Aaron Margosis, creator of the killer utilities PrivBar and MakeMeAdmin, has two great posts on Vista's security: one on the role of RunAs and how it replaces MakeMeAdmin, and another on why you can’t bypass the UAC. The gist of his first post seems to be that Vista’s security model for regular users is much easier to deal with in a secure fashion than before. The second post has some good general information on privilege escalation, and why doing things in a *nix-like fashion with setuid or sudo would be a Bad Thing. (Actually, ISTR from my *nix development time years ago that they’re a bad thing in the *nix world, so it’s not really a great example for him to use, IMO.)
Both posts are fine for non-developer folks using Vista. Those types shouldn’t have been running with admin privileges on previous OSes, and I’m glad to see the issue’s somewhat easier for them under Vista.
Unfortunately, as a developer I’ve found the UAC issues in Vista to be too much friction and outright blockage for my work, so like some of my other friends doing development on Vista I've had to disable it. I personally think this sucks because I’m adamant about developing with non-admin privileges. I rant about it in my Security Fundamentals talks, and I’ve chided other developers I’ve run into who’ve admitted to developing as admins.
I’m not sure where the future will take me with UAC on Vista. Having to give admin credentials for escalation numerous times during the day doesn’t bug me so much, but having to deal with file permission stupidity (like Jason talks about in his post linked above) is just insane.
I want UAC to work for me as a developer because I absolutely believe in the principles behind it. Unfortunately, its implementation is just too big a pile of steaming, maggot-infested dung for me.
1 comment:
Been developing in Visual Studio 2005 in XP non-admin for over 18 months. Been developing in VS2005 in Vista non-admin with UAC on since RTM. Where's the friction?
Post a Comment