Microsoft Endorses A Fix For Something It Insists Isn't A Problem
Vista's User Account Controls prompts are something almost everybody loves to hate. Microsoft has steadfastly maintained that they're a feature that improves the product. But this week, "Microsoft has taken the very unusual step of endorsing another company's product that fixes a problem in its own operating system."
That sentence turned up in my e-mail from a PR guy touting BeyondTrust's BeyondTrust Privilege Manager 3.5. Privilege Manager enhances Microsoft policy management, and this new version is designed to let corporate IT managers run their users in a "least privilege" environment by eliminating most of the UAC prompts they might see when running Windows Vista.
Is BeyondTrust maybe stretching the truth a little when it uses that word "endorsing"? Not really. Here's the money quote in the announcement press release, from Austin Wilson, director, Windows Client Security Product Management at Microsoft:
Microsoft recognizes that to help create a secure, auditable and compliant enterprise environment all users should be Standard Users and ideally not have administrative privileges or access to administrator passwords. . . . I am pleased to see third-party security vendors such as BeyondTrust improve what is already our most secure business client OS, Windows Vista. The combination of elevating approved applications transparently with Privilege Manager and running UAC in no prompt mode with Internet Explorer in protected mode provides a best of breed solution to the least privilege problem.
Am I the only guy who translates that as, "Microsoft admits UAC is broken. Privilege Manager 3.5 fixes it"? Apparently not -- see, for example, Betanews.com's story, Microsoft Endorses Product That Turns Off Vista UAC Nags. Scott Fulton's thorough piece includes a similar quote from another Microsoft employee, Mark Russinovich, Technical Fellow and one of the most widely respected Windows experts in this quadrant of the galaxy. Russinovich isn't down on UAC per se, but he's concerned about the kind of on-the-fly escalation of privileges that UAC both requires and enables.
As for me, I'm not as far into the philosophy of Vista security as Rossinovich is, I'm just annoyed by the nagging (see Don't Shut Off Vista UAC, There's A Better Way). I'm glad there's a fix like BeyondTrust Privilege Manager that may help those of you who are corporate IT types, but I'm my own help desk, and for me a "least privilege" environment is not a solution, it's the problem Vista is forcing on me. Recently a commenter posted what looks like a good tip to one of myprevious blog entries, suggesting a free utility called TweakUAC that you can download from a Web site. TweakUAC's description includes an interesting take on what UAC does -- and doesn't do.
Do you agree that UAC is broken? Do you have any suggestions how on to fix it? Leave a comment at the InformationWeek Blog.
Virtualization At The Desktop?
Examine how more than 250 companies plan to adopt server virtualization technology in this recent InformationWeek Research report, Server Virtualization.
The BI Explosion
Examine the business intelligence strategies of 500 companies, including deployment drivers and challenges, spending plans, and vendor selection, in this recent InformationWeek Research report.
Aggregate Knowledge Aims To Be A Mind Reader On The Web
Having jumped into the market for Web "discovery" technology last December, Aggregate Knowledge is getting closer to general availability of three new services. Founded by the same guys behind social networking site Tribe.net -- the assets of which were acquired by Cisco in March -- Aggregate Knowledge promises to help companies get the most appropriate products and content in front of Web site visitors.
Microsoft Endorses A Fix For Something It Insists Isn't A Problem
Vista's User Account Controls prompts are something almost everybody loves to hate. Microsoft has steadfastly maintained that they're a feature that improves the product. But this week, "Microsoft has taken the very unusual step of endorsing another company's product that fixes a problem in its own operating system." The "Through the Looking Glass" saga of Vista continues.
What Orkut Really Needs
Google's software engineers report that they've been busy giving Orkut, the company's social networking service, a face-lift. But perhaps what the site really needs is a new name for the U.S market.
It's true that short, memorable domain names are hard to come by, but if ever there was a Google product in need of re-branding, it's Orkut.
Advice On Building A Better Password
We're always hearing that we need stronger passwords, but many people don't know how to craft a better, stronger password or they simply don't take the time to come up with some crazy complex string that they have no chance of remembering.
I was just talking with someone who gave me some great advice.
Path to Profit: Transform your Underwriting Processes Join Insurance & Technology Editorial Director Kathy Burger, Cindy De Armond, Partner, Insurance Industry Practice, IBM Global Business Services, and Mark B. Gorman, Strategic Research Advisor, Insurance, TowerGroup, to gain insights into how integrating analytics and operations can transform the underwriting process.
How to Succeed with Offshore Software Testing When Almost Everyone Else Fails Offshore software testing projects fail at a greater rate than most other types of offshore projects. Most of the research into this problem points to very generic reasons. This paper identifies why offshore software testing projects fail, quantifies the impact of a failure and gives a list of actions that can prevent failure from happening.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list: InfoWeek@update.informationweek.com
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
InformationWeek Daily Newsletter
A free service of InformationWeek and the TechWeb Network.
Copyright (c) 2007 CMP Media LLC
600 Community Drive
Manhasset, N.Y. 11030
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.