Thursday, December 28, 2006
Chock One Up..
...for the Microsoft Vista Team. They have successfully botched user authentication controls yet again.
Generally speaking, if I am setting up systems running Windows, I do have the option of setting up users with less than administrative privileges on the system. This is a good thing because the Administrator group should only be used when making global system changes. Administrative privileges are not needed for day-in-day-out computing needs. However, my concern is in regards to Microsoft's labeling of the different user accounts.
In WinXP, if an administrator wishes to create new accounts, he/she goes into the Control Panel and uses the user account creation tool to create either a "Computer Administrator" account (not recommended) or a "Limited User" account (more recommended, but not totally). The problem with creating all accounts as "Computer Administrator" is that each administrator has full control over global system settings. The problem with the "Limited User" account is that the user is so restricted in access that it is often frustrating and pointless to even log in. Windows Vista is stuck with the same problem. It's a dichotomy of user account privileges. On the one hand, the user has basically full control over the system and on the other hand, the user has no control at all.
So, to counter that problem, there is a more granular way to create user accounts. In the Administrative Tools Control Panel applet, there is a way to create local users and groups. However, there is no such user or group as "Limited User." This leaves me scratching my head as to where "Limited User" fits into the ladder of the different user settings. I mean, it's really granular at this point. There is, of course, the Administrator group, which is pretty self-explanatory. Beyond that, it gets fuzzy. There are "Power Users," "Remote Desktop Users," "Operators," "Backup Operators," and of course, "Users." I think the "Limited User" setting points to this last group, the "Users" group, but I'm not sure. Each one of these different groups has different access privileges. Why then, can't they make this more apparent with the standard user interface for creating users? Most consumers (read Joe End-User) will not go through the Administrative Tools Control Panel applet to set up users when there is a "Users" applet available also. The problem is that the "Users" applet is too simple. With it, the user either creates God (Computer Administrator) or fleas (Limited User). There is no in-between. The Limited User often doesn't have enough access to even use the network card, thus making Internet capabilities a moot point. It's simply a case of oversimplifying something.
For all intensive purposes, there needs to be some kind of consolidation between the stupid Windows XP/Windows Vista user account tool and the tool in Administrative Tools. It's just too much of a problem. Microsoft also needs to change their attitudes about the way users are handled. It should not take an Administrator just to run a word processor or to browse the Internet.
So, there you have it. So let it be written, so let it be done.
Generally speaking, if I am setting up systems running Windows, I do have the option of setting up users with less than administrative privileges on the system. This is a good thing because the Administrator group should only be used when making global system changes. Administrative privileges are not needed for day-in-day-out computing needs. However, my concern is in regards to Microsoft's labeling of the different user accounts.
In WinXP, if an administrator wishes to create new accounts, he/she goes into the Control Panel and uses the user account creation tool to create either a "Computer Administrator" account (not recommended) or a "Limited User" account (more recommended, but not totally). The problem with creating all accounts as "Computer Administrator" is that each administrator has full control over global system settings. The problem with the "Limited User" account is that the user is so restricted in access that it is often frustrating and pointless to even log in. Windows Vista is stuck with the same problem. It's a dichotomy of user account privileges. On the one hand, the user has basically full control over the system and on the other hand, the user has no control at all.
So, to counter that problem, there is a more granular way to create user accounts. In the Administrative Tools Control Panel applet, there is a way to create local users and groups. However, there is no such user or group as "Limited User." This leaves me scratching my head as to where "Limited User" fits into the ladder of the different user settings. I mean, it's really granular at this point. There is, of course, the Administrator group, which is pretty self-explanatory. Beyond that, it gets fuzzy. There are "Power Users," "Remote Desktop Users," "Operators," "Backup Operators," and of course, "Users." I think the "Limited User" setting points to this last group, the "Users" group, but I'm not sure. Each one of these different groups has different access privileges. Why then, can't they make this more apparent with the standard user interface for creating users? Most consumers (read Joe End-User) will not go through the Administrative Tools Control Panel applet to set up users when there is a "Users" applet available also. The problem is that the "Users" applet is too simple. With it, the user either creates God (Computer Administrator) or fleas (Limited User). There is no in-between. The Limited User often doesn't have enough access to even use the network card, thus making Internet capabilities a moot point. It's simply a case of oversimplifying something.
For all intensive purposes, there needs to be some kind of consolidation between the stupid Windows XP/Windows Vista user account tool and the tool in Administrative Tools. It's just too much of a problem. Microsoft also needs to change their attitudes about the way users are handled. It should not take an Administrator just to run a word processor or to browse the Internet.
So, there you have it. So let it be written, so let it be done.
Monday, December 11, 2006
Lusers. All Lusers.
Microsoft has been touting its latest iteration of Windows, called Vista, as the latest weapon in the arsenal of security. Vista is supposed to be light years ahead of current Windows XP in terms of security. Internet Explorer 7 is supposed to be the answer to IE users' complaints about threats and vulnerabilities. While I think that these enhancements are laudable and necessary, I do not think that Windows Vista will be the silver bullet of security for the coming age of computers. In fact, I doubt that there will be much change at all in the overall security landscape surrounding Windows users.
Consider, if you will, the typical Windows user. He or she can range from a very intelligent, well-educated professional individual to the relatively uneducated, unsophisticated Internet game addict. It's the latter group that unfortunately makes up a large enough percentage of the Windows user group to be a threat. These people wouldn't recognize most security threats if they came announcing themselves with big flashing signs (which many of them actually do). I can't tell you how many times I have had to work with this type of Windows user. Their computers are usually so clogged with crap that they've downloaded that the machine is barely usable. These users are almost impossible to rehabilitate. They feel drawn to download useless and malicious programs because of their online habits. Vista will almost certainly be no match for these types. Very little can be done to protect against stupid people making stupid decisions.
What we need to do is educate. All the technology in the world isn't going to solve a problem of basic education. Many folks just don't recognize a bad program from a good. And many of these people also don't realize that bad programs even exist. To them, a bad program would have a warning label on it or something. Well, the truth is, many ill-intentioned programs come disguised as helpful programs. To compound this problem, many users feel some strange need to install everything the see. They feel it necessary to have browser search bars and tool bars and various other "assistants" to help them use their computers. What they really end up with is a machine filled with spyware and other malicious software. So many of these programs carry monikers of "assistant" or "search" or "help." These key words fool many less-educated users into believing that they are really useful programs. "Hey, it'll help me search the Internet." or "It'll help me organize my photos." I don't personally find a need for any toolbars to help me search. Google is the search assistant. So, to help get started on educating people to recognize malicious software, I am preparing a list of potentially harmful applications that seem to be very popular with the unsuspecting, under-educated crowd. I would highly suggest that users stay away from the following:
Anyhow, I am sure that even though Vista will enhance security on the Windows landscape, Windows simply can't be hardened enough to protect against stupid decision makers. So, keep up to speed on the security scene. :)
Consider, if you will, the typical Windows user. He or she can range from a very intelligent, well-educated professional individual to the relatively uneducated, unsophisticated Internet game addict. It's the latter group that unfortunately makes up a large enough percentage of the Windows user group to be a threat. These people wouldn't recognize most security threats if they came announcing themselves with big flashing signs (which many of them actually do). I can't tell you how many times I have had to work with this type of Windows user. Their computers are usually so clogged with crap that they've downloaded that the machine is barely usable. These users are almost impossible to rehabilitate. They feel drawn to download useless and malicious programs because of their online habits. Vista will almost certainly be no match for these types. Very little can be done to protect against stupid people making stupid decisions.
What we need to do is educate. All the technology in the world isn't going to solve a problem of basic education. Many folks just don't recognize a bad program from a good. And many of these people also don't realize that bad programs even exist. To them, a bad program would have a warning label on it or something. Well, the truth is, many ill-intentioned programs come disguised as helpful programs. To compound this problem, many users feel some strange need to install everything the see. They feel it necessary to have browser search bars and tool bars and various other "assistants" to help them use their computers. What they really end up with is a machine filled with spyware and other malicious software. So many of these programs carry monikers of "assistant" or "search" or "help." These key words fool many less-educated users into believing that they are really useful programs. "Hey, it'll help me search the Internet." or "It'll help me organize my photos." I don't personally find a need for any toolbars to help me search. Google is the search assistant. So, to help get started on educating people to recognize malicious software, I am preparing a list of potentially harmful applications that seem to be very popular with the unsuspecting, under-educated crowd. I would highly suggest that users stay away from the following:
- AOL Instant Messenger (not because the messenger is bad, but because of all the popus and ads.)
- All browser toolbars (except the Google toolbar and the Netcraft toolbar - which have limited usefulness.)
- Microsoft Internet Explorer
- MSN Explorer (a derivative of Internet Explorer)
- WeatherBug
- WebShots (desktop and screensaver)
- Anything that says "Search Assistant"
- Many system monitoring tools (Many of these do not install spyware; they just eat up CPU cycles)
- Limewire (and other P2P software)
- Browser speed boosters (generally marketed to dial-up users with Internet Explorer)
- Any software sporting a talking gorilla or penguin or any other cute creature that's supposed to entertain you on your desktop.
- Claria/Gator/Gain
- Bonzi Buddy
- The list goes on...
Anyhow, I am sure that even though Vista will enhance security on the Windows landscape, Windows simply can't be hardened enough to protect against stupid decision makers. So, keep up to speed on the security scene. :)
