Windows 7 Performance Guide
by Ryan Smith and Gary Key on October 26, 2009 12:00 AM EST- Posted in
- Systems
The Rough Edges
The first thing that bothers us is a technical matter, and that is the addition of various levels of UAC , and the security ramifications of that. We’ve talked about this before in our look at the release candidate, but it bears repeating.
With the changes made to Windows 7, at the default UAC level of 2, signed Microsoft executables are auto-elevated to admin privileges when run by an admin. This primarily manifests itself in the Control Panel, where most of the panels are allowed to auto-elevate so that users may make changes without facing a UAC prompt.
There’s certainly a benefit to this in terms of user interaction, since the Control Panel and installing software are the two most common admin-level tasks a user will do. The latter is a repeating occurrence, but the former is something that usually only happens once when the computer is set up. So by making this change, the new-user experience involves less UAC.
The UAC Control Panel With Level Slider
It’s the security ramifications of this that concern us. Someone already managed to exploit this in the pre-RC phase (where the UAC control panel itself was auto-elevating) to disable UAC entirely. The concern we have is that all of these auto-elevating programs are an obvious target for a local privilege escalation attack to accomplish something similar, if not the same. Imagine finding a way to make the Display control panel execute a 3rd party application with admin privileges, for example.
Now to be clear, it’s not as if this is the only way to achieve local privilege escalation attacks. The Windows kernel itself is a target, and I can’t think of any major desktop OSes that haven’t seen such an attack in the past. But this makes that easier, potentially much easier. And that’s a risky proposition when a UAC prompt may be all that’s left between malware executing and running amok or not.
Certainly someone is going to bite my head off for this, but I don’t think Microsoft should have made such a fundamental change to UAC. More casual users may not have been fond of how Vista or UAC Level 3 handle security, but it was a more secure choice than Level 2. To that end, I certainly wouldn’t recommend running Win7 at the default UAC level for any computer connected to the internet.
On a lighter note, even after using the release version of Win7 for 2 months now, I’m still wondering who thought it was a good idea to make the title bar of maximized windows semi-transparent. Certainly for windowed windows it makes some sense, as you can see what’s underneath. But for maximized windows? If I was concerned for what was under the window, why would I have it maximized?
Finally there’s Windows Mail, or rather the lack of it. Obviously email clients have come under diminished importance in the last few years as web-based email (e.g. Gmail) continues to rise in popularity, but this doesn’t mean that an email client is not necessary. And I get that Microsoft wants to separate the email client from the operating system so that they can push out major client updates outside of major OS releases.
Windows Mail: Have you seen me?
But what I don’t get is why there’s any reason good enough for Windows to not come with an email client at all. It’s 2009, why is there an operating system being released without an email client? I only hope that OEMs are adding email clients to their prebuilt computers, otherwise there may be some very confused Windows 7 users as people start snapping up new machines.
207 Comments
View All Comments
xrror - Tuesday, October 27, 2009 - link
Well businesses that are stuck with an Exchange server and need computers on a Domain for it probably are still interested in a volume license.Heh, a small SOHO probably just get the "Family Pack"... or just keep running the WinXP machines they have into the ground. Why upgrade at all?
darwinosx - Monday, October 26, 2009 - link
Yet another superficial look at Windows 7. Not a word about the registry and it's egregious affect on stability and performance. Not a word about the malware fest that is still Windows. Nothing about Windows very poor utilization of multi-core procs and large amounts of memory. No, its all as if the only thing that matters about an OS is the UI. Is Anand the only one at Anandtech that has taken an operating system class? Is he the only one who knows anything about OS X? It would appear so.Your brief "comparison" of Snow Leopard and Windows 7 was worse. Of course. It is not a minor upgrade at all unless..you only look at superficial things as you did the Windows 7 review. SL has had a few minor issues affecting a few people. Hardly "teething problems". The only differentiator between 7 and SL is now hardware? Unbelievable. When did Anandtech turn into CNET?
You can barely spell Linux apparently so I don't think we will see any kind of comparison there.
If you don't know anything about OS X or Linux then don't bother to mention ether in the future.
Genx87 - Tuesday, October 27, 2009 - link
Did you make a Youtube video about this? lolxrror - Tuesday, October 27, 2009 - link
Which operating systems can I legally run on hardware I own:[X] Linux
[X] Windows XP
[X] Windows Server 2003
[X] Windows Vista
[X] Windows Server 2008
[X] Windows 7
[ ] Mac OS9
[ ] Mac OSX
When I visit AnandTech what computer trends/items do I find most relevant to me:
[X] Upcoming and exciting computer technologies
[ ] The latest and greatest media platform with DRM capitalization
[X] Upgrades for open and standards based x86 platforms
[ ] Hacks and modifications for closed x86 platforms
[X] Price/performance comparisons for gaming hardware
[ ] Articles denying relation of mal-ware output and OS marketshare
Griswold - Tuesday, October 27, 2009 - link
Hello clown boy!tomaccogoats - Monday, October 26, 2009 - link
While I can't support this tirade, I will say Anandtech definitely suffers in Mac and Linux areas. Then again, their slogan is "your source for hardware analysis and news", which I guess doesn't really warrant that it needs to be classed in those areas. Still, the latest Linux articles are August 2009, and then 2005!JimmyJimmington - Monday, October 26, 2009 - link
Mind if I log into your guest account?darwinosx - Monday, October 26, 2009 - link
If thats all you got it isn't much. That is certainly a bug and a highly visible one. But it affects a tiny number of users who upgraded Leopard to Snow Leopard in a very specific way under a certain set of circumstances and even not all of them have the issue. Apple has a fix in 10.6.2 which will be out in a matter of days. To bring that up in the face of the yawning chasm of security vulnerabilities that is Windows 7 is pretty laughable.ibarskiy - Monday, October 26, 2009 - link
Once again, it's time you actually supported your statements with facts. What security chasm? Please cite vulnerabilities and extent to which OSX is not subject to them. And while you are at it, please explain how come it is that Mac OS got broken into faster when the compensation for the break in was the same between Mac OS and (at the time, but for all practical purposes immaterially) Vista [pwn2own 2009]. Oh, and MacOS was broken into twice to Vista's one time. So which again is more secure?ibarskiy - Monday, October 26, 2009 - link
Correction; it was Windows 7, indeed.