Windows 7 Performance Guide
by Ryan Smith and Gary Key on October 26, 2009 12:00 AM EST- Posted in
- Systems
The Rough Edges
The first thing that bothers us is a technical matter, and that is the addition of various levels of UAC , and the security ramifications of that. We’ve talked about this before in our look at the release candidate, but it bears repeating.
With the changes made to Windows 7, at the default UAC level of 2, signed Microsoft executables are auto-elevated to admin privileges when run by an admin. This primarily manifests itself in the Control Panel, where most of the panels are allowed to auto-elevate so that users may make changes without facing a UAC prompt.
There’s certainly a benefit to this in terms of user interaction, since the Control Panel and installing software are the two most common admin-level tasks a user will do. The latter is a repeating occurrence, but the former is something that usually only happens once when the computer is set up. So by making this change, the new-user experience involves less UAC.
The UAC Control Panel With Level Slider
It’s the security ramifications of this that concern us. Someone already managed to exploit this in the pre-RC phase (where the UAC control panel itself was auto-elevating) to disable UAC entirely. The concern we have is that all of these auto-elevating programs are an obvious target for a local privilege escalation attack to accomplish something similar, if not the same. Imagine finding a way to make the Display control panel execute a 3rd party application with admin privileges, for example.
Now to be clear, it’s not as if this is the only way to achieve local privilege escalation attacks. The Windows kernel itself is a target, and I can’t think of any major desktop OSes that haven’t seen such an attack in the past. But this makes that easier, potentially much easier. And that’s a risky proposition when a UAC prompt may be all that’s left between malware executing and running amok or not.
Certainly someone is going to bite my head off for this, but I don’t think Microsoft should have made such a fundamental change to UAC. More casual users may not have been fond of how Vista or UAC Level 3 handle security, but it was a more secure choice than Level 2. To that end, I certainly wouldn’t recommend running Win7 at the default UAC level for any computer connected to the internet.
On a lighter note, even after using the release version of Win7 for 2 months now, I’m still wondering who thought it was a good idea to make the title bar of maximized windows semi-transparent. Certainly for windowed windows it makes some sense, as you can see what’s underneath. But for maximized windows? If I was concerned for what was under the window, why would I have it maximized?
Finally there’s Windows Mail, or rather the lack of it. Obviously email clients have come under diminished importance in the last few years as web-based email (e.g. Gmail) continues to rise in popularity, but this doesn’t mean that an email client is not necessary. And I get that Microsoft wants to separate the email client from the operating system so that they can push out major client updates outside of major OS releases.
Windows Mail: Have you seen me?
But what I don’t get is why there’s any reason good enough for Windows to not come with an email client at all. It’s 2009, why is there an operating system being released without an email client? I only hope that OEMs are adding email clients to their prebuilt computers, otherwise there may be some very confused Windows 7 users as people start snapping up new machines.
207 Comments
View All Comments
Genx87 - Wednesday, October 28, 2009 - link
It is Vista with a facelift. If you already have Vista i agree with you. I only have Win7 thanks to my Technet account. Doubt i would pay for the upgrade from Vista.But I still think Win7 is a very kickass OS. I have been impressed. Except for the dumbing down of UAC.
bigpow - Monday, October 26, 2009 - link
If you're just going over the features, and installation of Win7 - why call it performance guide?"Intro to Win7" would be more appropriate.
We expect to see performance related GUIDES, when we saw that title.
Not just some boring and obvious old-recycled presentations the whole internet has already gone through.
So boring!
computerfarmer - Monday, October 26, 2009 - link
Windows 7 was released and the people with AMD systems running RAID setups were in shock, no RAID drivers for windows 7. This is an issue. Today there has been RAID drives posted at the AMD site, with the posting date back dated to the 22nd.I had tried for hours try to get this new OS installed on the 23rd, but none of the available drivers were accepted by Win7. There for I could not install with a RAID setup. After Googling for a bit I realized I was not the only one, this was a far bigger problem.
My initial excitement of enjoying the weekend with the new OS did not take place. It is now monday and I am wondering when I will take another stab at another install attempt.
The link I have found for the AMD RAID driver is
http://game.amd.com/us-en/drivers_catalyst.aspx">http://game.amd.com/us-en/drivers_catalyst.aspx
Why was this issue not covered by any review sit?
Genx87 - Wednesday, October 28, 2009 - link
This is an AMD issue, not a Win7 issue????How is it Microsofts fault AMD dropped the ball with their RAID driver support?
DominionSeraph - Monday, October 26, 2009 - link
"Why was this issue not covered by any review sit?"Because it's not a Windows 7 issue.
computerfarmer - Monday, October 26, 2009 - link
I believe you are half right.If a business runs a raid setup and most do, they can not use this.
If individuals run raid, they can not use this.
If millions of businesses and individuals can not use this. Then what good is an operating system that so many can not use. This is not good business.
The RC version worked with the existing drivers and the RTM version came with out warning that the rules had changed for this OS. The OS has changed, therefor this is an OS issue.
Genx87 - Wednesday, October 28, 2009 - link
How many businesses do you know run RAID on their desktops? I'd like to know myself because in the thousands of workstations I have built over the past years only a handful ever used any form of RAID. And those were RAID 1 and I am convinced the engineers who ordered them only did it to say they have RAID.DominionSeraph - Monday, October 26, 2009 - link
"Certainly someone is going to bite my head off for this, but I don’t think Microsoft should have made such a fundamental change to UAC. More casual users may not have been fond of how Vista or UAC Level 3 handle security, but it was a more secure choice than Level 2."What are you doing complaining about security while running as admin?
UAC is about social engineering. That it acts like a security feature is because if you want to engineer towards the security model with limited accounts, you have to make the administrator account act like one.
The standard access tokens and UAC nags used by the administrator account are not a part of the tiered model's administrator level -- they're there to mimic the experience of a standard user account so programmers will actually program for standard user account access. (and so users will get used to the prompts for elevation that come with operating as a standard user.)
To obsess over a reduction in limited user -type security in the administrator account is to miss the point that that's not even aligned with Microsoft's security philosophy. Their model (along with everbody else) has been tiered privileges, not somehow patching all possible vulnerabilities out of root.
Vista's default UAC was pretty much universally reviled. People wanted fewer nags, meaning less limited-access -like behavior. But you can't have auto-elevation without a reduction in security.
Could Microsoft do a better job securing the hole they opened to god-mode from the administrator account? Yes. Would the amount of effort be insane, judged in light of the fact that an administrator account is supposed to be god mode? Yes.
Should Microsoft rewrite the Win7 kernel so that these apps run in protected space that restricts them to pre-authorized actions and disallows daughter processes just so the lazy and power-mad among us can dismiss the logical security scheme and continue to run as Administrators 24/7? There's always going to be system vulnerability from the administrator account -- that's kinda its purpose. Instead of trying to secure the unsecurable, Microsoft is trying to get people to embrace a better model.
And at least they took out the obvious stupidity, like MSPaint auto-elevating. (You can delete anything [like C:\WINDOWS] from its file manager when elevated.)
And, for the record, I'm one of those lazy and power-mad who run as Admin 24/7. But I'm also on a non-critical machine.
DominionSeraph - Monday, October 26, 2009 - link
http://technet.microsoft.com/en-us/magazine/2009.0...">http://technet.microsoft.com/en-us/maga.../2009.07...ElectricBlue7331 - Monday, October 26, 2009 - link
What's the big deal about out of the box codec support? Is it really that difficult to get a different media player and/or codec pack?