[mschuster91]

> Let's see, UAC is nice for your grandmother who might click on something that it shouldn't, yet, we, advanced users are constantly annoyed by those cof,cof "security" features who get in the way when doing something.

Even for us power users, we might hit some drive-by exploit, a friend might send us something that got wormed or whatever. And now, unless that malware comes with a UAC bypass/privilege escalation exploit which is worth millions of dollars, we get an unexpected UAC prompt and have a chance to stop a minute and actually notice that something is Not Right.

[hun3]

> drive-by exploit

It's worth noting that UAC is not a security boundary[1]. Sure, a safeguard mechanism, but not a security feature against stealth rootkits trying to escalate from non-privileged environment.

[1]: https://security.stackexchange.com/questions/189491/microsof...

[dist-epoch]

Unfortunately as more and more software is installed only for the user (in AppData), the malware can just infect a binary from there (Chrome, Discord, VS Code, ....)

[josephg]

Yeah - I’ve had this rant more times than I can count. Modern PC security is stupid because it protects users from other users (what other users?) but it doesn’t protect users from bad software they run on their own account. When the computer only has 1 user anyway, there isn’t much practical difference between the root user and my user account. But the elephant in the room is software supply chain attacks and malware. The fact any program I run can do anything it wants with all my files is ridiculous and appalling.

Phones get it right. The Facebook app on my phone can’t read Gmail’s data. And Gmail can’t access my photos without permission. On desktop any program can read or write to any of my files. And my files - photos, work, code - matter a lot more to me than anything my OS works hard to protect.

There’s no good technical reason, either. It’s a problem of pure inertia.

[vondur]

Apple kind of does this with the MacOS now. It will continuously ask you for each app to give it permissions to specific folders (downloads, home directory) plus can the app use the camera, the microphone etc.. I feel like most people blindly just tap yes to get it out of the way and use the app they just installed.

[josephg]

Its certainly a start.

People like to hate on the permission dialog boxes on MacOS - but each app only needs to ask you once for permission. I don't think I've seen one of these dialog boxes for months. And they add a remarkably large amount of security to the overall system given how little they inconvenience users in the steady state of system execution.

But they're a very coarse brush. Once an application has permission to access some folder, it can do anything it wants there. And only certain folders and permissions are protected. (I think any app can read / write any data in ~/Library).

I think the desktop security environment would work extremely differently if it were designed today. I'd love to see more people experimenting with ideas.