Dumbest .. OS .. ever

· by Steve · Read in about 3 min · (611 Words)

So I was using Vista today, a relatively rare event on this machine since my discovery of how silky an experience OS X is, and I realised that although I’d already installed Cygwin (because I use bash for all my scripting needs, and being without sed / awk / patch / diff on the command line is unthinkable), I’d forgotten to check ‘patch’ when I ran the Cygwin installer. Simple I thought, I’ll just run it again. I did exactly that and patch was installed, and I was off again, ready to test some work I’d done on OSX on MSVC before committing it - except at that point Vista insisted on shoving a two-by-four into my spokes.

Any call to patch, my literally everyday way of moving uncommitted changes from one machine to the other as well as pulling in community patches (yes, I know I can use right-click > Tortoise CVS > Apply Patch, but I like to ‘-dry-run’ things first which you can’t do with the GUI) came up with the annoying ‘An unidentified program has tried to access your computer’ prompt. Answering ‘Allow’ just dumps me back to the prompt with nothing having happened.

Cue head-scratching.

This normally only happens when an application requests admin rights, but I didn’t request them and don’t need them for patch. I checked the permissions and that the ‘Run program as administrator’ option were unchecked, which they were. However I noticed that patch.exe had the little ‘shield’ icon next to it, indicating it would try to run as admin.

Cue more head-scratching.

I thought maybe it was something the installer did, since it was running as admin, so I manually extracted patch.exe from the archive and copied it somewhere else. Same effect. Vista insists on marking the EXE as requiring admin rights.

I scanned the rest of the Cygwin folder to check everything else worked ok from the command line. Most was fine, except that I noticed that ‘install.exe’ and ‘install-info.exe’ both had the same shield whilst everything else didn’t. The penny began to drop, but I couldn’t believe it. Surely Vista isn’t dumb enough to assume that any EXE with the word ‘patch’ or ‘install’ in the title must request admin rights?

You’re damn right it is. Renaming patch.exe to ‘paatch.exe’ let it run fine without requesting admin rights. Similarly ‘innstall.exe’. Renaming them back made them request admin rights again. There doesn’t appear to be any way to control this at a file level, the OS just looks at the file name and says ‘oh, patch must be a system tool’ and forces it to request admin rights. I eventually found this report of the issue, although only after I’d figured it out on my own.

Cue bouts of incredulous swearing.

So this is an example of the new sophisticated security system Vista contains. Perhaps they should branch out into the physical world and start offering security consultancy to banks: “Top tip guys - watch out for people wearing little black masks and carrying bags labelled ‘swag’.”.  Sure, it’s not foolproof, but it’s (quoting that article) ‘better than nothing’. What a bunch of claptrap. As a defense mechanism its as effective as a papier mache tank and will last about as long. The inconvenience to genuine users will last forever though.

This is about the dumbest thing I’ve ever seen done in the name of security. Whoever thought this was both effective and proportionate needs their head examined. Thanks Vista for wasting another hour and a half of my time when I could have been doing something useful. Once again you prove yourself a partner of necessity rather than preference.