Discussion on:

10 things I've learned from using Windows

"1: Printing still has a long way to go"
Agreed.
I can't understand why printing is so difficult and error prone.
It's a basic office task and yet printers/software always break when it's most inconvenient.

"3: Windows can quickly devolve into chaos"
I'm not sure that Linux is any better (it should be).
Programs seem to be able to appear in any one of several locations ("/bin", "/sbin", "/opt/??", "/usr/bin").
Why isn't there just "/bin" (for system-wide) and "/home/user/bin" (for individual users)?

"4: The UAC was broken out of the box"
Agreed (sort of).
MS failed to modify the installation process when they introduced the UAC.
You should have had to set up an "Administrator" account and a "Standard" account.
You should have been connected/directed to the "Standard" account when the install finished.

In Ubuntu (10.04) unless you use the Terminal for everything, the "elevation prompt" appears at random times.
It's fair enough asking for my password if I want to install something, but why can't I manually check for updates without entering my password?

"5: The Windows command line is horrible"
Agreed (sort of).
I loathe using the CLI in Linux and Windows.
Linux's advantage is that it has shorter commands, than the Windows Command Prompt.
PowerShell is even worse, with its "War & Peace" length commands.

The main problems (IMO) are:
- The lack of command examples (I don't mean a list of options/switches).
- Knowing the command names.

I thought I'd check the comments before commenting on UAC. I'm glad I did, as I would have reiterated your comment. UAC works great if you're not logged in as an administrator. And from a security perspective, no regular user should be an administrator on his/her own machine.

PowerShell is not bash (or ksh, or csh, zsh, etc.), but it's coming along. If you're concerned about the length of the commands, why not just drop them into a script? Additionally, aliasing helps a lot.

If you think Jack missed it, then what do you think it was?

The way UAC was explained to me, during a Technet launch event for Vista, made it seem more like security through environmental design then actually securing the os.

It is meant to bring the users attention to actions that they may or may not be aware of. Granted most users just click through blindly, several of my users have actually became aware of security and saved themselves from several potential malware events all because of UAC.

The password elevation prompts in Ubuntu and other OS's like OSX are just as effective/ineffective as UAC. The same users that will click through the UAC prompts will do the same thing if they're prompted for a password...they just get really quick at typing passwords!!

Also Microsoft can't throw that much security in all at once, mainly because users will complain. Look at how much people complain about UAC, technical and non-technical alike complain like hell about it!!

Just my 2 cents

Thanks, but I'm hoping to hear from TraineeMonkee; he's the one calling names. Why I would expect an informed response from someone who admits to being both a trainee and a monkey is another topic.

"I get it. I know what Microsoft was attempting to do with the UAC, but it simply doesnt work. What it wants to do is block users from doing stupid things"
The idea isn't to block users from doing stupid things, it's to ensure that every process doesn't get elevated privileges. Different concepts.

It only works like that if they're running on a standard account.
UAC for the admin account will not stop malicious code from using the admin's privileges.

The process only gets the elevation if the admin user approves it. Until then it has to make do with the limited privileges token.

And no, it doesn't work if the application cannot be run without admin privileges. The user has already decided to run the application, so for the admin account, UAC is just a "Are rilly rilly sure you want to?" prompt. And that's just annoying.

.

Maybe MS should have their system create admin accounts automatically in the background. Any accounts you create during setup or afterwards will default to a regular user account.

Most users are not geeks. I don't see anything wrong in making their consumer Windows versions geared towards them. It should do diagnostics and repairs automatically, updates automatically, and should WAIT for the user to log-off or shutdown after running Windows Update. I see folks freaking out over that "Windows needs to restart" warning message. The machine needs to accommodate the typical user not the other way around.

But I kinda expect a tech writer to use the correct name for a technology that he is writing about. It's just sloppy, and also implies lack of knowledge of the subject matter.

According to Mark Russinovich (a Microsoft Technical Fellow) UAC is not a security feature. It's a compatibility one.

Or recap, sounds interesting.

He made the comment in a video for TechEd I believe. I can't recall for certain but it was probably the UAC talk he did.

lets see some context.

Linux is favoured by the technically literate. These are the types who tend to have better security setups. Linux servers are more likely to be behind firewalls and in locked down corporate systems.

The majority of Windows desktops are protected from the big bad world by no more than the "SOHO" modem/router that got given by their ISP. And average home user is more likely to go near a dodgy site than a server.

The Home Computer that has next to no security and little money or the Server running the Financial Institution down the road that is passing Millions of Dollars per minute through it?

With Windows you can fairly easily hit 1000000 users who will know fairly quickly and do something or you can go to a lot of Trouble and skim 0.01% of every transaction to make much more money in the long term and most likely never be found.

Which one makes the more sense to attempt?

Col

those big banks would not want the breach to be publicized for fear
it would "bloody their nose"...add to that, in the US anyway, they can
go to the government for a bailout in a worst case scenario, more likely
to just write off the loss on their corporate taxes, use the extra refund
to give all the upper execs a big bonus!!

But none the less they still don't like Breaches. I had one where a fraction of a cent from every transaction was removed. Well what actually happened is any Fraction of a cent under .03 was diverted from the Managements Slush Fund for their Christmas Party to parts unknown.

They where very upset with it as their drinks bill for that years Christmas Party was substantially reduced until I triggered a couple of Logic Bombs that took down the entire country. They then just passed some more money to their Christmas Fund and let the Breach ride till the new software was introduced about 6 months latter.

I have no idea how long it was there or who put it there but I'm fairly certain it was someone inside the business responsible. From the quick Mud Map Figures that I made there where several Million $ per month being diverted from customers accounts to wherever when it would normally go to the Bank. But then again just how often do you see .8 of a cent passed on as a Interest Transaction?

Col

I like that you (author) pointed out both positive and negative findings of things you encountered. I've seen so many times where a Linux user goes Windows and cannot see that there are positive aspects to be seen.

Some EXE's it is determined to run them with UAC, just cause they have the name Update or some other keyword. And this behavior can't be disabled without using their compatibility tools.
So like, you download a exe archive file, and you want to run it, but you would rather Windows run it as a normal user. Not possible, it will insist it is run with UAC.
Making UAC royally useless. XP was actually better you could right click and run an EXE with limited permissions. You can't do that anymore.
Don't believe me? Try it, grab any EXE, rename it to "update" and try and run it, you will get a UAC prompt. This also happens if the "original filename" had one of the keywords in it.


-Edit
See solution here
http://www.techrepublic.com/forum/discussions/102-393381-3690114

I am using Win 7 SP 1 64-bit with all the latest updates.
And Microsoft Security Essentials (if that somehow matters)

I tried several programs. In each case copied to a temp directory as update.exe
and then did start -> run -> full path name.

These did pop a UAC...
An old tail.exe
An old tlist.exe

These did not pop a UAC...
The latest version of Autoruns.exe from Sysinternals
A Perl.exe which I compiled myself on Windows XP using Microsoft Visual Studio 9.0 VC

So far every EXE I have tried has done it.

I do not.

My build is brand new hardware two months old.
Asus P8Z77-V PRO motherboard.
Install was from my Technet download of Windows 7 64-bit with SP1 included then did Windows update repeatedly until no more to install.

I am running under the account created during the install which as per the install is a member of the Administrators group.

How do you stop the UAC. What if you want to run that EXE at normal restricted permissions?
I can't find a way without using the MS compatibility tools, which is not exactly an ideal solution.

This Google search seemed to offer some possible solutions...
... ... win 7 force run without uac

In particular

set __COMPAT_LAYER=RunAsInvoker
at
http://dandini.wordpress.com/2010/04/08/run-applications-as-restricted-user-in-windows-7-runasinvoker/

and

RUNAS /trustlevel: program
at
http://superuser.com/questions/171917/force-a-program-to-run-without-administrator-privileges-or-uac

almost every printer I encounter these days, tries to address this issue by installing great shedfulls of bloatware, trying to take control of every function and operation on your PC, and filling your desktop with dashboards and control panels, heaven help you if you have several different network printers from different mfrs installed all vying to manage the way you open and print photos!!!!

I have worked with Linux and Windows at length and have found that Windows is obviously made for the GUI and to be user-friendly. You may see employees (job specific end-user roles) that should not have to learn cryptic command line stuff to make it through their day (which is a majority of the world - hence windows reign). I fell in love with windows core and powershell which I immediately noticed was left out of #5. I too am a cli fan and can be much quicker on a keyboard than a mouse, but I have seen attempted "fixes" within 'nix that have taken much much longer than windows OS fixes so I see both sides of the coin and I know how people love to gripe about windows so am glad you addressed these items. Please consider Powershell and windows Core for future comment/experience! There's some really Good stuff in them. As far as security (seemingly the main gripe of 'nix users against windows) - there is no silver bullet. There will always be some adverse scenario. I've seen security breaches in 'nix that were extremely hard to find, track, or fix and that means that the best hackers may be "getting away with it" from the 'nix side more often than realized.

having said that, I was tickled to see "poor printing" as the number one complaint about Windows (not that lpd is so much better for the average user). We have a sign over the door "If the Windows print subsystem and UNIX lpd worked well, we'd all be out of a job"

With your idea of the perfect desktop, what use do you get from the 99% blank area?

I can get to any one of 220 items I use regularly with 1 click. Your turn.

My personal objection to desktop shortcuts is that I have to minimize whatever I'm doing to get to them. Sure, you can start any of those 220 with one click, but how many clicks does it take to clear what's running in the foreground so you can see them? I count at least one in W7 - the 'Show Desktop' button on the far right of the Taskbar. In XP, it's at least two - right-clicking the Taskbar, then single-clicking 'Show Desktop'.

If a desktop full of icons suits the way you work, great. It doesn't work for some of us.

But at least the Show Desktop button in always on top, never covered over, and always in the same location. About as easy as it gets.....

Assign hotkeys to everything.
With just a single keystroke I can instantly initiate or switch to all my apps
I have arranged the hotkeys in a logical order and after some time I don't even have to think about them it just becomes automatic muscle memory.

I run
up to 3 instances of my file commander utility
up to 9 instances of a Windows 7 command prompt
up to 8 instances of my programming editor

So typing ctrl-alt-f starts or switches to already running instance "F" of my file commander
ctrl-alt-g and ctrl-alt-h are for instances "G" and "H"

ctrl-alt-1 ctrl-alt-2 thru ctrl-alt-9 are for the 9 command prompts

ctrl-alt-j ctrl-alt-k and 6 more are for my editor

I can start or switch to a desired app instantly. It would take longer just to move my hand to the mouse.

How one chooses to work is a personal preference. I have used this system since the last millennium... I love it

What about for apps like Word and Excel? See AutoHotKey
and/or
alt-tab for those occasions.

That is, my brain doesn't. On the other hand, I start seven or eight apps at the start of the week and leave them open until Friday. I probably don't start more than four or five others during the week, so the Start Menu works for me.

Egad! Flashes of WordPerfect hell just swept over me! The only reason we still use a keyboard is becuase we don't want noisy offices filled with people dictating all day long to their computers.

It's because voice recognition software is, so far, incapable of recognizing that "New Orleans" and "N'awlins" are the same place.

That's just a regional or slang add-in, right? Not so hard to add more words. No need to throw the whole thing out. We're going to need it when more computers go into places where keyboards aren't allowed (like cars and public restrooms).

Voice-activated. Works fine, except that it makes certain assumptions about pronunciation that are not intuitive to a native English-speaker. But the system has trained me properly. If I want it to play Steely Dan's album "Aja", I now know to ask it to "Play album 'Aya'".

But it still won't play "Ummagumma" when I ask for it by voice.

Did a quick test using voice input to compose in Gmail.
Said them both and both went in as New Orleans.

Isn't there an "app dock" for Windows users? The same utility Mac users enjoy.

I'll ask: exactly what is an app dock? How does it differ from the Windows Taskbar? I've not run across an explanation yet that makes it clear to me what an app dock does.

Oh, and yes, there are third-party app dock plug-ins available to Windows users. To me, they just look like floating versions of the Task Bar. I haven't seen anything worth even testing, but I'm open to enlightenment.

The Dock is like a floating Start menu but you can see all the programs across the screen all at once. It's a ribbon of icons that enlarge when you hover over them and they expand with more icons if you have documents open. It was created so that Mac users can actually say "OSX is easier to use" without making themselves into liars. Youtube "mac osx dock". Did you see that? I used YouTube as a noun. Take that Google!

but that sounds like the W7 Taskbar, other than the floating part. I may be missing out on a great feature, but I've gotten along okay so far.

as a verb