Re: VC9 + SP1 and manifests (broken)
* SvenC:
Hi Ben,
... different parts [manifest/virtualization...] of the Vista-and
beyond systems ... quickly become unmaintainable.
Unfortunately, the alternative is to break old programs, hence to
halt the operation of countless businesses and individuals. These
people are not guilty, they lawfully bought their software, they
use it on a daily basis and their businesses depend critically on
the proper functioning of this software.
But they need to set higher standards for "Windows Logo". If they
weren't so danged focused on the revenue the Windows Logo Program
generates, they could go a long way toward making sure these
redirection hacks are phased out (not to mention the software getting
the Vista version of the Logo would play nicer on non-Administrative
accounts of Win2000 and WinXP).
The cries of the semi technical people which feel the need to tell their
thoughts in blogs and elsewhere about *Vista being the problem* that
*many apps* are not working any more causes lots of people to believe
this "semi correct" view.
Microsoft knows about this problem and had to find comprimises to
make it work as much as possible. Compromises are never perfect
hence they are call compromise and not perfect.
Microsoft tried it the educational way with Win2000/WinXP and preached
to log on as standard user and not admin and us devs should develop
software that plays well in this scenarios. It simply didn't work.
Simple reason "it" didn't work: Microsoft's own programs require being logged on
as administrator.
The whole security scheme of Windows is braindead (have you ever tried changing
security settings on a disk? -- it's redundancy elevated to billion'th power)
Add the requirements of Microsoft's own programs and you have something that
can't even be cajoled into working: first, the security scheme Does Not Work
(Microsoft once touted C2 certification for some version of NT that evidently
ran on a machine in a locked closet with no user, but even that wouldn't work
today), and second, the Microsoft app requirements mean you have to circumvent
the schemes.
Add to that that e.g. Internet Explorer stores personal information in umpteen
hidden files and hidden directories scattered all over the disk, and that from
Windows 2000 on Windows itself does just about the same, and it's clear that at
Microsoft nobody who's in charge has the slightest notion of what security is.
For MS security is a buzzword, and buzzword "technologies" aimed solely at the
enterprise market with *central control* as the main feature: Microsoft, in its
blind chase after easy quick dollars, has forgotten the market segment that at
root drives the main sales, namely the individual personal computer user.
You
have to feel the pain of security or more clearly: you have to feel the
pain of your customers who are not able/allowed/interested to tweak
the security settings to a lower level just to run your app.
That's bullshit. Sorry, but it is. In Windows XP, why the f*ck do have I have to
have administrator rights in order to get a list of drive letters (fsutil)? In
Windows Vista, why the f*ck do I have to be administrator or "elevate" or
whatever just in order to inspect my current IP address (ipconfig)?
The answer is not that it's because MS engineers are super-smart and understand
(which nobody else do) that that's the only way to get Real Security in future.
The simple answer is, because they're grossly incompetent, or their bosses are.
This change is painful, agreed. But it is the only way which will change
us devs to build apps which play nicer according to the rules (of
Windows and security as designed by Windows designers).
Bah, see above.
Cheers,
- Alf
--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?