Vista's security may be too tight for some Web sites and finding help isn't easy

Vista's security may be too tight for some Web sites and finding help isn't easy

Summary: Yesterday, in a post about whether desktop operating systems will matter in 2010 (when the next version of Windows (codenamed "Seven") is scheduled to ship, I mentioned how Internet Explorer 7 (the default in Windows Vista) is like putting a chastity belt on a browser. Using Firefox is one potential work around.

SHARE:

Yesterday, in a post about whether desktop operating systems will matter in 2010 (when the next version of Windows (codenamed "Seven") is scheduled to ship, I mentioned how Internet Explorer 7 (the default in Windows Vista) is like putting a chastity belt on a browser. Using Firefox is one potential work around. But not all sites work with Firefox. One non-Firefox-supporting case in point that has really brought IE7's overzealous security settings to roost in our home is Kodak's online photo gallery (formerly ophoto.com). 'I followed Kodak's step-by-step and it worked for the administrative user. But not for the standard user.' My wife, for whom I just purchased a new PC that came preinstalled with Vista, is a big user of Kodak's gallery. Like other photosharing sites, you can download some software that makes it easier and faster to do bulk uploads of photos. She had no problem doing this in XP. But, until today, I was able to get it to work in Vista with IE7.

Before I handed the computer to her, I set her up as a standard (non-administrative user) on the system. So far, the number of things haven't worked for her standard account the way they used to in XP/IE6 has been a major tax on my time. She tried to download some software from Kodak's Web site. It wouldn't download. Why? I couldn't tell at first. But it's apparently related to another problem her account is having: it can't access IE7's Internet Options. Not even to change something as simple as the browser's start page. When I tried this, nothing would happen. My gut instinct tells me to login as an administrator, but once there, I have no idea how to fix the Internet Options for another standard user on the same system.

Until today, it was vicious cycle. Everytime she'd try something for the first, time, it's "Daaaaaaavid!" It's clearly VERY secure. But maybe too much so.

When something doesn't work the way Kodak's software didn't work, there may be no telling why. I see a visual cue in IE7 that says "Internet Protected Mode: On" and I wonder if by turning it off, if some of her problems will go away. As any kind of user (standard or administrative), not only is Windows/IE absent of any useful information about what this mode is for, it doesn't work right. If I dive into IE's settings, it offers me the opportunity to turn the protected mode on when, in the status bar, it indicates that it already is on. Shoddy design.

Eventually, I gave up. She was all excited about getting the new computer (a Lenovo Thinkpad). Only to learn that she can't do the one thing (upload photos) that she does more of than anything else (non work-related). A door stop would have been just as good. Not to mention how bad this is for marital relations in the Berlind household.

A few weeks back, I bumped into the fine folks from Kodak during a gadgetfest in New York City. I asked for help. That help finally arrived in my e-mail a couple of weeks ago and included the following steps:

  1. Open one Internet Explorer window. Close all other Internet Explorer windows.
  2. Navigate to any website other than the Gallery (eg: www.google.com).
  3. Click on Tools | Internet Options.
  4. On the General Tab, click on Delete under Browsing history.
  5. Click on Delete Files | Yes and Delete Cookies | Yes.
  6. Click on the Security Tab | Trusted Sites | Sites.
  7. Uncheck the box labeled "Require server verification (https:) for all sites in this zone."
  8. Add kodakgallery.com, gallery.com, and ofoto.com to the list; click Close.
  9. Click on the Privacy Tab. Click on Advanced.
  10. Check the boxes that say "Override automatic cookie handling" and "Always allow session cookies." First and Third party cookie should be on Accept. Click OK.
  11. Click OK on the Internet Options windows. Close this window of Internet Explorer.
  12. Click on the Start Menu | Control Panel (or Settings | Control Panel) | Add or Remove Programs. In Vista, this may be Start Menu | Control Panel | Programs | Programs and Features.
  13. Remove any version of the Easy Upload tool that you may have previously installed, including v.2.1 (current version).
  14. Start up Internet Explorer again. Go to www.kodakgallery.com and sign into your account.
  15. Click on Upload Photos (third tab), Continue, Install Easy Upload. Click on Run and then Run again.

Never mind the fact that it's at least 15 steps before Kodak's gallery software stands a chance of working (when I first started having these problems, these steps were not listed anywhere on Kodak's Web site). Several of the steps involve making global changes to IE that have me wondering how far I must stray from IE7's default settings before other things start to go wrong. Or before some malaise or malware sets upon my wife's systems.

Maybe I won't have any problems. But I feel like I'm toying with something under the hood of a new car that I have no business toying with and that I could pass some point of no return.

Although I'm sure work arounds and third party utilities exist for targeting specific cookies for deletion, deleting cookies through IE7's stock interface for deleting cookies is an all or nothing approach. I hate deleting all of a browser's cookies because of the role many of them play in optimizing my user experience with certain Web sites. I don't like starting from scratch. I wish it was easier to delete just some.

I followed Kodak's step-by-step to the tee and it worked for the administrative user. But not for the standard user. Fortunately, the folks at Microsoft connected me with a support guy named Hal. By the end of the call, he determined that the standard user account that I had set up for my wife was corrupted and that the only way to recover was to create a new account, move any user files from the old account to the new one, and then eliminate the original account.

How, in a brand new Vista system, does a new standard user account become corrupted? Hal couldn't venture a guess. But it does appear as though IE7's functionality was somehow entangled with Vista's security mechanisms since everything seemed to work just fine for an administrative user, but not a standard user. Hopefully, Service Pack 1, whenever it ships, will put an end to these random events.

Topics: Browser, Microsoft, Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

69 comments
Log in or register to join the discussion
  • IE 7 on XP...

    Isn't much better. For example, I use MS Base Line Security Analyzer to scan my companies' network. With IE 7, everytime I want to view a report, I have to click on the yellow bar on top to allow an ActiveX control to run to view the details. Sure, there is some setting in there to change this, but do I want to? Why do I have to fiddle with this? Then, if I change this setting, the scanner hollers at me for non-safe settings! This is a case of IE 7 blocking MS software. Go figure!
    sordito
  • MS better get that ironed out!

    Cause it's this kind of thing that will drive people back to Administrator privies and override the security model! ]:)
    Linux User 147560
    • That is what's unique about Vista

      Admin runs with standard user rights. It will elevate as needed and prompt for authorization as necessary.
      xuniL_z
      • Unfortunately not unique

        The problem with Vista which unfortunately is not unique in MS products is that it takes lots of work arounds to make it work at all. Even then it doesn't work the way it should.
        admin@...
        • And why do you suppose that is? ?

          Sure, it's Microsoft's fault for not making 3rd party software vendors and other programmers fall in line earlier. But before the web and security issues arose, this very useful and good platform had so much code written for it, it was nearly impossible to turn back. They made a bad choice perhaps, not doing this sooner. But with Vista they did have to hold back from going to whole way to a unix style security model. There would be an even larger number of broken interfaces and programs if they had not. Plus it's not always a "workaround" but Microsoft still believes you can't allow security to entirely take control of your platform. they are working hard to get their SDL coding to a point where you can have both. <br>
          but this was a major shift for microsoft and there will be growing pains. SP1, or fixes sent seperately are going to address a lot of issues. You can't keep an OS in beta forever, you have to just let it go at some point. It was ready in my mind. Vendors had unprecedented access to info, tools, software..the works to get ready for vista. Vendors most like thought Microsoft would back down on the security model in the end....how else can you explain intuit nt working with vista?? That says it all....and that was entirely Intuit's fault.
          xuniL_z
        • well,

          Sure, it's Microsoft's fault for not making 3rd party software vendors and other programmers fall in line earlier. But before the web and security issues arose, this very useful and highly productive platform had so much code written for it, it was nearly impossible to turn back. They made a bad choice perhaps, not doing this sooner. But with Vista they did have to hold back from going to whole way to a unix style security model. There would be an even larger number of broken interfaces and programs if they had not. Plus it's not always a "workaround" but Microsoft still believes you can't allow security to entirely take control of your platform. they are working hard to get their SDL coding to a point where you can have both. <br>
          but this was a major shift for microsoft and there will be growing pains. SP1, or fixes sent seperately are going to address a lot of issues. You can't keep an OS in beta forever, you have to just let it go at some point. It was ready in my mind. Vendors had unprecedented access to info, tools, software..the works to get ready for vista. Vendors most like thought Microsoft would back down on the security model in the end....how else can you explain intuit nt working with vista?? That says it all....and that was entirely Intuit's fault.
          <br>
          And please stop and think here, if they had not put as much into security as they did and just had a revamped XP that was strictly compatible with existing bad code etc....you'd be in there with the rest of them bashing Microsoft for not doing anything about security. Would you not?
          xuniL_z
  • All too common

    How will things EVER get any better when software is still so dependent upon admin rights? Come on, we're six years beyond the release of XP. NO productivity apps written in the past 3 years should require admin rights, and I'm being generous not expecting it to be 6!
    bmgoodman
  • Why did you give her Vista

    As someone who works in the field you should have known better then to give a non techie user Windows Vista before all of the bugs are fixed. The first think you should have done with that new pc is to wipe it clean and install XP.
    jfp
    • Imagine the voice of Sam Kinnison...

      "Because he LOVES her!" ]:)
      Linux User 147560
    • It came pre-installed and I did in fact...

      want the better security. I guess I wasn't prepared for this though.

      db
      dberlind
  • David...

    How do you know that the genius squad at Kodak didn't screw this up in the first place?

    There's plenty of examples that point that people know how to write applications that don't require admin privledges.

    It sounds to me like this application that Kodak has is probably not suitable as a browser-based app in the first place.
    BFD
    • indeed

      [i]How do you know that the genius squad at Kodak didn't screw this up in the first place?[/i]

      This was my question as well.
      Badgered
    • Re: David...

      [i]How do you know that the genius squad at Kodak didn't screw this up in the first place?[/i]

      I was thinking the same thing. They screwed it up when they made it IE-only. What's to say they didn't screw that up as well?


      :)
      none none
    • Totally agreed!

      Completely agreed - sounds to me like the web developers that made Kodak's photo sharing site just wanted to get paid, and did a sloppy job. I'm finding that there are a [b]lot[/b] of programmers in the business just to get money, and aren't really good at it.

      In addition, I agree that this probably isn't something that should be browser based. I really don't think that 100% of our apps really should be webified. Just because it's cool doesn't mean it's the best way to do things.

      Seriously, David: There are better options. Do some research, find a better photo sharing site.
      CobraA1
      • Picking photo sharing sites

        I agree. Had I been making the choice, I would not have picked something IE-specific. But it was my wife's choice and I suspect that when she made it a long time ago (1) Firefox wasn't quite the alternative it is today and (2) she was doing what lots of other people did, ... just looking for a solution that go the job done. In her eyes, IE was not a sacrifice. There are plenty of other people who do the same thing.

        db
        dberlind
        • Sounds like it's time

          to straighten your wife out. I have mine trained better than that.
          sackbut
    • Does it matter?

      Really, think about it. I'm not sure how many thousands of people use Kodak's Gallery. But, under XP and IE6, it worked fine. My sense is that a lot of browser applications like this one need to be fixed to better accomodate IE7's security model..and this is in addition to getting some verbiage on to the Web sites that help Vista users deal with any stumbling blocks. Right now, in my estimation, between software that doesn't work on IE7/Vista and the lack of verbiage, the situation is unacceptable.

      db
      dberlind
      • David, have you tested this elsewhere to prove

        it's not an isolated incident? Just curious. I know there inconveniences in life, for instance you have to download and install quicktime and flash and thankfully IE has java support or your web universe would shrink quickly. Do you find needing 3rd party proprietary solutions just to use the web acceptable? What about the fact that Flash keeps in touch with the mothership everytime you bootup to check you have the latest version? Do you mind the flash screens that popup asking if you want to update in the middle of your work? <br>
        But mainly, i'm wondering if you experience is the same for everyone....let me know if you tested that out elsewhere. I know for years I've had to alter IE settings for given circumstances. At work I need to make changes so I can hit the intranet. <br>
        Wouldn't it be GREAT if Microsoft finally found a way to make sure you can hit EVERY SITE and your security settings AUTO ADJUST to the perfect Balance of security and USE?
        Until that time, I suppose Microsoft's fate is to receive criticism no matter what they do. <br>
        Hey, you read about the Duke U. issue with teh iPhones? That would be a good article for zdnet. It's certainly headline material how the new iPhone is wreaking havoc across the entire campus. That's just one story on iPhone problems.
        xuniL_z
  • Vista IE 7 Problems

    I was just wondering which arm had to be lifted and where you had to place your foot while performing this procedure. All of these things clearly point out to me that I was correct in installing XP Pro on my home built HTPC in March when Vista was available.
    ken@...
  • Damned if they do, damned if they don't!

    "IE7?s overzealous security settings"

    Everyone has been whining that Microsoft isn't securing their OS. Now that they are people are whining that it's secured too much. Make up your minds and stick with it. Either you want security or you wan't compatibility. You can't gave both...the two are at odds with one another:

    security = 1 / convenience
    ye