This afternoon, Microsoft's Greg Sullivan confirmed the company's official exodus away from the System Registry as a key component, and toward what are now being called "application manifests"--individual, secure files for applications to store their own configuration data, and for other purposes. It turns out that, as Microsoft moves toward gradual adoption of what was dubbed this morning Windows Communication Foundation (formerly and more affectionately known as "Indigo"), a single file for storing the configurations and data attributes of all running components in the system, may eventually no longer be necessary.
I like this idea of a virtual registry, now if they kept one system registry for system app's while giving each user its own registry, it might let people install games in any user.... *hopeful*
Durandal wrote: Wonder how many poorly-designed apps this is going to break.
and how many people will declare the OS crap and advise people not to use it, as it "breaks apps".
To be fair to such people, badly-behaving apps are the result of Microsoft's own lackluster attitude toward security and privilege escalation. Their obsession with giving everyone administrator privileges all the time is now coming back to bite them in the ass, and they deserve all the flak they get, as far as I'm concerned.
Damien Sorresso
"Ever see what them computa bitchez do to numbas? It ain't natural. Numbas ain't supposed to be code, they supposed to quantify shit."
- The Onion
This afternoon, Microsoft's Greg Sullivan confirmed the company's official exodus away from the System Registry as a key component, and toward what are now being called "application manifests"--individual, secure files for applications to store their own configuration data, and for other purposes. It turns out that, as Microsoft moves toward gradual adoption of what was dubbed this morning Windows Communication Foundation (formerly and more affectionately known as "Indigo"), a single file for storing the configurations and data attributes of all running components in the system, may eventually no longer be necessary.
I wonder where they got that idea?
Windows XP can use manifests, actually, but they're mostly used for telling XP to use GUI skinning on its GUI components.
Durandal wrote:To be fair to such people, badly-behaving apps are the result of Microsoft's own lackluster attitude toward security and privilege escalation. Their obsession with giving everyone administrator privileges all the time is now coming back to bite them in the ass, and they deserve all the flak they get, as far as I'm concerned.
I'm not sure if I'd totally blame Microsoft on this one; they've been trying to get people away from running as Administrator but have failed miserably, in part due to bad software writing. Developers should be writing to HKCU and %USERPROFILE% except at install-time ... but most won't.
phongn wrote:
I'm not sure if I'd totally blame Microsoft on this one; they've been trying to get people away from running as Administrator but have failed miserably, in part due to bad software writing. Developers should be writing to HKCU and %USERPROFILE% except at install-time ... but most won't.
You can't get away from running administrator with Windows XP Home, it only has two options for users: "Administrator and "User", without the "Power User" of Windows XP Pro. With the "User" account, you can't do shit with the computer; the OS locks you out from nearly everything. So it's either use Administrator all the time, or pony up an extra $100 for XP Pro.
Which annoyed the crap out of me back on my sisters old box. WHen it was 2k, I gave her power user levels and everyone was happy. I wipped it and installed XP about a year back because she needed it for a program to work and had to give her admin privilages, because half the damn software would demand it.
She destroyed the computer within two months.
Its not all Microsofts fault, too many of the deveopers just demand Admin level privilages for no good reason at all.
phongn wrote:I'm not sure if I'd totally blame Microsoft on this one; they've been trying to get people away from running as Administrator but have failed miserably, in part due to bad software writing. Developers should be writing to HKCU and %USERPROFILE% except at install-time ... but most won't.
You can't get away from running administrator with Windows XP Home, it only has two options for users: "Administrator and "User", without the "Power User" of Windows XP Pro. With the "User" account, you can't do shit with the computer; the OS locks you out from nearly everything. So it's either use Administrator all the time, or pony up an extra $100 for XP Pro.
Exactly. It's seriously unreasonable to expect developers to write a separate version of their apps just for XP Home. Microsoft seem to have this habit of either ignoring security entirely in favor of convenience or locking the system down so tightly that no one can even use it.
Damien Sorresso
"Ever see what them computa bitchez do to numbas? It ain't natural. Numbas ain't supposed to be code, they supposed to quantify shit."
- The Onion
Developers should be writing to HKCU and %USERPROFILE% except at install-time ... but most won't.
Why? Is it really that difficult? Or are they just lazy asses that need to be punched in the face?
It does take some more work but it shouldn't be incredibly hard.
The Kernel wrote:You can't get away from running administrator with Windows XP Home, it only has two options for users: "Administrator and "User", without the "Power User" of Windows XP Pro. With the "User" account, you can't do shit with the computer; the OS locks you out from nearly everything. So it's either use Administrator all the time, or pony up an extra $100 for XP Pro.
Ugh, I forgot about that Even so, most standard user-type operations should be available as User, and with Fast User switching going to Administrator isn't too bad.
phongn wrote:
Ugh, I forgot about that Even so, most standard user-type operations should be available as User, and with Fast User switching going to Administrator isn't too bad.
Fast User switching is a joke, especially since you need to log it off afterwards; it takes goddamn near forever, and you have to do it all the damn time if you are set on using the "User" profile as your primary.
Why can't we just have a system like OSX where you get temp admin privlages for an application install via a username/password prompt?
The Kernel wrote:It has a GUI? I thought RUNAS was command line only.
Shift-right-click.
Holy crap, I totally didn't know you could do that. (I suppose that's what I get for running as a Admin all the time...)
Still, it's not quite as robust as what OSX offers. Anytime OSX is confronted with a situation where you need higher user privlages (Durandal can correct me if I'm wrong about this), it just opens a dialogue box and asks for a username/password, instead of having to pre-guess what the program needs.
Plus, this still doesn't address security problems since you are basically giving the program you are running admin privlages anyway.
The Kernel wrote:You can't get away from running administrator with Windows XP Home, it only has two options for users: "Administrator and "User", without the "Power User" of Windows XP Pro. With the "User" account, you can't do shit with the computer; the OS locks you out from nearly everything. So it's either use Administrator all the time, or pony up an extra $100 for XP Pro.
Power Use might as well be Administrator.
They have enough privilages that it is utterly trivial to gain full Administrator rights.
"Okay, I'll have the truth with a side order of clarity." ~ Dr. Daniel Jackson.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.
The Kernel wrote:Why can't we just have a system like OSX where you get temp admin privlages for an application install via a username/password prompt?
Applications which install from an .MSI file can do that already!
There is a reason Microsoft wrote the Windows Installer Service, all the other installers sucked ass(and still do).
"Okay, I'll have the truth with a side order of clarity." ~ Dr. Daniel Jackson.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.
Actually power users can modifiy some critical system files and have some ludiciously powerful permisions which means any power user is a little custom code away form taking complete control of the OS.
"Okay, I'll have the truth with a side order of clarity." ~ Dr. Daniel Jackson.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.
Tiger Ace wrote:Ah damn, then I guess using power user day to day isn't really better then running on admin.
Basicly no.
I recomend following this. A browser, IM client & Office are some of the applications which should not run as administrator.
I've recompiled SetSAFER to .NET v1.1 instead of a beta copy of v2.0, that can be found here.
Just extract everything(exe + xml file!!) and tick which applications you want to run as a limited user. You can add more by editing the .xml file.
Thankfully in Vista you will not need todo this and the GUI todo this is biult into the OS.
"Okay, I'll have the truth with a side order of clarity." ~ Dr. Daniel Jackson.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.
