?

Log in

No account? Create an account

LUA part 4 (of 5): Changes in Windows Vista/7 - John C. Kirk — LiveJournal

Jan. 19th, 2010

03:39 am - LUA part 4 (of 5): Changes in Windows Vista/7

Previous Entry Share Next Entry

Comments:

[User Picture]
From:shuripentu
Date:January 19th, 2010 06:23 pm (UTC)
(Link)
I'm not quite sure the article you link to knows what it's talking about regarding the UNIX/Linux etc. side of things. There are problems with sudo, but to say that we've been 'plagued' by them is a bit over the top.


I may be incredibly oblivious by nature, but if there was a plague, you'd think I'd have noticed it sometime in the last 10 years...

And yes, if a user has (potential) administrative privileges and is ignorant, then absolutely nothing can protect them from hosing their computer, and possibly their finances. User education is IMO much more important and effective than putting up security barriers, especially ones that said user can take down when they like.

I've had a look at the Vista UAC prompt, and I honestly don't think it does anything for user education. It says the user needs to give permission for a process to continue, and asks the user if they started that process. It says nothing about the most important aspect, which is that this process wants administrative-level privileges, which would allow it to modify system files and settings, and is the user certain that they want to allow this process to do so? This seems obvious to us, but we already know about and understand root privileges; the real audience are the users who are in the dark, and as it stands, they remain in the dark.
(Reply) (Parent) (Thread)
[User Picture]
From:susannahf
Date:January 19th, 2010 07:29 pm (UTC)
(Link)
User education is IMO much more important and effective than putting up security barriers, especially ones that said user can take down when they like.

YES. This is *exactly* exactly my point. Having set up my parents' new Win7 machine, I have to say, I like UAC. It makes windows more secure, more sudo-like. Which is Good. BUT, it doesn't in any way replace or reduce the need for user education. If anything, it increases it, since now you get scary boxes saying "jucheck.exe wants to run, should I let it?" WTF! (turns out that's java update - good explanation there guys!)

Given the choice, I would choose user education over software controls any day. Because an idiot user will disable the software controls, but a small amount of understanding goes a very long way - and yes I am referring to supporting non-techies. I tech-support for my parents and grandparents, who range from competent but not confident to positively luddite. And yet they can all understand and apply basic security rules if explained in a sensible manner (two of which are "if in doubt, don't click it. If frightened, turn the computer off, at the mains if necessary.")
(Reply) (Parent) (Thread)