Open Notepad - Allow or Deny
A lot of jokes as well as serious criticism has been made about Microsoft’s user access control (UAC) in Vista. The main problem with UAC is caused by applications that are poorly written and expect to run with administrator rights. This has been caused by shoddy development over the years where many people had written software with the assumption it would be run as the administrator user or sometimes the software was old and written for the Windows 9x series that had no access control.
The problem with so many prompts is it’s more likely to annoy the user to the stage that they become blind to the alerts and just blindly click OK or if they know how to they may turn these off. The IE blog shows another example of how Vista is defective by design, as you probably know by default IE opens Notepad as the ‘View Source’ editor (shouldn’t the menu item really be ‘Edit Source’), now as IE 7 (quite rightly) runs under a protected mode in Vista meaning the app has limited access to OS level functions however Notepad does not run under protected mode so as the IE blog shows it pops up a warning everytime you want to view the source.
The IE blog entry states “Before launching applications like Notepad that weren’t designed to work with low privilege, Protected Mode displays the following prompt to get your permission. This prompt is designed for the worst case security scenario, which is a malicious webpage trying to silently elevate out of Protected Mode by launching an application or reusing one that you’re launching. For example, in the scenario where you select View Source, a malicious webpage could try to silently pass its content to Notepad instead of the webpage’s source code. This could be a dangerous scenario if there was vulnerability in Notepad”. Their advice to fix this problem is to turn the alerts off by selecting the ‘Do not show me this again’ option.
If it’s not possible to run Notepad in restricted mode when being passed content from IE then they should do what other browsers do and display the source within the application itself.
Improving the security of Windows was very important but they’re going the wrong way about it. Apple are using these annoying prompts to their advantage. Take a look at their advertising campaign if you’ve not already (it’s the one labelled security).
April 2nd, 2007 at 12:02 am
“(shouldn’t the menu item really be ‘Edit Source’)”
If it allowed you to actually edit the source, then yes. Unless you’re viewing a webpage on your local computer, any changes you make to the source in Notepad have no effect on the page, so I’d say View Source is an appropriate name.
Of course the source should be displayed by some mechanism in the IE application itself. My guess is that that feature got cut. So in keeping with the “secure by default” mantra, they added a prompt before Notepad opens. If it annoys someone enough, they can simply check the box to never see the prompt for Notepad again.
April 2nd, 2007 at 1:11 am
“Of course the source should be displayed by some mechanism in the IE application itself. My guess is that that feature got cut.”
I’d say that is it more likely that every user doesn’t need that feature, and those you do know where to find it.
http://www.microsoft.com/downloads/details.aspx?FamilyID=e59c3964-672d-4511-bb3e-2d5e1db91038&displaylang=en