OSNews

Symantec rethink something? Their proven track record is to buy someone who rethinks something - Norton, Backup Exec, Sygate, etc.

I'm with you though about the Norton branded products - their personal firewall was awful.

It's hard to imagine Norton making anything that *isn't* awful (well, other than Ghost).

Even removing Norton's crap is a hassle - I've literally seen the uninstall process for their "Internet Security Suite" take an hour and 45 minutes (during which the computer couldn't be used at all, because uninstalling required a reboot & the uninstall process loaded *before* / outside of Windows for some reason).

Ghost was written by Binary Research, a New Zealand company which Symantec bought out a few years ago.



What is even worse, the uninstaller never fully uninstalls it, there is always crap sprawled around the hard disk. What is even worse it is forcefully rammed, from my observations, into every single computer shipped with scare tactics employed when trying to remove. There has been a recent clamp down on 'scareware' - the current Norton software and the scare tactics used during the uninstall process, they should be prosecuted or atleast sued out of business.

Edited 2008-10-10 15:08 UTC

Ghost was written by Binary Research, a New Zealand company which Symantec bought out a few years ago. "

Ah, that would explain why it went to crap after the 2003 version or thereabouts (I think they replaced it with PowerQuest DriveImage, re-branded).



What is even worse, the uninstaller never fully uninstalls it, there is always crap sprawled around the hard disk. What is even worse it is forcefully rammed, from my observations, into every single computer shipped with scare tactics employed when trying to remove. There has been a recent clamp down on 'scareware' - the current Norton software and the scare tactics used during the uninstall process, they should be prosecuted or atleast sued out of business. "

Yeah, that's especially sleazy. Windows uninstallers are bad enough without "Are you sure? Cause your computer might OMG EXPLOAD!" pop-ups.

More importantly, what difference does all this blogging make to the actual end product? How fairs the Engineer to PHB ratio at Microsoft? And where is it going?

Yes that's pretty much what I meant you just worded it better for me thanks

The people who post on that blog are more on the PHB end than on the engineering end. I think that's a good thing, because they actually do seem pretty in touch with things.

i agree with you, thats my biggest fear. they had 6 years to collect statistics like this and there were plenty of opportunities ot in xp "would you liek to join the user bla bla bla program?"

with that being said, where was the thought process when making vista? but i am not mad at them for vista, they needed a flop to make them rethink things, make them go with this more open comunication model. it appears they have learned from this mistake.

so to anyone from MS who reads this. Don't rush Windows 7, dont set a date and extract features or enhancements to get there. if it gets done "when it's done" thats fine. just do it right and continue this open dialog you have going via the blog. we, the consumers, will be happy to wait for a polished product, but will be far less forgiving if the mistakes of the past are repeated. that being said, so far so good, you have my attention and i am impressed. keep it up.

I was reading a trade journal the other day where sinofsky was talking about the expectations they built up during vista development by the transparency in the communication. People expected everything that was talked about every step of the way, and felt ripped off when they didn't get it. He said with 7 they are going to try being translucent instead of transparent, and I assume this blog is how they moved forward on that.

Don't expect anything except high level stuff from the windows team until they are almost ready to ship. All communication is going to be about process rather then progress.

I'm sure Ms. Spears is perfectly capable of passing on her own viruses, thank-you-very-much. The nude part goes without saying.

Seperated at birth? Well... maybe not:

http://tinyurl.com/3wtkkt

The fact that UAC prompts me when I want to delete a shortcut from the desktop, is precisely what's wrong with UAC.

Passwords should be entered at UAC prompts, and MS should not try to reinvent the wheel in this scenario. Not the blind click (yesyesyesyes) at dialog boxes.

That is because you're trying to delete global desktop icon, not your own.

then they can hide it from that specific desktop and shut up about it...

what the hell is something global doing on a personal desktop in the first place?!

Probably because you installed the application for all users to use.

Not that I like desktop shortcuts at all. Or installers. I hate installers. I'm going to kick someone now.

The fact there is anything like a 'global desktop icon' is utter and insane bullshit. The people who made windows able to handle multiple users should be put to a wall and shot. It's simply the most horrible implementation of a multi-user OS one can imagine.

But then again, there are lots of things in windows someone would almost commit suicide for... Working with it is a constant horror. (sorry, but after another almost-full day at work, using XP-something, that's how I feel).

From the sucky windowmanagement to the horrible start menu (how can anyone find anything in there?) or the totally inconsistent and unexplainable behavior of the applications (ESP the MS ones like in Office). Blegh.

If I didn't smoke already, I would after a few days with Windows. It is amazing how other people ever got used to it - when I ask, they go like "well, there is nothing you can do about it, get used to it". Boy, with that attitude, humanity would've never gotten past the stoneage. Yet it's the only way of surviving a working week behind a Windows PC.

(again sorry for spewing this frustration but I've just been shitted upon by Excell who decided it was time to clear my clipboard with important data for no apparent reason)

(again sorry for spewing this frustration but I've just been shitted upon by Excell who decided it was time to clear my clipboard with important data for no apparent reason)

I can understand and sympathize with your frustration, but Clipboards are not a place to store important (and unique) information for a longer period of time. Certainly not on Windows. Although Windows XP SP2 is far from bad in the crash department.

I have to work on Windows at my employer too. [CTRL] + [S] has become second nature to me in MS Office applications. So much so, that I even give OpenOffice.org under GNU/Linux the same treatment. On Windows it is Save Early and Save Often...

"The fact there is anything like a 'global desktop icon' is utter and insane bullshit. The people who made windows able to handle multiple users should be put to a wall and shot. It's simply the most horrible implementation of a multi-user OS one can imagine."

Care to explain your position? My wife and I use both our laptop and desktop with two separate accounts. We love fast user switching, and have had no problems with our separate user accounts. Perhaps you could back up your bluster with some facts?

Oh? I think administrators who control hundreds, maybe even thousands of machines, are pretty happy they have the ability to control shortcuts for ALL users in one convenient place - but that might just be me. Who knows, maybe they prefer to control them user-by-user, that might just be my ignorance.

Soms moet je even verder kijken dan je neus lang is .

Agreed. I haven't seen any annoying UAC prompts with any of the apps I use. I get an occassional prompt with Directory Opus (best file manager in the world), but that's only when I am manipulating a system file or something. But that's a hell of a lot better than Windows Explorer. See here for an example of what I'm talking about:

http://nudel.dopus.com/opus9/page4.html#vistauac

It's pretty bad when 3rd party apps are less annoying in this regard than the ones bundled with the OS. I even get prompted when I bring up the date & time settings from the task tray. I didn't know that was a huge security risk



Ummm, no. Do that and I will most certainly turn it off. The trick is to make sure the system prompts intelligently, not to annoy the hell out of the user even more with password prompts. I hated it on Linux, and I'd hate it on Windows.

Edited 2008-10-10 05:30 UTC

The trick is to make sure the system prompts intelligently,

With this I agree. Sensible prompts serve as a reminder that something significant is happening.

I don't believe UAC is all that intelligent in this regard, though. I agree with the OP. A prompt for system access, which stores the admin password, and then makes it an OK button click fest, does nothing to make the user aware of the implications of his actions. It is just another click-click-click action in the sea of such dialogs, which compromised security on Windows many times before.

not to annoy the hell out of the user even more with password prompts.

Depends how the password prompts are implemented. On most GNU/Linux Distro's this is done very sensibly. When then actions of a normal user move out of the home directory, there will be a password prompt. It is a very good reminder that something system wide is happening.

I hated it on Linux, and I'd hate it on Windows.

Don't know which Distribution you were on that it made you hate it, but I've never found the password prompts annoying. The only times I see them is when I want to install software (with Synaptic this is a one time action per Synaptic session) or when I want to change settings which have system wide implications.

I agree that password input boxes in the current UAC implementation would drive people up the wall.

Even if done sensibly, I'm not going to be very happy if I have to type in a damn password instead of click OK. Even if it doesn't pop up that often, it's an insult to my ingelligence. Basically, it's saying, "We think you're too stupid to actually READ a dialog if we just give you an OK button, so we're going to prompt you for a password instead." Of course, this isn't going to help the stupid people whom this was intended to serve, as many would just blindly enter the password, as they now just blindly click OK.
But if you're going to do the password thing by default, at least let there be an option somewhere so that power users can turn it into an OK dialog. It's either that, or we're just going to turn it off completely (as many already do with UAC), so might as well go for the lesser of 2 evils

This is precisly what is wrong with developers, using global shortcuts. All shortcuts should be personal, only global should be list of those shortcuts so when you create new user they all appear on them. I would guess this kind a system doesn't exist Vista, which points that Microsoft failed to bring purely personal desktop experience.


Why oh why, I mean if I already logged in to system it should know it's me and not ask my password. I have over 20 char password usually, how user friendly is that.

Why oh why, I mean if I already logged in to system it should know it's me and not ask my password.

Not quite. If you care about security (and you password length suggests it), when you log in, you should be a normal user and not an admin. Then it is perfectly normal for the system to ask for your admin credentials if you try to reach beyond your normal user privileges.

I have over 20 char password usually, how user friendly is that.

This is of your own volition. You could bite the bullet and enter it or you could be more lax with the length. It does illustrate though, that the current UAC is broken. If entering a password in UAC seems daunting, the system asks for permission too much. If it were designed properly, it should only bug you for important stuff when you move out of your user area.

How would it know it's you and not soma malicious program that is running in your session?

How would it know it's you and not soma malicious program that is running in your session? "

Malicious programs running in your session can't dismiss UAC dlg boxes (whether they require a password or merely a click of a button) because UAC dlg boxes run in their own session.

I guess there is a perk with being gay - when ever I see 'nude [insert female name]', my instant reaction is 'eww yuck' and delete it instantly

Yes, I do support remote shock therapy. I also would like to see a total ban on Incredimail as well - and people who attach multimegabyte files to their emails and not telling the receiver in advance.

Edited 2008-10-10 15:18 UTC

So it's only the users fault?! Come on! An overly complex and bad architected systems like Windows is the main problem here! UAC is only the duct tape so they can blame users.

Umm ... not in Windows Vista 64bit. Every time I need to launch visual studio? I need Admin rights. What about playing zoo tycoon 2? Or Spore? Admin rights.Dreamweaver? Admin rights.

WTF Microsoft, get your crap together. Vista does not "learn" in any way shape or form. It keeps asking the same d*mn question for the same d*mn application every d*mn time.

You do not need admin rights for any of the things you mentioned, except possibly zoo tycoon (never tried it). If you are getting elevation prompts, something is very wrong.

"You do not need admin rights for any of the things you mentioned, except possibly zoo tycoon (never tried it). If you are getting elevation prompts, something is very wrong."

Actually Dreamweaver, depending on the version, does require admin rights. As scary as that may seem...

Well, I have cs3, and it launches fine without them.

If it didn't, I would do something like this.

Admin Tools-> Manage Computer -> Local Users and Groups -> right click groups -> New Group... -> Call it Dreamweaver Users

Right click the new group -> Add Users To Group -> put in my user name -> ok out of everything.

Right click dreamweaver directory -> properties -> security -> edit -> add the Dreamweaver users group and give them full control -> ok out of everything

I don't find this particularly difficult, but I have used windows for awhile now and I tend to pick up how operating systems work fairly easily. I would consider these steps outside the reach of the average person.

I agree It's called Vista 64bit, SP1 .. Never had the problem with the non-sp version of Vista 32bit.

is this a clean install? if you did an upgrade maybe some security stuff got borked.

I have vista ultimate 64-bit sp1 (technet plus FTW ) and I dont get prompts for studio, spore, or dreamweaver, and I do not need admin rights to make them work.

If you had read the article, you would know the answer.

I -have- read the article.
I must have missed something.

Could you please refer me to the actual explanation.

- Gilboa

Sure. Here you are:



Edited 2008-10-10 07:56 UTC

Thanks for the quote, I saw it... I assumed that the blog will include far more specific information as for how the numbers were collected.

Beyond the obvious privacy issues (I am a Linux developer / user but also a Windows 2K3/8 developer / user and I am concerned about possible automated "call-home" systems) - the method used to gain the numbers also has huge bearing on the actual quality of these numbers and the quality of the information obtained by analysing these numbers.

- Gilboa

Great little rant, but how do you, then, explain the fact that UAC is actually WORKING? As in, DRAMATICALLY reducing the number of applications that require it?

I too believe that Microsoft really made one bad decision after another when it comes to NT, totally squandering its potential - but they're trying to fix it, and apparently, it's working.

Edited 2008-10-10 07:55 UTC

Yes, of course it works. It's just how it works. It clobbers the user with incomprehensible messages and it does it too often for stuff that shouldn't require such a prompt anyways.

The improvements with UAC aren't in the user area, as the blog mentions, but vendors scrambling to get their products to be less annoying on Vista. That is not really an improvement in my book, because UAC still teaches home users to just click yes and not bother why they are doing it. In other words, malware doesn't have to spoof UAC prompts, it just needs to invoke a real UAC prompt and have the majority of user click it; as they still do being used to the dialog jungle.

Before UAC becomes significant, as in really alerting users of something "fishy", it will take a long time of cleaning up Windows' crufty user space and the applications running on top. Even when UAC warns only about the important stuff in a few years, it will take significant time for the effects of dialog fatigue to subside enough for home users to even take notice of a Windows dialog. So in regard to protecting average users, UAC in Vista has failed.

The sadly-amusing thing is that, shortly after OS X came out, many Windows advocates lambasted it for encouraging "authentication fatigue" (aka, exact the effect that you described).

The vast majority of people are not installing applications every day, or doing system wide config changes. There is a certain class of user who do not use their computers for work, but instead just constantly install and configure things, but those are not your typical home user. I work with studio 2k8 in vista business all day every day, and i see a uac prompt on average about once a week.

The only problem with the prompts are applications which do not conform to standards that have been around for almost a decade, and store user specific configuration files in system directories. It wouldn't be so bad if windows had a simplistic security system like unix, but ACLs are not exactly something home users can just figure out on their own, so they aren't really able to grant themselves access to those folders.

All I know is that the people managing the Windows 7 team are not the people who managed the Vista release disaster. Sinofsky, and Green too, are people who have a track record of getting things done, and delivering on promises.

You can't reduce a 70000+ employee company to one entity. That's rather simplistic.

And, as the financial crisis is showing us once again - past results are not necessarily indicative of future results. This goes both ways.