Skip to main content

Windows 7 UAC articles

This is really upsetting me. I keep seeing this as I read my news tonight:

http://www.betanews.com/article/Sophos-study-suggests-Windows-7-UACs-default-setting-is-selfdefeating/1257455306

I was one of the only ones who seemed to think Vista was a good user interface and OS upgrade from XP, of course it could have been more optimized and even better, which is what windows 7 is. I also found the UAC feature in Vista to be very good, and similar to those of us who use unix are used to working. You su to root when you need to do something elevated, otherwise you operate at user level. The typical end user complained "it keeps asking me to elevate so often, I don't understand what this means". On windows 7, Microsoft decided to elevate only under certain cases (by default), and of course the inconvenience of the extra click, otherwise known as security, was removed essentially. This makes Windows 7 in its default setting much less secure than vista.

Being a systems and infrastructure guy, we get the same Vista feature in Windows Server 2008 (based on Vista), and R2 (based on 7). They kept the same escalation we had in Vista enabled out of the box on both platforms. This is especially good for a server OS. I have been seeing some of the admins (not in my group, but DBAs) disable this feature, and I always implore them to turn it back on. I explain the reason it's there, and it will save them, either from doing something by accident, or by something running in their session they aren't aware of.

Then you get other poorly designed software such as HP's Quicktest Professional which still cannot run with any level of UAC enabled. It takes 4 years to make your application work with UAC? Really?

So basically, user feedback promoted Microsoft to reduce the nags (otherwise known as security), and then the press and AV vendors are touting Windows is less secure? Seems like a catch 22 for Microsoft, they want to sell operating systems, but they also need to placate people like me who would like a secure OS. I understand they are shipping the servers hardened, and the clients less so, but is that a good idea? I think my mom will thank them J

Comments

Popular posts from this blog

Misunderstanding "Open Tracing" for the Enterprise

When first hearing of the OpenTracing project in 2016 there was excitement, finally an open standard for tracing. First, what is a trace? A trace is following a transaction from different services to build an end to end picture. The latency of each transaction segment is captured to determine which is slow, or causing performance issues. The trace may also include metadata such as metrics and logs, more on that later.
Great, so if this is open this will solve all interoperability issues we have, and allow me to use multiple APM and tracing tools at once? It will help avoid vendor or project lock-in, unlock cloud services which are opaque or invisible? Nope! Why not?
Today there are so many different implementations of tracing providing end to end transaction monitoring, and the reason why is that each project or vendor has different capabilities and use cases for the traces. Most tool users don't need to know the implementation details, but when manually instrumenting with an API, t…

F5 Persistence and my 6 week battle with support

We've been having issues with persistence on our F5's since we launched our new product. We have tried many different ways of trying to get our clients to stick on a server. Of course the first step was using a standard cookie persistence which the F5 was injecting. All of our products which use SSL is being terminated on the F5, which makes cookie work fine even for SSL traffic. After we started seeing clients going to many servers, we figured it would be safe to use a JSESSIONID cookie which is a standard Java application server cookie that is always unique per session. We implemented the following Irule (slightly modified in order to get more logging):
http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=1171255 (registration is free)
when HTTP_REQUEST {
# Check if there is a JSESSIONID cookie
if {[HTTP::cookie "JSESSIONID"] ne ""}{
# Persist off of the cookie value with a timeout of 2 hours (7200 seconds)
persist…

NPM is Broken

As someone who bought and implemented NPM solutions, covered them as an analyst, and now watches the industry, one cannot help but notice that NPM(D) is broken. According to Gartner themselves, the data center is rapidly changing, the data center is going away, maybe not as quickly as Capp states, but it’s happening. This is apparent by the massive public cloud growth posted by Amazon, Microsoft, and Google in their infrastructure businesses. This means that traditional appliance-based NPMD offerings will not work, nor will traditional ways of collecting packet data. Many of the flow offerings do not handle the new types of flows which these services generate, but most importantly they do not understand the internet, which is the most important part of assuring services in cloud hosted environments.
The network itself is not just moving to overlay a-la NSX and ACI, it's moving inside of orchestrated containers, and new proxy/load balancing systems typically built off components or …