Admin cant even admin my own computer!

On Sat, 07 Jul 2007 11:59:55 -0400, Jimmy Brush <jb@mvps.org> wrote:

Quote:

> cquirke said

Quote:

Quote:

>
>Hopefully MS listens to our feedback as MVP's and from techbeta to
>represent the consumer viewpoint ... well, I know they listen, but
>hopefully they take action based on this info (and I believe they do).

That's what I see as the best contribution I could make as an MVP, as
we are well positioned to act as "interpreters" for our clients and
the techs who deliver client-orientated (as opposed to
vendor-obligation) service.

It's great making 1000 posts a year for 3 years helping people clean
up Word macro viruses - but imagine if you could have been the missing
voice of sanity that might have meant no version of MS Office ever
automatically ran macros in "data" files?

Quote:

Quote:

Quote:

>AMEN!

A large organization uses its people the way a stand-alone consumer
uses their programs.

For example, a bank will have people who do telephones, others with
access to client records, and others who enter the vaults, etc. so any
one of these people can walk up to any PC, login as their known and
pigeon-holed identity, and be able to do (only) what they have to do.

A consumer on a single PC does the same as the bank; they may have a
spreadsheet open with client data in it, take a fax via some
bundleware, play a game while waiting on the phone, catch the latest
gossip and "dancing pigs" via email, etc.

Each of these programs has different things the user expects them to
(not) do, e.g. games have no business scratching in the data set,
screen savers whould not "call home", email "message text" should not
automate the PC etc. In the corporate world, 90% of these apps would
not be there, and the user would be limited to appropriate tasks, so
the problem is less acute than it is in our world.

Quote:

Quote:

Quote:

>This is a good analogy; I view UAC in the same sort of way. I certainly
>hope Microsoft is thinking this way too.

I hope so too, but who knows? MS is people, with different ideas as
well as "blind spots" common to many of these, and to some extent it
goes about which ideas prevail and get backed.

UAC itself will prolly pass on; it's a bridging stopgap "shim" between
XP's world of "programs rule, OK" to Vista's world where just because
the logged-in user is "admin" doesn't mean every bit of code that runs
gets full admin rights. There are (new) ways to write sware for Vista
that won't throw up UAC prompts, and when these are widespread, we
should see less "noise". A bit like Win32s in the 3.yuk era.

Quote:

Quote:

Quote:

>Agreed. I can't wait for the next generation data abstraction model,
>whatever it might be.

Oh, I can wait... it's like watching an un-coordinated 8-year-old
flailing around with a chainsaw (nervous laughter) :-)

Quote:

>I think in combination with a more fully fleshed out UAC, this could get
>very interesting (differentiating between files/data created by
>applications vs. created by the user [imagine full isolation of files
>and settings between applications, while still allowing the user to
>access the files and settings that they actually created themselves
>between apps], access controls on data per-app instead of just per-user,
>knowing which app created every file and registry setting, etc).

You're talking context propagation, as facilitated (or at least, made
tolerably efficient) by post-FATxx file systems. That's tough, and is
the main reason why I recommend new design approaches as opposed to
expecting these to have been done already.

The problem is, that the internal surfaces between contexts will be
massive in surface area, and (code being code) likely to be porous, so
you can expect "context drift" exploits. We already have this between
user account rights and security zones, as well as raw data-to-code
exploits through buffer flaws etc.

Designing and coding "the system" is only part of it - you have to
also keep it responsive, as yesterday's safe data type could be
today's exploit. The trick is to allow flexibility while preventing
this from being automated, as is the case with malware attacks on the
settings that control Safe Mode, firewall, zones, file associations,
etc. It's also hard to retro-fit a per-program context trail to an OS
that is built on OLE, and its extension to ActiveX.

Step zero is to go back to safety basics, and check every new feature
against these. I don't think the "Gates email" rethink on "security"
got this; the impression I get is that the message was applied mainly
at the trees-and-bark level of coding and sysadmin stuff, without
informing the top level of UI design etc.

Here's some conceptual arithmetic..
(Easy to use safely) - (Easy to use) = (Safety Gap)
1 / (Safety Gap) = (Trustwothiness of Computing)
....oversimplifying "Trusted Computing" to refer to only the middle and
lower levels of the "trust stack", as per...

http://cquirke.blogspot.com/2006/08/trust-stack.html

Quote:

>-------------------- ----- ---- --- -- - - - -

Trsut me, I won't make a mistake!

Quote:

>-------------------- ----- ---- --- -- - - - -

I can sympathise with you here, last update came just as I was switching
down as the local power company was switching off power for maintenance.
So halfway through “do not switch off Microsoft down loading� the power was
cut and in mid update to.
On login I was surprised to see a deactivated user account of mine in place
of what was before switch off an administrator user login.
Now on log in I found either can I create a new admin user as it states
there is already one, but I have lost not just connection logins but also the
files to connect them.
Admin is still well and health on the HD but I cannot get admin back into
login and this user deleted.
Frustrated, to dammed right I’m, like having the right key to your house but
you can not get in unless some one unless lets you in and you are not allowed
to touch or use anything!
Microsoft cocked it up with an unscheduled upgrade as I set them at 4 in the
morning and this was daytime.
So I understand this, mind strangely enough, updates after 6 or more months
of new Windows on market, cause crashes.
Only problem is I like others have been suffering this virus that gets into
the recovery system files, which have to be deleted?
Never been a conspiracy theorist but after having Windows since my first and
it was the first Windows to, the old 3.0, there has been 1 consistency in
Windows systems?
I wish you luck, me?? All I can see is expense of 200 or more DVD’s backing
up and then starting “ALL OVER AGAIN�, yeh I’m happy about that!