Vista: Permission Granted
Among early adopters of Microsoft's freshly minted Windows Vista operating system, the strongest reactions so far seem not to revolve around the system's fancy new looks or its handy search facilities, but rather around Vista's knack for asking permission to carry out operations that require administrative privileges. Summing up the annoyance felt by many Vista users so far, my colleague, Microsoft Watch's Joe Wilcox, recently suggested that if Vista were a car, flicking your turn signal would prompt a pop-up to look both ways before turning out into traffic. In some cases, Vista could certainly keep its concerns to itself. For example, if I trust an application enough to install it, it stands to reason that I trust the application enough to allow it to talk over the ports it's designed to use. So Vista's firewall needn't bug me about cracking a hole in my local firewall. I believe that Joe's automobile turn signal analogy says more about the unrealistic expectations of Windows users than it does about any nannyish-ness on Vista's part. Flicking on your turn signal is a well-defined use for your car--in the same way that flipping through your applications menu, changing your desktop wallpaper or firing off an e-mail with the Windows Mail client are well-defined uses of your Windows machine. These sorts of operations won't trigger a security prompt in Vista, even though they can possibly get you into trouble. For all its rumored overprotectiveness, Vista won't intervene to prevent you from sending a drunken, angry e-mail to your boss, for instance. However, when it comes to the sorts of actions for which Vista will ask permission--such as installing some application or plug-in you've found on the Internet, bringing down your firewall or disabling those pesky UAC (User Account Control) prompts altogether--it's appropriate that Vista applies the brakes. The operations Vista asks about fundamentally modify your machine and can lead toward your PC behaving in ways that you didn't intend. To use the car analogy again, they're more like undertaking a do-it-yourself windshield replacement or popping in a fuel injection system you bought on eBay than they are like using your turn signal. You wouldn't expect to fundamentally modify your car without knowing what you're doing--or allow someone you don't trust to do the same--and expect that everything would work just fine. So why should users expect the same from their operating systems? In defense of Windows users who are beginning to chafe under the yoke of appropriate rights management, Microsoft has pretty much trained us to behave in this way by doing way too little to enable and encourage sane management practices for its operating systems. With Vista, Microsoft has begun to change its ways, and now Windows users must learn to change their ways, too. For starters, if you don't want Windows bugging you about the potentially destabilizing effects of what you (or your end users) are doing, start getting used to the idea that willy-nilly software installation and system modifications aren't every user's computing birthright. As annoying as it may sound, these sorts of activities must be undertaken with much more care than most of us are accustomed to according them. Microsoft can make things easier for its users by taking a page out of the software management playbooks of Linux distributions, which typically offer a framework of network-accessible repositories of cryptographically signed packages. These packages can be self-hosted, hosted by the Linux provider or hosted by trusted vendors, yet they are accessible with the same set of software management tools. In OpenSUSE, for example, it's possible to grant a regular user the right to install packages from preset repositories, which can help strike a balance between self-service and IT department vetting. I'd like to see Microsoft work with software vendors to extend Windows Update to offer similar functionality. IT departments could bless trusted repositories from which regular users could install applications and updates without sacrificing safety or requiring elevated rights. I can imagine third-party certification bodies emerging to offer companies and individuals a much larger catalog of checked-out software than they could manage to vet themselves. Such a service might be a good value-add for OEMs to extend to their customers, as well. None of this will save you from sending that ill-advised e-mail--or from blindly changing lanes, for that matter--but we should at least be able to expect that our machines act as we intend them to. |
For more IT related content on the blogosphere, check out www.ithub.com
Comments (8)
So installing Google Talk is akin to installing a fuel injector in my car? Give me a break! My favorite one is when it asks you to Unblock a chat program, then Vista asks you to Allow it to Unblock the chat program. Apple got it right with OSX. Microsoft has no excuse on this one.
Posted by Bernie Mac | February 16, 2007 6:47 PM
Good article Jason. In my limited knowledge of computers I actually understood everything you were saying, thanks mostly to the car analogy.
Posted by Live Evil | February 19, 2007 12:32 PM
You missed the obvious flaw in the Joe Wilcox's car analogy: the lock and key. It keeps other people from (easily) stealing your car and using it for whatever they want while, yes, maybe even flicking the turn signal.
Posted by JWPlatt | February 20, 2007 3:19 PM
"I'd like to see Microsoft work with software vendors to extend Windows Update to offer similar functionality. IT departments could bless trusted repositories from which regular users could install applications and updates without sacrificing safety or requiring elevated rights."
Do you honestly foresee this ever happening? Do you honestly foresee this happening in a way that remotely resembles the trusted and easy environment that Linux users are used to? Get real, it will never happen. Go down the hall and ask Jim Rapoza why this vision is impossible.
"Vista won't intervene to prevent you from sending a drunken, angry e-mail to your boss, for instance."
No it wont because it doesn't have anything near that capability. This is a nonsensical example.
I completely applaud MS for implimenting the UAC it was a much needed feature. Down the road when the UAC saves the butt of those that are now griping they will change there tune! However, this opinion I think is from a business perspective. I fear the majority of home users will never understand the concept and why they need it. For them its always going to be a hassle and thats a shame.
Hal
Posted by Hal | February 21, 2007 10:06 AM
"I'd like to see Microsoft work with software vendors to extend Windows Update to offer similar functionality. IT departments could bless trusted repositories from which regular users could install applications and updates without sacrificing safety or requiring elevated rights."
Do you honestly foresee this ever happening? Do you honestly foresee this happening in a way that remotely resembles the trusted and easy environment that Linux users are used to? Get real, it will never happen. Go down the hall and ask Jim Rapoza why this vision is impossible.
"Vista won't intervene to prevent you from sending a drunken, angry e-mail to your boss, for instance."
No it wont because it doesn't have anything near that capability. This is a nonsensical example.
I completely applaud MS for implimenting the UAC it was a much needed feature. Down the road when the UAC saves the butt of those that are now griping they will change there tune! However, this opinion I think is from a business perspective. I fear the majority of home users will never understand the concept and why they need it. For them its always going to be a hassle and thats a shame.
Hal
Posted by Hal | February 21, 2007 10:06 AM
First, fix the URL on your Eweek column....blogs.eweek.com/brooks/print takes you to an error page.
As for the column...
Um, no. I don't. Or at least I shouldn't. Apple's OS X and Linux distros manage to stay secure without the insane amount of handholding Vista requires. It's not so much my responsibility to change the way I do things as it's Microsoft's responsibility to make a product that's secure out of the box and stays that way with a minimum of fuss. Vista's security methods remind me of the ridiculous sexual harrassment regulations enacted on some college campuses in the 90's when you had to ask permission during each and every step of the dating process. May I hold your hand? May I kiss you? May I touch your.....well, you get the idea.
Bottom line....nothing angers me more in IT than a software company telling me I have to change my practices to suit their software. The onus is mostly on Microsoft to change, not the end user.
Posted by Douglas | February 22, 2007 4:48 PM
"IT departments could bless trusted repositories from which regular users could install applications and updates without sacrificing safety or requiring elevated rights."
IT departments can use App Deployment functionality to make applications available to their domain users. They have the option of installing the app, deploying shortcuts that will cause the app to be installed on first use, or making it installable from the "Add New Programs" section of "Add/Remove Programs". This functionality has been available since Win2k.
Posted by Ron | February 22, 2007 5:08 PM
Your article is typical of many. No actual thought to what really happens out in the world! The normal user wants to run the component manager - "do you really want to do this?". Now come on, what kind of security is this? Nonsense, that's what. If the user has enough ability to run it then they need not be asked if they want to.
Oh yeah, and when they don't know for sure what they are doing, they are going to say yes anyway!
This is an annoying joke not a new way to be secure!
Posted by Frank | March 13, 2007 11:42 AM