, at best. There are far simpler and less annoying ways to secure user accounts. Look at how the Mac does it.

re: Please don't disable security features, at least while we are testing them

DrSubliminal — Fri, 30 Jun 2006 18:19:31 GMT

Microsoft *FORCE* vendors to change their code?

Can we say ANTI-trust? Wow, where have you been for the last 10 years while MS has been spending billions defending their practices.

The people who hate UAC hate the fact that they lose some ease of use during installs? SO WHAT? Can we drive 100mph on a highway all the time? Sure. Should we? Not if we value our lives.

Are you tempted to disable UAC in Vista ?

Rolando Ramirez's WebLog — Mon, 03 Jul 2006 22:05:24 GMT

Please firstread what Jesper Johansson has to tell us about this. In a related post, Jeff Joneswrite

re: Please don't disable security features, at least while we are testing them

bart — Wed, 05 Jul 2006 23:41:52 GMT

The idea of user feedback works really well in the open source areana where you don't have to pay for the software, or the community support. But to simply reduce the cost of development for Microsoft at the expense of my time is too much to ask. The theoretical reason why someone would actually pay for software is because it is already better then the open source options. Get it right the first time and charge, or make it open source join the rest of the global community.

re: Please don't disable security features, at least while we are testing them

John — Thu, 06 Jul 2006 15:33:55 GMT

Hi,

I have an ASP (not an ASP.NET) application accessing Sql Server 2005 database installed in Vista Beta 2 (Build : 5384). I am unable to access my application in server. UAP is blocking my application. I dont want to change system level UAP configuration using msconfig or secpol.msc.
Can any one suggest me some idea to change application level UAP configuration, so that I can access by ASP application.

Thanks in Advance.

-John-

re: Please don't disable security features, at least while we are testing them

John — Fri, 07 Jul 2006 07:34:00 GMT

re: Please don't disable security features, at least while we are testing them

rich — Sat, 08 Jul 2006 05:46:44 GMT

i read your article, and i'm still turning it off. it's stupid and annoying.

re: Please don't disable security features, at least while we are testing them

gideon21us — Sat, 08 Jul 2006 19:03:35 GMT

am also convinced to leave it on--fine post, point well taken and recieved that yes, this is beta... haven't gotten around to turning anything off, but now I won't and I'll submit feedback as well

re: Please don't disable security features, at least while we are testing them

Barry Abrahamson — Mon, 10 Jul 2006 13:30:33 GMT

People are unfortunately never happy with change, but in todays world change is necessary, especially for the protection of our identities in an ever increasing virtual world. As more and more people become permanently online and as technology spreads and becomes more widely available, its common sense that the biggest operating system vendor in the world would need to set new standards on security to combat current and future threats, so please stop being pestering about complying with new technology, instead lets join forces to create more secure systems for our own protection.

re: Please don't disable security features, at least while we are testing them

Mats Olsson — Tue, 11 Jul 2006 14:58:59 GMT

Jesper

Unfortunally the biggest software vendor that outputs software that requires users to be admins tends to be Microsoft itself.

A very current exampel of this is the printer installation routines. It's no problem for me as an admin to silently install local printers, as long as they are lpt devices. Are they usb devices they uasully requires the dot4 printer support and this component can't be pre or silently installed acccording to MS support.

The effect of this is that we have to give every laptop user that needs to plug in to a usb printer admin priviliges since I cant preinstall a list of allowed modells without plugging each of them into each laptop.

Another issue for mobile users is that XP (atleast) requires users to be admins to change the speed of ther nics. This is a major issue since we got cat3 and cat5 networks with sometimes faster switches. The switch and the Computer will negoiate a link speed that they can do, regardless of the cabeling. Ofcourse this means problems then a computer tries to use Gbit on cat3.

re: Please don't disable security features, at least while we are testing them

jesper — Thu, 13 Jul 2006 23:19:20 GMT

Mats, yes, Microsoft has a checkered record on apps that require admin privileges, but the example you give is not great. Installing printers is an administrative task since it involves installing kernel drivers. Not that it helps a lot right now, but that is changing in Windows Vista. You get a lot more flexibility as well as usermode drivers.

re: Please don't disable security features, at least while we are testing them

mats — Wed, 19 Jul 2006 17:05:54 GMT

Hi again

Yes i agree, installing a printer is admin work but as this piece of SW is done an admin can't do it since it would require that admin to manully plug in every USB printer that the company allows into each box before handing it over to the user. Lets say that you got about 30-40 difrent printers types and a 1000 laptops. This is ofcourse not doable.

MS solved this for lpt based printers with the exelent utility called dpinst. Dpinst can preinstall the drivers into the pnp cache. Since the driver now is in the cache it doesn't need admin to be installed then the printer is connected. Therefore I as an admin can create a package or a script that will preinstall all allowed models during the automated installation of the box

Unfortunally this can't be done with usb so the alternative is to give the user admin........

I'm looking forward to vista in about 2 years time then all our apps hopefully will support it and osi layer 8 and 9 has realised it's time for a change

re: Please don't disable security features, at least while we are testing them

chris — Wed, 19 Jul 2006 21:39:46 GMT

What about going into control panel as admin and allowing a particular app to run as admin by default.

Then once an app that has to run that way can still be allowed and UAC is still intake

re: Please don't disable security features, at least while we are testing them

Bill C — Mon, 24 Jul 2006 20:27:52 GMT

You asked for feedback, from the perspective of an ISV, I want easier deployment and maintenance of client application with the ease and maintainability traditionally associated with web applications ... and that don't make my users (personas) feel stupid when they go about using them.

Can we agree that for all practical purposes for the still remaining ISVs, the web is the starting point for 99% of the users (personas) for initially coming into contact with (smart) client applications?

Then what do I need from Microsoft to provide a delightful experience for my personas using my application on Vista?

Well for starters, much better deployment technology without sacrificing much better security: There is absolutely no doubt in my mind that UAC is going to improve security, etc, but that is just a small part of what I have to be concerned about with from the perspective of an ISV, whether I have an old application moving up to Vista, or something new.

Let's take Jesper's own story. What is Jesper really saying about himself versus Steve and his wife? Sure Jesper doesn't create admin accounts for everyone in the family, but is he really saying he never wants them to get anything productive done (like a web download and install) unless he's standing there over the shoulder? Chances are this story means his family members have the admin password written down somewhere on paper. How is that any better than what Steve is doing?

Bottom line, under this new UAC model, is it Microsoft's intentions that the consumer marketplace have admin "over the shoulder" to help elevate when needed? This is unrealistic. Mike S's comment that "computers exist to be usable for productive work. Systems administrators act like computers exist to make as little work as possible for them" is dead on point. That is exactly what Cooper's 'inmates running the asylum' is suggesting and I see plenty of evidence of it going on, but I am very glad you are looking for feedback.

I agree that UAC is a big step in the right direction, but without addressing the other deployment related issues, you might find that you've won the battle, but lost the war as far as the future of smart-client applications is concerned. Seems like something else is needed.

For example, is there any discussion for a more sandboxed model so that smart client applications (especially for the consumer marketplace) never ever need to cross the priv elevation model? So that in the future it really will be Steve's own fault if he continues to be a 'nice guy'. Today he's not only nice ... he's simply being practical … time will tell whether he'll continue to have to be practical after Vista releases.

We need an even better model.

re: Please don't disable security features, at least while we are testing them

Aaron — Tue, 25 Jul 2006 19:36:05 GMT

The problem with UAC is it prompts on things it should no it prompts so often that people will start blindly clicking yes to everything. Therefore the so called protection is bypassed anyways because you made an army of robot yes clickers.

Yes I understand security is needed but when you make things aggervating and unproductive people just quit using them it is down right human nature. I have seen this in work places if IT makes something secure but aggravating people just quit using it.

UAC in theory is heading in the right direction but the implementation to this point is completey and utterly in the wrong direction.People will take the path of least resistance and try to make things easy for them. Unless you tone down the amount of clicks you are inviting people to just disable the UAC feature period.

If Microsoft really wants the feature to work they better start rethinking what cause a click and what does not. That pop up should be an alert to the user not just another click that waste time which is what it is at this time.

re: Please don't disable security features, at least while we are testing them

Anonymous Oracle — Sun, 30 Jul 2006 17:33:09 GMT

Those who fail to understand UNIX are doomed to reimplement it. Poorly

re: Please don't disable security features, at least while we are testing them

S.H.Bouwhuis — Mon, 31 Jul 2006 18:59:53 GMT

[quote Aaron]The problem with UAC is it prompts on things it should no it prompts so often that people will start blindly clicking yes to everything. Therefore the so called protection is bypassed anyways because you made an army of robot yes clickers.[/quote]

You hit the nail on its head! This is exactly how I respond to the 'The publisher could not be verified. Are you sure you want to run this software?' messagebox.

Being a software developer myself I know that 90% of my messageboxes aren't even read and just blindly answered with 'Next' / 'Ok' / 'Accept' / ...
Knowing this, I disable those buttons for about 5 seconds for really critical questions (think: delete records from the database, remove photos, ...)

I think the privileges should be asked for once and remembered. But, there should be someway to revoke the privileges as well.

Internet Explorer Protected Mode and other stuff...

Spyware Sucks — Sun, 06 Aug 2006 07:02:28 GMT

For your viewing pleasure.. an excellent video from TechEd
Windows Vista System Integrity Technologieshttp://www.microsoft.com/emea/itsshowtime/sessionh.aspx?videoid=223...

re: Please don't disable security features, at least while we are testing them

Santiago — Mon, 07 Aug 2006 12:35:56 GMT

[quote Aaron]The problem with UAC is it prompts on things it should no it prompts so often that people will start blindly clicking yes to everything. Therefore the so called protection is bypassed anyways because you made an army of robot yes clickers.[/quote]

I also agree. Improving security with the UAC seem to be great, but walking on the nervs of users will not help improving security.
I´am convinced in keeping the uac working, to make the tests, but I hope there will be a better solution in the release version.
Do not think users would read any popups, which have an accept/next/ok-button. Especially not, if the amount of popups increase.

Windows Vista 101: How to turn off UAC at istartedsomething

Windows Vista 101: How to turn off UAC at istartedsomething — Sat, 09 Sep 2006 16:34:13 GMT

PingBack from http://www.istartedsomething.com/20060909/howto-turn-off-uac/

Please don’t disable security features, at least while we are testing them | Secure Software Engineering Blog

Sun, 02 Mar 2008 22:13:36 GMT

PingBack from http://www.secure-software-engineering.com/2008/03/02/please-dont-disable-security-features-at-least-while-we-are-testing-them/

IE7 (Vista) protection? | keyongtech

IE7 (Vista) protection? | keyongtech — Thu, 22 Jan 2009 04:17:32 GMT

PingBack from http://www.keyongtech.com/1251856-ie7-vista-protection