Windows 7 Performance Guide
by Ryan Smith and Gary Key on October 26, 2009 12:00 AM EST- Posted in
- Systems
The Rough Edges
The first thing that bothers us is a technical matter, and that is the addition of various levels of UAC , and the security ramifications of that. We’ve talked about this before in our look at the release candidate, but it bears repeating.
With the changes made to Windows 7, at the default UAC level of 2, signed Microsoft executables are auto-elevated to admin privileges when run by an admin. This primarily manifests itself in the Control Panel, where most of the panels are allowed to auto-elevate so that users may make changes without facing a UAC prompt.
There’s certainly a benefit to this in terms of user interaction, since the Control Panel and installing software are the two most common admin-level tasks a user will do. The latter is a repeating occurrence, but the former is something that usually only happens once when the computer is set up. So by making this change, the new-user experience involves less UAC.
The UAC Control Panel With Level Slider
It’s the security ramifications of this that concern us. Someone already managed to exploit this in the pre-RC phase (where the UAC control panel itself was auto-elevating) to disable UAC entirely. The concern we have is that all of these auto-elevating programs are an obvious target for a local privilege escalation attack to accomplish something similar, if not the same. Imagine finding a way to make the Display control panel execute a 3rd party application with admin privileges, for example.
Now to be clear, it’s not as if this is the only way to achieve local privilege escalation attacks. The Windows kernel itself is a target, and I can’t think of any major desktop OSes that haven’t seen such an attack in the past. But this makes that easier, potentially much easier. And that’s a risky proposition when a UAC prompt may be all that’s left between malware executing and running amok or not.
Certainly someone is going to bite my head off for this, but I don’t think Microsoft should have made such a fundamental change to UAC. More casual users may not have been fond of how Vista or UAC Level 3 handle security, but it was a more secure choice than Level 2. To that end, I certainly wouldn’t recommend running Win7 at the default UAC level for any computer connected to the internet.
On a lighter note, even after using the release version of Win7 for 2 months now, I’m still wondering who thought it was a good idea to make the title bar of maximized windows semi-transparent. Certainly for windowed windows it makes some sense, as you can see what’s underneath. But for maximized windows? If I was concerned for what was under the window, why would I have it maximized?
Finally there’s Windows Mail, or rather the lack of it. Obviously email clients have come under diminished importance in the last few years as web-based email (e.g. Gmail) continues to rise in popularity, but this doesn’t mean that an email client is not necessary. And I get that Microsoft wants to separate the email client from the operating system so that they can push out major client updates outside of major OS releases.
Windows Mail: Have you seen me?
But what I don’t get is why there’s any reason good enough for Windows to not come with an email client at all. It’s 2009, why is there an operating system being released without an email client? I only hope that OEMs are adding email clients to their prebuilt computers, otherwise there may be some very confused Windows 7 users as people start snapping up new machines.
207 Comments
View All Comments
solipsism - Monday, October 26, 2009 - link
Nice review!Anand Effect
— For every mention of Apple and their products the number of people who complain in the comments about Apple, their products and AnandTech’s occasional focus on said products doubles exponentially.
Taft12 - Monday, October 26, 2009 - link
Not a bad theory, but the "doubles exponentially" part needs some peer review from mathematicians in the crowd (when they stop laughing)Toadster - Monday, October 26, 2009 - link
I was very impressed with my upgrade - 65 minutes from start to end!Spivonious - Monday, October 26, 2009 - link
Not bad, but clean install took under 25 minutes on my E6600 machine.Griswold - Tuesday, October 27, 2009 - link
The magic word is migration. A clean install with nothing else is certainly fast. The installation didnt even take 25 minutes here. The hours to make everything the way I needed it to be afterwards without upgrading from vista, thats what counts. :)mcnabney - Monday, October 26, 2009 - link
4.5 hours for an upgrade on a fast hard disk that held ~300GB of apps and data.Butchered the drivers. Made a complete mess of the codecs. I would recomend the clean install since you will likely spend less time re-installing Apps than repairing the damage.
9nails - Saturday, November 7, 2009 - link
I wanted to upgrade from Vista 64-Bit Ultimate to Win 7 Ultimate, but it turns out that MS was handing out 32-bit versions. So no upgrade path from 64 to 32 bit. I did a clean install instead.So far, my only complaint is about the provided wall paper selection. I couldn't find anything that I truly liked. Other than that, Windows 7 is awesome! Solid, fast, and full of good stuff.
bearnet2001 - Monday, October 26, 2009 - link
Well I'm still on XP 64, not sure if I'll upgrade. Next build I suppose, but I'm not paying out $200 or so just to upgrade a comp with an already fine OS.IdBuRnS - Saturday, October 31, 2009 - link
Why do you need a $200 version? Oh...you don't.just4U - Monday, October 26, 2009 - link
I just don't understand why holdouts on XP like to argue how good it is in comparison to Vista... which it obviously is NOT. It seems they fail to realize that ALL OF US used it for a very long time (as operating systems go) So it's not like we don't have some basis of comparison to go on here.That being said, people upgrade when they either have to or want to. I am fine with that. If your still finding XP useful then shoot who am I to argue.