back to article Windows 7 UAC shutoff 'bug' leaves Microsoft unmoved

Security researchers have unearthed a potentially serious flaw in User Account Control (UAC) features in Windows 7. Microsoft is aware of the issue but is currently unconvinced it needs to make changes to the pre-release code. UAC is a security feature introduced in Windows Vista that's designed to prompt users for permission …

COMMENTS

This topic is closed for new posts.
  1. Allan Rutland

    So simple fix no?

    Surely all they have to do is make sure any changes to UAC prompts and not make it classed the same as a control panel. Problem solved no?

  2. Fred

    Trying to copy Linux !?!

    So! This is NO surprise, people will no doubt PAY good money for an OS that is closed, and then they PAY to protect it with some anti-virus and anti-malware program, and then fall prey to yet ANOTHER bot/virus/worm. Is utterly obvious that they're trying to copy Linux, but just like the pack of cards that M$ is, just lets in another avenue of attack.

    Save you money, enjoy a world of FAR FEWER security risks, and a big increase in speed : Linux!

  3. Christopher Ahrens Silver badge

    I think Microsoft means:

    That they'll make the fix in the final, but not produce a patch / fix for the Beta. Producing patches for beta software becomes a real bitch, especially out of sequence....)

  4. Richard Silver badge

    That'd be "Broken By Design" then.

    No change there.

    And I had such high hopes for Windows Seven.

    MS - there is still time to unbreak it. Maybe you should listen to security consultants?

  5. Anonymous Coward
    IT Angle

    By design: delegated to anti-malware providers?

    delegated to anti-malware software providers?

  6. Ken Hagan Gold badge

    Alternatively...

    ...you could stop running as admin.

    UAC a a band-aid for cretins. No bug in UAC could possibly be as gaping a hole as using an admin account for everyday work. If you do that then you *deserve* to lose.

  7. Royce
    Thumb Up

    Obligatory.

    And nothing of value was lost.

    I haven't utilized, nor seen the need for, UAC in Windows Vista on any of my systems. I can cross the street on my own, to make an analogy.

  8. Anonymous Coward
    Gates Halo

    Windows 7 - best ever OS to date!!

    Windows 7 Rocks!!

    In fact, I bet there will be more PCs running beta versions Windows 7 than there will be PCs running 'production' copies of Linux

    Linux, irrespective of the flavour, is a feeble, confused, pathetic excuse of an operating system. Used by sad geeks with no social skills who spend all their life on the internet.

    Apple PCs are bought by people with more money than sense, who actually think that they are being trendy and ‘making a statement’ by buying some overpriced white tat. Irronically, most Apple users install Windows anyway.

    The best thing about Windows 7 is that it will make Microsoft billions and billions of dollars. I love Microsoft!!!

  9. Anonymous Coward
    Thumb Down

    Ho ho ho

    Cue yet another Linux fanboy.

    Yet every Linux setup script and every other Linux forum entry tells me to turn off SELinux, because it's such a bugger. I'll turn it off when I turn off NoScript - and that will be another cool day in hell...

  10. RW
    IT Angle

    Why can't MS figure out these things itself?

    Surely they have competent security people on staff? Or do they?

  11. Gary

    @Christopher Ahrens

    I sure hope that's what they mean. Leaving a gaping security hole like that almost makes it worse than the "security" in XP.

  12. Jonathan McColl

    Bugfixing betas

    Without going too far into shock-horror mode, isn't it the purpose of releasing a beta to get holes discovered?

  13. Bill Cumming
    Alert

    This might sound stupid but...

    Should the UAC not pop up asking if you want to shut off or silence the UAC? Another footbullet for microsoft? Or a win for linux?

  14. Chad H.

    Typical Microsoft

    Its not a bug, its a feature... Its supposed to constantly reboot (etc)

  15. Fintan

    Its a beta you morns

    Its a freaking beta. it will be fixed in the final release. You know what your getting into when you use beta software. get over it. seriously!

    Some folks look for anything to try to take down microsoft with.

  16. SkippyBing Silver badge

    Linux

    Is for people who think playing with operating systems is the point of computers. Just to clear that up before the zealots make the point. Windows is an operating system that retards can use, yours isn't however it does have lots of software that's fun to use without an BEng in software engineering.

    In plain English 'NO ONE GIVES A FUCK ABOUT LINUX, GO AWAY WE'RE TALKING TO GIRLS.'

  17. Leo Davidson

    There's also an antitrust issue here, IMO.

    The UAC whitelist is anti-competitive, as well.

    Users cannot add 3rd party components that they use & trust to the UAC whitelist. Only Microsoft's own components can be on it. So, for example, third party file managers have to display at least one UAC prompt to get admin access while Microsoft's Explorer does not. That isn't an even playing field.

    Similarly, users cannot remove Microsoft's components from the UAC whitelist. So if you do not use Explorer but do want the whitelist (which is on by default), you are forced to leave the security hole open for Explorer even though it doesn't benefit from you. Explorer's UI isn't isolated like an admin process is -- its windows have "medium integrity" -- so there doesn't seem to be anything to stop it being remote-controlled via mouse & keyboard events. Which is an okay trade-off if you use it but a stupid security hole if you don't.

    Sadly for me (a file manager nut), people don't seem to care much about anti-competitive behaviour that affects anything other than web browsers, so nobody AFAIK has picked up this story, although I did mail a bunch of sites about it.

    More details here, including a confirmation from Microsoft:

    http://www.pretentiousname.com/misc/win7_uac_whitelist.html

  18. Anonymous Coward
    Anonymous Coward

    @Fred

    Since when did Linux become a religion ? Do you sleep at night with a fluffy penguin clasped close to your body ?

    Now get on topic asshole !

    I suspect that this 'bug' will be squashed in the release code, this is a beta after all, lets judge W7 on the final RTM.

  19. Anonymous Coward
    Unhappy

    behaviour is "by design"

    MS for "sure we've got our head up our arses".

  20. Henry Wertz Gold badge

    OH no of course not

    Oh, no, there's no POSSIBLE way being able to turn off UAC with no user intervention could POSSIBLY be used insecurely.. *rolls eyes*. Get it together microsoft.

  21. Anonymous Coward
    Anonymous Coward

    eh?

    Am I missing something here? If the end-user turns off UAC then it is disabled. How is this a bug?

  22. Alex Rose

    @anonymous coward - eh?

    Yes apparently you ARE missing something. You're missing the bit where you actually READ the article and learn that malware can turn off UAC without the "end-user" knowing about it. F- for reading comprehension I'm afraid.

  23. Randall Lind

    So vista also has a bug right?

    I don't get it if you disable UAC how is it Microsoft fault? I have it disable in Vista cause none of my programs seems to work with it installed. They crash when using or have issues installing so I disable it.

    Microsoft is against this but, I have a router with a built in firewall, anti-virus etc and I am not worried about it.

    I thought UAC couldn't be turn off in Window 7 any way? I know you can disable prompts but thought it still ran in the background.

  24. Adrian Esdaile
    Stop

    "Save you money, enjoy a world of FAR FEWER security risks, and a big increase in speed"

    Except that none of my critical apps work, and there are NO EQUIVALENT APPS under Linux.

    Bugger.

    Back to Windows then.

  25. Kanhef

    @ Microsoft defenders

    The issue is not that there is a security flaw in a beta version of an OS. It's that Microsoft refuses to acknowledge and fix it. Suppose a vulnerability was found that let an attacker access anyone's Gmail account, and Google announced that they would not do anything about it. Would you find that acceptable?

    @SkippyBing:

    "Windows is an operating system that retards can use"

    Unfortunately, yes. That's why there are multi-million computer botnets spewing the spam that fills your inbox. That's why I regularly have zombies hammering on my FTP and SSH servers. That's why so much money is wired to Nigeria. That's why there are so many tech-support horror stories (broken cupholder etc.). If operating a computer required a modicum of intelligence (like how operating a car or airplane requires a certain level of competence), cyberspace would be much more hospitable.

  26. James Woods

    intentional?

    Perhaps things like this are intentional. MS has to have people in the dev that know a good bit about how things work, or at least we'd like to hope they do. It's my guess that they release things like this intentionally so that software companies (that microsoft has a shared interest in) can make programs to protect it.

    It's the same as Comcast refusing to release a bandwidth meter for users. For awhile now they have been suggesting you buy software, of course go by software they suggest because they benefit from those purchases.

    In MS's defense when comparing Windows to Linux if your not an idiot you don't use your Linux PC as root therefore you'd immediately remove yourself from alot of potential issues.

  27. Matthew
    Thumb Up

    good

    they have made it easier to turn off windows own built in nagware system - UAC. they be applauded for it.

  28. Anonymous Coward
    Alert

    Am I missing something?

    How on earth is this as big of a bug as the tech press would have you believe?

    If you have untrusted code running on your system and you are logged in as admin, you're already a loser.

  29. amanfromMars Silver badge

    Covert Microsoft Operations? Or just Sloppy Seconds from Over/Underrated and Under/Overpaid Coders

    A recognised flaw ignored by Systems Admin/Windows Programmers would easily disguise In-House Use, which could be maliciously attributed elsewhere and therefore would warrant a Systemic Abuse award.

  30. Alice Andretti
    Unhappy

    Why are MS defaults so often unsafe?

    "Anonymous Coward" (31 January 2009 00:53 GMT) said:

    "I suspect that this 'bug' will be squashed in the release code, this is a beta after all, lets judge W7 on the final RTM."

    I hope you're right. Otherwise, it doesn't bode well for MS security attitudes in general.

    I too, like someone else up above on this page, have high hopes for Windows 7, because I don't necessarily want to be stuck with XP or Linux or Mac forever (I do currently use all three of those OS's, although I would *like* someday to consolidate most of that to just one OS - probably dreamin' again). A year or so from now, I will be "OS shopping" again and I want there to be plenty of *good* choices to pick from.

    One would *hope* that Microsoft can get their act together and take this security stuff *seriously* instead of just fucking around with it like they seem to like to do with so many things.

    MORE SECURITY! LESS RIBBONS! DUH! What's so hard to understand about that? Why can't they get it? Are they deliberately trying to drive people to other OS's fulltime? I happen to like XP and I use it for a lot of things, but it will be dead soon as far as security patches. Windows 7 had goddamned well better be a big success or I'll be royally pissed off.

    Come on Microsoft, we know you can do it - just quit watching pr0n all day long and write some decent code you guys. The universe will thank you for it.

    I'm beginning to think there are anti-Microsoft people actually WORKING AT MICROSOFT, deliberately trying to sabotage it, judging by some of the crap they've tried to foist off on the public the last couple of years. Maybe it's all those "foreign workers" ;) they've been hiring on temporary Visas, sabotaging a U.S. company ;) such as MS - okay I don't really actually believe that, but one has to wonder sometimes. If it isn't intentional, then it must be mind-numbingly-stupid idiocy and lack of paying attention to what the market wants. (Or, to put it less gracefully as others have, MS has its head up its ass sometimes.)

    Another "Anonymous Coward" (31 January 2009 02:35 GMT) said:

    "Am I missing something here? If the end-user turns off UAC then it is disabled. How is this a bug?"

    Perhaps I misunderstood the question, or maybe I'm misunderstanding the whole UAC thing, but didn't the article say:

    "This means, security researchers warn, that future strains of malware might be able to silently shut down UAC, leaving users with the misleading impression the controls are still active."

    That doesn't sound good.

    But at the end of the article it says:

    "In the absence of a built-in modification from Microsoft, users can act themselves by changing the UAC policy to "Always Notify" if UAC settings change. "Annoying, but safe," Zheng concludes"

    So that last part sounds okay I guess, but how many average-idiot users would know that they should change that? Will it be in the Windows 7 Owner's Manual ;) ?

    I guess I'm just too old-fashioned, but IMO a thing's default settings should offer the average user a reasonable amount of protection. "Average user" nowadays, when it comes to computers, basically means "dumb as a box of rocks" and "not technically inclined" and "has no desire nor capability to learn technical things." So I don't understand why Microsoft continues to insist on having defaults for things, that put average users at risk - AutoRun comes to mind. Okay so it makes things easy for total morons, people who probably shouldn't be owning a computer in the first place since all they're going to do is rack up many hours worth of calls to tech-support (no wonder some tech-support people end up with bad attitudes towards users).

    I *WANT* Windows 7 to be excellent. It gives us all more choices, even if I don't end up using it. I may opt for a different OS instead anyway (not enough data yet to make a decision), when it comes time to buy a new computer, but I want there to be a good COMPETITION - not some lame already-decided contest between Lame OS #1 and Lame OS #2 and so on. (Frankly, *all* OS's are somewhat irritating; it's just a matter of picking the OS that pisses you off the least.)

    When will Microsoft learn? SAFETY FIRST - or at least 2nd or 3rd. We're waiting...

  31. Anonymous Coward
    Linux

    linux bashing

    If you don't like you dont have to use, but dont be a hater just because you don't understand it.

    Also forgive those of us (who use linux) and understand that BETA testing is a time for bugs to be both raised and fixed.

    If MS told you black was white you'd believe them.

    @AC troll, i'll look forward to putting malware on your win 7 then!!

  32. Albert Stienstra
    Boffin

    UAC is NOT annoying

    I have used Vista since December 2006 and have not found it annoying in day-to-day use. When I have to install lots of programs in setting up a new PC with legally obtained software, I shut down UAC but for normal use on my own PC I always leave it on. How often do you have to install a new program? I also find it satisfying that the UAC prompts come on when ActiveX controls manifest themselves for updates and downloads. It is a good moment to check and does not happen too often. I do not understand Microsoft have given in to "professionals" whining about UAC in Vista. You see what comes of it in Windows 7. Perhaps those "professionals" like to slip in the occasional script. I have known those in my own organization.

  33. David Kairns

    One more

    Perhaps, if we're lucky, MS will also remain unmoved by the concept of continued existence.

    Linux guys, by the way, rather than remaining Gates pants sniffing boot lickers, are doing something about the problem. Praise be to them.

  34. Anonymous Coward
    Anonymous Coward

    Unsafe by design? Nice work.

    It seems they've learned nothing whatsoever at Redmond.

    On a related note, whenever I see the UAC acronym, all I can think of is Viz' Up the Arse Corner. This amuses me no end.

  35. Dave Bell

    Target for Tonight

    ZoneAlarm does some of the same protection, but doesn't shut down without a prompt. No doubt there have been attacks.

    Sooner or later somebody is going to find an actual bug in this, rather than a piece of dumb configuration. And the style of Microsoft's response doesn't inspire confidence.

  36. Scott
    Flame

    @eh?

    What they're saying is that UAC can be disabled without the user's knowledge, and silently - therefore is a gaping hole for all sorts of nasty things.

    Of course, if you'd read the article in full, you'd have got that bit...

  37. Neil

    *sigh*

    @Anonymous Coward

    It's not a bug, but a risk. If malware can turn off UAC it current;y doesnt pop up and prompt the user. Therefore the malware can silently disable it.

    It's Beta. It's hardly earth shattering news. Beta has flaw. shock horror.

    We can moan if it's in the final. UAC is as someone else put it, a bandaid.

    Stop putting "everyone" or "domain users" in the local admin groups. Stop running as admin.

  38. Anonymous Coward
    Anonymous Coward

    As has been mentioned . . .

    . . . it's a Beta release, all Beta's have bugs in them that don't get fixed until another release or a final release - even *gasp* Linux beta's have bugs in them.

    It's kind of the reason for having a beta release.

  39. Frank

    Patience

    I'll wait for Windows 7 SP2 then a few more months for security updates, before I install it. Until then I'll keep plugging away with XP Pro SP3, I've gotten used to it :)

  40. Anonymous Coward
    Flame

    Please dont...

    feed the trolls...

    Well, at least we know the government has installed broadband under bridges, lmao

  41. Kevin Bailey

    The next pile of crap is on it's way then.

    "Those who don't understand UNIX are condemned to reinvent it, poorly." – Henry Spencer

  42. Ryan
    Stop

    FAIL

    Fail agian microsoft...

    What do they mean by not a big problem... if i had windows 7 on my machine someone messing with my settings or even controling a big part of my pc 2 me looks like a BIG! problem if u ask me. say if where a banker and do banking at home they could just take thosse important files right off ur pc and you would be none the wiser...

    Think again microsoft........FAIL

  43. Cucumber C Face
    Paris Hilton

    Excellent feature

    >>malware might be able to silently shut down UAC<<

    It would have to get there fast to shut it down before I did :-)

    Anyway it's obviously a bug in the beta - by the time it's in a release you'll need to enter a 36 character key only useable once or phone MS support at $50 a minute

    I use (and love in a fashion) MS software but (SQL Server aside) I see mostly performance sapping gimmicks since 2000. The UI 'innovations' in particular stink. They constitute giant leaps backwards for anyone with a cursory knowledge of what files and directories are. Anyone with the genius required to get through M$ licensing post-2000 should be well up to that.

    Paris - because

    1. she would find Windows 2000 more user friendly than anything they have brought out since

    2. I love her in a fashion

  44. Hugo

    Am I missing something?

    Why on earth would you want to turn off UAC? What a stupid thing to do. It's there for a reason - just make it unobtrusive enough - OSX and Linux manage it fine.

    To the anonymous idiot who claims Apple purchasers have more money than sense? What are yo talking about. Aside from great design, some of us buy them for the OS which is damn good. The second hand value is also infinitely better than a PC.

  45. Anonymous Coward
    Flame

    Oh dear...

    You Express/Mail readers should give Microsoft a break. It's a BETA VERSION. The purpose of which is to find these problems and make sure that they are corrected/refined before the final release. The license agreement, I imagine would say very clearly that it shouldn't be used as a primary or production OS. Obviously some of you are too thick to understand the beta process. No wonder its been a closed process for developers for many years. I actually feel sorry for Microsoft, I always thought that Windows was like it was because they couldn't design a decent OS, now I know that they have the dimmest user base out there...

    @ AC Friday 30th January 2009 22:26 GMT

    You were up late weren't you. So Windows 7 is the Bestest Ever is it? It seems odd that you think a service pack is the greatest ever OS in the whole world ever. So I've got more money than sense have I? You arrogant little turd. No Windows install here. I use a Mac (that isn't white by the way, Apple's desktops haven't been for ages) because *I* have found by trying all the options available to me it's the best environment for developing Ruby and HTML, and seeing as that's what *I* do then it helps, and it's the best environment, with the best software options IMHO for my hobby. Oh, and loving a company so much is wrong, get yourself some help sunshine, that's not healthy. I bet you'll call me a fanboy for that too, oh the irony...

    @SkippyBing Posted Saturday 31st January 2009 00:18 GMT

    Talking to "girls" online were you? I doubt very much you've ever seen a real life woman in her underwear, leave alone naked. YOU POSTED THIS AT MIDNIGHT AND YOU WERE ON A FUCKING IT NEWS WEBSITE!!!

  46. Anonymous Coward
    Stop

    No security hole....

    .....as long as you are running as a standard user.

    Trying the W7 beta atm. Tried to run the "proof of concept" on a user (i.e. NOT admin) account - does not change the UAC setting.

  47. Alexis Vallance

    Get a job

    "Apple PCs are bought by people with more money than sense, who actually think that they are being trendy and ‘making a statement’ by buying some overpriced white tat. "

    If you pass your exams and get a good job Son, you too can afford some nice expensive kit. In the meantime, I'd ask your parents for more pocket money.

  48. Anonymous Coward
    Heart

    Why so much hate?

    Stop the OS wars people! Let everyone use whatever OS suits them best!

    I've been using linux for years, and latest versions of distros like Ubuntu, are really easy to use,

    I'm now spending less time tweaking system settings than when I was using Windows 98.

    I know there are many people who like Windows - and IT'S OK!

    Diversity is a beautiful thing!

  49. Richard Silver badge

    @AC 02:35

    Yes, you are missing something.

    He's saying that at the default security level, a random program can shut down UAC without the user knowing it happened.

    - It could also re-enable it after it performed its nefarious deeds, so an end-user would have no idea something happened.

    An end-user should be allowed to turn off UAC, but they should get a UAC prompt asking if they are sure and that they did it, rather than it being possible for an evil program to silently kill it.

  50. David Kairns

    Not To Worry - Replace With Linux

    Win weenies defending dying diseased castle of crap.

    Linux heroes are DOING something about the worldwide infestation of broken windows.

    Not perfect yet? So shut up and help donkeys.

  51. Joe Zeff
    Stop

    @Bert Ragnarok

    I'm a regular on a help forum for Fedora. I've never seen anybody recommend that everybody turn off SELinux, or even that they should always run in permissive mode. At most, this will be offered as a step in trouble-shooting, or a work around for a specific issue. YMMV, and clearly does, but that's what I've seen.

    That being said, I'd also like to say that there's no good reason that I can see for anybody to object to UAC asking you to confirm that you're shutting it down. If you did, it's only one more mouse-click, and if you didn't, it stops malicious programs from messing with your system.

  52. David Kairns
    Thumb Up

    Vista Service Pack 7 (where's the other six?)

    They can't even be honest and name it right.

    The meltdown continues.

    Even that apple thingy went unix based.

    MS can't compete honestly without a monopoly.

    Linux adoption continues.

    Win 7, another joke.

  53. Mark
    Alien

    1 Pro Linux tit, 10 raving loonie MS shills

    Shit, read 'em. At least there was some sense of human intelligence behind the linux fan. The MS ones were all barely literate snarling shitpokers

  54. YumDogfood

    Windows 7.1 - best ever OS to date!!

    Oh look, software with an ole' in it. How rare. I blame the small mammals in SQA:

    best ever OS to date == Debases Otter Veto (http://wordsmith.org/anagram/ for the lazy like me)

    </Pi**ed out of my mind>

  55. Matt Thornton

    @ eh? AC

    The point is UAC was turned off through script silently, so what's to stop some badware doing the same? You'd never know, whereas that's the exact opposite intention of UAC.

    Anything with "an exception list" will always be vulnerable and this is the main problem with all Windows OS - even doing the 8 different versions of the same OS - it just causes problems.

    (Cue flamebait) Which is why I love OSX.

  56. Leo Davidson

    Proof of concept has been made

    These people have made a VBScript which will disable UAC on a default Windows 7 install without any user interaction:

    http://www.istartedsomething.com/20090130/uac-security-flaw-windows-7-beta-proof/

    It works by opening the UAC control panel (which is inexplicably on the UAC whitelist) and sending it mouse & keyboard events.

    "Am I missing something here? If the end-user turns off UAC then it is disabled. How is this a bug?"

    The problem is that it doesn't have to be the *user* who turns it off, just code running as the user. As the proof of concept code shows, Win7's UAC can be turned off by any program/script which the user runs.

    The whole point of UAC is to allow users with admin access to avoid giving all programs they run admin access, in case those programs are malicious or (more importantly) trusted by subverted by things like buffer overrun bugs.

    Now any program can get admin access by sending some mouse & keyboard events to the control panel. That is so simple to do that there's already a VBScript example to prove it.

    (The UAC "secure desktop" feature prevents those mouse & keyboard events from reaching the confirmation dialog but if there is no confirmation dialog due to the whitelist then that does not stop anything.)

    Similarly, programs can send mouse & keyboard events to Explorer to change protected files without any UAC prompts, since Explorer is on the whitelst and you cannot take it off the whitelist without disabling the whitelist entirely.

    Personally, I will be disabling the whitelist. I don't mind UAC prompts and don't see them that often. For people that do get annoyed by them for some reason, though, they should be able to remove the UAC control panel and Explorer (and whatever else they want) from the whitelist while also being able to add programs they want to suppress the prompts for. If there's any point to a whitelist at all it should be controllable by the user.

  57. Not That Andrew

    @ Anon Coward @ 02:35

    Read the article. The bug (2 bugs actually) enables a) 3rd parties to spoof Control Panel modules and thus b) change UAC settings silently, ie turn it off. Off course if Microsoft didn't _STILL_ default to admin privileges in Windows 7, this would less of a problem. Personally I think that the possibility of malware using this to silently create ghost accounts and change account privileges is an equally serious issue.

  58. John Fielder

    Beta software

    Don't you release beta software in order to find the faults? Install at your own risk? So what is wrong with a "gaping hole" in the security? Better now that on a full release.

  59. Daniel Palmer
    Flame

    @SkippyBing

    >> Windows is an operating system that retards can use,

    So is ubuntu, your point sir?

    >> yours isn't however it does have lots of software that's fun to use without an

    >> BEng in software engineering.

    If you had a BEng in software engineering you might know that an "Operating System" is technically only the part of the platform that runs in protected or supervisor mode, as it's a system that is managing the operation of everything else. Now, as for needing a BEng to use "Linux" software, well a lot of the tools you'd use on "Linux" are also in mainstream use on other platforms, including Windows. Does Firefox running on Linux, Solaris et. all suddenly require a BEng in software engineering to operate because it's not running on Windows?

    >> In plain English 'NO ONE GIVES A FUCK ABOUT LINUX,

    >> GO AWAY WE'RE TALKING TO GIRLS.'

    As you're still "talking to girls", does that mean you haven't managed to get past that stage and actually got into their pants?

    As I use Debian, my fiancée must be imaginary...

  60. Anonymous Coward
    Anonymous Coward

    Wait?

    People had UAC turned on?

    On a more serious note, all MS has to do to fix this bug is make changing UAC settings an "Always Prompt" event. Done. This is, quite obviously the end of MS.

  61. Rob Foster
    Alert

    The Sky is Falling

    Oh no. The sky is falling, the sky is falling. Someone's found a bug in BETA software.

    Hello. This is what Beta software is for. Bug spotting.

  62. Leo Davidson

    @The ignorant people saying it's a Beta...

    To everyone saying it's a beta and we should thus ignore the issue:

    a) Microsoft have EXPLICITLY said they WILL NOT CHANGE THIS.

    b) If a fuss isn't made about it MS may completely ignore it. In fact a fuss has been made about it and MS are still ignoring it. So more of a fuss needs to be made about it because it's completely broken.

    c) You obviously have very little experience with preview/beta software and Microsoft in particular (though they are far from the only culprits). I can think of so many damn times where an issue has been raised in a public preview of an OS, application or game and everyone has assumed it will be fixed in the final release, only to find that it hasn't. Unless a fuss is made things simple do not get fixed.

    d) Microsoft are rushing Windows 7 to market. See the article on the Reg's front page where they reiterate that there will not be a second beta. Features are now locked-in, unless something catastrophic happens (which this is, IMO), and only tiny changes will be made after the first RC is released. There is no second beta and no second chance to submit feedback.

    e) Microsoft traditionally do a TERRIBLE job of supporting their OS the moment it goes gold. There are so many bugs in the Windows UI code in particular that people have complained about for years but which never get fixed, apparently due to a combination of fear about breaking something else when fixing bugs and just not giving a crap.

    In summary, it is entirely justified to make a big deal out of this right now. We're probably already too late!

  63. g e

    >> GO AWAY WE'RE TALKING TO GIRLS.'

    Us Linux guys moved onto women years ago, you might wanna watch were you practice that habit of yours...

  64. Simon B
    Pirate

    Microsoft - Sand - Head - Bury

    Microsoft - Sand - Head - Bury. Nuff said

  65. Anonymous Coward
    Gates Horns

    @Leo Davidson

    Thats why they will release a RELEASE CANDIDATE next. Really man, no need to get your knickers in such a twist! This is, after all, Microsoft we are talking about. Oh...

  66. Tone

    Damage already done..

    If the script\exe has run then the damage is already done..

  67. Lionel Baden
    Go

    oh yeah

    This is Good reading material :D

    just wish people were like this in each others face :)

    oh man im off to get some more popcorn and go click on some other W7 mac threads

  68. Peter Kay

    Leo Davidson has it right

    This beta is largely a PR stunt working towards a desperate effort to get the OS out. MS' only saving grace is that Vista SP1 fixed most of the underlying issues, and thus Windows 7 should be reasonably solid (although, since they've changed the display driver model again to support heterogenous graphics drivers, no doubt that'll fuck up driver stability, again).

    It's a pity Microsoft hasn't taken the hint about this before a proof of concept has gone public. Enough people, including myself, have pointed the flaws with Windows 7's UAC prior to this.. I get the distinct impression that the coders and OS design people's hands are tied by marketing/management on this front.

    After Vista SP1 curbed the worst excesses of UAC (i.e. three prompts to install software from a web browser..) UAC is something that very rarely kicks in unless you're a) installing software b) needing to run software as admin or c) perform administrative tasks. This is basically as it should be (although the admin tools still need to implement a granular 'view as user, change as admin' design).

    Unfortunately the average user doesn't like security and being protected. Never mind that the prompts are all because the user is changing something significant or running shitty software that needs admin privilege (Of course, some of this shitty software is written by Microsoft themselves, which does not inspire confidence..). Like backup, this is a hard sell until the user gets bitten.

  69. Mark

    Adrian Esdaile Posted Saturday 31st January 2009 04:28 GMT

    Run 'em under Wine, kid. Run 'em under Wine.

    Or use an equivalent. Most times "there's no equivalent" means there's no version that you SPECIFICALLY require that is there.

    Then again, you seem to forget that the OTS program you got didn't do entirely what you wanted and so you

    a) changed processes so you didn't need to do it

    b) changed processes so it fit what the program let you do

    c) worked on some bits outside the program when you couldn't do either

    and so not having exactly to the dot what you have now means you have nothing worse than what you already did and will have to do when the upgrade comes along and changes things. But because you don't WANT change, you will make any excuse to delay that change needed until it's forced on you. And that force will be "we have to upgrade". Which you'll justify as "well, it should work the same" and then find out when you've bought it all you were wrong. And by then you'll say "it takes too long to change program, and the changes ought to be small". If that turns out to be wrong, you'll trot out the sunk costs fallacy.

    And then, after wasting a lot of time and effort (this is EXACTLY what happened with Office 97) you will then have the same thing next time. Never will you change because you want to delay it. And then take it up the arse because you didn't know or plan for changes when they turned up.

  70. Mark
    Gates Horns

    re: Why so much hate?

    Well, Ballsack started it with "Linux is a cancer". Bill Goats and his cronies all sneering "They infringe on over 200 of our patents! Which ones? Sorry, gotta go...". Or "Linux can't innovate. Oooh, like that, mineminemine!".

    So that would be one reason for so much hate.

    As you sow, so shall you reap, isn't it?

  71. Mahou Saru

    @SkippyBing

    Your comment is a sure sign of your lack of experience of chatting to the fairer sex. Lets be really sexist and pidgin hole the poor lasses in regards to your point.

    Would a girl like to own Windows 7, or a would they be more interested in the physical bling factor? So even if it isn't Linux it would be the shiny and very expensive Mac. Hey if they are going to spend money on an OS it has got to match the ear rings.

    Would a girl like to spend money Windows 7, or would they rather have something that allows them to cheaply go onto their fave social sites, browse the interweb and chat with their friends with IM. Of course nothing should get in the way of their YouTubing so UAC and viruses are a no no... Unless you have been buried under a rock then you would realise that lots of Linux distros are very easy to use nowadays. Of course we are on about money here, and unless you are the stupid bugger of a BF who is going to piss her off by making her use a beta OS, then I would guess they would rather spend their hard earned wonga on shoes and hand bags.

    But how about girls who are doing a IS related degree or profession. Well Mr Casanova cornering the poor girl in work or school doesn't count. If you are in a pub no one likes talking about their work or studies coz pubs are a break from the grind stone.

    Therefore Windows, Linux or even Macs has absolutely nothing to do with chatting to girls :p

  72. Anonymous Coward
    Anonymous Coward

    @ Mac Phreak

    Midnight GMT != midnight in any other timezone, fyi

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019