Tag Archives: Windows

Microsoft admits Vista UAC is designed to annoy users

Just as I suspected, a Microsoft executive admitted that Vista’s UAC (User Account Control) is designed to annoy users.

In a Thursday presentation at RSA 2008 in San Francisco, David Cross, a product unit manager at Microsoft who was part of the team that developed UAC, admitted that Microsoft’s strategy with UAC was to irritate users and ISVs in order to get them to change their behavior.

“The reason we put UAC into the platform was to annoy users. I’m serious,” said Cross.

Microsoft not only wanted to get users to stop running as administrators, which exacerbates the effects of attacks, but also wanted to convince ISVs to stop building applications that require administrative privileges to install and run, Cross explained.

“We needed to change the ecosystem, and we needed a heavy hammer to do it,” Cross said.

Most likely it actually makes the system less secure since most people I know turn off UAC. Anyone who doesn’t turn it off soon gets so used to clicking ‘yes’ that they don’t even bother to read the alert and just respond automatically, so when it’s caused by real malware they won’t realize the difference.

"Free Public WiFi"

Did you ever wonder what those “Free Public WiFi” adhoc networks you see almost every place people use laptops? David Pogue explains it. A stupid Windows bug that acts like a virus but it really isn’t a virus.

The original article goes into more detail:

If a laptop connects to an ad-hoc network it can later start
beaconing the ad-hoc network’s SSID as its own ad-hoc network without the
laptop owner’s knowledge. This can allow an attacker to attach to the laptop
as a prelude to further attack.

This is basically a configuration error that spreads virus-like from laptop to laptop. In field tests, numerous ad-hoc SSIDs such as “linksys”, “dlink”,
“tmobile”, “hpsetup”, and others have been documented.

In other words, if a Windows laptop connects to such a network, it will start advertising the same network name without the owner’s knowledge.