linuxmemes

20463 readers

562 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

992

Security (discuss.tchncs.de)

submitted 3 months ago by [email protected] to c/[email protected]

128 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 18 points 3 months ago (1 children)

I turn UAC off before it nags me for the 10th time.

The only nag I want to see is the one right before it gets turned off.

I hate things that just throw up nag screens that users get desensitized to and just click through anyway. It hasn't increased security at all.

Looking at you "do you trust the authors of the code in this workspace folder" VSCode. Yes I effing do, that's why I opened it to begin with!

[–] [email protected] 5 points 3 months ago (1 children)

Fair enough but then you shouldn't complain about the lack of confirmation (like the meme does)

[–] [email protected] 8 points 3 months ago (1 children)

It's still a valid complain, but the problem is not exactly the presence or absence of a confirmation IMO, it's a deeper matter.

What causes user desensitization (I guess that's a word) is a direct result of how Windows users traditionally install software - from untrusted sources or by downloading them directly from a vendor's website then manually installing it.

UAC would be just fine if it was a rare thing to see, but because of this "download a .exe > double click > install" flow users see it all the time, which defeats the purpose of the warning. It became just another half-measure Windows has implemented.

[–] [email protected] 2 points 3 months ago

And it's unhelpful because it doesn't give any details about what it wants to do with that admin access and also treats permission for one action as permission for all actions (not that you can tell what they first action you're permitting is).

I like the way android does it, where you can grant or revoke special permissions by category of action.

Though the system I'd like to see is one where each program is sandboxed and then even you close the program (or it prompts for an elevation), then you get a list of system differences between the sandbox and your system and can choose whether and which changes to push from the sandbox env into the main env. Or to combine sandboxes so that programs can interact with each other.