The Rough Edges

The first thing that bothers us is a technical matter, and that is the addition of various levels of UAC , and the security ramifications of that. We’ve talked about this before in our look at the release candidate, but it bears repeating.

With the changes made to Windows 7, at the default UAC level of 2, signed Microsoft executables are auto-elevated to admin privileges when run by an admin. This primarily manifests itself in the Control Panel, where most of the panels are allowed to auto-elevate so that users may make changes without facing a UAC prompt.

There’s certainly a benefit to this in terms of user interaction, since the Control Panel and installing software are the two most common admin-level tasks a user will do. The latter is a repeating occurrence, but the former is something that usually only happens once when the computer is set up. So by making this change, the new-user experience involves less UAC.


The UAC Control Panel With Level Slider

It’s the security ramifications of this that concern us. Someone already managed to exploit this in the pre-RC phase (where the UAC control panel itself was auto-elevating) to disable UAC entirely. The concern we have is that all of these auto-elevating programs are an obvious target for a local privilege escalation attack to accomplish something similar, if not the same. Imagine finding a way to make the Display control panel execute a 3rd party application with admin privileges, for example.

Now to be clear, it’s not as if this is the only way to achieve local privilege escalation attacks. The Windows kernel itself is a target, and I can’t think of any major desktop OSes that haven’t seen such an attack in the past. But this makes that easier, potentially much easier. And that’s a risky proposition when a UAC prompt may be all that’s left between malware executing and running amok or not.

Certainly someone is going to bite my head off for this, but I don’t think Microsoft should have made such a fundamental change to UAC. More casual users may not have been fond of how Vista or UAC Level 3 handle security, but it was a more secure choice than Level 2. To that end, I certainly wouldn’t recommend running Win7 at the default UAC level for any computer connected to the internet.

On a lighter note, even after using the release version of Win7 for 2 months now, I’m still wondering who thought it was a good idea to make the title bar of maximized windows semi-transparent. Certainly for windowed windows it makes some sense, as you can see what’s underneath. But for maximized windows? If I was concerned for what was under the window, why would I have it maximized?

Finally there’s Windows Mail, or rather the lack of it. Obviously email clients have come under diminished importance in the last few years as web-based email (e.g. Gmail) continues to rise in popularity, but this doesn’t mean that an email client is not necessary.  And I get that Microsoft wants to separate the email client from the operating system so that they can push out major client updates outside of major OS releases.


  Windows Mail: Have you seen me?

But what I don’t get is why there’s any reason good enough for Windows to not come with an email client at all. It’s 2009, why is there an operating system being released without an email client? I only hope that OEMs are adding email clients to their prebuilt computers, otherwise there may be some very confused Windows 7 users as people start snapping up new machines.

The Only 3 Editions You’ll Care About Test Setup
Comments Locked

207 Comments

View All Comments

  • Griswold - Tuesday, October 27, 2009 - link

    Now thats quite a load of horseshit you piled up there... and if its not intentionally false, you may want to step out of the circle of computer users - it doesnt seem to be your thing.
  • samspqr - Tuesday, October 27, 2009 - link

    believe me, I'm being as honest as I can be

    in fact, I have to buy a new OS in the coming weeks, and I would prefer that to be w7 because it's more future-proof, but I'm afraid I'd need some hard data to change my current conclusion that something's wrong with w7's opengl implementation, otherwise it will have to be xp

    so, if anybody can point me somewhere where I can see results of w7 not being slower than xp in viewport performance in 3dsmax (opengl) or maya, I would greatly appreciate it

    (remember: no specviewperf, that one is only useful if you're still in 2006)

    in the meantime, please don't say my results are bullshit: they are results
  • ProDigit - Tuesday, October 27, 2009 - link

    Besides, apart from buying Vista,and an XP downgrade licence, you will not be able to get your hands on XP.
  • ProDigit - Tuesday, October 27, 2009 - link

    If you can wait,I'd say by all means wait until there are more benchmarks out!
    Win7 is out less than a week, give it some time!
    But if you need to choose now,I'd say go for 7!

    Not only is it future proof,on desktops the difference is hardly noticeable!
    Windows 7 has better SSD and HT/multiCore support.

    There is a difference, XP because of being lighter, is faster in some benchmarks, but the difference is hardly noticeable!
    If you have any machine running more than 2 cores, or 1 core with HT, go with Windows 7.
    Any older single core machines work best with XP.

    The choice XP VS Win7 only matters on low specced machines,or machines that run certain programs or games at a very low performance.

    As far as bugs, there could be bugs in 7.
    If your program is not able to install in Vista your chances may increase that it will not be (fully) compatible in 7.
    But give it some time,and many bugs will be ironed out soon!
  • stromgald30 - Monday, October 26, 2009 - link

    When you put up comparisons, please put up legit ones instead of spreading FUD.

    Your first link has comparisons with different hardware, and when the hardware was the same, different drivers. I wouldn't consider it a very good test at all.

    Your second link was done only with Vista. Although Windows 7 and Vista are the 'same' under the hood, I'm pretty sure Win7 has been better optimized than Vista, much like how XP SP3 is much more optimized than XP in its first release.
  • wangking - Monday, October 26, 2009 - link

    What's a FUD? Where I come from that is a rather rude word..
  • ProDigit - Tuesday, October 27, 2009 - link

    Don't bother about him.
    People like that either don't have any brains, or they play computer games all day long!

    You're far from being the only one!
    Netbooks are still sold with WinXP as their main OS,
    The majority of the businesses are still running XP,
    Windows 7 has been out less than a month and many businesses aren't fully ready yet to do the switch.

    Only businesses that had to purchase new machines in the past year had no other choice to go with Vista or pay extra to downgrade to XP.
    Or, businesses with people that know nothing of IT, are working in the IT, and wanted vista for it's shiny factor!

    So don't feel left out! Even today, as we speak there are more computers in the world running XP than vista!
    Newer does not mean better!
    And I understand you fully not to trade a good OS in for a resource hogging clogging one!

    I'm using XP32bit on my laptops!
    Happened to be that Vista AND 7 use more battery,and run hotter.
    It is amazing how few reviews you see about battery life and performance "Windows 7 VS XP", cause if they did noone wanted to pay for 7!
    Granted, 7 is better than Vista, but for notebooks and netbooks so far XP is the best!
    I'd rather run XP, and play DX9 games (my notebook can't run any other game anyways) and have 5hours of battery life,
    than I'd run Windows 7 and have 4,5hours.

    I've only tested the beta's and RC1. I yet need to test a release version, but like you I will wait until prices come down!

    I guess this separates the grain from the chaff! If you can wait,by all means, wait!
    XP is far from done, that's why it's the only OS that comes prebundled with Windows 7 Ultimate for compatibility!
  • erple2 - Thursday, October 29, 2009 - link

    Interestingly, I just noticed something sent out from my company's IT department. I still use XP, as does the other 75,000+ employees. They're targeting December 2009 to move to Vista/office 2007.

    I then saw something about Windows 7. Apparently, in bold print, the company is "Migrating to Windows 7/Office 2007" in "early 2010". So we get to use Vista for all of about 3-5 months. Note that this is for all lease refreshes for hardware. So I won't be getting Windows 7 until I get a new machine (which will be in 2 years).

    Kind of pointless.
  • andrewaggb - Tuesday, October 27, 2009 - link

    Honestly, XP needs to die. It needs to. It's security model is outdated, it has way too many installs of IE6, etc.

    I like XP, I think most of us do. I never upgraded to vista and stuck with xp on all my machines, but I've always known with Win7 I'd have to move on.

    I upgraded one of my laptops to Win7 yesterday, it was the smoothest OS install ever. It even found all the drivers, everything without any work from me. I used ninite to install all the common apps and was up and running in a couple minutes. Responsiveness and performance are fine. The new media center can play all my divx content and it let me add libraries over my wifi connection - all seemless.

    I'll do one of my development computers next, but I really have to say again, that was the most painless, flawless, install of any os.
  • Genx87 - Tuesday, October 27, 2009 - link

    XP had a security model? Unless you had only user privledges it was pretty wide open.

Log in

Don't have an account? Sign up now