Vista, being the new kid on the OS block, is kicking ass and taking names like the bloated bully it is - with respect to hard drive space requirements, that is. One of the most fertile battlegrounds at this point is the security - or the lack of it depending on your point of view - of how the new OS "protects" itself from not only the common malware that has plagued previous versions of Windows but also the biggest reason for most problems by and large:
You.
Let's face it, the type of person I end up defending or just being the Devil's advocate for most often - Joe Average, consumer that happens to own a computer - tends to be the biggest single factor in the spread of malware, spyware, adware, viruses, trojans, worms, etc. outside of the computer itself. It's your fault, so deal with it.
Take that statement and this entire document with a grain of salt. I like to make stuff a bit humorous or at least make the effort so it tends to stick with you after you've read it. I'm not going to bring up other OSes for comparison except to very briefly point out some aspects of where Vista's security models and practices are finally catching up to - and in some respects surpassing - the "competition."
So let's get right to it.
The biggest complaint about Windows of late is security. "It's wide open," or "It's so insecure you could drive a truck through it," or "It's got so many holes even Swiss cheese is jealous" are the kinds of comments you'll find with respect to Windows and security. Hell, just saying "Secure Windows" is an oxymoron to many people.
Having said that, it's pretty obvious that Microsoft, when developing Vista's security model, needed to take a very large step back and quite literally start from scratch. It simply wasn't going to be enough to continue using the standard Windows security model with user accounts, Admin accounts, levels of priviledge (Power User, Standard User, etc etc).
This time out, they had no other choice but to start clean with a fresh slate and, in the process, they spent a great deal of time looking at other OS models like UNIX, and yes Linux, as well as OSX and its BSD heart beating inside. And by doing research into those other OSes, Microsoft came up with probably the only thing they were capable of: a new security model that closely resembles a lot of the features and practices of those other OSes, but still retains a lot of "innovation" dare I say it with respect to Microsoft and what it needed to accomplish.
In a nutshell, it works like this:
Everyone on a Vista machine - including those individuals that would normally have what we all consider "Administrator" level access under Windows XP - will be using Vista with accounts that do not (by default, and this is the critical point) have the ability to install software into the Program Files directory. With 64 bit editions of Vista, this same rule applies to the Program Files and Program Files (x86) directory.
Now, to a lot of people this might seem a bit odd considering it means every time you go to install a piece of software it's going to cause a problem - and you'd be correct because it does cause a problem, but the problem isn't a problem, it's just how things are done now. The only people that see it as a problem are those that simply don't like their OS dictating how it will respond to whatever the user wants done. It's a pissing match, of sorts, but in the long run this new method and the new practices put in place with Vista will ensure your machine stays safer, runs better, and even you the user needs to jump through a hoop or two to get something done that might have dire consequences for the system itself.
To put it bluntly the new security model in Vista is there for one primary reason: to keep the damned machine operational, even in spite of the user's best efforts to bring it down like a house of cards.
There is no more Administrator account as it has always existed in Windows versions prior to Vista. Now all users have standard user accounts, or tokens which denote the level of access they have when logged in. The standard user account is what forms the basis of the new security model in Vista. To gain access to Administrative options, the user must provide the necessary credentials (by bringing that particular token into play) on a per-case-basis as required called Admin Approval Mode. Even if you log in as an Administrator under Vista, to do anything that requires actual Admin priviledges will still prompt the Administator account user for consent or credentials to perform the task at hand.
It's common knowledge and a long standing practice in the UNIX world that you never use the computer on a regular basis as root - anyone worth his weight or the cost of his education and experience will agree with that practice. If not, go back to playing your consoles games, computers are simply outta your league.
So, knowing that using the computer in regular daily sessions logged in as an Administrator (we're talking about Windows Vista here, or Windows machines in general, so that's the proper terminology, and not 'root' which is the UNIX/Linux terminology) is a very bad thing, Microsoft had to find some way to address the need for Administrative priviledges on an as-needed per-instance usage. And they came up with a great solution:
User Account Control.
This particular feature of Vista allows for many things, and I'll quote a few lines from this TechNet page about UAC to explain:
"The main goal of User Account Control is to reduce the exposure and attack surface of the operating system by requiring that all users run in standard user mode. This limitation minimizes the ability for users to make changes that could destabilize their computers or inadvertently expose the network to viruses through undetected malware that has infected their computer.
With User Account Control, IT administrators can run most applications, components and processes with a limited privilege, but have "elevation potential" for specific administrative tasks and application functions.
Conversely, when users encounter a system task that requires administrator privileges, such as attempting to install an application, Windows Vista will notify the user and require administrator authorization. This type of prompting helps ensure that users do not accidentally make modifications to their desktops. It also helps eliminate the ability for malware to invoke administrator privileges without a user's knowledge.
As a defense-in-depth measure, User Account Control also provides additional protection for administrators through its Administrator Approval Mode. With Administrator Approval Mode, Windows Vista will run most applications with standard user permissions even if the user is an administrator.
If a user wishes to run a program that requires administrator permissions, they must give consent through a User Account Control prompt. This helps limit malware's ability to make system-wide changes without the administrator's knowledge. However, Administrator Approval Mode does not provide the same level of security or control as a true standard user account."
That should make it considerably easier to understand but, for the rest of this posting I'm going to spend time explaining why UAC works the way it does and how it keeps the machine safe from most if not all the "bad stuff" that's been making people so pissed about Windows in the past and unfortunately is pissing them off again with Vista.
"It's the permissions... it's always the permissions..." to paraphrase a common statement about driver problems.
In Vista, you're limited to executing applications from directories or folders where you have the permission to do so - this is where the research into UNIX/Linux comes in. But obviously the concept, the very idea itself of permissions has been around for decades, so what's the deal now with Vista and doing things a different way? Glad you asked.
Since the Program Files directory tends to be the center of attention for applications and software packages, Vista prevents anything from writing to that directory without some form of notification to the user happening, and that's where UAC comes in again. If you've used Vista yet, you've most certainly seen that "all too famous" popup now asking for permission to continue.
Everything stops at that point, at least from the user input perspective. The screen dims a bit, the popup appears, and you're basically left with only two options: Click Continue to give permission the application trying to do whatever action it's trying to do, or click Cancel to stop that application in its tracks. Unfortunately for Apple, while their current "Allow or Cancel" commercial is funny - for all of 3 seconds - it gets old pretty fast hearing "Allow or Cancel" knowing that it's asking for you to "Continue or Cancel." I'm a nitpicker, sue me.
So, it comes down to the nuts and bolts:
Under Vista, if you haven't disabled UAC (the Devil's work, I tell you) or done some Registry or Group Policy edit (Security Policy, to be more precise) that allows your priviledges to automagically be escalated whenever necessary (the Devil's work with every other bad guy in history helping out on the task), then you can't install or place much of anything in the Program Files directory at all without some notification or request for permission and a total stopping of all user input systemwide on that machine until you click Continue or Cancel.
The upside to that process is that, as long as you're running the default options in Vista (UAC is on, Admin elevation is normal and will be prompted as necessary), nothing will have access to the Program Files directory or any other directory where such permissions are explicitly required.
As Martha Stewart is fond of saying: "It's a good thing..."
Now, some people will complain: "I've got this old stuff laying around, and since I'm not paying for new versions - hell, some of it ain't even available anymore - how is this going to affect my ability to use that software under this here newfangled Vista stuff?" Again, glad you asked.
Microsoft knew this would be a major MAJOR sticking point for a huge number of users who have legacy applications and simply won't move on without 'em. Personally, for that sort of stuff I say go get VirtualPC 2007 and run 'em all inside virtual machines with zero ill effects except for perhaps 3D capability if required. That gets rid of any possible compatibility issues, and adds yet another layer of protection for Vista itself because all those old apps would be running inside a virtual machine, cut off from Vista itself directly - a common practice nowadays called a 'sandbox'.
But, since not everyone wants to use a virtual machine application like VirtualPC or VMWare, Microsoft was forced to hit that drawing board once again and come up with a solution - and they did, and I find it a very elegant one to this problem.
Old software will still see Program Files, and the software can be installed there as noted above by clicking Continue on the UAC prompt that appears when the application installer tries to write to the Program Files directory. But after that, any subsequent write operations to that folder in Program Files will actually be redirected to a subdirectory inside the user's own user profile directory under the Users directory in the root of the system partition.
Vista creates junction points and symbolic links to the actual desinations now, aka shortcuts.
The legacy software "sees" the directory as in Program Files, but whenever data is sent there, it obviously redirects to the proper location which falls under the Users\AppData\Roaming subdirectory.
Pretty damned spiffy, I'd say. And in the process, while the application works normally, your basic underlying Vista installation is safe and sound and the security model is still 100% intact: no data is being sent directly to the Program Files directory - and if such a thing did happen to occur, the UAC popup would once again appear, stopping the user input in its tracks, and forcing the user to provide input while at the same time acting as a notification that "Hey man, something is going on, and you need to be aware of it, so here I am pointing it out to you."
Works for me, and I bet it works for most of you too.
In the long run all of this results in a vastly more solid operating system platform to work with. Vista keeps an eye on itself not only to stop the external attempts coming in from the Internet (and you are online, I hope, elsewise, how the hell did you access this webpage to begin with?) by all those wily little bastards with a lot of talent and not enough brains to use it for making money, but it also keeps you - the user - from screwing things up so bad the whole machine craps out and then you try to blame it on the OS. Sorry, I ain't believing it.
Most everything of any consequence is going to happen under the user's profile in Vista, so that itself keeps things nice and tidy. Errant applications, malware, spyware, viruses, trojans, worms, whatever... it all falls under that particular section of Vista and because of that, even if something does go wrong, the worst you'd have to do is some data recovery, some backup, then wipe out the profile(s) and create new ones. Vista itself will still be running strong since it's closed itself off from your lackluster attempts to rain on its parade, so to speak.
I hope this has helped in some way to explain how Vista's new security model is implemented, and maybe from extrapolation you can now understand why the UAC prompt appears and when it does, you'll also hopefully develop a bit of appreciation for how things work in Vista compared to older versions of Windows.
Yes, sometimes getting that UAC prompt so many times can get irritating - mainly when you're setting up a brand new machine with a fresh installation of the OS and your applications, but in the long run it's for the best. I'd rather have to click a button (which takes what, 1 second, less?) than spend hours doing a recovery operation to try and recover important data because of a mistake I made when I chose to run as a "proper" Admin or because I disabled UAC and right at the most inopportune moment something got in and trashed my system.
In the long run, it's your choice to do what you want with Vista. My suggestion: Leave it alone. It's not like any other OS ever made, and it can take care of itself, very well I might add.
Thanks for reading, and have fun, always...
---------------------------------------------------------------------------------
To put all this together, I've installed Vista more times than anyone should ever do in 20 lifetimes, I've read websites, read magazine articles, participated in forum postings (some still exist, some are dead threads, some turned into battlegrounds, some...well, bleh). I've condensed a lot of the info to what is posted above, and I might add more to this as time goes on, or if I made booboos and people spot them or care to correct me (I'll expect to verify it, obviously) so, comments are most welcome.
I won't say this is "sticky worthy" but, it sure wouldn't hurt to have a point of reference for the [H]ardForum at least in the Operating System subforum so that the constant Vista questions at least have someplace to be referred to. Do with it as you wish, I guess.
References of note:
"Finding the User Settings in Vista" by John Mueller, August 2006 (primary source of information about junction points and symbolic links)
User Account Control Overview by Microsoft on TechNet (basic overview material I condensed into simpler terms as well as providing a direct quote of several paragraphs as noted)
Understanding and Configuring User Account Control in Windows Vista by Microsoft on TechNet (provided a lot of information with respect to the elevation levels, account priviledge tokens, detailed explanations of the different between a user and Administrator account in Vista, as well as a wealth of other information also)
MaximumPC, June 2006 (had a nice article providing a lot of rather easy to understand explanations for how some aspects of Vista work in common everyday usage)
And of course, I have to toot my own horn here, and I should have mentioned this earlier in this posting but now that you've read all of it, reading this next posting I'm about to provide a link for should make installing and using applications under Vista that much easier for you:
The best Vista tip I can offer and one that is sorely needed
The hundreds if not thousands of forums postings I've read over the past year or so as I got "serious" about Vista as an operating system.
"For all those about to install... I salute you..."
You.
Let's face it, the type of person I end up defending or just being the Devil's advocate for most often - Joe Average, consumer that happens to own a computer - tends to be the biggest single factor in the spread of malware, spyware, adware, viruses, trojans, worms, etc. outside of the computer itself. It's your fault, so deal with it.
Take that statement and this entire document with a grain of salt. I like to make stuff a bit humorous or at least make the effort so it tends to stick with you after you've read it. I'm not going to bring up other OSes for comparison except to very briefly point out some aspects of where Vista's security models and practices are finally catching up to - and in some respects surpassing - the "competition."
So let's get right to it.
The biggest complaint about Windows of late is security. "It's wide open," or "It's so insecure you could drive a truck through it," or "It's got so many holes even Swiss cheese is jealous" are the kinds of comments you'll find with respect to Windows and security. Hell, just saying "Secure Windows" is an oxymoron to many people.
Having said that, it's pretty obvious that Microsoft, when developing Vista's security model, needed to take a very large step back and quite literally start from scratch. It simply wasn't going to be enough to continue using the standard Windows security model with user accounts, Admin accounts, levels of priviledge (Power User, Standard User, etc etc).
This time out, they had no other choice but to start clean with a fresh slate and, in the process, they spent a great deal of time looking at other OS models like UNIX, and yes Linux, as well as OSX and its BSD heart beating inside. And by doing research into those other OSes, Microsoft came up with probably the only thing they were capable of: a new security model that closely resembles a lot of the features and practices of those other OSes, but still retains a lot of "innovation" dare I say it with respect to Microsoft and what it needed to accomplish.
In a nutshell, it works like this:
Everyone on a Vista machine - including those individuals that would normally have what we all consider "Administrator" level access under Windows XP - will be using Vista with accounts that do not (by default, and this is the critical point) have the ability to install software into the Program Files directory. With 64 bit editions of Vista, this same rule applies to the Program Files and Program Files (x86) directory.
Now, to a lot of people this might seem a bit odd considering it means every time you go to install a piece of software it's going to cause a problem - and you'd be correct because it does cause a problem, but the problem isn't a problem, it's just how things are done now. The only people that see it as a problem are those that simply don't like their OS dictating how it will respond to whatever the user wants done. It's a pissing match, of sorts, but in the long run this new method and the new practices put in place with Vista will ensure your machine stays safer, runs better, and even you the user needs to jump through a hoop or two to get something done that might have dire consequences for the system itself.
To put it bluntly the new security model in Vista is there for one primary reason: to keep the damned machine operational, even in spite of the user's best efforts to bring it down like a house of cards.
There is no more Administrator account as it has always existed in Windows versions prior to Vista. Now all users have standard user accounts, or tokens which denote the level of access they have when logged in. The standard user account is what forms the basis of the new security model in Vista. To gain access to Administrative options, the user must provide the necessary credentials (by bringing that particular token into play) on a per-case-basis as required called Admin Approval Mode. Even if you log in as an Administrator under Vista, to do anything that requires actual Admin priviledges will still prompt the Administator account user for consent or credentials to perform the task at hand.
It's common knowledge and a long standing practice in the UNIX world that you never use the computer on a regular basis as root - anyone worth his weight or the cost of his education and experience will agree with that practice. If not, go back to playing your consoles games, computers are simply outta your league.
So, knowing that using the computer in regular daily sessions logged in as an Administrator (we're talking about Windows Vista here, or Windows machines in general, so that's the proper terminology, and not 'root' which is the UNIX/Linux terminology) is a very bad thing, Microsoft had to find some way to address the need for Administrative priviledges on an as-needed per-instance usage. And they came up with a great solution:
User Account Control.
This particular feature of Vista allows for many things, and I'll quote a few lines from this TechNet page about UAC to explain:
"The main goal of User Account Control is to reduce the exposure and attack surface of the operating system by requiring that all users run in standard user mode. This limitation minimizes the ability for users to make changes that could destabilize their computers or inadvertently expose the network to viruses through undetected malware that has infected their computer.
With User Account Control, IT administrators can run most applications, components and processes with a limited privilege, but have "elevation potential" for specific administrative tasks and application functions.
Conversely, when users encounter a system task that requires administrator privileges, such as attempting to install an application, Windows Vista will notify the user and require administrator authorization. This type of prompting helps ensure that users do not accidentally make modifications to their desktops. It also helps eliminate the ability for malware to invoke administrator privileges without a user's knowledge.
As a defense-in-depth measure, User Account Control also provides additional protection for administrators through its Administrator Approval Mode. With Administrator Approval Mode, Windows Vista will run most applications with standard user permissions even if the user is an administrator.
If a user wishes to run a program that requires administrator permissions, they must give consent through a User Account Control prompt. This helps limit malware's ability to make system-wide changes without the administrator's knowledge. However, Administrator Approval Mode does not provide the same level of security or control as a true standard user account."
That should make it considerably easier to understand but, for the rest of this posting I'm going to spend time explaining why UAC works the way it does and how it keeps the machine safe from most if not all the "bad stuff" that's been making people so pissed about Windows in the past and unfortunately is pissing them off again with Vista.
"It's the permissions... it's always the permissions..." to paraphrase a common statement about driver problems.
In Vista, you're limited to executing applications from directories or folders where you have the permission to do so - this is where the research into UNIX/Linux comes in. But obviously the concept, the very idea itself of permissions has been around for decades, so what's the deal now with Vista and doing things a different way? Glad you asked.
Since the Program Files directory tends to be the center of attention for applications and software packages, Vista prevents anything from writing to that directory without some form of notification to the user happening, and that's where UAC comes in again. If you've used Vista yet, you've most certainly seen that "all too famous" popup now asking for permission to continue.
Everything stops at that point, at least from the user input perspective. The screen dims a bit, the popup appears, and you're basically left with only two options: Click Continue to give permission the application trying to do whatever action it's trying to do, or click Cancel to stop that application in its tracks. Unfortunately for Apple, while their current "Allow or Cancel" commercial is funny - for all of 3 seconds - it gets old pretty fast hearing "Allow or Cancel" knowing that it's asking for you to "Continue or Cancel." I'm a nitpicker, sue me.
So, it comes down to the nuts and bolts:
Under Vista, if you haven't disabled UAC (the Devil's work, I tell you) or done some Registry or Group Policy edit (Security Policy, to be more precise) that allows your priviledges to automagically be escalated whenever necessary (the Devil's work with every other bad guy in history helping out on the task), then you can't install or place much of anything in the Program Files directory at all without some notification or request for permission and a total stopping of all user input systemwide on that machine until you click Continue or Cancel.
The upside to that process is that, as long as you're running the default options in Vista (UAC is on, Admin elevation is normal and will be prompted as necessary), nothing will have access to the Program Files directory or any other directory where such permissions are explicitly required.
As Martha Stewart is fond of saying: "It's a good thing..."
Now, some people will complain: "I've got this old stuff laying around, and since I'm not paying for new versions - hell, some of it ain't even available anymore - how is this going to affect my ability to use that software under this here newfangled Vista stuff?" Again, glad you asked.
Microsoft knew this would be a major MAJOR sticking point for a huge number of users who have legacy applications and simply won't move on without 'em. Personally, for that sort of stuff I say go get VirtualPC 2007 and run 'em all inside virtual machines with zero ill effects except for perhaps 3D capability if required. That gets rid of any possible compatibility issues, and adds yet another layer of protection for Vista itself because all those old apps would be running inside a virtual machine, cut off from Vista itself directly - a common practice nowadays called a 'sandbox'.
But, since not everyone wants to use a virtual machine application like VirtualPC or VMWare, Microsoft was forced to hit that drawing board once again and come up with a solution - and they did, and I find it a very elegant one to this problem.
Old software will still see Program Files, and the software can be installed there as noted above by clicking Continue on the UAC prompt that appears when the application installer tries to write to the Program Files directory. But after that, any subsequent write operations to that folder in Program Files will actually be redirected to a subdirectory inside the user's own user profile directory under the Users directory in the root of the system partition.
Vista creates junction points and symbolic links to the actual desinations now, aka shortcuts.
The legacy software "sees" the directory as in Program Files, but whenever data is sent there, it obviously redirects to the proper location which falls under the Users\AppData\Roaming subdirectory.
Pretty damned spiffy, I'd say. And in the process, while the application works normally, your basic underlying Vista installation is safe and sound and the security model is still 100% intact: no data is being sent directly to the Program Files directory - and if such a thing did happen to occur, the UAC popup would once again appear, stopping the user input in its tracks, and forcing the user to provide input while at the same time acting as a notification that "Hey man, something is going on, and you need to be aware of it, so here I am pointing it out to you."
Works for me, and I bet it works for most of you too.
In the long run all of this results in a vastly more solid operating system platform to work with. Vista keeps an eye on itself not only to stop the external attempts coming in from the Internet (and you are online, I hope, elsewise, how the hell did you access this webpage to begin with?) by all those wily little bastards with a lot of talent and not enough brains to use it for making money, but it also keeps you - the user - from screwing things up so bad the whole machine craps out and then you try to blame it on the OS. Sorry, I ain't believing it.
Most everything of any consequence is going to happen under the user's profile in Vista, so that itself keeps things nice and tidy. Errant applications, malware, spyware, viruses, trojans, worms, whatever... it all falls under that particular section of Vista and because of that, even if something does go wrong, the worst you'd have to do is some data recovery, some backup, then wipe out the profile(s) and create new ones. Vista itself will still be running strong since it's closed itself off from your lackluster attempts to rain on its parade, so to speak.
I hope this has helped in some way to explain how Vista's new security model is implemented, and maybe from extrapolation you can now understand why the UAC prompt appears and when it does, you'll also hopefully develop a bit of appreciation for how things work in Vista compared to older versions of Windows.
Yes, sometimes getting that UAC prompt so many times can get irritating - mainly when you're setting up a brand new machine with a fresh installation of the OS and your applications, but in the long run it's for the best. I'd rather have to click a button (which takes what, 1 second, less?) than spend hours doing a recovery operation to try and recover important data because of a mistake I made when I chose to run as a "proper" Admin or because I disabled UAC and right at the most inopportune moment something got in and trashed my system.
In the long run, it's your choice to do what you want with Vista. My suggestion: Leave it alone. It's not like any other OS ever made, and it can take care of itself, very well I might add.
Thanks for reading, and have fun, always...
---------------------------------------------------------------------------------
To put all this together, I've installed Vista more times than anyone should ever do in 20 lifetimes, I've read websites, read magazine articles, participated in forum postings (some still exist, some are dead threads, some turned into battlegrounds, some...well, bleh). I've condensed a lot of the info to what is posted above, and I might add more to this as time goes on, or if I made booboos and people spot them or care to correct me (I'll expect to verify it, obviously) so, comments are most welcome.
I won't say this is "sticky worthy" but, it sure wouldn't hurt to have a point of reference for the [H]ardForum at least in the Operating System subforum so that the constant Vista questions at least have someplace to be referred to. Do with it as you wish, I guess.
References of note:
"Finding the User Settings in Vista" by John Mueller, August 2006 (primary source of information about junction points and symbolic links)
User Account Control Overview by Microsoft on TechNet (basic overview material I condensed into simpler terms as well as providing a direct quote of several paragraphs as noted)
Understanding and Configuring User Account Control in Windows Vista by Microsoft on TechNet (provided a lot of information with respect to the elevation levels, account priviledge tokens, detailed explanations of the different between a user and Administrator account in Vista, as well as a wealth of other information also)
MaximumPC, June 2006 (had a nice article providing a lot of rather easy to understand explanations for how some aspects of Vista work in common everyday usage)
And of course, I have to toot my own horn here, and I should have mentioned this earlier in this posting but now that you've read all of it, reading this next posting I'm about to provide a link for should make installing and using applications under Vista that much easier for you:
The best Vista tip I can offer and one that is sorely needed
The hundreds if not thousands of forums postings I've read over the past year or so as I got "serious" about Vista as an operating system.
"For all those about to install... I salute you..."