convince me of vista?

[XOR != OR]

I'm not going to go through all the posts, but it boils down to this; public key infrastructure is a robust battle tested system. Further, there is precedence in windows; signed drivers. We simply extend this a bit to allow for;

- Corporations to setup their own PKI root and signing operations
- Home users to add alternative PKIs if necessary, BUT the important thing here would be that MS be THE primary source for application signing. Alternative PKIs for home users would be a last resort type of thing.
- Prompts might be involved when running software that has not been signed and will not be signed.

MS certainly knows how to secure a root cert, and it's a trivial thing for most corporations to learn how to do ( offline storage of CA, a designated company rep is the only one with access ). Further, there are provisions in place for certificate revocation ( again, back to the already battle tested PKI ).

All of this makes more sense than UAC, if the goal is to prevent unauthorized applications from running/installing. UAC simply trains users to accept a prompt, not to actually understand what they are being asked.

 

[TechieSooner]

- Corporations to setup their own PKI root and signing operations
- Home users to add alternative PKIs if necessary, BUT the important thing here would be that MS be THE primary source for application signing. Alternative PKIs for home users would be a last resort type of thing.
- Prompts might be involved when running software that has not been signed and will not be signed.

OK, that makes a WHOLE lot more sense.

So you're saying the PKI would just override UAC but not eliminate it? However it still wouldn't impact home users much, they'd still have to have UAC.

Either way it doesn't seem to me like you'd get rid of UAC that much, and moreso you'd have to have your Administrators sign all of the applications in your corporation which adds to overhead. I realize sign once or have the user keep hitting continue, but my solution to that is always if there's an app that doesn't behave: nix it. I've done it several times. I only use stuff that WORKS CORRECTLY and is programmed worth a darn.

However, Microsoft would never do something like that though. Microsoft software, even though it's signed, can still become infected. This is why UAC is still required. That's why they still have UAC prompted every time you open Device Manager.

Edit- I'd also argue that your users will ALWAYS hit continue. It isn't their computer, they don't give a crap.
I've got security measures like this in place throughout applications (warning messages when a potential issue is detected) we use, and the users still never look at them. They might see a message once or twice a week, but they want to get their job done, let the IT person who "loves" doing that sort of stuff screw with any reprocussions.

I'd say home users are better about it, at least from what I've observed, because it's their personal documents, information, and computer.

 

[XOR != OR]

OK, that makes a WHOLE lot more sense.

So you're saying the PKI would just override UAC but not eliminate it? However it still wouldn't impact home users much, they'd still have to have UAC.

Actually, I'd get rid of UAC.

Either way it doesn't seem to me like you'd get rid of UAC that much, and moreso you'd have to have your Administrators sign all of the applications in your corporation which adds to overhead. I realize sign once or have the user keep hitting continue, but my solution to that is always if there's an app that doesn't behave: nix it. I've done it several times. I only use stuff that WORKS CORRECTLY and is programmed worth a darn.

Not practical in a large scale. There are applications in use that simply can't be gotten rid of. This is unavoidable.

However, Microsoft would never do something like that though. Microsoft software, even though it's signed, can still become infected. This is why UAC is still required. That's why they still have UAC prompted every time you open Device Manager.

So throw in something like tripwire.

Superfetch already caches files in to memory; let's take a latency hit and process the md5 hash of it, then compare it to a database. You do this once every time it's loaded into memory, which isn't often.

I'm not saying my idea is bulletproof yet, but it's a far sight better than UAC is. UAC's main fault is that it presumes that the end user will want to learn what's going on; that's a false premise. End users just want their shit to work. Any security solution for the home user would need to take this into account and take the work load off the end user.

 

[requiemnoise]

doesn't it sound like SE-LINUX...
hmm... probably that is why.
they could just improve Policy Manager. It kind of worked since NT4 days. Why not improve something instead introduce something that is completely broken for Windows?

 

[TechieSooner]

I was thinking discussing the real security might be over your head. I don't mean that by any negative way.

Funny. I was thinking the same. I don't mean that by any negative way.

The security is a very complex creature. It is a lot more than home routers and personal firewalls. Most admins look at security in the programming level.

I don't. Exterior communication (IE, networking security and not application security) is some of the EASIEST stuff to manage. Easy as saying to block telnet, HTTP, FTP, whatever will block the majority of things on some services.

Application security is a PITA, and when you start getting into Application security you're getting more into a "user trust" issue than a "breakin and steal of your data".

The Also, I don't think you actually talk to people at MS about purchasing a bulk licensing.

Strawman argument, much?
Where the hell did I say you could only buy SAs from Microsoft?

 

[TechieSooner]

Actually, I'd get rid of UAC.

Then we're back to XP.

Not practical in a large scale. There are applications in use that simply can't be gotten rid of.

Meh, that's true. It's why I'm a fan of web-based stuff accessed via browser. Or just massive file and folder sharing.

The vendors I do use support Vista. If they didn't, I make very clear their ass is on the line. Either fix their app or they're gone. The thousands I pay a month in support spead loudly to them.

 

[requiemnoise]

Funny. I was thinking the same. I don't mean that by any negative way.

I don't. Exterior communication (IE, networking security and not application security) is some of the EASIEST stuff to manage. Easy as saying to block telnet, HTTP, FTP, whatever will block the majority of things on some services.

Application security is a PITA, and when you start getting into Application security you're getting more into a "user trust" issue than a "breakin and steal of your data".

Strawman argument, much?
Where the hell did I say you could only buy SAs from Microsoft?

Hi! I used to get Ms technology all excited and had a mentality of they can't do no wrong when I was starting out as a support technician. Listen. All these technology aren't new. Just like selinux and apparmor aren't new to Linux. When you are hitting the maturity of PC Desktop OS like Microsoft. It is time to think about what works instead of introducing ideas that aren't relevant or becoming a problem. If you want to talk about developing applications, please send a private message. For a guy who speaks loudly about security and still runs an OS he can't read, you must be very high strong. Like I said before, programming and understanding routing are essential to the security. Also, learn to be more humble when learning new technology. That is something I learned over the last 20 years or more. No need to get all bend out of shape. Every ten years, a company go through the past to recycle old technology as something new.

 

[TechieSooner]

It is time to think about what works instead of introducing ideas that aren't relevant or becoming a problem.

What are you talking about here?
UAC? UAC both works and fulfills a purpose.

still runs an OS he can't read,

?????????

understanding routing are essential to the security.

Yea, I already said that once:

Exterior communication (IE, networking security and not application security) is some of the EASIEST stuff to manage. Easy as saying to block telnet, HTTP, FTP, whatever will block the majority of things on some services.

For someone who says I don't comprehend anything, you're one to talk

I'm done with you in this thread, unless you actually bring some points to the table versus just discussing the discussion.

 

[RadiationBoy]

well this gets off the topic of UAC and what not which has been quite interesting but it goes back to vista in general.
I've been running vista for a few days now and actually i've been kinda unimpressed. once it is running it does seem to load applications quite fast and handles basic multitasking quite well, but it sure takes a freakn long time to boot up, not sure what its doing every time but definitely adds a lot more time then xp 32bit and i have a lot less applications installed. Also I've pretty much only installed drivers and a few basic applications i use (firefox, vlc, utorrent, foobar, steam, etc) and its already using 2.4gb of ram. not sure how it managed that one, not that i really care i do have 4gb i was just surprised.

also as Surly73 said what the hell is doing to my harddrive, sounds like its trying to sand it clean, with xp the drive was silent 90% of the time, with vista it goes through times of running not stop for several hours. I assume its indexing or something but it doesn't give me any notice of it, would be nice to be able to pause it sometimes or at least know what its doing.

anyway just my thoughts so far

-rad

 

[TechieSooner]

but it sure takes a freakn long time to boot up, not sure what its doing every time but definitely adds a lot more time then xp 32bit and i have a lot less applications installed.

Not sure your experience level, so lots of this may variate.

1) How new is the install? First 2-3 weeks take awhile for the machine to index itself.
2) Run msconfig to nuke all the crap starting up. Look through the services tab (hide all the Microsoft stuff, to be safe) and also the Startup tab. You can speed logon up a TON by doing this.

Also I've pretty much only installed drivers and a few basic applications i use (firefox, vlc, utorrent, foobar, steam, etc) and its already using 2.4gb of ram.

Superfetch.
Instead of letting your RAM sit there doing absolutely nothing (like XP did), Vista starts caching your frequently used programs into RAM ahead of time, so they load faster.

also as Surly73 said what the hell is doing to my harddrive, sounds like its trying to sand it clean, with xp the drive was silent 90% of the time, with vista it goes through times of running not stop for several hours.

Indexing, watching your usage, etc. It'll get better in coming weeks.

 

[Joe Average]

well this gets off the topic of UAC and what not which has been quite interesting but it goes back to vista in general.
I've been running vista for a few days now and actually i've been kinda unimpressed. once it is running it does seem to load applications quite fast and handles basic multitasking quite well, but it sure takes a freakn long time to boot up, not sure what its doing every time but definitely adds a lot more time then xp 32bit and i have a lot less applications installed. Also I've pretty much only installed drivers and a few basic applications i use (firefox, vlc, utorrent, foobar, steam, etc) and its already using 2.4gb of ram. not sure how it managed that one, not that i really care i do have 4gb i was just surprised.

also as Surly73 said what the hell is doing to my harddrive, sounds like its trying to sand it clean, with xp the drive was silent 90% of the time, with vista it goes through times of running not stop for several hours. I assume its indexing or something but it doesn't give me any notice of it, would be nice to be able to pause it sometimes or at least know what its doing.

anyway just my thoughts so far

-rad

Welcome to the age of a self-tuning actualized operating system. Throw more RAM at it, it uses every byte of it to tune itself and make itself faster for you. Leave it alone and it tunes itself better than you can. Use it more and more and it gets faster and faster.

It's a brave new world... wait till you see what Windows 7 can pull off...

 

[RadiationBoy]

Not sure your experience level, so lots of this may variate.

1) How new is the install? First 2-3 weeks take awhile for the machine to index itself.
2) Run msconfig to nuke all the crap starting up. Look through the services tab (hide all the Microsoft stuff, to be safe) and also the Startup tab. You can speed logon up a TON by doing this.

the install is only a few days old. I figure i'll run it for a while, having never run vista before I atleast have too learn it a bit more before making any decisions about it.
I've looked through msconfig I was surprised that there really isn't too much running that shouldn't be running.

now that i've gotten all the drivers installed the bootup time isn;t too much of a problem cause I really don't have to shut the computer off ever, although it seems to have trouble waking from sleep, but i'm sure that's fixable.

I figured the 2.4gb if ram usage was superfetch, although i was thinking the super fetch would use the intel turbo ram more, there is 2gb of that installed also.

 

[RadiationBoy]

Welcome to the age of a self-tuning actualized operating system. Throw more RAM at it, it uses every byte of it to tune itself and make itself faster for you. Leave it alone and it tunes itself better than you can. Use it more and more and it gets faster and faster.

It's a brave new world... wait till you see what Windows 7 can pull off...

lol word
definitely a sweet concept, and its well worth checking out for me.

-rad

 

[requiemnoise]

Throw more RAM at it, it uses every byte of it to tune itself and make itself faster for you. Leave it alone and it tunes itself better than you can. Use it more and more and it gets faster and faster.

Right... OS 7 did that in early 90s and Linux did that since the early 2.x kernel. It is nothing new if you are starting to be less concern about the backward compatibilty with older programs. If you finally leave the world of 16bit and yanking out 386enh protection from the kernel and other various codes that manage the lower level memory protection. Since, they are pushing for .NET... they need to utilize the memory. Since, porting all those old apps through .NET has to be done through COM. If only Microsoft gave away FREE development tools for their OS, the code legacy would have less complicated and Windows OS would have been leaner and vulernabilities would be less.

 

[Joe Average]

Leave it alone is the concept we've been pushing since Vista came out. It truly seriously is a kickass OS that can take care of itself as long as you leave it alone and let it do what it's designed to do.

People that follow this advice usually end up commenting that they've never used a better version of Windows - people that get in there and gut it out trying to "make it more like XP" end up creating threads here and at hundreds if not thousands of other forums online with nothing but complaints and bitching, aka "Vista bashing" which gets old really fast.

So... leave it alone and just use it without thinking "oh, I need to tweak this, or tweak that" etc. because you just don't have to do that stuff anymore.

 

[note235]

i meant try7 instead of vista-and yes i know win7 still has uac-i havent heard of it been any less powerful-just less apparent

 

[AbJ32]

Leave it alone is the concept we've been pushing since Vista came out. It truly seriously is a kickass OS that can take care of itself as long as you leave it alone and let it do what it's designed to do.

People that follow this advice usually end up commenting that they've never used a better version of Windows - people that get in there and gut it out trying to "make it more like XP" end up creating threads here and at hundreds if not thousands of other forums online with nothing but complaints and bitching, aka "Vista bashing" which gets old really fast.

So... leave it alone and just use it without thinking "oh, I need to tweak this, or tweak that" etc. because you just don't have to do that stuff anymore.

Because we're all smarter than the teams of career Software Engineers who've designed the operating system, and we all know how to tweak it and make it faster.:sarcasm:

Yeah, like you said, people need to just leave it alone. It's not broke, so stop trying to fix it. Stop trying to tweak it. Stop trying to optimize it. You can try re-inventing the wheel, but it's probably going to be worse than what's already on your plate. It's pretty much best to leave it alone, and I'll leave it at that.

 

[XOR != OR]

Because we're all smarter than the teams of career Software Engineers who've designed the operating system, and we all know how to tweak it and make it faster.:sarcasm:

Oh, how quickly we forget.

Up to XP, tweaking services did yield some improvement ( not a whole lot, but some ). So there is some precedence for the behavior.

 

[TechieSooner]

although it seems to have trouble waking from sleep, but i'm sure that's fixable.

Windows Sleep has always sucked.
You can make it more bearable but it's always going to suck no matter what you do

yes i know win7 still has uac-i havent heard of it been any less powerful-just less apparent

Well, by making it "less apparent" you're making it less effective, was my point.

As-is, you cannot "cut back" on UAC without cutting back on its effectiveness in security. That's all there is to it.

Microsoft has fine-tuned it, so you wouldn't get multiple prompts to do a single action (like deleting a file out of a shared directory on a remote network computer that's protected), but other than that, there's no way of making UAC be less intrusive without sacrificing security.


I challenge anyone to create a log of how often they get UAC prompts. Write down the day and what it was for. I did this for about a month, and was actually surprised at how little I got prompts. 1-2 times a week. And at that, it's ALWAYS for things that should be prompted (Software installs, accessing system settings, Removing software, deleting files out of Windows, whatever).
I guarantee you you'll not question UAC's effectiveness or what it's prompting you for after keeping a log.

Up to XP, tweaking services did yield some improvement ( not a whole lot, but some ). So there is some precedence for the behavior.

I personally wouldn't even use the word "some" lol... Placebo or negligible at best, unless you just stripped the holy living crap out of the install.

 

[AbJ32]

I personally wouldn't even use the word "some" lol... Placebo or negligible at best, unless you just stripped the holy living crap out of the install.

Right. I've found 'tweaking' Windows XP a complete waste of time, since the resulting 'improvements' weren't all that great.

 

[Yoshiyuki Blade]

Well, by making it "less apparent" you're making it less effective, was my point.

As-is, you cannot "cut back" on UAC without cutting back on its effectiveness in security. That's all there is to it.

I agree. UAC's "intrusiveness" is inherently a part of it's function as a security measure. I promply take notice of what's going on whenever the entire screen goes dark and the message pops up.

For people who don't access system-level stuff very often, its almost a non-issue. Right now, only a few programs that I don't really use often cause UAC to pop like Fraps, CCleaner or O&O Defrag. It's not like I run those on a daily basis.

People argue that accepting prompts could become habit, however I don't believe constant UAC prompts will "train" you to simply accept every oncoming prompt unless you're really braindead. The key is anticipation. Whenever I access Fraps, O&O Defrag, etc., I fully anticipate UAC to prompt me, so it's not a big deal. But if UAC just pops up out of the blue, or at an unusual time (like while browsing something), I'd definitely tell myself "Ok, wtf is this about?" and probably not accept.

 

[requiemnoise]

Right. I've found 'tweaking' Windows XP a complete waste of time, since the resulting 'improvements' weren't all that great.

interesting...
If you search around the net, you will see a huge difference in speed with nliteXP and out of box XP. I'm sorry. I forgot. Users know more of these things than admins and developers.

 

[Ducman69]

I prefer XP SP3 for my Netbook until Windows 7 comes out. But for yourself or any buds you just want to show off Vista to that haven't made the switch yet, here's Vista 64 bit w/ a couple free utilities installed called Objectdock and Deskspace:

http://www.youtube.com/watch?v=d-HMqdvH2zs&fmt=22
*please rate if you liekz*

I tried to sync it to the music a bit heheh! Ignore the Ron/Ataru thing, thats an inside joke on another forum.

 

[Azhar]

I haven't read most of the replies because I've read enough forum posts to know what to expect from us.

You will see FUD spewed about Vista. You will see people saying XP is faster. You will see people saying XP is secured enough with the proper precaution. You will see people say Vista has features that need to be disabled.

The important thing for you to do is to buy it and try it yourself. Buy it and try it for a month. If you don't like it, that's what the [H]otDeals forum is for ;-)

With a machine like that, Vista 64 will fly. So will XP, but why?

But this is something you need to try for yourself.

 

[Ducman69]

^Werd. But what he REALLY meant to say was look at how my older system flies w/ four desktops worth of crap open on Vista 64 in the above linked youtube... then give it a 5* and tell me I'm pretty.

 

[oROEchimaru]

i don't like vista. for those that do... and try to convince you thats fine.

if you have a free windows xp license... use it until windows 7 comes out.