The Rough Edges

The first thing that bothers us is a technical matter, and that is the addition of various levels of UAC , and the security ramifications of that. We’ve talked about this before in our look at the release candidate, but it bears repeating.

With the changes made to Windows 7, at the default UAC level of 2, signed Microsoft executables are auto-elevated to admin privileges when run by an admin. This primarily manifests itself in the Control Panel, where most of the panels are allowed to auto-elevate so that users may make changes without facing a UAC prompt.

There’s certainly a benefit to this in terms of user interaction, since the Control Panel and installing software are the two most common admin-level tasks a user will do. The latter is a repeating occurrence, but the former is something that usually only happens once when the computer is set up. So by making this change, the new-user experience involves less UAC.


The UAC Control Panel With Level Slider

It’s the security ramifications of this that concern us. Someone already managed to exploit this in the pre-RC phase (where the UAC control panel itself was auto-elevating) to disable UAC entirely. The concern we have is that all of these auto-elevating programs are an obvious target for a local privilege escalation attack to accomplish something similar, if not the same. Imagine finding a way to make the Display control panel execute a 3rd party application with admin privileges, for example.

Now to be clear, it’s not as if this is the only way to achieve local privilege escalation attacks. The Windows kernel itself is a target, and I can’t think of any major desktop OSes that haven’t seen such an attack in the past. But this makes that easier, potentially much easier. And that’s a risky proposition when a UAC prompt may be all that’s left between malware executing and running amok or not.

Certainly someone is going to bite my head off for this, but I don’t think Microsoft should have made such a fundamental change to UAC. More casual users may not have been fond of how Vista or UAC Level 3 handle security, but it was a more secure choice than Level 2. To that end, I certainly wouldn’t recommend running Win7 at the default UAC level for any computer connected to the internet.

On a lighter note, even after using the release version of Win7 for 2 months now, I’m still wondering who thought it was a good idea to make the title bar of maximized windows semi-transparent. Certainly for windowed windows it makes some sense, as you can see what’s underneath. But for maximized windows? If I was concerned for what was under the window, why would I have it maximized?

Finally there’s Windows Mail, or rather the lack of it. Obviously email clients have come under diminished importance in the last few years as web-based email (e.g. Gmail) continues to rise in popularity, but this doesn’t mean that an email client is not necessary.  And I get that Microsoft wants to separate the email client from the operating system so that they can push out major client updates outside of major OS releases.


  Windows Mail: Have you seen me?

But what I don’t get is why there’s any reason good enough for Windows to not come with an email client at all. It’s 2009, why is there an operating system being released without an email client? I only hope that OEMs are adding email clients to their prebuilt computers, otherwise there may be some very confused Windows 7 users as people start snapping up new machines.

The Only 3 Editions You’ll Care About Test Setup
Comments Locked

207 Comments

View All Comments

  • medi01 - Thursday, October 29, 2009 - link

    I have 32-bit WinXP on PC and 32-bit Vista on notebook. I simply HATE the latter. No matter what I do, it takes longer. But I recall every new OS from microsoft was SIGNIFICALLY (tens of %) faster then the previous one (according to Microsoft ads) yet I never experienced it myself.
    So, why should I upgrade to Win7 again?

    1) Because Win7 is slightly faster in some apps and slightly slower in others? (significally slower when hibernating)
    2) New flishy-flashy effects?
    3) Puzzling changes in UI, that, I guess, were supposed to make it "even more user friendly"?
    4) DirectX 11? Oh, bundling those only with new OSes what a clever move.

    And that for about 200$? Are you serious?
  • MrPete123 - Thursday, October 29, 2009 - link

    Better battery life?

    Better security? (than XP)

    Better stability?

    Better performance?

    Also the hibernate benchmark is skewed when you consider that 32-bit XP is storing less memory to the hard drive than 64-bit Vista/Win7. 32-bit XP only had to persist ~3 gigs of RAM to the hard drive, while 64-bit Win7/Vista had to persist the full 4 gigs. Hibernating speed is fairly similar in speed between XP and Win7. It would be a better comparison to either limit all machines to 2-3 gigs of RAM for the hibernating test, use 32-bit Vista/Win7 (yuck), or 64-bit XP.
  • medi01 - Friday, October 30, 2009 - link

    Better battery life? Even if I would care about battery life, 200$? How much does spare battery pack cost?

    "Better" security? Huh?

    "Better" stability, what's that? Does your XP/Vista crash? Well, mine doesn't. So, if I get resource hungry Win7 it will be "even stabler", huh?

    Better performance? A few percent more where it doesn't matter much and huge performance hit, where it does (to me) - hibernate/wakeup?

    Why would I care about internal details of who needs to persist what?

    So to summarize
    If you aren't a gamer who absolutely needs DX 11, you should find better ways to waste your 200$.
  • rs1 - Thursday, October 29, 2009 - link

    And Homegroups. They puzzingly fail to even mention them in the article, but if you happen to have more than one computer, then Homegroups are awesome, and enough to justify the upgrade all by themselves, in my opinion.
  • damianrobertjones - Thursday, October 29, 2009 - link

    HEY ANAND!

    When are you going to run this story like you did for OSX the other month?

    "Amazon's biggest-selling pre-order product of all time"

    That would be Windows 7
  • lightzout - Friday, October 30, 2009 - link

    Snow leopard sounds sexy. Windows 7 has the brand appeal of a pocket protector. That said I have to throw my vote in as a very satisied former XP champion. I swore I wouldn't leave XP which still seemed to work fine unless it was for a true upgrade. I am using the Win7 Ult64 RC and its pretty amazing. Example: I installed the analog Media Center Edition TV tuner from my MCE2005 box and hooked up a new DTA that comcast sent me (for free I might add) and when it booted I was worried because I didn't see the familiar "Found new hardware" dialog window. What happened? It was already installed and working. Comcast activated the DTA amd minutes later I realized why I stopped watching TV 10 years ago. 100 channels and nothing on worth watching! At least now I record the few things I do like and watch whenever I want streaming flawlessly through the Xbox 360. The MCE interface with Win7 and the 360 is really well done. Microsoft should have just picked a sexier name.
  • jtleon - Wednesday, October 28, 2009 - link

    I wish one of these review sites would compare FLP to 7 - across the board! Microsoft is keeping too many secrets! FLP is much newer than XP, and imho a superior OS to XP in all respects!

    jtleon
  • Voo - Wednesday, October 28, 2009 - link

    Well only for old hardware.

    With modern desktop pcs or laptops (I'm not talking about netbooks here), there's no need to pass on the many features it lacks.. it doesn't even has a .NET 3.5 framework as far as I know.

    That's far away from "a superior OS to XP in all respects!"
  • jtleon - Thursday, October 29, 2009 - link

    .NET 3.5 is not supplied with XP - you must download it!

    jtleon
  • Voo - Thursday, October 29, 2009 - link

    Afaik there's no .NET 3.5 framework that works with FLP - at least it was so some time ago and wikipedia agrees(well that's not the best source, but the first I found)

Log in

Don't have an account? Sign up now