I saw a post on Slashdot titled "Coding Around UAC's Security Limitations", which pointed towards this.

The whole angle of the post on Slashdot is trying to make it seem that UAC doesn't do anything and is worthless, the iReboot developers certainly have that angle too, in what I'm sure some would call a childish tirade.

iReboot is an application that sits in the tray, and allows you to select an OS you want to reboot into. It does this by changing the boot loader so the OS you selected is the default and then rebooting the machine.

To modify the boot loader, you obviously need administrative privileges, this is a system-wide change and wrongly altered can render the system unbootable.

On Windows XP the iReboot application required you to be logged in as an administrator, for obvious reasons (standard users not having the rights to change the boot loader).

On Windows Vista, iReboot would also require administrative privileges to work. With UAC, even users logged in as administrators have their applications run as standard users, which is why applications need to elevate to run as administrators.

The developer goes on to write:

But there was one flaw in iReboot that made all the hard work we put into making it as unobtrusive and minimalistic as possible almost meaningless: if you had UAC enabled, iReboot will not run automatically at startup, no matter what you do.

iReboot could run automatically at startup with UAC enabled, the developer doesn't seem to be aware that you can write an application to ask for elevation. His application didn't - and so it just fails. Like it should. Obviously automatically starting an application and asking for elevation isn't a very good experience, which is why it shouldn't be done this way either.

I'm sure you all know that the Windows NT line (and other modern operating systems) has had the concept of "services". It seems the developer had to do some "digging around" for solutions, come on, any Windows geek knows how services work, this guy actually had to do research?

Services are usually started automatically by the system, for example the time service which goes out to the internet and corrects the time on your system. Changing the time requires administrative privileges, and as such the time service runs with administrative privileges. The same can be said about the 50 or so other services that run on the system.

He goes on to say:

only possible fix would be to split iReboot into two parts. One would run in the background as a service, running under the SYSTEM or LOCAL SERVICE accounts and having privileged access to the OS without requiring admin approval or UAC elevation, and with the second half running as an unprivileged userspace client program which interacts with the service backend to get stuff done.

This is also how it should be done on Windows XP, 2000 etc so that your application would work on standard user accounts, but it seems he doesn't care about standard users on Windows XP where he says "everyone runs as an Administrator", which isn't quite true. Others and myself have long tried to get people running as standard users on Windows XP, it is thanks to developers like this that kept people from running as standard users and greatly reduced the security of the world's computer base.

The developer then goes onto complain about how long all this took:

[G]etting this far wasn't easy. With Windows Vista, what should have been 100 lines of code maximum ended up being a dozen times longer, split across two different processes, and requiring way too much man-hours to write the most minimalist and to-the-point piece of software we've released to date.

Of course if the guy had bothered to look at the development guidelines and documentation that is almost a decade old now he would of seen this is how his application should of been written in the first place. Instead of him assuming he will have administrative rights forever, Microsoft have been hammering on about testing your applications as standard users for years and years before Windows Vista shipped, it isn't like they just pulled this out of the bag.

The developer then makes one final stab at UAC:

Perhaps most importantly though, is the fact that Windows Vista's newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security [his emphasis]. Any program that UAC blocks from starting up "for good security reasons" can be coded to work around these limitations with (relative) ease. The "architectural redesign" of Vista's security framework isn't so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure OS.

Essentially claiming that UAC is worthless and can be coded around (by using services), which is false because in order for you to install that service in the first place you must elevate the installer, else it cannot create or modify the service.

Just today a new exploit was discovered in QuickTime (yes another one), with UAC enabled the exploit doesn't work. Because QuickTime isn't running as an administrator, but only as a standard user. Just another example of how UAC just gives the "impression" of security.

Out in the technical communities I still see a lot of people telling people to use msconfig (Microsoft System Configuration Utility) to stop applications running on startup with Windows.

Now this was a fine tool - back in the old days (it first shipped with Windows 98), but it hasn't changed much since then and is geared towards technical users.

Windows Defender is often overlooked as being a simple anti-spyware application. But it has some great features which surpass a lot of the functionality that msconfig was often used for.

The Software Explorer is one of them, you can find it under Tools. It offers a few different options from the drop down menu, startup programs, which allows you to see and block any specific applications from starting with the system.

Although a common source of confusion for non-technical users is the 'Show for all users' button, which is required to make any system-wide changes (most applications set themselves to startup system-wide). So you often need to elevate using that button to make any changes, else the buttons are greyed out. I think that needs to be made more clear, or Defender needs to ask for elevation automatically upon starting the Software Explorer.

It also let's you see currently running programs, and also programs that are connected to the network (you previously had to go to the command line to check that), and also to which addresses they are connected.

What would I like to see done to Defender in future versions?

Consider moving the Software Explorer function out and having it as a standalone application, and put it under Programs in the Control Panel, although it does have a sub-option (View currently running programs) under Defender I think it is worthy of its own entry. Also put a shortcut in the System Tools folder in the Start Menu.

In addition I'd like to see Windows Defender move on to provide basic anti-virus. Windows Defender is already the best anti-spyware application out there in my opinion, it doesn't put icons in the tray, it doesn't launch loads of junk on startup and it doesn't pop up nagging you about things, with definition updates installed automatically over Windows Update is great.

This is really something where Microsoft are out in front of the pack (except with Windows Live Messenger), other software developers write software that tries to take over half your computer and load dozens of applications at startup slowing everything down, instead of getting out of the way and letting you get on with things. No doubt Microsoft would face an anti-trust investigation for bundling anti-virus with Windows (may be they could make it a downloadable plug-in), but it would be worth it for the end-user experience.

No doubt people will mention OneCare, but OneCare is a heavy all-in-one application suite, I don't see the point in having a firewall, anti-spyware etc when that stuff is already built into the system. Let OneCare be the heavy security suite, let Defender be the minimalistic simple low resource anti-malware application that it could be.

Oh jeez, so over on ZDNet, Robin Harris threw up what apparently he thinks is a news story about how Microsoft have been forced to retreat to Windows XP on ultra-low-cost PCs, like Asus' Eee PC.

He calls it further evidence of the Vista fiasco.

What do I think? I call it evidence that Windows Vista won't run on these low powered machines, and as Microsoft is a company that wants to sell Asus something to put on these machines they'll sell em what they've got.

Observe the miracle of the Eee PC specifications:

CPU: Intel Mobile @ 900 MHz
RAM: 512mb / 1.0GB
Storage: 4GB / 8GB Solid-State Disk
Graphics: 800 x 480 and shares system RAM

And the miracle of system requirements for Windows Vista, these are the bare minimum for it to work:

1 GHz 32-bit (x86) or 64-bit (x64) processor
512 MB of system memory
20 GB hard drive with at least 15 GB of available space
DirectX 9 graphics card with 32MB of RAM, capable of 800x600 resolution

You're a walking joke Robin. Windows Vista won't fit on an 8GB hard drive, it won't be usable on a screen just 480 pixels high. It wasn't designed to run on such low powered machine, so Microsoft doesn't sell it for such low powered machines, they sell an alternative operating system that is still supported and will run on such hardware.

I know you must be getting pretty pissed off seeing 10 million more machines running Windows Vista every month, but can you lay off the old spin machine please else the "fiasco" of your storage blog may continue for a long while yet.

I can't say I'm honestly surprised judging on how crappy Apple's record is at patching vulnerabilities over the last few years. Windows Vista has consistently out performed all other major operating systems in this regard and Microsoft have spent a considerable sum on improving their development process in regard to security.

So anyway at the PWN to OWN contest held over the last three days crackers have been competing for a $10,000, and $5,000 prize. Their task was to crack a computer, there were three computers all running different operating systems. One running Mac OS X.5 (Leopard), one running Ubuntu 7.10 and one running Windows Vista SP1.

The first day was limited only to attacks over the network. All three machines survived.

The second day, the participants were allowed to open web pages, or e-mails. Mac OS X was compromised inside of two minutes.

Both Ubuntu and Windows Vista survived the day, and now the crackers can request that the judges allow "popular" 3rd party software onto the machines. As of this moment I believe both machines are still standing.

Both Linux and Windows have their fair share of crappy 3rd software, but I think Linux generally has more privilege escalation exploits, so we'll have to see how it goes.

So anyway, the next time some smug Apple fanboy comes up to you and goes on about security, politely remind them that they are full of it. And also consider reporting Apple to advertising regulators over their utterly misleading and down right false adverts.

An often overlooked feature of Windows Vista is the ability to extend - or even shrink a partition. My regular readers will know I recently picked up a Motion LE1700, it had a 3GB recovery partition built in, as I recently installed World of WarCraft on the machine I decided I needed to generate some free space.

I don't need the recovery partition as the machine is backed up to Windows Home Server, all I have to do is plug in my Xbox 360 HD DVD drive (the only optical USB drive I have) and boot from the restore CD, or the Windows Vista DVD if I want to cleanly install.

All it took to add the 3GB to the main partition was a quick trip to Disk Management.

Best of all this didn't even require a reboot, the main partition just has an extra 3GB of space instantly.

To do this on Windows XP you'd need to buy a 3rd party piece of software and reboot the machine.

I will not be buying, nor recommending that anybody buys any more products from this company.

No doubt many of my readers are aware of my long running battles with the GeForce 5 series on Windows Vista, which eventually made me so fed up I blew £1600 on a new Tablet PC (without any nVidia junk in I might add). nVidia right up to the launch of Windows Vista said they would support the GeForce 5 series on Windows Vista. Then around launch time they quietly retract and say it is no longer supported.

Now these guys have hit me again, with the nForce3 chipset. Unsurprisingly they pulled the exact same stunt, saying all through development and right up to launch that they will support Windows Vista, and then a month after launch, they pull all statements of support from their website. What a joke.

So anyway as I saw Socket 939 dual core chips were going pretty cheap so I replaced the Athlon 64 3200+ in one of my machines with a Athlon 64 X2 4200+, not only would it be a bit faster, with a Manchester core dual channel memory would work too, bargain. Everything worked fine until I arrived on the desktop, noticing the video card was in 2D basic mode. Windows was kind enough to inform me that where was a problem with the hardware and it couldn't start the drivers for my Radeon X850XT.

So I try a few things with no luck and then hit Google. It seems that the nForce3 doesn't work with ATI graphics cards in the AGP slot when using a dual core CPU. Great. So I disable one of the cores and everything works fine. Now this issue goes back to the launch on Windows Vista, the Socket 939 chipsets of the time all used a hack to get dual core CPUs to work, they'd remap the memory address of the AGP card into PCI, this is how they function on Windows XP. SiS and VIA both addressed the problem on their same-generation chipsets within a couple of weeks of the launch of Windows Vista by releasing an updated AGP driver.

Not nVidia though, they recommend you buy an nVidia graphics card or upgrade your motherboard! What a rip, worse still is their lack of support isn't advertised anywhere, boards with nForce3 chipsets are sold claiming compatibility for Windows Vista.

nVidia, get your act together release a damn AGP driver which works properly. No other company kills support for their products so quickly.

With Windows Vista Service Pack 1 RC coming out next week for the general public, there are a few issues that they may come up against.

The one that I've run up against is on my Motion LE1700 Tablet PC, when using the OmniPass password login software, this issue doesn't just effect SP1, but also some other updates that have been rolled out over the last year. Typically this can be solved by reinstalling the OmniPass software, however that is a lot of work and below is a quicker solution.

Essentially after some updates are installed you end up with two copies of your user icon on the welcome screen, this doesn't effect functionality, but its annoying and something I spent most of yesterday trying to get around with numerous reinstalls and uninstalls and system restores. Anyway I've cracked what was causing it, and I hear this will be fixed in a future version of OmniPass.

Warning: Altering this section of the registry is dangerous, you can quite literally remove all user icons from the Welcome screen preventing login. You should ensure System Restore has a recent restore point.

You'll need to crack open regedit and make your way to the location below:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

You should have a key containing OmniPassCredProv, this is the one we want to keep.

There should also be a key containing PasswordProvider, this starts with 6f45dc1e (not shown on the image above), this is the default key OmniPass removes when it is installed, and this is responsible for their being an extra user icon, some updates seem to rebuild this entry. I'd recommend exporting this key (just in case you need to import it back if something went wrong), then deleting it and rebooting. That should restore things to how they used to be.

I'm not going to link to the article in question but CNet have sunk to an all new low. They were doing a 'top ten terrible tech products', it had a few good mentions, Sony's rootkit on music CDs and a bunch of other things, but thrown in just to get some traffic was Windows Vista (in my opinion the best OS to date).

They go on to say:

Its incompatibility with hardware, its obsessive requirement of human interaction to clear security dialogue box warnings and its abusive use of hated DRM

For incompatibility with hardware they point to an article about the minimum requirements. So yes, like every other operating system in the history of computing it won't run on everything, you cannot run it on a toaster, you cannot run it on a Spectrum you cannot run it on a 10 year old PC.

Yes for security reasons a human needs to elevate to get administrative rights. Like every other modern operating system, how do you propose doing this without allowing everything unlimited access to the system, including malware stealing your data or destroying your data.

The DRM is utter nonsense and has been repeatedly debunked. It is disappointing to still see this mentioned.

If you're going to do this at least engage your brain and try and come up with something that a) isn't made up or b) doesn't apply to every other operating system.

Well these guys couldn't of picked a better time to unleash their Mac mouth-foam session.

Their article opens up with:

Apple has given Microsoft a lesson in software development with the launch of its new Leopard operating system which is faster, slicker and packed with a lot more practical features compared with the slow, underperforming Windows Vista operating system that is prone to crashing or locking-up systems.

Well that's a lot of claims chucked into a small space. Gish gallop?

Leopard huh? Oh yeah that came out today didn't it, funny I haven't seen much about it on the news. On all the news sites I've read it's all been about Microsoft selling 88 million copies of Windows Vista, Microsoft's biggest quarter growth since 1999, and how they blew away Wall Street's expectations by over a billion dollars.

Faster and slicker? Hmmm not according to Wired's Cult of the Mac blog who installed Windows Vista on their Macintosh and reported the following:

Vista really flies on this beast, and feels like it's faster than OS X - it boots faster, folders burst open and apps launch instantly...I'm especially delighted with Vista's "glass" Aero interface, which works in all its glory on this machine...The OS is dark and handsome. It's really quite exciting...Vista's icons are big and colorful, and frankly, a lot more logical and easy to read than some of OS X's, like the intelligible iWeb icon.

The guy then pulls out the whole crashing and locking up systems line, yawn that is so Windows 95, get something new and fresh please. Windows doesn't crash anymore.

With Vista the "Gadgets" have to be stacked in a frame on the desktop. In the Leopard environment they can be placed anywhere.

In Windows Vista they can be placed anywhere. Maybe if you actually bothered to use the thing you'd know that.

Unfortunately that's the trouble with these sort of people, like David Richards, they rubbish this and that without bothering to actually use them, they don't have a clue and their opinions are therefore worthless.

The bottom line is this, Mac OS X - whichever version is a 6 year old operating system, upgraded as often as Apple can with $130 upgrades, the sort of thing Microsoft do for free with Service Packs and applications on their website. Leopard introduces amazing new features that they copied from Windows 95, like the ability to backup your files, although on the Macintosh it is much more limiting requiring you to have a separate hard drive, you can also preview documents in the shell - like Windows XP. Oh dear, Leopard is a damp squid of a release, it’s a flop and a really late flop, Steve Jobs said this thing would ship before Windows Vista, well they're only a year behind at best, in many areas like Media Center and Tablet PC they haven't even started yet.

Mac OS X is a solid operating system and has been for the last couple of revisions, but I don't believe it is in the same league as Windows Vista. What these fanboys don't understand is that their foaming at the mouths and spending 80% of their time attacking Microsoft isn't winning anybody to their cause. Nor is preaching the lies that Steve Jobs come out with, just the other day he said that Windows Vista came 7 years after Windows XP. It is 5 years Steve, as you well know. I however believe that is a good thing. I'm sure the consumer would rather a big jump every 5 years at £120 a pop, than tiny little jumps every 18 months at £120.

This question pops up quite a lot in online forums nowadays. Before I could quite honestly tell somebody if you need to ask, you have 32-bit. That's not true anymore, you can buy machines with 4GB of RAM in them, and increasingly they are being loaded with 64-bit Windows Vista, so the system can make use of all the memory.

You can find out by going to Control Panel -> System and Maintenance -> System.

Alternatively you can search for System on Start Search, the search will return a few results, but one should just be the word System, with a computer icon next to it with a white tick on a blue monitor. That's the one you're after.

Clicking on that will launch the following.

System type displays if the system is 32-bit (often referred to as x86) or 64-bit (also known as x64 or x86-64).