Security Frustrations - Bundle of Questions (Defender, UAC)

William Beard wrote:

> Wow, Julian. You got my attention. But, since I'm the only user on my
> computer, I was automatically setup as Administrator (I think. Well it
> says Administrator on the User Accounts window.). Remember how in XP
> the Windows Defender was in installation. Well, they took care of
> that. It's not on the "Program and Features" unless they have hidden it
> somehow. It is listed under Program Files on the C: drive. One of the
> folders I can look into. You might checkout "Control Panel...System and
> Maintenance...Performance Information and Tools...Manage startup programs.
>
> If you really want to blow a fuse...take a look at the Event Viewer.
> Children, don't try this at home. One of the easier fixes was that the
> Viewer showed me a file that was missing. Yeh. A search confirmed that
> the file was not on my C: drive (File: I8042prt.sys). Oh, I cleared the
> log and rebooted to make sure it wasn't a false reading. But, sure
> enough, the error reappeared. It cost me twenty bucks to get a copy of
> the file (you don't think Microsoft would make a copy available. The
> Event Viewer says it's missing (not is so many words), but does the
> Microsoft Update download me a copy? Hahaha. I put it into the
> System32 Folder and guess what. No more missing I8042prt file errors.
>
> I even brought my computer tech in on one error involving the BIOS.
> "IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7,
> function 0. Please contact your system vendor for technical assistance."
> The last I heard he was calling Microsoft for advise on how to resolve
> the error. I don't plan on seeing him again for a while.

You've told your BIOS (or somebody or something has) that your machine
is not running a plug-and-play OS.
You need to change that setting, so that the OS can assign IRQs.

Alun Harford

Alun, how do I do that? I figured out how to get into the BIOS, but I
resist the urge to mess with it.
If you can tell me step by step where to go, what to look for, and what it
should say, then I'm willing to give it a try.

William Beard

"Alun Harford" <devnull@alunharford.co.uk> wrote in message
news:ugCXTBWdHHA.4172@TK2MSFTNGP05.phx.gbl...

>
> You've told your BIOS (or somebody or something has) that your machine is
> not running a plug-and-play OS.
> You need to change that setting, so that the OS can assign IRQs.
>
> Alun Harford

> Frustrated Vista Home Premium user, very IT literate whose stupidity you may

> nonetheless take for granted; your patience is appreciated (but if you can
> live with UAC/Defender you already have more patience than I do)

I've lived with it for over a year, and I'm not particularly patient.

> I don't see the "Alert dialog with Action Menu", just the Defender balloon
> from the systray at startup, so I never see any option to add a program to
> the Allowed Items list. How do I allow programs of my choice? When should the
> dialog appear?

Click the balloon. If you miss the balloon:
1. Select "Windows Defender" from the Start Menu:All Programs.
2. Click Tools
3. Click Software Explorer
4. Select the program you want to run and click the "Enable" button.

> I have turned off "Auto Start" Real-Time protection, and that didn't seem to
> make any difference either, despite what it says in Help. Any ideas why?

That has nothing to do with start up programs. That just governs whether you
want Defender to protect you from spyware when you read e-mail and surf the
web.

> I also understand that the heuristics used to detect "harmful or unwanted"
> programs include looking for the string "updater" in the file name...

No, not at all. Defender uses a blacklist to block software that is
considered spyware, and a heuristic detection to block certain actions
without approval. Those actions include many of the most common actions that
spyware take, such as adding themselves to your startup programs, setting up
proxies in your web browser, or hijacking your name resolution services. All
of those are used by criminals to hijack your computer, which is why Defender
blocks them until you approve them.

It is not Defender but UAC that detects installers in several ways,
including by file name. That is done so that installers are elevated to run
as a full admin (with approval) to ensure they always work properly. It has
nothing to do with Defender and if you disable UAC that detection is turned
off, and not needed any more.

> I have
> updaters I trust which are also blocked, is there any way to disable just
> this aspect of the heuristics? Or any other way to get them to run silently?

Yes, you can disable the installer detection in UAC but it is a registry
hack. If you do you must manually elevate installers. It won't automatically
prompt you any more. To disable installer detection run this command from an
elevated command prompt (one running as an administrator)
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System /v
EnableInstallerDetection /t REG_DWORD /d 0 /f

> Misc gripes: program classification: as a startup item Microsoft Windows
> Explorer is classiffied as Permitted, but as a Running Program (with suffix
> :3088, ?PID?) it is marked Not Yet Classified - what's going on here? Why on
> earth does the Defender's History claim a program name is "Unknown", when the
> app path is in the bottom pane? (but you can only see it if the window is big
> enough). How does a program get its classification?

A program gets its classification through spynet:
http://www.microsoft.com/athome/secu...acypolicy.mspx

> And I wish Defender would explain which specific settings catch particular
> programs! Any way to tell?

No but you can turn off the ones that offend you by going to Tools: Options
and selecting the things you want under "Use real-time protection
(recommended)." For instance, if you like your spyware to run when you log on
to your computer then uncheck the "Auto Start" box.

> Oh, and I know that UAC is supposed to catch programs that require Admin
> privileges, but is there any way on this great green earth to tell it "Yes, I
> know! I have approved this program with Admin password, don't ask me again
> *unless the app changes*!"?

No. An application can perform a lot of tasks, and can be driven to do so
automatically by other applications. To use an "always permit" option would
be most unwise; on par with how other vendors do it in their software.

> [Surely MS could check for program alteration,
> other security apps can!]

Sure, but how do you know that the task you are taking now is non-malicious,
but the one an application is automating ten minutes from now is not?

> And why doesn't it say WHAT, requiring admin
> privilege,

How would you do that? Windows is not detecting that the program is trying
to perform an administrative task. Windows is simply responding to what the
program is telling Windows to do. The program tells Windows that "hey, I
would like to be an admin now, can you ask the user if that's OK?" Windows
has no a-priori knowledge of what exact task you are about to take with the
program. Sure, every such task could be automated. To see how that would work
I just trapped some output from a program that may be taking administrative
tasks. In three and a half second the program took 40,728 actions, many of
which are administrative. Windows could certainly prompt you for each, but
frankly, that would be silly. Furthermore, there is no way of knowing which
actions the program is going to take a priori, hence the lack of a "sure,
always allow this program for me" option. When writing my latest book I spent
some time with Symantec's firewall product. It detected a piece of possible
malware that I executed and asked if I wanted to permit it to access the
Internet or not. The action it detected was just a lookup of a name. That was
not particularly sensitive, so most users would hit "Enter" and pick the
default option, which was "Always allow connections for this program." Only
if you went through 8 steps to create a custom rule did you get prompted when
the program tried to upload all your checking account information to a server
in Russia. The "always allow this program" is a horrible option since the
software asking you to decide has no idea what future actions this program
may take.

> I kept my XP machines free of problems for >2 years with a combination of
> RegRun (which has an excellent application database behind it), Norton
> Antivirus and Steganos Antispyware; I can't believe how after so much effort
> by MS, Vista security could have been made so unfriendly, intrusive and
> obscure.

What exactly are you doing to make it so "unfriendly, intrusive, and
obscure?" I'm seriously interested in that. I don't get of these messages or
blocks on most days and I have run Vista daily since the day it shipped (and
before). The only time I get one of these messages is on the rare occasion
when I install something.

> Given that not all apps have been adapted to the preferred MS model yet, can
> you tell me how to set Vista/Defender up for peaceful AND secure running?

No. There are three options: secure, usable, and cheap. You get to pick any
two. Your choice. That's a fundamental law of computing. You are responsible
for your own security. You can try to abdicate that responsibility to others,
but, as in the case with my experiment with Symantec's firewall above, it
usually does not work. Technology cannot solve these problems. Security
should not be the major part of what you do with your computer, or even 10%
of it, but in the world we live in today you definitely need to adjust your
expectations a little if you wish to keep your private information private
and your money in your checking account instead of the bad guys'.

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20

Thanks Jesper...

Noted info on auto-start, heuristics (Defender vs UAC) and the reg hack
(filed for reference - much appreciated).

I also appreciate the points re not having "always permit", especially that
apps can be drive from other apps... but if the system doesn't give me the
equivalent of a stack trace, how can I tell whether a request for privilege
arises from my direct action (which I should permit) or from some malware
invocation (which I should not permit)? But having thought about this a lot
and I can see how difficult/nasty it could be either from UI AND
implementation perspectives.

I liked your example, but how would Vista security have prevented the upload
of sensitive data? Each time a dialog popped up you would have said "OK,
just this once" and not seeing any difference in the circumstances (because
Vista doesn't tell you) you wouldn't you also have said "OK, just this once"
on the fatal 8th time? (nice "social engineering"!)

An example of my issue is this: Steganos' "updatesafeagent"runs when I start
Safe, when I open a safe and when I close it. It is only legitimately called
called by "Steganos Safe" (though I think 3 calls is excessive!). It probably
doesn't need admin privileges unless it finds an update (which it hasn't
yet), so that may be Steganos' fault, but I do still trust it.

Re Defender... Oh, I did indeed feel very stupid (at first, BUT... see
below) when you said:

> Click the balloon. If you miss the balloon:
> 1. Select "Windows Defender" from the Start Menu:All Programs.
> 2. Click Tools
> 3. Click Software Explorer
> 4. Select the program you want to run and click the "Enable" button.

I immediately went to Defender to look for Enable and suddenly realised my
problem: my screen is quite large and hi res and I have the window
maximised... being focussed on the app list and info pane, having tried
right-clicking for a context menu (a logical choice it seemed) I completely
missed the greyed out buttons in the bottom right corner. Doh! [FWIW I
rechecked the direct help link "Using Software Explorer in Windows Defender -
it doesn't mention Remove/Enable/Disable as far as I can see... ]

So I selected an app, and guess what? The buttons were still greyed out.

I worked through every app in the list and sometimes buttons were available,
but most of the time none were; I can't see the pattern.

I think the UI design is weak here: right-click/radio buttons would have
been better: keep action options close to their targets; buttons so far away
that are nearly always greyed out are not prominent enough.

Examples: two programs blocked at startup from Reg Local Machine
"Macrovision Update Service" and its scheduler are classified as "Not Yet
Classified", and when selected no buttons are available - they cannot be
enabled (or disabled, or removed)

LxrAutorun (Reg Current User) which handles my encrypted USB stick is also
NYC, but has Remove and Disable buttons available. (As I said, I run as admin
now to avoid retyping my long and secure password each time.)

Adobe Acrobat (All Users Startup) has no buttons enabled? Can't I remove it
from startup from here? (Am I expected instead to delete it from the Startup
folder? That's an inconsistent approach)

Now, if an app is allowed to run even if NYC (which would account for
LxrAuto run actually running, which it does) this would not account for
Macrovision not running. What criteria determine whether an app actually
runs?

And how does "Allow" differ from Enable? I still have an empty Allowed list
and no idea how I might add an item to it.

I don't get it at all.

> What exactly are you doing to make it so "unfriendly, intrusive, and
> obscure?" I'm seriously interested in that. I don't get of these messages or
> blocks on most days and I have run Vista daily since the day it shipped (and
> before). The only time I get one of these messages is on the rare occasion
> when I install something.

LOL! If only I knew! Most points above:I have startup items I still cannot
make run at startup without intervention, despite your help, I have apps I
trust that I always want to run, and run without prompts because they are
used so often - if my trust is misplaced then that should be my problem -
play wailing sirens and fly the Jolly Roger on the screen if you want to put
people off making such choices carelessly, but at least provide the choice.

I do not want to disable UAC or turn off Defender because I appreciate what
they are trying to do for me, but... [da capo]

And this is Home Premium, so I don't have as many security choices as
Ultimate users have - unfortunately... I think many of the Home omissions are
strange/annoying/clever marketing... but that's another topic.

Jesper, you put a lot of effort into your reply, I really appreciate it.

Julian

> but if the system doesn't give me the

> equivalent of a stack trace, how can I tell whether a request for privilege
> arises from my direct action (which I should permit) or from some malware
> invocation (which I should not permit)?

That is the key problem. There is no infrastructure in the OS to percolate
that to where the access check happens. Theoretically, one could be built,
but it would require some low level instrumentation and modification to
hundreds, maybe thousands, of APIs. That's not a change to be taken lightly,
especially not since you can't just go modify those APIs. There has to be a
path for supporting uses that do not understand the new APIs unless you
intend to break all existing software.

> I liked your example, but how would Vista security have prevented the upload
> of sensitive data? Each time a dialog popped up you would have said "OK,
> just this once" and not seeing any difference in the circumstances (because
> Vista doesn't tell you) you wouldn't you also have said "OK, just this once"
> on the fatal 8th time? (nice "social engineering"!)

Yep, that's the problem. One of the gripes I have with UAC still is that it
does not give people enough information to make decision yet. That's a
problem that will take a very long time to solve though. I don't know how to
really do that. The problem, as you say, is that people become accustomed to
the dialogs and stop paying attention to them. They become a fast-clicking
exercise.

> I immediately went to Defender to look for Enable and suddenly realised my
> problem: my screen is quite large and hi res and I have the window
> maximised

We can probably find a good home for that screen if you find it cumbersome!
:-)

> I worked through every app in the list and sometimes buttons were available,
> but most of the time none were; I can't see the pattern.

Don't know what that means but I think certain OS components are
automatically permitted and can't be changed. For instance, on the system I
am looking at right now I see userinit and Explorer with all greyed out
buttons. Strictly speaking you can run without Explorer (although it won't be
pretty) but userinit is required. Everything else I can disable.

> I think the UI design is weak here: right-click/radio buttons would have
> been better: keep action options close to their targets; buttons so far away
> that are nearly always greyed out are not prominent enough.

Yes, I definitely find the UI design somewhat obtuse.

> Examples: two programs blocked at startup from Reg Local Machine
> "Macrovision Update Service" and its scheduler are classified as "Not Yet
> Classified", and when selected no buttons are available - they cannot be
> enabled (or disabled, or removed)

Did you click the "Show for all users" button? I think that allows you to
modify things that are running for all users. If you do that you elevate the
app and then you should be able to modify those components. If you don't
click that button you can only modify your own components.

> Now, if an app is allowed to run even if NYC (which would account for
> LxrAuto run actually running, which it does) this would not account for
> Macrovision not running. What criteria determine whether an app actually
> runs?

Sorry, I don't understand your question. If an app is in one of the startup
items and it is configured as enabled in Defender it will run.

> And how does "Allow" differ from Enable? I still have an empty Allowed list
> and no idea how I might add an item to it.

You can allow an app to run, but disable it temporarily. Think of it as a
testing feature "I want to run my system with this component disabled, but I
don't want to block it permanently."

> LOL! If only I knew! Most points above:I have startup items I still cannot
> make run at startup without intervention, despite your help, I have apps I
> trust that I always want to run, and run without prompts because they are
> used so often - if my trust is misplaced then that should be my problem -
> play wailing sirens and fly the Jolly Roger on the screen if you want to put
> people off making such choices carelessly, but at least provide the choice.

I think that's the issue really. I don't generally run a lot of third-party
utilities and so on. Those are the ones that are more likely to generate the
popups because the small devs are the ones that have not figured out that
Windows 95 is no longer the standard toward which to write software. I
dislike having all these third-party apps that I can't update, so I will live
without Jolly Roger.

> And this is Home Premium, so I don't have as many security choices as
> Ultimate users have - unfortunately... I think many of the Home omissions are
> strange/annoying/clever marketing... but that's another topic.

Absolutely. It is about "SKU Differentiation" which, frankly, I don't get.
It's making life a lot more difficult for those of us trying to help people.

> Jesper, you put a lot of effort into your reply, I really appreciate it.

No worries. I like UAC (and Defender - mostly) and I really hope it succeeds
in what it is intending. It worries me greatly that people are denigrating it
because it fails on things that it was never designed to do in the first
place. Just this past week InfoWorld, one of the most respected magazines in
the industry, carried a dreadful piece on their front cover that basically
echoed all the poorly substantiated opinions from various "luminaries" who
haven't bothered understanding how UAC, or Vista in general, actually works.
They had everything from UACs failure to properly establish a security
boundary (it was not designed to do that) to the firewall outbound filters
being off by default (they are on by default) in the article. It's really
very unfortunate that even a reputable magazine like InfoWorld can't be
bothered to see the bigger picture and make their reporters actually check
their facts.

I'm working on an article for TechNet Magazine on UAC. I will definitely
cover the failure of the popular press to understand the technology and its
willingness to jump on every claim from Microsoft's competitors in there, and
how that is harming the ultimate objective of helping computer users protect
themselves.

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20

> We can probably find a good home for that screen if you find it cumbersome!

> :-)

Big for a laptop Sorry, not detachable

> Did you click the "Show for all users" button? I think that allows you to
> modify things that are running for all users. If you do that you elevate the
> app and then you should be able to modify those components. If you don't
> click that button you can only modify your own components.

Can't see that Show For All should be relevant; if they are running for me,
then I want to modify how they run for me, I don't care about anybody else.
Why should I have to, how could I know I should do all that, he asked
rhetorically

> Sorry, I don't understand your question. If an app is in one of the startup
> items and it is configured as enabled in Defender it will run.

I am reasonably sure I have NYC apps that run at startup; Macrovision is
also NYC, it doesn't run. What determines what runs at startup- couldn't be
classification alone if I am (reasonably) correct. What enables apps, on
what basis?

> > And this is Home Premium, so I don't have as many security choices as
> > Ultimate users have - unfortunately... I think many of the Home omissions are
> > strange/annoying/clever marketing... but that's another topic.

>
> Absolutely. It is about "SKU Differentiation" which, frankly, I don't get.
> It's making life a lot more difficult for those of us trying to help people.

And creating the need for some of that help in the first place. Nuff said.

> No worries. I like UAC (and Defender - mostly) and I really hope it succeeds
> in what it is intending. It worries me greatly that people are denigrating it
> because it fails on things that it was never designed to do in the first
> place. Just this past week InfoWorld, one of the most respected magazines in
> the industry, carried a dreadful piece on their front cover that basically
> echoed all the poorly substantiated opinions from various "luminaries" who
> haven't bothered understanding how UAC, or Vista in general, actually works.

If Defender and UAC work to spec - and I assume they do - I agree the
denigration is misdirected: it should be directed at MS communication. When
announced or demoed or whatever, MS should have been very clear about their
scope etc. and then checked the reporting immediately afterwards. If it
didn't demonstrate correct understanding immediate re-explanation should have
been required.

MS must be responsible for ensuring that it is being understood - no one
else can be. I do think MS at the very least found it convenient to have the
improved security of Vista attract so much attention up front - but now it is
reaping the whirlwind. That's what you get for too much huff and puff.

> I'm working on an article for TechNet Magazine on UAC. I will definitely
> cover the failure of the popular press to understand the technology

Hmmm... are you going to say it's perfectly clear or....?

If someone doesn't understand something (general relativity or Vista
security) you can say they are unqualified, stupid, or lazy (or some
combination, which might be true but whether it is helpful to say so is
another matter) - or you can accept that it wasn't explained well enough.

(Unless of course it's quantum mechanics, in which case the famous dictum is
"Anyone who says they understand quantum mechanics clearly doesn't." - which
probably only makes sense if you understand quantum mechanics <g>)

When everyone scores below par in an exam, the examiner would rightly look
to the teacher for having failed in the primary objective - communicating
understanding effectively.

You are fortunate if you can do without some of these 3rd party apps, my
business and interests require many niche applications - I don't think I
should be penalised for not being Joe PC User.

UAC & Defender - I appreciate the ambitions for them; I don't think the
overall execution can be called satisfactory.

Thanks again,

Julian

I'm having similar problems, so just to recap. Is there a way to allow an
application with unidentified publisher? I'm using the latest beta of winrar
and everytime i open a archive, it asks me to allow winrar.exe, also in every
start up i have ASUS motherboard software that asks me three times to allow
it to run (3 different .exes, of which defender blocks one).

Running as an administrator with UAC and all start up apps are enabled in
defender, although they are not yet classified.

Luckily i boot my computer only once a week, but it's still a bit annoying.

So is there a way to always allow these aps when i run them (group/security
policy or registry)?

> Can't see that Show For All should be relevant; if they are running for me,

> then I want to modify how they run for me, I don't care about anybody else.
> Why should I have to, how could I know I should do all that, he asked
> rhetorically

So, here is the rhetorical answer:

There are programs that autostart for a single user (for instance, those in
HKCU\Software\Windows\CurrentVersion\Run and in
%userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup)
and then there are those that autostart for all users (such as those in
HKLM\Software\Windows\CurrentVersion\Run and in
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup). You can
freely modify your own startup programs but on a multi-user system modifying
startup programs for other users is an action only administrators should be
able to take. Windows Vista, by definition, is a multi-user system even if
for a particular installation there is only one human being actually using
it. The Show All... button elevates your process so that you can modify
startup programs for all users. In a corporate setting, for instance, I, as
the network security administrator, have a set of things I want everyone to
run, and I do not want users to be able to modify those. By making those
users non-admins I can enforce that because they cannot elevate and
circumvent network security policy. Since the OS is inherently multi-user
(there are three users on every system by default - the Administrator, the
Guest, and the one you created at install - although only one is enabled) all
functionality is designed around the premise that the OS supports multiple
users and that therefore one user must be prevented from making unauthorized
changes to the environment of others.

Does that explain why the Show All... button is relevant?

> I am reasonably sure I have NYC apps that run at startup; Macrovision is
> also NYC, it doesn't run. What determines what runs at startup- couldn't be
> classification alone if I am (reasonably) correct. What enables apps, on
> what basis?

I don't know what NYC means here (keep thinking New York City, but that's
probably not it). Anyway, what determines running at startup: the fact that
the program is listed/located/linked from one of the locations listed above,
along with a few other extraneous places. It has nothing whatsoever to do
with classification. A program that is listed/located/linked from one the
auto-start locations is automatically classified as an auto-start or startup
program.

> And creating the need for some of that help in the first place. Nuff said.

Exactically.

> If Defender and UAC work to spec - and I assume they do - I agree the
> denigration is misdirected: it should be directed at MS communication. When
> announced or demoed or whatever, MS should have been very clear about their
> scope etc. and then checked the reporting immediately afterwards. If it
> didn't demonstrate correct understanding immediate re-explanation should have
> been required.

Yes. Interestingly enough, the product group, and a few other MS
representatives, such as Mark Russinovich and Steve Riley, have been very
clear about what UAC does and what it does not. The sales force, which
presents the face of Microsoft to the vast majority of customers, have on
occasion imbued UAC with qualities it does not possess. This is really
unfortunate because it means that the popular press has always been able to
find someone with a Microsoft badge that can validate anything they want
validated, however poorly founded the opinion is. The press, of course, still
believes that denigrating Microsoft is the best way to sell advertising, and
are as lazy as anyone else and therefore not particularly interested in
ensuring that their facts are accurate - as the InfoWorld article last week
showed. Microsoft has not been able to exercise sufficient control over them
to help matters much. Rather, the press has relied on sources like Symantec,
who of course have a vested interest in Microsoft being seen as a bumbling
bunch of morons when it comes to security and feels really threatened by the
prospect that Microsoft might actually succeed in anything security-related.
It is kind of like Car and Driver magazine relying on General Motors for the
"facts" and test drive experiences about Toyota's new vehicles. You can
imagine yourself how accurate those "facts" become.

> > I'm working on an article for TechNet Magazine on UAC. I will definitely
> > cover the failure of the popular press to understand the technology

>
> Hmmm... are you going to say it's perfectly clear or....?

No, I wouldn't say that. :-) I'm trying really hard to state objective fact
though.

> If someone doesn't understand something (general relativity or Vista
> security) you can say they are unqualified, stupid, or lazy (or some
> combination, which might be true but whether it is helpful to say so is
> another matter) - or you can accept that it wasn't explained well enough.

True, but I have found that the facts about UAC are actually there if (a)
you go looking for them, and (b) you understand enough about the OS and
programming to digest them. That's the key problem: you really need to
understand a fair bit about how the OS works to understand how UAC works. In
the article, as well as in the Vista Security Book, I think I spent most of
my time on "translation"; translating the technical details on UAC into terms
that non-developers actually understand, while at the same time explaining
why it is the way it is. That is the part I have not yet seen from Microsoft.

> (Unless of course it's quantum mechanics, in which case the famous dictum is
> "Anyone who says they understand quantum mechanics clearly doesn't." - which
> probably only makes sense if you understand quantum mechanics <g>)

Funny! I just delivered a presentation where I drew parallels between
information security and quantum physics. Maybe I should write an article on
that too?

> You are fortunate if you can do without some of these 3rd party apps, my
> business and interests require many niche applications - I don't think I
> should be penalised for not being Joe PC User.

You are like a lot of people. It is difficult. To a large extent the whole
point of Windows is that it has such a vast majority of applications written
for it. If it weren't for that, the Mac OS is in some ways a much more
elegant (if far less secure) platform.

> UAC & Defender - I appreciate the ambitions for them; I don't think the
> overall execution can be called satisfactory.

The Microsoft product groups read these newsgroups. If there is constructive
criticism, by all means, put it out here. Many (most) of the people that
respond to questions here are MVPs (http://mvp.support.microsoft.com) who
have traditionally been very good at ensuring the feedback from the
newsgroups makes it back to the product groups. Even some of the non-MVPs,
like myself, have ways to get feedback to MS that they will listen to.

Windows Defender is a version 2/3 product, so it should be a little more
polished, but UAC is truly a v1 product. It definitely has some growing up to
do and some features to come in future versions. They are looking for that
feedback right now.

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20