There is a slippery tug-of-war going on between Microsoft and third-party application developers. This even has Microsoft application-product and developer-product development teams fighting/ignoring/neglecting/throwing the mud that is piling up on the user doorstep.
I’m talking about the effort to have users operate safely and snuggly in Standard User Accounts (SUA) and the actions taken by application developers and their employers that completely fail to respect the user in this matter. No matter how much has been said and published about how to deploy applications in a way that works easily for standard users, there are continuing expectations that users run as administrator all of the time. This is made the simple case, reinforcing a practice that we all know to be unsafe (although Vista has a mitigation that some people insist on disabling).
Picking on Second Life
Here’s an example of what I mean. I choose it because it is typical and because it all happened while I was looking for a way to illustrate this. Second Life is representative (although no less disheartening).
The Setup: I haven’t been on Second Life for a while, which means there is doubtless a mandatory update that I’ll be required to install before I can get "in-world." This is so predictable that it actually keeps me away from Second Life even longer once I have been away for more than a week. I start putting off the pain of downloading and installing another release.
Today I was doing some system clean-ups and celebrating the new power-backup unit I installed after a series of storm-related power hits defeated my old battery backup. As a reward, I was tidying up some loose ends after running system tune-ups and catching up on important things like my Facebook presence.
Nice New Update Announcement
I decided to check into Second Life and see what’s new. When I brought up the application (and I was running as administrator because I had been installing some other updates), I found a message that I have never experienced before. The message was in a corner of the Second Life client user interface.
I hadn’t logged-in yet, but the application apparently checked on-line for an update and it had that message for me. I went ahead download the 18.104.22.168 release into a location on my computer where I save Second Live releases. (I usually keep the current one and its immediate predecessor, along with screen shots of my experience.) Now, I usually don’t turn on any automatic check for updates, and I don’t recall ever being offered an option in the matter. Since Second Life is an on-line application, I am not surprised. I am surprised this showed up before I opted to connect to the on-line system though.
Not So Fast There, Sparky!
I downloaded the announced update while still elevated to computer administrator, but I didn’t install it. I was excited by that "now the choice is yours" phrasing. I wanted to see that in action. I clicked the Connect button to sign into Second Life. Oh, what have we here? The usual. Not exactly a choice, huh? This is the dreaded message I have come to expect.
Since I don’t want to do this as an on-line administrator, I clicked Quit. I already have the update. I can install it when I am good and ready.
My previous experience using the Download button is that Second Life will download and attempt to run the install. Because my computer account is normally set to "limited account" the install will fail and I will still have to go to the Second Life site, log in to that site, download the new version, and then install it myself while temporarily upgraded to a computer administrator account. The new Update Available notice has saved me the need to hunt down the download on my own. That is a nice improvement.
Say Stranger, New in These Parts?
I wanted to demonstrate how painful it is to go through a 33-megabyte download only to be told the install can’t be done. I switched from Computer administrator back to Limited account to demonstrate what happens. I haven’t taken this path since March 2006, the first time I discovered that Second Life does not have a non-administrative way of updating itself. (This was no surprise, but I tried it to be certain.) [This is from a photograph of my screen, slightly defocused to avoid interference patterns in the image. The OneCare pop-up refuses to be screen-captured with the software that I use. The yellow-alert condition there is because I need to run backups. I have to be elevated to administrator to do backups and also to have the correct account data be backed-up too.]
When I opened the Second Life client and got to the download button again, the download didn’t even start: Second Life tripped over my firewall. That’s interesting because my firewall is already conditioned to allow Second Life access to the Internet. What’s even more interesting is that whatever program is being used to install the download, it is one I (and OneCare) have never heard of. I can go no further without checking with OneCare.
I could take Second Life’s advice and install using the download that I already have. I certainly don’t want the auto-update to succeed. I do want to understand why it failed in this particular way.
I switch users and quickly log into a computer administrator account to consult with OneCare on the matter. I do so, and OneCare’s notification comes up immediately.
Uh, I Don’t Think So
As a computer administrator, I now have something to say about the program that was blocked.
Now, what program is that exactly?
Let’s see, it is not signed code (that’s what Publisher Unknown means). There is no version or company identification.
The name of the program is a made-up tmp.exe with a random name.
In fact, the program is in my user-account Temp directory. None of this is reassuring in any way.
My intention is to block this program forever, assuming that it ever runs again, but I’m curious to know if it will still attempt running. [Next I have second thoughts and block it permanently on the second notice which was apparently already stacked up.]
There are two things going on here. First, I am willing to believe that the Second Life client creates a copy of a down-loader in the Temp directory so that the install can happen atop the Second Life location without weirdness. I am almost willing to give that some credence.
Secondly, I am satisfied that the update would attempt to run automatically. There’s no danger that the down-loader can accomplish anything, however. Writing to C:\Program Files\Second Life\ on my machine can only be done under an Administrator account. I’m not operating in one of those, which is what I had started out to demonstrate until the firewall intervention occurred.
Reviewing the Situation
So, the easiest way to install all of those interminable Second Life updates is to be running on-line as administrator without a firewall.
Clearly, the Second Life folk know that and they design that as the inviting case. Look, they suspect that their connection attempt with this weird little program is blocked by a firewall.
That’s what I mean by the slithery tug-of-war. I also hate it when applications check automatically for updates and then nag me about it. Being denied access to the service until I install one of the interminable updates is worse. Of course, the fact that I put up with this in order to enjoy Second Life eye candy and all the in-world denizens just shows how tempted I am. Even I, a devout Standard User.
Apparent convenience trumps security and safety. Almost all of the time. And we mostly put up with it.
Installing the Usual Way
Today’s experience has me thinking that I would be better off not playing in this game with the Second Life developers, regardless of any seductive appeal of their application. But let’s see how well I do when I employ my safe practice to install the update and finally return in-world.
See how complacent I am? The code is not signed, and I don’t do anything about refusing to accept unsigned software, especially when downloaded from the Internet (although probably under safe conditions).
As you see, I am going to go ahead and install it. I am now running with my account switched from Limited User to Computer Administrator. I am not on-line, although I am connected.
My intention is to install and run the application once while I am administrator so I can condition my firewall for the new version of the application.
Oh yes, installers have a habit of wanting to access the Internet too. I often experience requests to condition my firewall before a Setup program gets very far. That is also true here. No surprise. We haven’t even started up the program and already there is Internet activity.
On continuing, the revised Second Life version starts up for the first time.
Oh, What’s this? We get all of this way and now I am given an absolute click-through requirement to accept a lengthy Terms of Service agreement. That seems to be one of the improvements of this release.
I couldn’t even get it onto my clip board for closer review later. You can see I selected the text, but I couldn’t get it where I could preserve it. And it is long. And mind-numbing. The part that I have scrolled to is section 5.3 where I am informed that everything that I have done on Second Life, any Linden Dollars that I happen to have, and any credit for any purchases can disappear at any time for any reason whatsoever.
Well, I’m certainly happy that they require me to promise to have read this terrible document before I am allowed to continue on and connect into Second Life, the world.
After my exploration was over, I went to the Second Life site and did manage to find a web page with the Terms of Service at http://secondlife.com/corporate/tos.php. I can’t testify that it is the same document, but Section 5.3 is definitely the same and I did download a copy for my reference.
About now, I am wondering why I am continuing to put up with this. I wander around in-world for a while, mainly pruning my list of landmarks of places that seem to be dormant or not that interesting.
The Prize in the Bottom of the Box
OneCare let me know about a second program not long after I allowed the main Second Life program to have access to the Internet. For some reason, the extensions to allow direct voice audio in Second Life are provided or installed using a second program, one that my firewall wants me to consider whether or not to allow.
I opt for the program to run. I didn’t put on my headset and microphone nor did I find any avatar to talk to this way.
I am grateful for this little addition though. When I closed Second Life, I experienced a frightful system slow-down. Everything turned to molasses. Windows were blank and took forever to paint, that sort of thing. At the end of that prolonged seizure, I received a wonderful message.
I have been waiting almost two years for one of these. It is worth a completely separate blog post by Professor von Clueless, but here is the message. I wanted a real-world example of one of these and now I have it. Thanks, Second Life developers.
[Dear developer: This condition may be a consequence of the temporary blockage that OneCare instituted during the first-time execution of the new version. If the program never noticed that the block had been removed, or was somehow derailed by the block, this Runtime Error might be a consequence. I did run Second Life one more time after restoring to a limited account and there were no further errors and no unusual slow-down conditions.]
A little more background: Even though my main development system runs Windows XP (Media Center Edition 2005), I operate in a Limited User Account (LUA) whenever possible. I have an administrator account that I use only when I need to perform a purely-administrative function (including allow Microsoft Update to install goodies it has ready for me). I’m effectively implementing the equivalent of User Account Control by manual procedure. This is in the spirit that Dennis Wallentin expresses in his 2007-10-20 blog post on being UAC Compliant:
"UAC stands for User Account Control and is the new technology in Windows Vista to provide users with different level of administrative rights and privileges. UAC main purpose is to support a more secured environment then what Windows XP offers.
"Microsoft has a good white paper that covers UAC in detail and therefore I have no intention to cover it here:
"Most developers I know have intentionally disabled it because they found it to be rather annoying, time consuming and too restrictive. [orcmid: my italics]
"Although I can agree with these opinions I try to have it enable as much as possible simple because that will be the most likely scenario for many of my customers. In addition, from a general point of view I support it because by default all users (except Guests) are logged on to Windows Vista as standard users and get extended rights only when needed.
When I need to do something different, such as install new software or update downloads from other sources, I will carry out the download, parking the file in a safe place that I can use for any future re-install. Before installing, I switch my normal account to being a computer administrator and I install under that account. This is to ensure that the software installs properly for operation under that account and not all accounts, if possible.
Second Life, as do many other applications, installs for all accounts on the machine, including all Administrator-group accounts. When I detect this, I remove all icons, shortcuts and start menu occurrences from "all users," confining them to my normal account instead. Automatically installing for use from all accounts on the machine is another action that punishes my efforts to be a Standard User and only allow pure administrative activity in my separate administrator account.
[update 2007-10-21T16:59-0700: I provided a link to the detailed post about Visual C++ Library runtime error messages and also cleanup up some rough edges in the text of this post.]