Well, as you said above most don't understand write permissions fully so please explain something to my ear if you will.
As it is now LFS.exe is contained and user has read/write permission to run LFS.exe for the installation folder only? Do you propose to give LFS.exe the authority to read/write on the users personal My documents folder to place skins etc, whereas before LFS only works in the confines of LFS root? Given that LFS still is not a finished software is it wise to allow any exe that is so heavily dependant on network packets full read/write permissions on the users private folders? Joe Blow won't be too happy if he is the catalyst for injecting some shit into his documents i.e a malware hooking onto LFS.exe?
My main motivation is mostly removing UAC prompts and the need to run LFS as an administrator when the user has limited permissions to the computer. With the arrival of Vista that seems to have become a common problem here.
You can obviously install the whole thing to your home or twiddle the permissions of whereever you install it, but that kind of defeats the purpose of running with a limited user account in the first place. Executables and shared content should simply not be writeable by the user to prevent malware from changing them behind the user's back. If users can change these files a worm/virus/whatever taking over the IE process can easily rummage around the disk and attach itself to executables it finds that the user can write to. This can then lead to other users on the same system also getting infected, and it's suddenly that much harder to clean up the mess.
LFS already has read write permission to your My Documents folder. Any application you run normally on your computer will have the same rigths you have. What my suggestion is about is preventing other software you may be running (like for instance a virus) from changing the LFS executable or game content.
Because windows is built around the notion of having programs in "program files", so that's where people end up installing their programs. And rightly so. "My Documents" isn't a good place for them for the reasons outlined above.
Temporarily escalating to administrator, installing, and then going back to your own account. Windows makes this really easy. On Vista the default is that users actually run as administrators (because apps working like LFS are too plentiful still) but that UAC will pop up to confirm if you try to write to somewhere your user doesn't have write permission. In those cases a simple click on "continue" will do. But only that one time, instead of every time you launch the game.
Well if each user has their own LFS copy, "cross infection" obviously won't happen, but then you have the other problem I mentioned in that malware can change the executable behind your back. I like the security knowing that all my executables are clean gives me. If something were to infect my computer I can reasonably assume that only my user-directory is affected and I can log in as another user to solve the problem.
MS has decided already how things should be organized, failing to comply with that model only means an ever increasing number of lost potential customers who couldn't figure the problem out, and couldn't be bothered to ask for help.
And Scavier should really make one step further and start packaging LFS with a proper installer, this is the norm for user-friendly software in the Windows world, and one doesn't have to be a computer expert to enjoy LFS.
The traditional 7z bundle could still be made available option for those who like it better.
I still will not admit that having restricted access will ward off attacks.
I have always had admin on all of my computers and I have NEVER had a virus or any kind of bug. I always protect my computer properly.
My friend who has restricted access has had at one point at least 3 virus infections at the same time, and I coulden't remove them because of restricted rights, and the virus took advantage of that even. It increased the restriction level so the computer basicaly became a usless brick.
The end result of which was a complete format without being able to back up anything.
Restricted rights is just another way to take controll away from the user and put it into the hands of microsoft.
And as for LFS storing user data anywhere else than its own folder, that would be adding extra work for anyone who changes opperating systems, since every one seems to store files like that in a differently named folder structure. It would be best just to leave LFS self contained and remind people that LFS's files are stored in a sub directory inside the LFS folder.
Even storing user data online would be a much better idea than putting it somewhere outside of the LFS folder.