Windows 7 Performance Guide
by Ryan Smith and Gary Key on October 26, 2009 12:00 AM EST- Posted in
- Systems
The Rough Edges
The first thing that bothers us is a technical matter, and that is the addition of various levels of UAC , and the security ramifications of that. We’ve talked about this before in our look at the release candidate, but it bears repeating.
With the changes made to Windows 7, at the default UAC level of 2, signed Microsoft executables are auto-elevated to admin privileges when run by an admin. This primarily manifests itself in the Control Panel, where most of the panels are allowed to auto-elevate so that users may make changes without facing a UAC prompt.
There’s certainly a benefit to this in terms of user interaction, since the Control Panel and installing software are the two most common admin-level tasks a user will do. The latter is a repeating occurrence, but the former is something that usually only happens once when the computer is set up. So by making this change, the new-user experience involves less UAC.
The UAC Control Panel With Level Slider
It’s the security ramifications of this that concern us. Someone already managed to exploit this in the pre-RC phase (where the UAC control panel itself was auto-elevating) to disable UAC entirely. The concern we have is that all of these auto-elevating programs are an obvious target for a local privilege escalation attack to accomplish something similar, if not the same. Imagine finding a way to make the Display control panel execute a 3rd party application with admin privileges, for example.
Now to be clear, it’s not as if this is the only way to achieve local privilege escalation attacks. The Windows kernel itself is a target, and I can’t think of any major desktop OSes that haven’t seen such an attack in the past. But this makes that easier, potentially much easier. And that’s a risky proposition when a UAC prompt may be all that’s left between malware executing and running amok or not.
Certainly someone is going to bite my head off for this, but I don’t think Microsoft should have made such a fundamental change to UAC. More casual users may not have been fond of how Vista or UAC Level 3 handle security, but it was a more secure choice than Level 2. To that end, I certainly wouldn’t recommend running Win7 at the default UAC level for any computer connected to the internet.
On a lighter note, even after using the release version of Win7 for 2 months now, I’m still wondering who thought it was a good idea to make the title bar of maximized windows semi-transparent. Certainly for windowed windows it makes some sense, as you can see what’s underneath. But for maximized windows? If I was concerned for what was under the window, why would I have it maximized?
Finally there’s Windows Mail, or rather the lack of it. Obviously email clients have come under diminished importance in the last few years as web-based email (e.g. Gmail) continues to rise in popularity, but this doesn’t mean that an email client is not necessary. And I get that Microsoft wants to separate the email client from the operating system so that they can push out major client updates outside of major OS releases.
Windows Mail: Have you seen me?
But what I don’t get is why there’s any reason good enough for Windows to not come with an email client at all. It’s 2009, why is there an operating system being released without an email client? I only hope that OEMs are adding email clients to their prebuilt computers, otherwise there may be some very confused Windows 7 users as people start snapping up new machines.
Facebook
Twitter
RSS
207 Comments
View All Comments
yyrkoon - Thursday, October 29, 2009 - link
If I sell you a car, and you crash into something because you had no experience driving; Does that make the car unsafe ? No. It means you the operator should have learned how to operate a vehicle before driving. Now, no, I do not think a computer user should be licensed to operate their own computers; But I *do* think it is their responsibility to learn how to operate one the way they intend it to be used. Does that make one operating system or another insecure ? No.Vista since beta has touted a sand boxed browser; That is even before anyone else implemented it into their browsers. Microsoft does things the way they do because they understand that the average user does not want to spend hours/days/months learning how to use a computer( when perhaps they should).
Torment - Thursday, October 29, 2009 - link
Worst. Analogy. Ever.
If you design a car, and it catches fire because you located the gas tank next to the engine, that makes it unsafe. Sure, the buyer could relocate the gas tank themselves, but that doesn't change the fact that *your* design was unsafe. Further, if the car flips over routinely during normal use, it doesn't matter that you could take more precautions when you take corners. The design has still failed.
The browser is not even remotely sandboxed in Vista or 7. Microsoft *did* decide to sandbox silverlight (both in the browser and standalone), and I think they will do the same with the browser in the next iteration of windows. UAC helps a bit, but with the browser becoming as an application platform, sandboxing is a necessity.
There is a reason why security freaks run VMs for browsing.
yyrkoon - Thursday, October 29, 2009 - link
It is not the worst analogy. Ever.You are intentionally blowing things out of proportion to make things sound worse than they really are. If you change how or when a service runs, this is nothing like relocating a gas tank. That would be like removing the service, and replacing it with another.
That, and, you really know what *smart* security freaks do ? They do things like make a USB bootable copy of their OS, so they can scan their OS drive while unmounted. Or, they run ridiculously impossible to setup setups like SELinux. The latter here is probably less smart, and just more geeky.
Security experts use VMs as honey pots, not for browsing . . .
Gunnman - Tuesday, October 27, 2009 - link
As I read through this I can just imagine some of you holding your O/S boxes. Stroking them lovingly as you hug them in your arms.It all comes down to $$$ I think. If you have a piece of crap machine and have no cash or are one of those historian fanboys refusing to get rid of that TRS80, then sure keep DOS as the best os ever!! :P
If all you do is surf and use productivity apps, no need to upgrade from XP, I can see that.
If your needing a new upgrade and the new O/S's will not run on your rig. OK Stay on XP.
But you can not blame others that have good jobs and enjoy the life of the Enthusiast getting bleeding edge hardware and moving to the newest O/S.
I enjoy this very thing, it's fun getting the latest tech (in intervals). And nothing is more enjoyable (as far as computers)than installing that latest O/S and learning all about it's operation and putting it through its paces.
I like XP for what it is but I like Vista and 7's interface much better (it's pretty). :P
I do have a quad-boot on my system Win7 (primary O/S) then Vista then XP and then Linux, just in case I need them. You never can tell in the x86 world.
I'm prepped for anything.
Win 7 having added features of DX11 Direct Compute I think thats cool to do away with proprietary physics. I hope Nvidia didnt pay too much for Ageia.
I do more than game but I like to do it all in style. :)
MonicaS - Tuesday, October 27, 2009 - link
I have never seen such a lackluster launch for something this big. Even mediocre cellphones we'll never us from companies we've never heard from have greater PR and fanfare to their releases. Still, W7 is great so far!Monica S
Los Angeles Computer Repair
http://www.sebecomputercare.com">http://www.sebecomputercare.com
7oby - Tuesday, October 27, 2009 - link
If the evaluation of an OS depends on criteria such as application integration and homogeneity, user habits and visual appeal, then don't miss to check out KDE 4.3 as integrated in Kubuntu 9.10.Although KDE 4.3 still isn't as mature as Gnome is, to the novice user it feels and looks better.
ProDigit - Tuesday, October 27, 2009 - link
The graphs of Anandtech differ too much with my own experiences!In many cases I think they made up the graphs by random or choice, rather than by actual testing.
I tested Win7 RC1 on my laptop, and it performs similar to XP, but not as snappy. It also runs hotter, and battery life suffered compared to XP.
Under Vista SP1 my laptop suffered A LOT on the battery life!!!
Win XP: 5,5Hours
Win 7: ~5hours
Vista: ~4,3 hours
In the tests done above it almost seems like Vista uses less battery than XP, which is just plain stupid and idiotic to claim that!
My experiences differ much, and like before I do believe that Anandtech is a tech site with biased reviews and opinions.
For this it is worse than Tomshardware, in that tomshardware can be biased, but it's articles always go together with the reality.
My experience is that anandtech pushes Nvidia and Intel,and now Win7.
Even from the time when AMD was clearly a better purchase in both graphics cards and processors, they still focused on Intel; and on multiple occasions twist graphs to their benefit!
This is a serious accusation, not my opinion alone anymore, but of many, and it has come to a point where it became too obvious...
Even with their article about "Internet Explorer 8 uses less power than Firefox"-article,
Well I've researched, and found that Internet Explorer 8 running a flash game had a lower FPS than Firefox.
I even took it further, on a T5500 CPU with XP, 2Gig RAM and Firefox, I had an average of 15fps.
Same game, Vista SP1, T7500 with 4Gig Ram, and IE8, I had an average of 4fps!!!
No wonder they are using lower power.
But that aside, which was probably the last article I could not get shoved through my throat, I think I've seen enough of Anandtech, and would recommend all users to read less biased reviews on tomshardware.com!!!
You'll notice immediately that they both offer different perspectives, and in my experience tomshardware has always been closer to the reality than Anandtech!
Flyboy27 - Tuesday, October 27, 2009 - link
Tom's Hardware was once a great place especially back in the Thomas Pabst days. However, lately there is no reason to go there since they fired Ben, Travis, and Rob. For fuck's sake Tom's Games is now all flash games, WTF (I think there are a lot of people that are sore about this). I don't know where to go to get good game reviews anymore. If someone has any suggestions please let me know. Tom's got rid of their most unique content and is now little more than a cheap imitation of its former self, it's really sad actually. I hope Anand doesn't sell out to some shitty corporation. I wish I would have known about Anandtech back in the 90's. Its just too bad that they really don't cover games that well since there are so many SHIIIIITY review sites out there.goinginstyle - Tuesday, October 27, 2009 - link
You have to be joking right? While Toms has improved recently, their analysis is far from competing with AT and they tend to be overly biased in several areas. Did you read Tom's Win7 article? It basically said XP users now have a reason to upgrade but they did not run any tests on XP. Tell me, how is that being closer to reality?It is funny to see all of these comments saying the Tom's Win7 article was better and it basically was nothing more than a PCWorld article. Apparently you have not read the latest AMD reviews here, they are all positive, fair, and recommend their products.
Peroxyde - Tuesday, October 27, 2009 - link
Last paragraph in the article, section "7 vs Linux": "Win7 erodes the Linux advantage against Windows in the performance cases where Vista suffered".In all the benchmarks shown in the article, Vista almost has the same score than Windows 7. Why would Vista suffers some performance loss against Linux and Win7 does not? Can you please clarify?