On 12 Jun 2006 at 8:16, Rick Glazier wrote: > From: "Vincent Winterling" > > Under the hood, security is definitely strengthened but I'm not sure why > > M/soft seems intent on locking everything down. The user account control is > > just plain annoying. You can't make any changes without being second guessed > > and questioned. > > Great summary, Thanks, but the last part is puzzling... > The old "security model" was to leave everything wide open, > and put out all the fires later... (Can we all agree there were many of > those??) > That has "flipped" 180* to where you have to specifically (and intentionally) > allow things now, (instead). JMHO...
You're not quite right: there's the difference between the "security model" and the "normal system configuration". XP's security model is *excellent* -- top notch -- and I'm not sure how MS would be able to improve it. BUT: MS's security configuration [and "helper" apps] were a complete disaster [especially in XP/Home]. What I didn't get about Vista was what's actually changed in the model -- I've heard that there are lots of "are you sure" popups, but if that's the old security config, with just a layer of annoying dialogue boxes, then I'm not convinced it is any better than XP -- users will still run as admin and just put up with the bother of clicking "YES" to everything. IMO, the proper security configuration is very simple: user accts *SHOULD*NOT* be able to do 'dangerous' things. Period. No pop-ups, no "are you sure"s.. just "you're not allowed to do that". By contrast, admin accts should be able to do stuff [I hesitate to say "anything' -- I'd actually rather see different sorts of admin accts with different 'enhance privileges', rather than just one that's unix-like in that it can do ANYTHING] without a lot of hassle [unless the admin wants it]. IMO, what's needed, *critically* needed, is neither config nor security model but helper/administrative apps. [e.g. better tools to manage and manipulate ACLs, something like 'runasuser' so that the admin can 'encapsulate' occasional enhance-privilege-required tasks so that they're safely runnable from a restricted acct, etc. /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[EMAIL PROTECTED] Pearisburg, VA --> Too many people, too few sheep <-- -- ---------------------------------------- To Change your email Address for this list, send the following message: CHANGE WIN-HOME your_old_address your_new_address to: [EMAIL PROTECTED] Note carefully that both old and new addresses are required.
