Windows 7 Performance Guide
by Ryan Smith and Gary Key on October 26, 2009 12:00 AM EST- Posted in
- Systems
The Rough Edges
The first thing that bothers us is a technical matter, and that is the addition of various levels of UAC , and the security ramifications of that. We’ve talked about this before in our look at the release candidate, but it bears repeating.
With the changes made to Windows 7, at the default UAC level of 2, signed Microsoft executables are auto-elevated to admin privileges when run by an admin. This primarily manifests itself in the Control Panel, where most of the panels are allowed to auto-elevate so that users may make changes without facing a UAC prompt.
There’s certainly a benefit to this in terms of user interaction, since the Control Panel and installing software are the two most common admin-level tasks a user will do. The latter is a repeating occurrence, but the former is something that usually only happens once when the computer is set up. So by making this change, the new-user experience involves less UAC.
The UAC Control Panel With Level Slider
It’s the security ramifications of this that concern us. Someone already managed to exploit this in the pre-RC phase (where the UAC control panel itself was auto-elevating) to disable UAC entirely. The concern we have is that all of these auto-elevating programs are an obvious target for a local privilege escalation attack to accomplish something similar, if not the same. Imagine finding a way to make the Display control panel execute a 3rd party application with admin privileges, for example.
Now to be clear, it’s not as if this is the only way to achieve local privilege escalation attacks. The Windows kernel itself is a target, and I can’t think of any major desktop OSes that haven’t seen such an attack in the past. But this makes that easier, potentially much easier. And that’s a risky proposition when a UAC prompt may be all that’s left between malware executing and running amok or not.
Certainly someone is going to bite my head off for this, but I don’t think Microsoft should have made such a fundamental change to UAC. More casual users may not have been fond of how Vista or UAC Level 3 handle security, but it was a more secure choice than Level 2. To that end, I certainly wouldn’t recommend running Win7 at the default UAC level for any computer connected to the internet.
On a lighter note, even after using the release version of Win7 for 2 months now, I’m still wondering who thought it was a good idea to make the title bar of maximized windows semi-transparent. Certainly for windowed windows it makes some sense, as you can see what’s underneath. But for maximized windows? If I was concerned for what was under the window, why would I have it maximized?
Finally there’s Windows Mail, or rather the lack of it. Obviously email clients have come under diminished importance in the last few years as web-based email (e.g. Gmail) continues to rise in popularity, but this doesn’t mean that an email client is not necessary. And I get that Microsoft wants to separate the email client from the operating system so that they can push out major client updates outside of major OS releases.
Windows Mail: Have you seen me?
But what I don’t get is why there’s any reason good enough for Windows to not come with an email client at all. It’s 2009, why is there an operating system being released without an email client? I only hope that OEMs are adding email clients to their prebuilt computers, otherwise there may be some very confused Windows 7 users as people start snapping up new machines.
Facebook
Twitter
RSS
207 Comments
View All Comments
Genx87 - Tuesday, October 27, 2009 - link
God who cares. Really? Vista wasnt called Windows 6 either. We all knew this was an incremental OS. The core components are Vista. They just trimmed some of the rough edges.danielkza - Monday, October 26, 2009 - link
Microsoft already replied to this: version 6 is kept for compatibility purposes, since pretty much everything that worked in Vista should need no changes to run in Windows 7.I see no reason to do major kernel changes on each release: they did what they had to and cleaned up the 16-bit remains in Vista, and just tweaked some rough edges for Windows 7. And it worked out pretty well: even if it's not much faster than Vista, it looks like it, and in the end, that's what matters to pretty much everyone.
nafhan - Monday, October 26, 2009 - link
I think that's pretty much the point. From a technical standpoint, it's a service pack plus GUI changes. From a marketing and user perception standpoint, there's a strong desire to move away from Vista. So, they went with Windows 7 instead of Windows Vista SP2.AnnihilatorX - Monday, October 26, 2009 - link
for not supporting FLAC natively by Media player and FLAC media tagging under explorer columns/Open Source Loseless Audio Movement
takumsawsherman - Monday, October 26, 2009 - link
"you’re never going to stuff something like Windows 7 in to the performance characteristics of an 8 year-old OS that forgoes real security and predates wireless networking."This is partially true, but only because Microsoft makes it so. They release a monstrosity of an OS that runs like a dog, tell everyone it's better and faster than the previous release, and tra la la, most follow along. They could have developed an OS that was more secure, less of a performance nightmare, and satisfied the wants and needs of it's users. But that's not Microsoft's only goal. They have all sorts of other interests that get in the way of that goal, and subjugate "what is good for the user" to what MS thinks is good for MS.
Regarding pre-dating wireless networking, I hardly think that Windows XP was more than an apple in Bill's eye when the world was beginning to adopt wireless networking. Apple had the airport in 1999, and Windows XP shipped with wireless support built in.
Windows XP itself was no great performer. It only looks that way when you compare it with Vista and 7. Another inaccuracy in the article is your portrayal of Snow Leopard as a minor update compared with 7. I am still testing SL for customers, but the performance gains are incredible considering Leopard was already fast, the management tools are vastly improved, and almost all pieces have shown very nice improvements (the network-awareness is phenomenal, finding computers, printers, etc. extremely quickly, and with none of the halting behavior of Windows when navigating).
Also, you mention that XP is insecure. I totally agree with you on this. I spend a good portion of my time cleaning infections from XP machines. However, I spend just as much time (proportionally by installed base) cleaning them from Vista. Are you saying that someone who is using Windows 7, and visits the NY Times on the wrong day won't be infected? Or someone won't end up with the latest version of "Personal Antivirus Pro 2009" or some other dreck?
I would be happy if 7 doesn't suffer from these problems. That's a lot more time for me to spend with my family. But I have a feeling that the real security problems that real people face every day with XP and Vista will remain on 7. I just hope some of the better tools will be updated as well.
Griswold - Tuesday, October 27, 2009 - link
All this blabla about performance... both vista and 7 are at least as fast if not faster on quite a few things than XP. Its a fact. Everyone who denies this and still claims otherwise should perhaps not spend so much time with computers, as it seems it is a waste of time.As for your example with the infections of vista and 7. Yes, I'm sure he would be saying that because its true. I dont know what the fuck your people are doing with their machines, but at least a vista machine that wasnt "optimized" to become vulnerable to any type of attack, isnt going to be infected as easily as XP - ever.
Xentropy - Monday, October 26, 2009 - link
Upgraded from 32-bit XP to 64-bit Windows 7 Professional for $99 in the preorder sale. I find it $99 well spent. Good price for 8 years worth of upgrades, and since I never even tried Vista due to all the horror stories and XP being "good enough" for my usage patterns (mostly RTS/TBS/MMO gaming--not the DX10 FPS stuff), I find it a HUGE change (increased performance and all) and well worth the money. Basically I got to skip the Vista generation and pay less than Vista would've cost for a similar feature set thanks to the preorder sale and move of all the important (to me) features into Pro from the overpriced Ultimate.I can see a bit why the article is so down on Windows 7, largely because of the prices available today. But at preorder prices, Windows 7 is a slam dunk. It's a shame Microsoft didn't make those the permanent upgrade pricing.
Spivonious - Monday, October 26, 2009 - link
I agree. MS should have kept the Home upgrade at $50. I'm not sure who's buying Pro, since it doesn't have many more features that a home user would be interested in. Business users are going to have a volume licensed Enterprise version.Griswold - Tuesday, October 27, 2009 - link
No, business users in *general* arent going to use volume licenses.Do you really think small companies with 1-3 machines are interested in volume liceneses? No, they buy the professional version.
Certainly not the home premium one - and if its only for the XP mode that may be useful for some of their older software and doesnt require a seperate license of XP on each machine.
Genx87 - Tuesday, October 27, 2009 - link
Microsofts Volume License since Vista imo has been a clusterfuck. Requiring an on site activation server with check ins ever 6 months or the OS locks you out. That really puts a level of complexity not needed in an OT admins life. Especially with remote users who literally never touch your network for years at a time.When I make hardware purchases I do it with the OEM install.