October 10, 2008

Without a Clue: Anyone Who Doesn't Grok UAC

With a bit of discussion of UAC on e7, interest in UAC has moved up a little bit again. I have to say I like the comments for the most part from the post; a good deal of people like UAC, or if they do not like it, they understand and use it (this is far different from those who do not understand it, and turn it off).

That isn't to say someone can dislike the current state of it, but understand the principle and use it to their advantage. Not liking the implementation is a bit different from not understanding LUA.

I just have a few things to say:

If you don't use UAC during regular use (so those who will turn it off for a few minutes to do some installation work, and those who log into the full administrator "Administrator" accounts don't fall into this poor, poor crowd of people who I will never regard as Power Anything) you are either uneducated or daft.

Don't like how blunt I am? Tough. I have no respect for those who cannot even practice the simplest of security practice.

Sound like a lot of people to have an innate dislike for? Only 8% of Vista users even turn off UAC, as per the e7 data. So it is a vocal minority of those who don't understand LUA. Sad indeed.

If you don't understand UAC, learn. It isn't that hard.

In fact, the tipping point for me posting this was an entire company that doesn't understand UAC.

Norton.

Okay, so here are a few basic things you should know about UAC before I tear into Norton for being the stupidest security firm in the world at this moment...

  1. UAC runs on a Secure Desktop that cannot be touched by any programs by default.
  2. UAC prompts for a password if you run a Standard Account like you should; Administrator accounts can be changed to fit this behavior, but don't by default for convenience, and the simple fact that only the end user can allow a UAC prompt anyways, as per #1.
  3. UAC is all about LUA; Least User Access, which is the good great idea that no program should have more power then it needs, even if you trust the program. This reduces security intrusions on multiple levels. Seriously, just read about LUA. Asking your permission was the way it was always meant to be.

Now I will tear into Norton.

Norton thinks it can do UAC better. However it isn't even aware of how UAC functions (or is lying), as per the example below:

What’s more, because the UAC may give a false sense of security since other processes can still access the desktop, it actually raises security concerns.

If they don't know the features of UAC, how can they even do better?

I could go on, but I'll end on why I haven't posted in a while.

  • Hard to match my last post in importance.
  • I am learning C# right now.

So there you go. People who don't get UAC: You are Without a Clue.

Posted by Yert at 5:37 PM
Tags: , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)