In message <#5$2ejkHIHA.5980@TK2MSFTNGP04.phx.gbl> Charlie Tame
<charlie@tames.net> wrote:
[color=blue]
>DevilsPGD wrote:[color=green]
>> In message <fggsc7$8tj$1@aioe.org> The poster formerly known as 'The
>> Poster Formerly Known as Nina DiBoy' <none@none.not> wrote:
>>[color=darkred]
>>> IMO, with vista it seems like they are trying to hoist all of the
>>> responsibility for security on the user instead of trying to actually
>>> fix the problems. It's like they are using the wrong kind of bandaid
>>> fix for it.[/color]
>>
>> Unfortunately, the user *IS* the problem. Out of the box, XP SP2 is
>> more or less fully secure to sit on the internet, and once you turn on
>> automatic updates and run as a limited user, you're more or less secure
>> as well.
>>
>> The problem is that users don't do that, they run attachments from
>> unknown/untrusted sources, install ActiveX controls at a whim, run as
>> full administrator, and then act surprised when their PC gets
>> compromised.[/color]
>
>Actually even running as Admin full time is nowhere near as dangerous as
>claimed IF the user is responsible, however on systems where something
>has to run unattended and reliably the advice to fully automate updates
>is much more dangerous, since any task not running as a service is often
>hosed. UAC has just made it even more likely that folks will try to find
>a way around it...[/color]

Like I said, the user is the problem. If the user is responsible, they
won't have many issues (although application level exploits are always
going to be a problem, but it hasn't been a huge issue recently, it's
simply easier to trick morons into installing a trojan then to actually
find exploits -- Most exploits that are actually used weren't discovered
by blackhats until after the patches came out, hence "exploit
Wednesday")

For users that aren't responsible (most of the individual PC owners on
the planet), UAC is a stop-gap attempt to get their attention before
doing something stupid.

In my opinion, it's not even that, it's just a step towards annoying
users into getting software vendors to fix their crap so that a future
version of Windows can have users run as a true limited user without
creating huge software incompatibilities. The virtualization feature is
another clear example of Microsoft moving in this direction.

--
You can get more with a kind word and a 2x4 than just a kind word.