Vista's security: incompatible with humans

Send to a friend Print
Nathan Davis11 October 2006, 1:48 AM

The final version of Vista is soon to be upon us, however it is completely, utterly fundamentally flawed in the way it handles security. It involves zombies.


vista_human_incompatible_vitruvian.png

With Windows XP service pack 1 having now gone gold (thank you, I'll be here all week), Microsoft is ramping up focus on its new glass-flavoured-jellybean operating system.

There is a significant problem with Vista, however. More specifically, one of its features will spawn a whole new generation of what I call zombie clickers.

No, I'm not smoking anything.

When was the last time you fully read a dialogue box asking if you're sure you want to, say, delete a file? Or a license agreement when installing a new piece of software?

You don't. Hardly anyone does. You know what you're trying to do, so you automatically hit 'yes'. Your brain has programmed itself to do this, because you rarely, if ever, hit 'no'.

This is what I call the zombie click. This form of autopilot serves to rid you, the user, of the pestering dialogue box that is inhibiting you from achieving your goal.

Currently in Vista, when you proceed to run certain programs, and many at that, a dialogue box pops up asking if you want to run it. You know, the thing you just double-clicked on in order to run.

If you're not logged-on as an administrator, it will also ask for an administrator password. This is only going to encourage users to log in as such because you can't otherwise do much.

This irritant is called User Account Control (UAC) and is, according to Microsoft, a security feature. 'Tedious, green turd' is more appropriate.

When you double-click on a program, the last thing you want to do is actually run it, right? You were just playing games. Yes, that's it.

Sarcasm aside, I'm not talking a load of FUD here. UAC serves no purpose, whatsoever, other than to be annoying and delay the inevitable.

People will not read into why the dialogue box is there and will simply dismiss it. This is real and, as I mentioned, it happens today.

vista_human_incompatible_vitruvian2.png

It's a human condition. Our brains are easily desensitised to repeated information. When it does concern us, however, we are not likely to notice.

Thus, the entire concept of UAC is broken -- it won't stop anything. UAC only serves to wrongly piss off its human users and spawn more zombie clickers.

UAC can't hope to protect users from their own stupid mistakes. [Editor: It's like the 'user friendly' firewalls that pop up advising that 'sysupdate.exe wants to access 144.47.156.32 on port 45734, deny or allow?' Most users have no idea what it means, so they click allow, because they don't want to block something that might be important to their computer's functioning... and after some months of this, they are left with a 'swiss-cheese' firewall.]
When the situation arises and a virus is set loose into the great Vista wild, the users will be none the wiser and UAC will have helped no one. They will click on through, password or otherwise. That's why the antivirus, the software that identifies malicious software, is there.

Allow me to demonstrate UAC's severe inadequacy:

An email arrives from what appears to be an old friend.

"Hi buddy, it's been a while," it reads. "I thought you might find this attachment interesting! Regards, Mat."

Who's Mat? Maybe it's my old pal Matthew from high school. Or was that college?

Well, what's this he sent me... click

Vista presents a dialogue box:

Are you sure you want to-click

And another:

This program wants t-click

I rest my case.

Hey, Microsoft -- 1984 called. It wants its bureaucracy back.

vista_human_incompatible_vitruvian3.png


Post your comment



Comments

 RSS feed Email alert

Rob:

If you don't like it don't use it!

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Bruce:

Out of curiosity, do you have any other solutions which would better protect the end user, other than providing Live OneCare free? Even then, most viruses are designed to bypass the most popular anti-virus software.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Guy:

Nice one Nathan.

I do take issue with your argument however - if you're a newbie who's not that familiar with PCs or Vista for that matter and you blindly click on UAC dialogues to make them go away, then frankly you deserve to be struck down by any threats you unwittingly unleash on your PC.

If you're an administrator that doesn't teach his users to tread with caution when running Vista, ditto.

And if you're an experienced user that knows what he's doing, for crying out loud just turn off UAC. Easy. Yes, it might take more than 3 clicks to turn it off and not be entirely logical, but seriously, why all the fuss?

gL

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Tin:

Finally, an article that points out the stupidity of how some security issues are handled by MS.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Nathan Davis:

Bruce, why do you imply UAC is superior to antivirus software? The same virus writers will no doubt find a way to bipass UAC. Don't kid yourself here.

In answer to your question, education may be a better solution -- only run things from trusted sources, for starters. Personally, I have never used an antivirus package except for the yearly or so check to see if I've caught something. Not once have I been infected. It's neither magic nor geekery -- it's a simple matter of trust; trust that uneducated users are only to happy to throw around.

Guy, I see what you are saying, but I also see a gaping hole in your theory. You assume the user is aware that the program is dangerous. This is generally never the case.

One of the fundamental points I'm making here is that if a user tells the operating system to do something, they want it to do it. They don't want to be asked if they are sure -- they've already decided they want to run it. Whether it's a virus or something else has no bearing on this. The program must run. Period.

If it is a virus, the user still wants to run it, because it is something the user acquired through whatever means, whether it was downloaded, received via email, or copied from a friend. If the user didn't want to run it, this person wouldn't have acquired it in the first place.

UAC is flawed because of this. It merely acts as a gateway to the inevitable. This is why we use antivirus software.

In other words, if one tries to run a program and hits 'no', and nothing happens, this person will run it again and hit 'yes' -- and most likely continue doing so in future. I've worked around new users for long enough to understand this is how they think.

Sure, it's easy enough for those of us who know how to turn it off to do so, but considering the dialgoue box pops up at almost every corner you venture near in Vista, it grows pointless and is ignored.

There is only one area in which I envisage UAC being useful: catching self-initiating software that the user didn't request to run. Unfortunately, when that does happen, the user has been so desensitised to UAC, that its chances of being taken seriously are damn slim at best.

UAC doesn't keep anyone safe because what it's trying to do is impossible.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

brian:

So if your experienced you should just turn it off. And noobs ignore it.

Then it truly is useless.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Teaspoon:

Brian, "if your" should be "if you're", as it's short for "if you are". Congratulations on spelling "truly" correctly though. You'd be amazed how many people screw it up with an 'e' before the 'l'.



I really do agree with what you've said there. I'm experienced enough to not need virus scanners on PCs where I'm the only user, and I found myself looking for a way to turn the damn thing off about ten minutes into my Vista® Experience®. Most people I know would do the same. Even most noobs I know would want to turn it off if they knew it could be done, because most of the noobs I know have spent years ignoring my attempts at educating them and still have that horrible habit of automatic yes-clicking. After all, they can just get me to reinstall after they screw everything up.

The only people I can think of who this feature might help in any way are the first-time users who approach this new system with patience, awe and an incredible fear of breaking something. They'll read every message that pops up and wonder about it. Shit, they'll probably even ring me and ask if they don't know what something means.

They'll stay like that for about a week.

They've been using their shiny new computer for hotmail and news sites and nobody sinister has their address yet, so it's been nothing but rainbows and kittens all week and those silly warnings are obviously just much ado about nothing. This is when the overconfidence kicks in and they become yes-clickers or possibly bug me until I tell them how to turn the warnings off.

Give it another month after that and they've somehow got IE back as their default browser. It's probably managed to pick up a dozen of those awesome, handy toolbars, too!

I'll remove what I can and get them back on track with a healthy dose of Firefox, all the while delivering useful explanations of how they went wrong. I might even reformat. It doesn't matter. I'll be back in a few months to do it all again.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Andrew:

the unnecessary hand-holding dialogue boxes in windows are like a virus in themselves - they serve no purpose and slow down workflow. Mac OSx doesnt have so many and is easier to use.
Okay? Are you sure? are you really sure? are you really really sure? are you really really.....

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

trash@hurring.com:

I think it's pretty well established that users are not dogs; they can't be "trained" into being "careful" about using their computers, they will click anything and everything that pops up.

If you're defending Vista, do a little research... plenty of other systems have solved this problem a whole lot better than Vista. There's simply no excuse for Vista being so utterly braindead.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

GSquared:

UAC does actually have a valid use. Not when the user clicks a shortcut to an EXE file and expects it to launch, but when the user plugs in a CD from Sony Co that is just supposed to play music, and Vista asks "Are you sure you want to install this spyware/rootkit?"

Or when a user opens a web page and Vista says, "This page is trying to install software on your computer. You must provide an administrator password to do so." The user asks the IT dept for a password, and they slap the user silly for trying to install the trojan that page has built in.

UAC does these things.

Will it prevent home users from using Admin accounts to install every piece of malware they can find? Of course not. Nothing will. If you log in correctly (incorrectly?) and tell it to, you can install trojans and such in any OS. Any.

Will it help prevent errors of the sort I outlined above? Quite probably.

There is no such thing as perfect security. Just ask the NSA. There is, on the other hand, better security than current versions of Windows have.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Guy:

"...plenty of other systems have solved this problem a whole lot better than Vista."

Please can someone clearly explain how Mac OSX or Linux prevent similar threats from executing on their systems. I admit I have no experience with either, so would like someone to simply explain it to me. I know security is much bigger than UAC alone - but then Vista has dozens of security features besides UAC (like PatchGuard, sorry Symantec). I want to know how Mac etc. does UAC-type protection differently.

gL

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Yaa101:

You are right, though nothing wrong with a box that asks you a password for entering the root (admin) account or starting a program that that needs to run root privileged. In all other circumstances the OS needs to be out of your way and deals with this stuff itself...

To all apologists out there I say, don't we leave things to computers that we ain't bother to do ourself? (apart from needing a computer to calculate fast). So in that perspective Vista is the stupidest kid on the block and treat it's users as morons.

That is the main reason I started using Linux many years ago, not for the free ride but due to the fact that the freaking thing stays out of your way until you need it, with Windows, any version it's the other way around. Also one never uses a swiss knife to cut a tree but a chainsaw or axe, swiss knives are mainly to show off, just like Windows. I still run versions of windows in virtual machines so I know exactly how bad this OS is.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

George:

Great article and one of the few that really points out that Microsoft and Security are really an oxymoron.
How much better would this have been if this only asked for permission the first time an application was run and if the answer then was yes, it made a note of the checksum and assumed yes for every other time it was run. That would eliminate over 99% of the annoying clicks and hence a user would have a much better chance of actually thinking about it every time this dialogue popped up.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Anthonix:

I will find it useful only because I use my machine as a limited user and am looking for a way too make it easier to run some programs or control panel items with admin rights when necessary. However, I know what I run, and why it should have admin rights if I'm giving it them. I will also do my research on any programs requesting admin rights if they pop up themself.

I use Sunbelt Kerio Personal Firewall to control apps launching other apps. I also use MakeMeAdmin utility to aid runing programs with admin rights, but it is awkward sometimes.

I do agree with the comments here that most users will just click them away and not read them or pay any attention to them, making this part of UAC fairly pointless. I think it would take education and a willingless to learn proper security practises before this type of technology will be useful to most users.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Tim Polmear:

It's gotta be trouble. Look what happened when UAC went to Mars :)

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Frank Bough:

So when you have just clicked on something to run it, and another dialogue box pops up to check you really want to run it, you simply click 'yes' again -- big deal. What an irritant! I dont know how you get through your day if you find that irritating.

So how about when a dialogue box pops up when you HAVEN'T just tried to execute a program? And it is asking, 'would you like to run the program nnmm877d.exe'?

Would you like ot run it? Or would you STILL simply do a 'zombie click'?

If so, its probably the user whos lacking in functionality, rather than the software...

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Raindog:

"its probably the user whos lacking in functionality, rather than the software…"

If this user has paid over the odds for an operating system that requires more keystrokes to complete a task than its predcessor, then yes it may well be the user who is flawed.

When you have to spend 8 hours per day plus in front of the rotten things, you do not need anything that distracts from the tasks at hand or that increases the effort required to complete that task.

If Microsoft built cars, on each gear change a message would pop up saying "You have depressed the clutch - be aware that selecting the incorrect gear may damage your engine or transmission. Do you wish Microsoft Road Assist to help your select the corect road gear?". Would this be an improvement over manufacturers offering a choice of manual or automatics, that simply got the job done without intrusion?

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Paul G:

I think those who see MS's approach to security as not their problem are missing the point.
Bad security is an interplay between technology and behaviour and design must focus on the realities of both. I for one don't like the idea of vulnerable systems out there being used as sites for denial of service attacks.
I may be protected (whether its because of firewalls or because I choose a safer OS), but I am reliant on the rest of the world.
No computer is an island these days and what diminishes one CPU diminishes us all - or at least they could nobble bits of the internet I like.
MS was warned over and over about the zombie issue (there are journal papers going back to before XP) but has gone that way anyway.
While ever MS has such a large %age of the desktop market we are all vulnerable to their policies. Just thank goodness they don't have a monopoly on servers.

29 February 2008, 8:29 PM (2 years ago)report abuse Send to a friend reply

Not signed in
anonymous user Anonymous user


Tags