The online racing simulator
That is not my first IT job. But nevertheless, nice spot.
Quote from S14 DRIFT :I'm justifying it by saying that asking permission every time something is run is not a security feature, or an benefit, it's a blanket policy put in place.

That's not exactly how it works though, is it? Either you're misunderstanding it or you're misrepresenting it to try and prove your point. The prompt only appears when an application needs elevated privileges to continue. The manifestation of this is, in certain cases, that the user has to allow access when they start an application or game, but it's important to make the distinction of what's going on under the skin.

Quote from S14 DRIFT :Volatile can mean both unstable or important in a sense that if it is stolen/disturbed, it can be very detrimental to the business!

The definition I've most commonly seen/used of "volatile" with regards to computers is for data (e.g. in RAM) that doesn't persist when the power supply is terminated. I've never heard of it to be used as a substitute for "valuable" or for the second definition you gave it.

Quote from S14 DRIFT :Why are you saying if I should post my personal details because I don't think they're of value to theives?

I was trying to point out that the average user could stand to lose out quite a lot in real financial terms through applications which UAC could prevent running.

Quote from S14 DRIFT :It's just that I don't rely on a program that says "are you sure you want to run this" to protect me. Pretty much any antivirus/security software would pick up 99% of keyloggers that are availible and if they were clever enough to avoid heuristic scanning from anti virus programs then they would be clever enough to avoid UAC.

You're saying that in your particular circumstance you don't think you need UAC. Well, good for you. What about the rest of the general public who are less educated with respect to computers? What's a better way to try and educate people with respect to computer security: blindly allow applications to do whatever they want in the background or warn the user a particular application wants elevated privileges and let them choose what to do? Sure, some people are just going to blindly allow anything to run with elevated privileges because they can't be bothered to research anything (thus the outcome for them is the exact same as it would be without UAC except they get a few prompts). Some people are going to be very paranoid and deny everything. They'll probably soon find out some things aren't working properly (i.e. applications that are poorly written and need elevated privileges and applications that actually do need elevated privileges). When things stop working they're probably going to be forced into investigating the 'problem'. They'll end up better in the long term because they'll develop a better understanding of computer security and privilege levels.

Quote from S14 DRIFT :Or in the case of professional environments, just don't give the users who don't understand about security risks administration rights. Most companies do not give full administration and something as simple as installing updates requires the "IT guy".

That depends on the infrastructure of the organisation, but it's not unusual for people like department heads and managers to have access to elevated privileges that could do serious damage.

Quote from S14 DRIFT :Fraud cost for UK compaies in 2009 was reportedly £2.1bn, and identity fraud costs £1.2bn, presumably just for the "normal people". How much of that is the fault of the user for being gullible? Probably around 75%. Most of the fraud is opportunistic, as in they recieve a phone call or email and it says...

I mean, whether that is the fault of the user is debatable. Perhaps they aren't savvy to the fact people are trying to steal their details, perhaps it's more their fault than the people who commit the identity theft because they're so stupid that they fall for what are normally very well publicised scams.

Yeah, but that's exactly the point. The majority of online fraud is through people being massively naive, gullible and/or ignorant. With automated safeguards (like anti-virus applications and UAC) the security of average people is improved.

Quote from S14 DRIFT :You are correct, it is stupid. But as I said that's just part of the Windows environment.

Well, it's not just Windows. As shot mentioned earlier on other OSs use a similar model. "sudo" on *nix, for example.

Quote from S14 DRIFT :Eitherway, system critical and registry files are hidden by default in XP (and I assume they are in Win7 as well, I have forgotten to be honest), and if a user is silly enough to go around deleting random files and they don't know what they do, then more the fool them. There's an 8th layer of the OSI model for a reason...!

Just because you're prompted to enter some directories in Windows Explorer doesn't mean those files are safe from deletion. If you let any application run with elevated privileges that application can modify or delete pretty much any file it likes.
OK - you're getting me to actually type stuff, which I'm not good at.

Quote from S14 DRIFT :Reading back what I wrote last night while in a mood, I can see how it perhaps came across as "aggressive" but the point stands...then again people are easily insulted ON THE INTERNET....INTERNET...LOL INTERNET.

I for one didn't say I was insulted, I said your post was ad hominen, which it was. You have said absolutely nothing to refute my original point, which is that LFS should be changed to work correctly on Windows 6 series operating systems, a change that would be trivial to implement. All your arguments are about how people that use UAC are idiots and how you're smarter than the guys who wrote the OS you're using.

Quote :
I'm justifying it by saying that asking permission every time something is run is not a security feature, or an benefit, it's a blanket policy put in place.

Quote :It's just that I don't rely on a program that says "are you sure you want to run this" to protect me. Pretty much any antivirus/security software would pick up 99% of keyloggers that are availible and if they were clever enough to avoid heuristic scanning from anti virus programs then they would be clever enough to avoid UAC.

From these two quotes it seems a pretty safe bet that you don't know what UAC is or how it works. The idea that UAC is just a bunch of annoying dialog prompts is a very common fallacy. UAC is to do with the way that processes are started on Windows, so it's not possible for it to be circumvented by 'clever' viruses.

The failure of Windows in the past to separate system space from user space has been the cause of a whole class of security vulnerabilities, which Microsoft has now closed off through the addition of UAC. In previous versions of Windows you were an administrator by default, and Windows made it hard (in many cases impossible) for you to run as anything else (partly because programmers coded on admin accounts too). Now they've changed it round so you are a standard user by default and Windows makes it hard to do things as an administrator.

The thing is, and this is how Windows is designed, 99.9% of programs don't need to do anything that requires administrator privililedges. The only programs that need admin status are installers and programs that manipulate the Windows system (such as, you know, explorer.exe). Any program which requires admin rights and does not either install something or manipulate system files is badly designed. Sadly many programs are badly designed, with complete disregard for the way in which Windows security works, and that's probably why so many people complain about (seemingly) needless prompts. My suggestion is that the Scawen fixes this small issue, changes the default location in which files are saved, and makes LFS comply with the way in which games on Windows are supposed to work. The way those guys in Seattle, who aren't as smart as S14, designed it to work.

Really, what settings people may choose to run on their machines is irrelevant, LFS should continue to work if you install it in Program Files (where program files are supposed to go and no it doesn't mention this anywhere in the LFS installer or the readme so Whiskey can shutup) and are running in the least privileged mode. You may not like UAC, but whether you turn it off, you use it through paranoia, or because you're seven and that's the only way your dad will let you, it should not make any difference to LFS.
To be honest, this could have been a good thread for some intellectual discussion on computer systems (which is hard to find these days!) but since people from Scotland insist in pretending like I know everything (I don't), it kind of dulls the fun so I would rather whore some other part of the forum where the average IQ is below 75.

Quote :
You may not like UAC, but whether you turn it off, you use it through paranoia, or because your're seven and that's the only way your dad will let you.

*thumbs up* !!!
Quote from S14 DRIFT :To be honest, this could have been a good thread for some intellectual discussion on computer systems (which is hard to find these days!) but since people from Scotland insist in pretending like I know everything (I don't), it kind of dulls the fun so I would rather whore some other part of the forum where the average IQ is below 75.

You're blaming us because you like to authoritatively display your ignorance and we like to point it out?

When you start out saying things like this:

Quote from S14 DRIFT :Firstly, UAC is pointless. It doesn't do anything to add to security

...you're not exactly trying to foster debate, are you? Also, it's difficult for people not to get the impression that you think you know everything given the wording of your posts.
S14, UAC is only way non-administrative user can get elevation on need. This alone is enough to prove your statement about UAC being useless wrong.
I'm kind of with S14 on the fact that UAC is not an actual security measure, it's more of a patch to the windows ecosystem which's been pretty much ignoring the difference between "admin" and "user" stuff. The point is that even though the idea behind the UAC is good, it's still just a click of a mouse that stands between the user and a potential disaster. Considering the fact how many "false alarms" UAC triggers, I doubt it any effect in the hands of a uneducated BFU. Moreover, if you disable it, you don't compromise security of your system, you just won't get a warning when something needs elevated privileges.

However, amp88 has a point that this is a matter of people knowing absolutely nothing about security rather that UAC itself. In the end I agree that LFS should take UAC in account as it will probably be with us for a while.

Quote from E.Reiljans :S14, UAC is only way non-administrative user can get elevation on need. This alone is enough to prove your statement about UAC being useless wrong.

It's not like I know anything about user account administration in windows, but what about "runas"?
Quote from MadCatX :It's not like I know anything about user account administration in windows, but what about "runas"?

UAC is fully automatic, unlike runas, which needs to be explicitly called by user.
Quote from S14 DRIFT :To be honest, this could have been a good thread for some intellectual discussion on computer systems (which is hard to find these days!) but since people from Scotland insist in pretending like I know everything (I don't), it kind of dulls the fun so I would rather whore some other part of the forum where the average IQ is below 75.

I thought my last post was quite informative actually, I gave a background history and everything! I've been watching videos about the UAC given by the team that made it, they are pretty clever guys. You can Google for them easily, but I'd suggest starting off with this one. Some of that stuff may not make sense if you aren't a programmer, but it should give you an idea that these guys aren't full of crap, and they really did pour a huge amount of effort and resources into the system. Also the system makes a lot of sense.

Incidentally, I never set out to have an intellectual discussion. My suggestion was meant in the best interests of the game. I had no idea it would be so inflammatory. I highly recommend that people watch the video I posted about the UAC before they make any more remarks here, just so we know we're on the same page.
2

FGED GREDG RDFGDR GSFDG