On 22/12/10 14:59, Mark Rogers wrote:
Windows has improved from a position of real weakness (eg the Windows equivalent of sudo), but it still suffers from things like driver validation, which (because most aren't) requires that users get used to clicking past the warnings.
UAC in Windows is broken for several reasons, the most obvious one is the amount of legacy software (strangely a lot of which came from MS themselves) that does not follow best practices for file/registry management and therefore only runs with UAC turned off.
Unfortunately UAC can only be turned off in a global manner, so if you have one bit of software like this you can either figure out where the file or registry permission is getting in the way and fix it or you can turn of UAC. Guess what most users do ?
The other problem is that by default the first user on a new Windows box gets full Administrator rights which gives them the equivalent of putting "ALL=NOPASSWD: ALL" in your sudoers file. It's really more a problem in the home and small business environment, in corporate world the domain will assign proper rights.
The driver validation thing is slowly getting fixed. 64bit editions of Windows (which are only going to become more common as we are really batting up against the limitations of 32bit now) Will only load signed 64bit drivers.
Well almost,There is a boot time option to disable this and sadly some 3rd party software is appearing that will do it permanently but I seem to recall doing so will leave a small banner on the desktop.