Joined: 11/11/2006
Posts: 1235
Location: United Kingdom
As far as I know, the only admin protected folder are the windows folders and the program files stuff. If you're extracting that much stuff to program files (which is discouraged as it's supposed to be for important programs) then why not make a folder for your own stuff in program files, or just turn up the permissions for program files? you'll still have protection on the Windows folder and other vital stuff.
<adelikat> I am annoyed at my irc statements ending up in forums & sigs
There are programs that do not use installers.
Furthermore, UAC also tends to cause problems doing certain Admin-related activities with Explorer, for example.
But these are all nasty work-arounds. I do not desire to do such things to ensure it works properly. UAC should not be in the way - it should help, which it clearly does not do right now.
I have not any virus for how knows how many years, with UAC disabled, I might add, so I am not turning it on anytime soon.
It is a sign that that have a lot of work to do still with UAC and its related implementation. It should help, not hinder.
Uh, that's their own problem then. You might find it surprising that there's a whole slew of design guidelines that make programs less "jarring" and incidentally also minimize the number of UAC prompts.
If a program requires you to copy something to Program Files, the program needs fixing, not the OS.
Joined: 11/11/2006
Posts: 1235
Location: United Kingdom
Err, not in Windows 7 it doesn't.
"I have a problem with <x> so I'll just disable it rather than fix it!"
Again, are you talking about Vista or 7? 7's UAC is much better than Vista's. From what I can tell you're complaining about Vista's version..
<adelikat> I am annoyed at my irc statements ending up in forums & sigs
I don't find it intrusive in Windows 7. Never got annoyed by this, I don't know, It almost never pop for me. Unless an old software really need administrator rights. And once it's accepted for a software, it will always be for the life of that application.
7's UAC pops up slightly less frequently than Vista's. But it annoys me less mainly because it doesn't freeze my system for fifteen seconds before it pops up like Vista's does, which is why I haven't bothered with disabling it like I did Vista's.
What's new to me (or at least, I don't remember it ever happening in Vista) is having UAC pop up with any program that's run in compatibility mode. But if it's running those programs in an XP VM, then I can understand why it would do so.
As in installing something. Extracting its program files to the program files directory. Yes, it is an installation so it should require admin rights, but the extraction program should ask for this.
Yes, it is partly their fault, but it is also the fault of UAC. Refer to what I mentioned about launching a program in compatibility mode via the context menu. For 7zip, it simply does not work.
Furthermore, some of Microsoft's programs also suffer from flaws, so I put the blame partly on UAC and partly on other programs.
Regardless, it does not work in practice, thus it needs to be disabled.
Yes, it DOES. This is Windows 7 I am speaking of.
There is no proper fix. I used to run programs in admin compatibility mode to get around this, but this does not work as mentioned above.
And for Microsoft programs, compatibility mode is not available.
If you stand at a crossroad, where both roads lead to the same destination, but one path is one meter long and full of branches or other "dangers", and one path is 100 meters long, but is smooth and easy to walk, which one would you choose?
I will go so far out of my way to bend something like it to work as I will.
UAC is a technology that must exist, I do agree. It is good that it is on by default to force developers to take it into account, but that does not mean I have to use it.
What basically changed from Vista to Win7 is the frequency of the popups (and some under the hood changes to make it more secure internally, I suppose), yet that is not the problem. The problem is that I do not get a prompt when trying to perform admin stuff.
Why do I have to launch the command prompt in admin mode, for example, to perform a disk check? Would it not be better if the disk checker asked for admin rights to perform the check?
It is not intrusive, it is in the way. It does not prompt for admin rights when it really should, thus making admin stuff fail.
There's an easy solution for the "extract to program files" problem. Don't use the Program Files folder on your Windows drive. Put all your programs that let you choose the installation directory to another drive (or if you don't have more than one drive, which you should, then just come up with a directory name on your own that's not "Program Files" and "Windows"). Only C:\Program Files has the excessive protection. I too find it unnecessary to require admin rights to copy files into individual programs' directories, but I haven't been affected too much by this as I have used D:\Program Files ever since I got Windows XP and realized that in this system, reinstalling is part of the regular maintenance process.
I've been using three subdirectories of %ALLUSERSPROFILE%\Desktop\ for my non-installed stuff...
programs for most non-installed binary distributions and also all Desktop shortcuts (I use Launchy to access most programs)
eBooks for PDFs, CHMs, and the like
games for emulators, ROMs, ISOs, and TASes
(I also have a folder "C:\TAS" intended for all encoding of TASes...though I've only used it for one encode so far)
This is on XP but it should work in NT4 to 7; %ALLUSERSPROFILE% is the environment variable showing where "All Users" stuff is stored, like "C:\Documents and Settings\All Users" on XP and "C:\Users\Public" on Vista, and %USERPROFILE% is similar but for just your own profile.
also Raiscan, did XP mode just restart itself (like when a Classic application in PPC Tiger makes you "restart" your computer but it's just the Classic environment that restarts), or did it really force your computer to reboot?
If this weren't the case, any old user could come along and put his own "custom" binaries in Program Files. An admin comes along and runs one and...well, game over.
These are interesting solutions which you have come up with simply to circumvent UAC. I ask you this: is it really secure? You are just circumventing UAC, thus you would not be protected by it. Is it really better than simply turning off UAC altogether?
I wonder myself. It does not seem like a solution.
It only goes if you are the only person using that PC. In a location where there are several users to keep quiet and keep from harming the system, using C:\Program Files with UAC protection is the right way.
As for circumvention: anyone who circumvents it must be prepared for the consequences. However, rather circumvent only a small part of it as opposed to disabling it altogether, since malware will probably still have to ask you for permission before compromising your system.
However, rather circumvent only a small part of it as opposed to disabling it altogether, since malware will probably still have to ask you for permission before compromising your system.
Not if you install to non-admin locations like some seem to do. Then it is just as unsecure as if you were not running UAC.