Ben Scott wrote: > The fact that UAC strips the admin privileges from processes by > default is immaterial; users still confirm the elevation, just like > they do for all the other "are you sure?" prompts. > > The concept is somewhat better done in Mac OS, where user logon > accounts have a password, and the privilege elevation prompt requires > users to enter that password, rather than just click > yet-another-OK-button. This is similar to the "sudo" concept from > *nix.
I'm sorry, but I don't think you've used Vista enough. If you set up separate admin and non-admin accounts - with passwords - the UAC prompts will *require* the user enter a password for the elevation to succeed. Based on my (admittedly faulty) recollection Windows 7 *requires* passwords on *all* accounts. > But I haven't seen any data that suggests a significant percentage of > lusers will actually be more careful just because they have to enter > password. It might be, but I've seen much stupider behavior. That just reinforces the comment I made last night about gullible people. Idiot end users will be idiot end users regardless of the OS. All security advances in Windows are worthless when you have idiots with administrative privileges on a machine who are able to do anything they want. Non-admin accounts on Windows, OS X, Linux, etc are just a minor speed bump. -- Phil Brutsche [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
