I remember beta testing Windows 95 when it was code-named Chicago. Back then, I was running MS DOS 6.22 and running Microsoft Windows for Workgroups 3.11. I also beta tested numerous versions of Windows 98 when it was codenamed Memphis, Windows 2000, Windows XP, which brings us to this century where I beta tested so many versions of Microsoft Windows Vista (or, Longhorn) that I can’t even recall. I watched as Microsoft scrambled to try to meet the security disaster that were plaguing Windows XP. Some of you may not recall, but Windows XP was such a disaster in terms of security that it was rare to find a computer running a default copy of Windows XP, without a ridiculous infestation of spyware of some kind.
(my favorite screenshot of a spyware infestation)
Back in the DOS days, I rarely used Windows 3.11 for hardly anything. I would use DOS to copy files, defragment my computer, browse BBSs, send e-mails, write batch scripts, just about everything. In fact, even when I switched over to using Windows more often I would still go back to DOS to do simple copy commands because it was easier for me to just write out the commands longhand. I used a hex editor to check executables for viruses because I didn’t have any antivirus software at the time. I guess my point is that Microsoft has had more than enough time to make a working security model for Windows. The fact that they missed that opportunity, decided on UAC (User Account Control), made updates in service pack 1 (SP1) for Vista, and it still prompts me every single time I uninstall a program despite the fact that I may have uninstall the program dozens of times… is absurd. Why is there no option for me to check a box labeled simply “do not prompt me again.”? The lack of such a checkbox is what drives me to completely disable UAC.
For those of you who don’t know, to disable UAC simply open up the control panel type “UAC” in the upper right search box, click “Initial Turn User Account Control On or Off” uncheck the box and press OK, then reboot.
I read numerous articles by Paul Thurrott telling me to keep UAC enabled because it’s far more secure. I agree. It is more secure for a variety of reasons that operate under the hood, but I just can’t bring myself to do it. Simply the fact that Windows Vista comes with Windows Defender in many ways makes Windows so much more secure than XP particularly when combined with powerful anti-virus such as a Avast! That it seems unnecessary to piss off end users with UAC.
Obviously, on Microsoft’s decision to have every single user treated as a default administrator in Windows XP was a catastrophe. I know that I’m writing this article a little bit late, given that Microsoft is about to release Windows 7 in short order and they intend to fix UAC dramatically. However, I felt it necessary to explain why I still refuse to enable UAC on my computers.
Initially, I was very excited about UAC. Microsoft promised again and again (SP1 articles, but you get the idea) to make UAC less intrusive and less irritating in general. At the time of launch, however, it was still prompting far too frequently. None of this morning, in any way, is going to affect the type of people who actually need to be warned of their stupidity. The above linked articles discuss SP1, but it’s essentially the same thing, Microsoft said it before launch, and they said it again before SP1… it still pisses me off.
Simply put, UAC is a nice gesture and in some ways an improvement, but I just don’t see how it can practically prevent anything more than antivirus and anti-spyware solutions already provide. That is to say, I cannot imagine anybody actually clicking cancel and preventing something from loading. I just don’t expect the average computer user to know what should and should not be running. Isn’t that how Norton has gotten away with making millions off of people not knowing anything better? Average computer users don’t know what should be allowed to run, it is the job of anti-spyware and antivirus to figure this out for the average computer user. I was happy to hear that Microsoft has announced that they intend to offer free antivirus software (codename: “Morro”) for this exact reason. Maybe this will have the added benefit of finally getting rid of Symantec once and for all. Good riddance.
I get particularly bothered when UAC prompts me for things like disk defragmenter. How on earth can the disk defragmenter possibly have any sort of adverse effect on the entire system? What sort of malicious software would ever want to launch the disk defragmenter? And, if so, and worst-case scenario the disk defragmenter were maliciously launched, then what?
(scary disk defragmenter, UAC to the rescue!)
If you can think of any time that UAC has actually helped you prevent anything bad from happening, please let me know.
Related software: TweakUAC.
As always, e-mail me with questions: 
Encumbered in Services and Processes
Thursday, January 22nd, 2009For as long as I can remember, every version of Windows has enabled me to see what processes are running, except maybe Windows 3.11. As I continued to use Windows over the years, Control + Alt + Delete evolved into a useful tool, executing taskmgr.exe, showing more than the simple “Close Program” dialog box of the Windows 98 era. It became easy to identify what services were necessary (by simply running services.msc and checking what was set to Automatic, Manual or Disabled) and what processes shipped with Windows and what were running as after-market installations.
Essentially, I memorized what processes are “supposed” to be running, what are necessary and what are not. For example, I usually terminate qttask.exe because it isn’t absolutely necessary and it just takes up CPU threads that could be doing something else. Identifying what processes are supposed to be running is of deep-rooted importance to me because it gives me a sense of security of the system I am running. Aside from rootkits using advanced virtualization-style hijacking (permenant archive) techniques, identifying the processes enables me to know whether the system is compromised at-a-glance.
Back in the Windows 3.11 days, I did not have an anti-virus solution of any kind, however I downloaded all sorts of executables and even programmed a few oldschool “proggies” of my own. Because I didn’t run any anti-virus software, I scanned executables manually using a hex editor — while this wasn’t a perfect solution by any means, most software was relatively simple back then so I could readily identify a password stealer or trojan horse by simply digging through the hex line by line. Using a hex editor to identify viruses and other malicious software worked fine back then, but would be an impossibility now.
Another interesting fact about older systems was that if you pressed Control + Alt + Delete on a Windows98 machine, and it didn’t respond, you could check if it was terminally crashed by pressing Control + Alt + End, if the system emitted a PC Speaker single “beep” at you, then you knew the system was still active and would eventually regain stability and if you heard no audible beep, then the system was most likely done and you’d have to force shut it down.
Anyhow, with 2000/NT and XP I was able to quickly and easily identify whats services and processes were supposed to be running; so when I came across a new computer to diagnose, I could see what foreign processes needed to be identified and look them up accordingly.
This ease-of-identification process has ended with Vista. Now, when I bring up the Task Manager or Services list, there is such an immense amount of processes running that I have mentally given up keeping track of what is “okay” to be running and what isn’t. I continue to use the Windows Defender software explorer feature to disable certain applications from starting up, but that is the extent of my process-checking for the most part with Vista.
In my experiences, the average (OEM) Vista installation seems to have well over 80 processes which is a frighteningly high number. Even as I remove programs and block startup processes, however, that number doesn’t dwindle all that much. Vista is a fantastic operating system and comes highly recommended over XP, however, if you intend to track processes you’ll have to use something like Process Explorer.
I don’t particularly mind not being able to look over every single process in Vista, because I know it is inherently much more secure than XP and more difficult to penetrate, thanks to the inclusion of Windows Defender, sandboxing, firewall improvements, etc., it’s easier to lock down and secure the system anyway. So, on the one hand it’s nice to not think about it all the time, and on the other hand I feel like I am relinquishing control over the OS.
What do you think?
Tags: processes, services, vista
Posted in Commentary | No Comments »