

Sacrificing security for usability: security flaw in Windows 7 beta (w. proof of concept) - mixmax
http://www.istartedsomething.com/20090130/uac-security-flaw-windows-7-beta-proof/

======
kwamenum86
there goes mt renewed confidence in microsoft

------
GrandMasterBirt
The problem is a tough problem. Its not MS. The goal is to prevent malicious
code from tampering with a stupid user's machine.

Now what would be the ideal solution is: To open the UAC panel the user MUST
type in their administrative password. After that all is fair. Sort of like
what linux does to be able to configure, just need the root password.

After that don't notify of "my" security changes, just other programs making
it. When it is critical then force the user to enter the admin password.

Knowing MS users though, they would say "wtf, windows is making me enter admin
passwords?" and leave it to apple to make fun of that. Then you realize mac
does the same thing: Need admin password? Ask for it! Need it again? Ask
again!

Why can't ms just force an admin password and to make changes like that ask
for the admin password with big sparkly things saying "if you enter this, the
program can stick a stick up your pooper and you will be fucked, so you better
trust this program or turn back now you damn idiot!"

Actually MS is being innovative by allowing things to happen, but asking for
passwords or notifications only when it is deemed absolutely 100% necessary. I
would say MS is more innovative than anyone else by trying such things, or
they are too fucking lazy to implement root.

