On 23/12/10 11:10, Wayne Stallwood wrote:
UAC in Windows is broken for several reasons, the most obvious one is the amount of legacy software (strangely a lot of which came from MS themselves) that does not follow best practices for file/registry management and therefore only runs with UAC turned off.
I think this is the biggest problem with starting from a weak position and trying to retain backwards compatibility, and is one reason why *if* Windows is ever to catch up is must take years (probably until Win7 is where XP is now) to achieve.
The switch to 64-bit is helping - slowly. But MS make it very difficult, as far as I can tell, for a "normal" developer to develop code using UAC cost-effectively, and turning it off globally tends to be the result. I have some USB devices that work fine under Win7 but need UAC turning off first.
The other problem is that by default the first user on a new Windows box gets full Administrator rights which gives them the equivalent of putting "ALL=NOPASSWD: ALL" in your sudoers file.
This isn't much different from a default Ubuntu install which gives the first user access to everything, albeit having to re-enter their login password. It seems to me to be a reasonable compromise for home users; if there is no system admin then the owner of the system has to be able to do everything (if only so that when someone who knows what they're doing supports them over the phone they can do what is needed).
Ultimately, no operating system will ever be secure in some users hands because they'll turn off anything that gets in their way to get the job done, and at the moment those users don't tend to use Linux. In the same way, you can look at which cars have a better safety record but I've seem some idiots driving in the past few days that really could crash any car they get into!