Administrator Priviliges

[Licho]

SD needs admin rights to operate normally..
To download a map/mod it needs admin rights.

So its better to ask on startup once..

[imbaczek]

IMHO SD could work much better if it detected it runs on vista and changed spring config to use user's directory as SpringData. of course this all should be taken care of by spring itself, but since SD needs to autoupdate itself, it could also do this so it doesn't need admin right for normal operation, just for updating.

[AF]

SD needs admin rights to operate normally..
To download a map/mod it needs admin rights.

So its better to ask on startup once..

*Licho opens can of worms*

It only needs admin rights to move the downloaded file to the spring folder, and only if its a Vista machine with the default access rights, and only if spring was installed in program files.

To this I point out the following flaws:

• What if spring is installed outside the program files folder in user space?
• What if content is set to be read from user space
• Files being downloaded directly into the working environment allowing files that are being written to and incomplete files to be present in a working spring environment. Huge no no, what's more its a very very basic mistake, its the sort of thing dailywtf would laugh at as too noobish to post. Everyone knows you download to a temp folder then move to the target folder.
• This assumes spring downloader will actually download a file. If no files are needed to be downloaded then the UAC prompt was pointless
• This flies in the face of microsoft blogs and reccomendations, which say that UAC was also intended to reduce programmers reliance on the assumption that admin rights were present, as this would result in lots of UAC prompts that could be totally avoided. They posted graphs and statistics to prove this on the windows 7 engineering blog.
• Horrific usability wear and tear on the end user. Games should not require administrator privilledges. They're for having fun not performing maintenance.
• Bad security practice. Spring downloader now provides an access route to gain escalated admin privilledges on Vista and Windows 7 systems.

Basically you cannot be arsed doing something despite the slew of problems it creates. Why justify doing this because it only means 1 UAC prompt when you can smash that arguement by saying doing it properly could mean no UAC prompts whatsoever!!. Ontop of that once youve acquired admin privs if needed you can have the optiont o keep hold fo them till the program ends, thus guaranteeing that there will only ever be one UAC prompt if there are any at all!!!!


Because you cannot be arsed I have pointed you in the right direction. Please do not ask me to do your dirty work because you'd rather spend 10x as much time and effort fighting it than it would take to actually do it!

http://www.codeproject.com/KB/vista-sec ... ation.aspx

http://msdn.microsoft.com/en-us/library/aa970890.aspx

[Licho]

I dont care AF, either pay me or do it yourself :)
Im not using vista, im not doing to make complex code changes for minimal gains for suicidal minority of people.. If people are annoyed by it they can disable UAC or set it to start with admin rights on default..
Or they can code changes ..
Or spring could stop using program files.

I already wasted way too much time on spring related stuff, not doing anything about this. If you hate it, send patches.

[SwiftSpear]

Heh. Vista users, the suicidal minority.

[smoth]

shit runs fine on my machine, I have no idea what af is on about, then again I have not read his post.

[AF]

Or spring could stop using program files.

If it did then we'd still need admin privileges to run tasclient+spring downloader. While you may think Vista is a suicidal minority, this is the nature of things to come. Vistas install base is increasing, and windows 7 and 8 inherit this behavior, and 7 runs on netbooks meaning that soon enough there may not be any XP machines on sale through the netbook loophole.

This is a case of proper program design and responsibility. This isn't just any old random tool, this is installed on almost every spring machine out there, as such do you really want prospective employers looking into your projects and finding complaining users and an ignorant author? As for wether Id fix it, I don't think theres a visual studio for OS X nor am I interested in looking into it.

[AF]

shit runs fine on my machine, I have no idea what af is on about, then again I have not read his post.

You don't run from program files, and I assume you run as an administrator ( wut? no 15-25% performance boost from being non-admin?! ), and I assume you have UAC off.

[lurker]

[*]Files being downloaded directly into the working environment allowing files that are being written to and incomplete files to be present in a working spring environment. Huge no no, what's more its a very very basic mistake, its the sort of thing dailywtf would laugh at as too noobish to post. Everyone knows you download to a temp folder then move to the target folder.

This really hurts your entire post, because it does use a temp folder.

And even in the previous topic about peformance, I don't recall you giving a source with numbers about the performance loss there. And is it for all programs or just virtualized ones?

[AF]

Its was reported widely when Vista was first released that Vista under administrator access has a 15-25% performance hit due to registry visualization and other security measures. These security measures make no sense under a standard account and are disabled thus giving a sizable performance boost.

Sadly they've all been buried under a slew of Anti UAC tweak tutorials to find it in a half minute google

[lurker]

But it still has to virtualize program files and registry access on limited accounts, too, for non-vista-aware programs, so I'm not sure exactly what you mean. Is this a different type of virtualization that only happens when you're running as admin?

[AF]

Your talking about 'compatibility' measures, Im talking about 'security' measures. Basically it runs things using virtualization and checks ahead of things, so stuff like registry access is considerably slower, as well as numerous other checkups Vista performs to make sure the program is behaving.

Under standard accounts though these checks are unnecessary because even fi the program misbehaves these resources are already limited or controlled in such a way that the way they're accessed doesn't need nannying. Hence the speed up.

[lurker]

But if the program I'm running doesn't have any auth tokens, what is the change from being a fully limited account?
And this performance hit is on what? Registry access? I/O in general? GUI? No way it's going to slow down something like prime95.

[AF]

On a standard account no it wouldn't have auth tokens, but on an admin account the base level of privileges is much higher, after all its an admin account, as such if code was injected it could do damage, whereas on a standard account itd be unable to do much of anything once inside the executable. As said, 15-25% variable figure since not all actions by a program come under the umbrella of increased security and integrity checks.

[lurker]

Just poking around non-elevated programs, I see some deny tokens for high security, everything is running medium integrity, and I have no idea what you mean about the base level being higher.

[AF]

in a standard account everything has a base privilledge of 'standard', the default access level is lower than that of an admin.

Under an admin a program ran has higher privilledges than under a standard account. These privs aren't exactly root access ( the superadmin account) but they are still significantly greater than that of a standard account, great enough to pose a security risk should the program be compromised.

[Caradhras]

sudo make people install linux -force -overwrite vista

[lurker]

Well I have vlc open from the Guest account, and the only difference I see is that the Guest has nothing listed for admin and power user, while the one on my main account has those explicitly denied (not quite sure in what direction this means), along with, in a seperate area, shutdown and time zone changes explicitly being denied.


Does spring work well under wine?
The most practical reason I'm on windows is probably drivers, haven't looked at that very recently. That and wanting my drive to both have proper permissions and be accessible from windows and laptop.

[TradeMark]

weird that nobody has made any viruses for spring yet... since its very vulnerable to anything, lol, especially the TASClient with its buffer overflows etc

would be funny to hack spring so you can control enemy units XD

[lurker]

TASClient has buffer overflows?