Windows 7 Security Flaw is "By Design"

Pat · Feb 7, 2009

iMav said:
Actually its the other way round, people on many forums cried like babies because of the UAC in Vista & when it was relaxed because of the troubled souls they are now criticizing it for being weak. Microsoft - damned if they do, damned if they don't.

Really ? There were just too many (stupid) UAC prompts during Vista and that was the reason why people complained. Does that mean that in the next version, MS will let anyone (any script) completely disable UAC without the user even knowing ??

chandru.in · Feb 7, 2009

But I simply don't understand why the first user is created with full admin privileges? Why can't they just create a restricted default account? That to me is a design flaw in how most Windows systems (at least at homes) get installed and run. Users cannot be blamed for this. This is what makes Windows so difficult to maintain safely by not so techie users.

Since some of Windows fanboys spoke of Linux here, I gotta say Linux (esp Ubuntu) gets it right. root is completely disabled by default. A power user who knows the consequences can enable it if needed. All programs run by user are run as normal users no simple yes/no prompt to run as admin. Even admin programs which automatically prompt for password are prefixed with "gksu" in the menu item. If a user downloads a random program from mail/web and runs it, at the most it can wipe his home dir clean unless he specifically prefixes it with sudo/gksu and gives the password. That is where "secure by design" comes in.

Liverpool_fan · Feb 7, 2009

chandru.in said:
But I simply don't understand why the first user is created with full admin privileges? Why can't they just create a restricted default account? That to me is a design flaw in how most Windows systems (at least at homes) get installed and run. Users cannot be blamed for this. This is what makes Windows so difficult to maintain safely by not so techie users.

Since some of Windows fanboys spoke of Linux here, I gotta say Linux (esp Ubuntu) gets it right. root is completely disabled by default. A power user who knows the consequences can enable it if needed. All programs run by user are run as normal users no simple yes/no prompt to run as admin. Even admin programs which automatically prompt for password are prefixed with "gksu" in the menu item. If a user downloads a random program from mail/web and runs it, at the most it can wipe his home dir clean unless he specifically prefixes it with sudo/gksu and gives the password. That is where "secure by design" comes in.

+1
Exactly.
SuRun attempts to do similar with Windows. It worked really well in WinXP. But I am not sure whether it''ll work with Win7.

red_devil · Feb 7, 2009

@chandru's argument is very true...

iMav · Feb 7, 2009

ROFL! at some posts. :lol:

gxsaurav · Feb 7, 2009

Pat said:
Really ? There were just too many (stupid) UAC prompts during Vista and that was the reason why people complained. Does that mean that in the next version, MS will let anyone (any script) completely disable UAC without the user even knowing ??

With Vista, UAC was released in its first iteration which was fixed & enhanced with User Feedback in Vista SP1 & is being further enhanced in Windows 7. What's the problem here then? Is listening to feedback & fixing the problem a bad thing? The problem came in a "beta" (Read : unfinished) version of Windows 7 which was supposed to have bugs (which is why we call it beta). Yes there was a problem, yes MS was stupid to have this bug...but now they are fixing there mistake so stop cribbing.

Hey, Apple isn't listening to use Windows users to optimize iTunes for Windows which still is a memory bloat & hack slow, shell we start talking about that?

But I simply don't understand why the first user is created with full admin privileges? Why can't they just create a restricted default account? That to me is a design flaw in how most Windows systems (at least at homes) get installed and run. Users cannot be blamed for this. This is what makes Windows so difficult to maintain safely by not so techie users.

The default 1st user created in Windows 7 is "Standard user".

Maintaining Windows isn't tough for not so techie users. They are the crowd which buys Norton 360 or Norton Internet Security or something similar or has it bundled with there OEM PC already. In this case the software does the work automatically, have u heard about scheduled backups, defragmentation, temp file cleaning etc already in Windows?

Ok tell me, what is "maintaining" in your point of view?

All programs run by user are run as normal users no simple yes/no prompt to run as admin

Everytime I try to run Nautilas as root, it asks for my root password. Count that as a flaw of GNOME with your logic too.

f a user downloads a random program from mail/web and runs it, at the most it can wipe his home dir clean

Which means everything in Linux terms

cos all the music, documents etc are in home folder by default which many new users do not migrate to some other partition. They don't even know what a partition is.

iMav · Feb 7, 2009

Maine toh sirf ROFL kar ke chodd diya tha tu ne khol di :lol:

Pat · Feb 7, 2009

gxsaurav said:
With Vista, UAC was released in its first iteration which was fixed & enhanced with User Feedback in Vista SP1 & is being further enhanced in Windows 7. What's the problem here then? Is listening to feedback & fixing the problem a bad thing? The problem came in a "beta" (Read : unfinished) version of Windows 7 which was supposed to have bugs (which is why we call it beta). Yes there was a problem, yes MS was stupid to have this bug...but now they are fixing there mistake so stop cribbing.

I know you never read posts before replying. And thats what you have done here again. I was NOT cribbing about it. I know it is Beta and it is expected that there will be some bugs in it. I was just responding to an oversmart fellow who was justifying it saying this was NOT a bug. Go figure

Hey, Apple isn't listening to use Windows users to optimize iTunes for Windows which still is a memory bloat & hack slow, shell we start talking about that?

Go ahead boy! Who's stopping you

infra_red_dude · Feb 7, 2009

[offtopic]

Lol.. another Windows vs. Linux thread. I was missing this since long

[/offtopic]

I think its time to close this thread. Users haf given their opinions and it seems to haf reached MS (as GX puts it). So I guess this thread can be unlocked and the discussions started if the next release of Win 7 presents the same thing.

Liverpool_fan · Feb 7, 2009

gxsaurav said:
Everytime I try to run Nautilas as root, it asks for my root password. Count that as a flaw of GNOME with your logic too.

Nope.

topgear · Feb 8, 2009

Microsoft Apologises; To Fix Win 7 UAC Flaw

Earlier this week, Tom's Hardware reported that there was an inherent security flaw in the newly renovated User Account Control (UAC) built into the current Windows 7 beta build 7000. Microsoft has listened to the critics and has released details of their fix to address the problem.

At first Microsoft brushed off the issue as "by design," that is, it won't prompt users as much as in Vista which is what it was aiming for. But because the default UAC setting prevents changes to UAC from causing a secure desktop prompt, malicious code can alter the settings and even disable UAC without the user knowing it. Viruses and other malware can then run wild on the system with full administrative rights.

Who makes changes to UAC so often that they will be constantly pummelled with prompts? It wouldn't damage Microsoft's quieter UAC policy too badly to make an exception to the rule in this case for the sake of security. Fortunately, that is what it has now decided to do.

After a negative outcry from the community on their blog post defending the "problem", Microsoft's Jon DeVaan and Steven Sinofsky followed up with another post responding to community feedback.

“Our dialog is at that point where many do not feel listened to and also many feel various viewpoints are not well-informed. That’s not the dialog we set out to have and we’re going to do our best to improve,” they said.

According to the blog post, two changes will be made to the Release Candidate regarding UAC. Firstly, the UAC control panel will run in a "high integrity" process that requires permissions elevation. The blog states that this first change was already being worked on before this issue came to light. The second change will force prompts for confirmation to changes to UAC settings, which is the "simple" fix that Long Zheng mentioned in his blog when the problem was first publicised.

While it may take a fair amount of persuasion, it's good to see that Microsoft responds to user feedback positively.

Source : *www.tomsguide.com/us/windows-7-uac-fix,news-3451.html

Faun · Feb 9, 2009

Thanks Microsoft

chooza said:
Oh I see! I think that you had worked on all the code of Win7. Right???? Dont make such statement when you dont know anything. and there are many difference between India and America. Some of them are:

1. In India you remain with your parents in their old age and do not throw them in old age homes, not in America.
2. In India, you do not sleep with you gf when your parents are with you.
3. In India, there is still some decency left for girls and kids. They are not only meant to do ***.

1. Well thats a good point.
2. So you will sleep with your girl friend if your parents are not with you. Then you are fckuing hypocrite.
3. What decency ? Simply coz it happens secretly and unsafely doesn't make your country a virgin. Stop living in dreams.

gxsaurav said:
Everytime I try to run Nautilas as root, it asks for my root password. Count that as a flaw of GNOME with your logic too.

Yes you can

Just do a sudo nautilus in terminal and you can again do sudo nautilus in another terminal or same without even entering password. Of course till the session expires.
And why would you do everytime ? I mean I never ever opened nautilus as root since I installed Ubuntu.

Which means everything in Linux terms cos all the music, documents etc are in home folder by default which many new users do not migrate to some other partition. They don't even know what a partition is.

Still, my documents is the most adored place for WIndows users

chooza · Feb 9, 2009

T159 said:
Thanks Microsoft

1. Well thats a good point.
2. So you will sleep with your girl friend if your parents are not with you. Then you are fckuing hypocrite.
3. What decency ? Simply coz it happens secretly and unsafely doesn't make your country a virgin. Stop living in dreams.

Yes you can Just do a sudo nautilus in terminal and you can again do sudo nautilus in another terminal or same without even entering password. Of course till the session expires.
And why would you do everytime ? I mean I never ever opened nautilus as root since I installed Ubuntu.

Still, my documents is the most adored place for WIndows users

Define hypocrate.
point 3> Its same in US of A, just check with the no of rape cases they are having or minor pregnency. Here, girls are more safe than USA.

Windows 7 Security Flaw is "By Design"

Pat

Beyond Smart

chandru.in

In the zone

Liverpool_fan

Sami Hyypiä, LFC legend

red_devil

Back!

iMav

The Devil's Advocate

gxsaurav

You gave been GXified

iMav

The Devil's Advocate

Pat

Beyond Smart

infra_red_dude

Wire muncher!

Liverpool_fan

Sami Hyypiä, LFC legend

topgear

Super Moderator

Faun

Wahahaha~!

chooza

Journeyman