[admax88qqq]

The main difference is that UAC is automatically triggered by the OS and takes over the whole display making it harder to fake/intercept. It’s trivial to put a fake sudo in someones PATH and steal their password

[survivedurcode]

lol UAC is such a lazy shitshow of a security implementation…

A) there is no interception to be had. It’s a fucking “Yes I am Admin” single click a child could do unsupervised.

B) It requires training for the user to know that this is a special UAC mode. That’s high-motivation, high-knowledge user training. Pilots train to recognize unusual signs. Your grandma does not train to recognize what UAC looks like, why it would come up and when. UAC is the biggest cop out of a security excuse and Windows should be ashamed.

[admax88qqq]

Sure I guess, I don't know why UAC gets so much hate while sudo gets so much praise.

UAC is strictly better than sudo IMO.

Does UAC solve security for windows? Of course not, but we were comparing against sudo here.

[ruthmarx]

> lol UAC is such a lazy shitshow of a security implementation…

It's by far the most secure and well thought out implementation of an elevation prompt across all operating systems.

A lot of thought went into designing the Secure Desktop [1] used by UAC, and really mac and linux not having something similar is an embarrassment.

[1] https://learn.microsoft.com/en-us/archive/blogs/uac/user-acc...

[survivedurcode]

I stand corrected, it is not a lazy shitshow.

You’re right, fake sudo prompts is how people get exploited all day long. I’ve witnessed it on MacOS.

For UAC, the user still has to learn that the darkening on the screen and the prompt is “serious business.” I think that when a password is present and has been willfully supplied, prompting the user for the password guards against automatic/accidental acceptance (button-only user confirmation prompts). I understand that many users have a joke password that might as well not be something that’s not really any more secure than a click on a button.

I see that Sudo for Windows has been restricted to Desktop only. https://hudsonvalleyhost.com/blog/microsoft-officially-exclu...

From the design article you linked, I know it’s 2006 era:

> You hide the real mouse cursor and show a fake one some number of pixels offset to the real one

I think MacOS only in the recent years has “Full Desktop Control” as an accessibility-category permission (a confusing category to boot) it enforces on apps to prevent faking the cursor.