quote: This is something that I've suggested to MS at every level of beta since Windows Vista.
quote: lol that's been a standard practice in Linux OS's from as far back as I can remember. I would hardly call that advancing desktop security on Apple's part.
quote: No offense but I'm glad they have ignored your suggestion. Why on Earth would you want to remember, and type, a password frequently when you can just click a UAC prompt to achieve the same goal?
quote: Also your suggestion is a bit redundant because you actually CAN make the UAC also function with password. However a good suggestion would be to make this process a bit easier and intuitive to the end user, I agree.
quote: That should be much easier to enable or disable. Why isn't it right next to the UAC slider??
quote: I think requiring a password in the "UAC state" is more secure. Imagine a scenario where I leave my laptop unattended for some unknown reason. Guy comes over, pops in his flash drive, and installs a malicious program. Password prompt inside UAC stops that from happening. I think this style of attack is called the "evil maid" attack.
quote: Agree. Well Microsoft got really serious about security some time ago. But what they found was that if you go TOO secure, it turns people off. Remember all the Vista complaints about the UAC? And that was a more toned down version of what they originally wanted to do. Also from a customer support view, I'm sure not requiring a password cut out some millions of calls from people who can't install something because they "forgot" their password lol.
quote: Now this is valid of course. Having an OS that's secure from physical intrusions is novel. I would hope IT departments are pushing the UAC password state. I would actually be interested in knowing how widespread, if at all, that practice is.
quote: Forgotten passwords... ugh... I do web apps (CRM/ERP) and I cannot tell you how many times I get emails about forgotten passwords. How?!? Perhaps that is why Microsoft hid it.
quote: I didn't even know it existed.
quote: That should be much easier to enable or disable. Why isn't it right next to the UAC slider?
quote: but the idea that requiring a password (or even a UAC prompt) to install software will prevent malware from being installed is just plain false.