The online racing simulator
Make LFS play nicer with Windows 7 UAC
I've been running Windows 7 for a month or so now, and LFS runs great on it, but it's quite annoying that LFS does not obey the UAC (User Account Control). You have to run LFS in administrator mode, otherwise it uses UAC virtulization, meaning that all the settings and files are written to hidden directories you need to unlock to see.

Really, in this modern age, LFS should respect the user and system security modes of modern operating systems, and store program files and personal files in the right places. This would also have the secondary benefit that LFS would give each user of the PC their own profile.

I seem to remember this idea being shot down back when the installer was added, but the fact is that the UAC exists for a reason, to improve security, and it seems only right that LFS should respect the security settings that a computer may have. There is no reason for LFS to require extra clearance, while other programs do not. It is not hard, speaking as a programmer, to write code that obeys Windows 7's security modes, it just takes a bit of forethought.

I know some people will say that they don't use UAC, and that's cool, but there are others who do use it, and should be encouraged to use it, and LFS should respect that.

Here is a short technical article on how to make a game that works on least privileged user accounts. This is not for LFS devs (obviously) just for interested parties.
By default LFS is being installed in C:\LFS & installer gives "Full control" rights to user "group" Everyone. Problems only happen if someone installs LFS in Program Files[ (x86)].
#3 - pipa
Well and in another year microsoft comes out with a new clever security system that wants to protect the user of himself and lfs needs to be adapted for that again.

Don't see the point, just set your properties to "always run as administrator" and you should be fine.

Not 100% sure though, since uac was the first thing i turned off.
Quote from pipa :Well and in another year microsoft comes out with a new clever security system that wants to protect the user of himself and lfs needs to be adapted for that again.

Don't see the point, just set your properties to "always run as administrator" and you should be fine.

Not 100% sure though, since uac was the first thing i turned off.

The point is that LFS forces you to run it with elevated privileges when it doesn't actually require those privileges. The whole idea of storing user files in the user's profile has been around in Windows for a long time, it just wasn't enforced until Vista. If you don't wanna run Windows in a secure way then that's your choice, but a well designed program should be able to work no matter how you have configured your security settings. You should not have to flag a game as 'administrator only' just to play it.
Are you trying to delay the patch even further?
-
(DarkTimes) DELETED by DarkTimes
Quote from cargame.nl :Are you trying to delay the patch even further?

This kind of problem shouldnt exactly delay it. Im sure we (lfsforum members) can find a fix for this by ourselves.
Quote from hazaky :Im sure we (lfsforum members) can find a fix for this by ourselves.

Indeed. It's called "keeping games away from Program Files (x86)".
#8 - filur
DarkTimes is right, it's such a trivial fix that it's downright sloppy not to implement it.

If microsoft changed the way applications should tell the operating system not to turn off the screen, should LFS be updated to follow the standard or should we go with something like (for example) "just play a lengthy youtube video in the background, that'll keep the screen on" ?
Quote from filur :DarkTimes is right, it's such a trivial fix that it's downright sloppy not to implement it.

Um, moving whole data folder to %APPDATA% and leaving ONLY LFS.exe in it's usual location is trivial fix? Seriously?

I mean, LFS writes to almost every data subdirectory.
While I like the idea of an application working "as intended", I really, really dislike putting anything but temporary runtime files in %APPDATA% because it's a hidden folder. Currently the folder is almost 4 GB and I have no clue what the hell is in it, and how much of it I could safely remove. I've expressed this view before, when the installer was being tested, and I'm still of the opinion that it should default installation to either users\public\games or $HOME (users\current_user) and retain its existing folder structure. Skins and setups would be a right pain in the arse to manage if I had to go digging in some hidden folder, for example.
Quote from E.Reiljans :trivial

Well, taken into account Scawen was driven (by the devil probably ) to make a lousy installer a while back for no good reason, it would only be logical to go with the Microsoft way.

Realistically speaking this limited access for programs thing is probably the smartest way anyway. Plus it makes people think they can safely go watch titties on the interweb.

You know what they say, you can lead a horse to water but you can't eat it as well.
The data should not go into AppData, of course it would be stupid to save replays and screenshots in a hidden folder. A better idea would be to create a LFS folder under the user's name, or maybe in the My Games folder. Then have little sub-folders for replays, screenshots or other stuff.
I don't run LFS as an Administrator and have no problems with this. Why do you run the game with elevated privileges?
Because they installed it in Program files, despite the fact that it's said everywhere not to do that.
Quote from pipa :Well and in another year microsoft comes out with a new clever security system that wants to protect the user of himself and lfs needs to be adapted for that again.

Microsoft didn't invent the current system. User profiles (settings) and application files have always been in separate places in Unix systems (and derivatives). Windows versions before were primarily designed for single user scenarios hence Microsoft was less strict about separating the profile and application files, but things have since changed and modern Windows versions are designed with multiuser scenarios in mind.
Microsoft coming with a radically different system is not likely to happen, at least not in the near future.
Ugh, haven't read this thread but read the OP and got straight onto writing this.

Firstly, UAC is pointless. It doesn't do anything to add to security, all it does is ask for your permission everytime you or any program tries to do anything with your computer.

Do both yourself and the world at large a massive favour and disable it. E.Reiljans's fix is pretty decent, to be fair.

But back to my point, unless you are in a network of computers which hold extremely volitile company data (which I very much doubt you are since you want to run LFS), there is absolutely no steadfast reason why you would want UAC enabled. I know plenty of large business clients who don't run it because it's more of a pain in the ass than it is a security measure.

If you are a home user (which you probably are) then why the **** would you want UAC active on your machine? Just turn it off...stop living under the impression that the world and his script kiddie are trying to gain access to your computer to steal your collection of family photographs and light rock music. THEY'RE NOT - so stop banging on about having a "secure environment" because basic anti virus and intrusion protection (even NAT) is more than enough for home users, even small businesses.

Further to add to my dismay, even after you've been given a workaround, you continue to "have issues".

For as long as I can remember in most windows environments from XP onwards, you need to have administrative priveledges at least install, and normally run some programs (which includes games along with other executables). It is just how Windows is and your whines will not change that.

Moody S14 is now heading to bed, 2 hours late. By the way that was not a personal dig at you...
Quote from S14 DRIFT :Ugh, haven't read this thread but read the OP and got straight onto writing this.

Firstly, UAC is pointless. It doesn't do anything to add to security, all it does is ask for your permission everytime you or any program tries to do anything with your computer.

Do both yourself and the world at large a massive favour and disable it. E.Reiljans's fix is pretty decent, to be fair.

But back to my point, unless you are in a network of computers which hold extremely volitile company data (which I very much doubt you are since you want to run LFS), there is absolutely no steadfast reason why you would want UAC enabled. I know plenty of large business clients who don't run it because it's more of a pain in the ass than it is a security measure.

If you are a home user (which you probably are) then why the **** would you want UAC active on your machine? Just turn it off...stop living under the impression that the world and his script kiddie are trying to gain access to your computer to steal your collection of family photographs and light rock music. THEY'RE NOT - so stop banging on about having a "secure environment" because basic anti virus and intrusion protection (even NAT) is more than enough for home users, even small businesses.

Further to add to my dismay, even after you've been given a workaround, you continue to "have issues".

For as long as I can remember in most windows environments from XP onwards, you need to have administrative priveledges at least install, and normally run some programs (which includes games along with other executables). It is just how Windows is and your whines will not change that.

Moody S14 is now heading to bed, 2 hours late.

Wow what an aggressive post. That you also managed to completely miss the point is just bonus.

Quote :By the way that was not a personal dig at you...

Reread it then, your post is completely ad hominem and comes across as nothing but a "dig" at me. I'm sorry for daring to suggest that LFS should follow the design-guidelines laid out by the engineers who made Windows, and that the changes to make it adhere to those guidelines are so completely trivial to implement that it makes no sense not to.

Anyway, whatever...
S14 Drift probably doesn't realises that some people have UAC on just to see if program requires administrator access, and, if it does while it shouldn't (e.g. notepad alternative), they don't run it.
Plus it actually does improve security, unless the user is stupid enough to allow admin rights to everything, that is. It's extremely easy to wreck windows by deleting some crucial keys in the registry and this is something UAC will protect you from.
There is nothing wrong with the UAC itself, it's the flawed windows architecture that requires apps to have admin rights for almost everything that makes it so annoying.
UAC was designed by a bunch of really clever people over the course of several years. S14 appears to have been working in IT (tech support?) for about four months. You decide.
Quote from S14 DRIFT :Ugh, haven't read this thread but read the OP and got straight onto writing this.

This entire post is, perhaps unsurprisingly, nonsense. Ill-advised and non-educated rubbish that you're spouting as if you're so informed about the situation.

Quote from S14 DRIFT :Firstly, UAC is pointless. It doesn't do anything to add to security, all it does is ask for your permission everytime you or any program tries to do anything with your computer.

So you're saying that notifying a user that an application is requesting elevated privileges and allowing the user to choose whether or not to allow those elevated privileges does nothing to add to security? Hmm, how are you justifying that exactly?

Quote from S14 DRIFT :But back to my point, unless you are in a network of computers which hold extremely volitile company data (which I very much doubt you are since you want to run LFS), there is absolutely no steadfast reason why you would want UAC enabled.

First off, I'm pretty sure the word you were looking for wasn't "volatile" (even when correctly spelled). You probably meant "valuable"? If so, you're saying that a home user's data and actions are totally useless to anyone else? If that's the case post login details for all of the accounts you use (email, LFS, online shopping, online banking etc). These are all things that an attacker could easily get through malware (keylogger/trojan etc) which UAC could prevent.

Quote from S14 DRIFT :I know plenty of large business clients who don't run it because it's more of a pain in the ass than it is a security measure.

Well done for both you and them, but given your massive experience wouldn't you say there's a large difference between the network infrastructure and security of a large business and a home user? Even so, properly trained users in a professional environment could benefit from improved security through using UAC (due to the notification and the default user privileges).

Quote from S14 DRIFT :If you are a home user (which you probably are) then why the **** would you want UAC active on your machine? Just turn it off...stop living under the impression that the world and his script kiddie are trying to gain access to your computer to steal your collection of family photographs and light rock music. THEY'RE NOT - so stop banging on about having a "secure environment" because basic anti virus and intrusion protection (even NAT) is more than enough for home users, even small businesses.

Attempting to trivialise the value of the average home user's data and actions is great, but it's not realistic. Given access to the average home user's details (as I outlined above) could be worth a serious amount of money in terms of access to online shopping and banking facilities. How much does online fraud cost per year?

Quote from S14 DRIFT :For as long as I can remember in most windows environments from XP onwards, you need to have administrative priveledges at least install, and normally run some programs (which includes games along with other executables). It is just how Windows is and your whines will not change that.

Well, how many applications actually need elevated privileges to run and how many are sloppily coded and/or sacrificing security for other reasons? Additionally, effectively saying it's OK to run all applications with the ability to use elevated privileges because some of the apps and/or games you use do? That makes no sense when you actually stop and think about it, does it? It makes a lot more sense to learn which applications actually do need elevated privileges and allow those rather than to blanket allow everything (which could include poorly written applications and/or malware to compromise your system's security and/or stability).
I think this suggestion is beyond of LFS concerning issues. Try this. Of course there are some similar freewares.
-
(DarkTimes) DELETED by DarkTimes
Quote from filur :UAC was designed by a bunch of really clever people over the course of several years.

id say it was copy pasted from the *nix world over the course of several seconds
the idea is sound as long as theres an option to still make a self contained or portable or whatever copy for all those like me who prefer the old ways
Reading back what I wrote last night while in a mood, I can see how it perhaps came across as "aggressive" but the point stands...then again people are easily insulted ON THE INTERNET....INTERNET...LOL INTERNET.

Quote from amp88 :

So you're saying that notifying a user that an application is requesting elevated privileges and allowing the user to choose whether or not to allow those elevated privileges does nothing to add to security? Hmm, how are you justifying that exactly?

I'm justifying it by saying that asking permission every time something is run is not a security feature, or an benefit, it's a blanket policy put in place.


Quote :First off, I'm pretty sure the word you were looking for wasn't "volatile" (even when correctly spelled). You probably meant "valuable"? If so, you're saying that a home user's data and actions are totally useless to anyone else? If that's the case post login details for all of the accounts you use (email, LFS, online shopping, online banking etc). These are all things that an attacker could easily get through malware (keylogger/trojan etc) which UAC could prevent.

Volatile (spelling is largely irrelevant when you are either a) tired or b) short on time (it was a) - yes while grammar is important it's hardly relevant in this case and besides "i hrdly tiep liek dis ok??"?!!!"" Do you think that bitching about my small typing mistake makes you a better person on an INTERNET FORUM? Volatile can mean both unstable or important in a sense that if it is stolen/disturbed, it can be very detrimental to the business!

Why are you saying if I should post my personal details because I don't think they're of value to theives? 3 people know my bank card PIN, 1 person knows the passwords to my gmail, ebay, Paypal, online bank, and pretty much every forum I use...it's about trust. If I had picked a knob to share this information with then it wouldn't really be my information anymore.

It's just that I don't rely on a program that says "are you sure you want to run this" to protect me. Pretty much any antivirus/security software would pick up 99% of keyloggers that are availible and if they were clever enough to avoid heuristic scanning from anti virus programs then they would be clever enough to avoid UAC.


Quote :Well done for both you and them, but given your massive experience wouldn't you say there's a large difference between the network infrastructure and security of a large business and a home user?

I would indeed. and the sarcasm is not appreciated, I'd hate to think you were lowering yourself to my level?!

Quote :Even so, properly trained users in a professional environment could benefit from improved security through using UAC (due to the notification and the default user privileges).

Or in the case of professional environments, just don't give the users who don't understand about security risks administration rights. Most companies do not give full administration and something as simple as installing updates requires the "IT guy".


Quote :Attempting to trivialise the value of the average home user's data and actions is great, but it's not realistic. Given access to the average home user's details (as I outlined above) could be worth a serious amount of money in terms of access to online shopping and banking facilities. How much does online fraud cost per year?

Fraud cost for UK compaies in 2009 was reportedly £2.1bn, and identity fraud costs £1.2bn, presumably just for the "normal people". How much of that is the fault of the user for being gullible? Probably around 75%. Most of the fraud is opportunistic, as in they recieve a phone call or email and it says...



I mean, whether that is the fault of the user is debatable. Perhaps they aren't savvy to the fact people are trying to steal their details, perhaps it's more their fault than the people who commit the identity theft because they're so stupid that they fall for what are normally very well publicised scams.


Quote :Well, how many applications actually need elevated privileges to run and how many are sloppily coded and/or sacrificing security for other reasons? Additionally, effectively saying it's OK to run all applications with the ability to use elevated privileges because some of the apps and/or games you use do? That makes no sense when you actually stop and think about it, does it?

You are correct, it is stupid. But as I said that's just part of the Windows environment. But then again, there's not really any sort of extra risk...because despite one too many visits to websites which may include naked ladies, multiple torrent downloads, video, song and filesharing, I managed to only have one virus and getting it was my own damn fault for not checking out the file properly. 30 seconds research would tell me instantly whether it was a dodgy file with a virus or keylogger, and a simple rule of never sharing files with someone I don't know (over MSN for example) can keep you perfectly safe.

Eitherway, system critical and registry files are hidden by default in XP (and I assume they are in Win7 as well, I have forgotten to be honest), and if a user is silly enough to go around deleting random files and they don't know what they do, then more the fool them. There's an 8th layer of the OSI model for a reason...!

Quote :It makes a lot more sense to learn which applications actually do need elevated privileges and allow those rather than to blanket allow everything (which could include poorly written applications and/or malware to compromise your system's security and/or stability).

If only Microsoft listened...maybe one day!


Quote from filur :UAC was designed by a bunch of really clever people over the course of several years. S14 appears to have been working in IT (tech support?) for about four months. You decide

Where you pull that number out of your ass from? It is nowhere near correct...besides half of the most knowledgable IT people on this forum don't even have a job, so the whole "OMFG JOB LENGTH" argument is invalid.
1

FGED GREDG RDFGDR GSFDG