Windows 7 Performance Guide
by Ryan Smith and Gary Key on October 26, 2009 12:00 AM EST- Posted in
- Systems
The Rough Edges
The first thing that bothers us is a technical matter, and that is the addition of various levels of UAC , and the security ramifications of that. We’ve talked about this before in our look at the release candidate, but it bears repeating.
With the changes made to Windows 7, at the default UAC level of 2, signed Microsoft executables are auto-elevated to admin privileges when run by an admin. This primarily manifests itself in the Control Panel, where most of the panels are allowed to auto-elevate so that users may make changes without facing a UAC prompt.
There’s certainly a benefit to this in terms of user interaction, since the Control Panel and installing software are the two most common admin-level tasks a user will do. The latter is a repeating occurrence, but the former is something that usually only happens once when the computer is set up. So by making this change, the new-user experience involves less UAC.
The UAC Control Panel With Level Slider
It’s the security ramifications of this that concern us. Someone already managed to exploit this in the pre-RC phase (where the UAC control panel itself was auto-elevating) to disable UAC entirely. The concern we have is that all of these auto-elevating programs are an obvious target for a local privilege escalation attack to accomplish something similar, if not the same. Imagine finding a way to make the Display control panel execute a 3rd party application with admin privileges, for example.
Now to be clear, it’s not as if this is the only way to achieve local privilege escalation attacks. The Windows kernel itself is a target, and I can’t think of any major desktop OSes that haven’t seen such an attack in the past. But this makes that easier, potentially much easier. And that’s a risky proposition when a UAC prompt may be all that’s left between malware executing and running amok or not.
Certainly someone is going to bite my head off for this, but I don’t think Microsoft should have made such a fundamental change to UAC. More casual users may not have been fond of how Vista or UAC Level 3 handle security, but it was a more secure choice than Level 2. To that end, I certainly wouldn’t recommend running Win7 at the default UAC level for any computer connected to the internet.
On a lighter note, even after using the release version of Win7 for 2 months now, I’m still wondering who thought it was a good idea to make the title bar of maximized windows semi-transparent. Certainly for windowed windows it makes some sense, as you can see what’s underneath. But for maximized windows? If I was concerned for what was under the window, why would I have it maximized?
Finally there’s Windows Mail, or rather the lack of it. Obviously email clients have come under diminished importance in the last few years as web-based email (e.g. Gmail) continues to rise in popularity, but this doesn’t mean that an email client is not necessary. And I get that Microsoft wants to separate the email client from the operating system so that they can push out major client updates outside of major OS releases.
Windows Mail: Have you seen me?
But what I don’t get is why there’s any reason good enough for Windows to not come with an email client at all. It’s 2009, why is there an operating system being released without an email client? I only hope that OEMs are adding email clients to their prebuilt computers, otherwise there may be some very confused Windows 7 users as people start snapping up new machines.
Facebook
Twitter
RSS
207 Comments
View All Comments
gutterslob - Tuesday, October 27, 2009 - link
Anandtech really needs someone that's better experienced at Linux.Now, I'm neither a Wintard or Freetard, but there's no balance whatsoever everytime I see them bring Ubuntu into the comparisons. I often wonder whether they broke their Linux install with the numbers they obtain.
I don't have Win7 yet, but there's no way Ubuntu 9.04 boots that slow. I've seen it boot faster on 3 yr old laptops. I've not tried Ubuntu 9.10 yet (I'm mainly a Debian user), but from al the tests I've seen, it should blow away Win7,Vista,XP in the boot speed department.
I agree that laptop battery life on Linux isn't as good as Windows out of the box, but a install a couple of apps (available on most distro repositories) and most people can get equal or better life on Linux. My Asus eeePC can run 8+hrs with on Arch Linux after minimal tweaking (I never got that much from XP even when the battery was brand new).
I seriously hope AnandTech finds someone who knows Linux better (at least someone with comparable levels of knowledge that AnandTech seems to have with Windows). I've met highschool students with better Linux Know-how than this place... which is a shame, really, because other than that, I think very highly of AnandTech.
Just my 2 cents
Cheers~
Voo - Tuesday, October 27, 2009 - link
"I agree that laptop battery life on Linux isn't as good as Windows out of the box, but a install a couple of apps (available on most distro repositories)"Well the vast majority of home users don't know which apps that would be and won't find out about them
And ArchLinux is a really sleek distribution, last time I checked the GUI wasn't even part of the standard installation. The same goes for self compiled kernels and similar things - certainly possibly but irrelevant for 99.99% of the users.
It's the out of the box performance that's interesting for the majority (after all they didn't do anything for Windows as well), the users who enjoy playing with their PC usually already use Linux and know the advantages.
JarredWalton - Wednesday, October 28, 2009 - link
FWIW, I worked with a "Linux Guru" -- a Senior Linux guy at a big OEM heavily involved with the ArchLinux community -- and we worked to run some additional tests on the NV52. So far, we didn't manage anything significantly better, but you can probably blame ATI's drivers as much as anything. We'll be working to expand Linux coverage (with him doing more of the work) in the future.Honestly, though, after spending the better part of two weeks going through numerous settings and trying to tweak ArchLinux to get significantly better battery life... well, I'm just not seeing it. I'm sure it's possible to do with the right hardware (i.e. NOT ATI!), but Linux is hardly a panacea. If you want good mobility, it's going to be tons easier for 99.999% of users to skip Linux (or get a netbook with Linux pre-installed).
JimmiG - Tuesday, October 27, 2009 - link
"The concern we have is that all of these auto-elevating programs are an obvious target for a local privilege escalation attack to accomplish something similar, if not the same. Imagine finding a way to make the Display control panel execute a 3rd party application with admin privileges, for example."Well, the same could be done in Vista... The control panel applets aren't auto-elevated, but anyone who plans on doing anything useful with them is going to elevate them anyway. So UAC in Win7 should be as effective in Win7 as it was in Vista, granting administrative privileges only to applications that really need it.
Also, the fact that UAC is less annoying is going to be a huge security improvement on its own since fewer users are likely to turn it off. Many users are good enough with computers to figure out how to turn off UAC, but don't know enough to realize that they compromise security by doing this. They think it's condescending, always questioning the user. In fact, the prompts are there to prevent malicious software from gaining sufficient privileges to compromise the computer system, not to prevent the user from performing the tasks he/she wants. That's why Server 2008, as well as OSX and almost every Linux distribution has a similar feature.
anandtech02148 - Tuesday, October 27, 2009 - link
Of all things, multiplayer pc gaming is not mention in windows 7 (10,000 beta testers they say), and apparently Punkbuster is the defacto use for pc multiplayers and the majority of the developers.Consumers will like windows 7, the level of shine and sleek looking is pretty close to MacOs even themes,background on win7 is enjoyable compare to the years of dull blue windows.
but what the crap, how long will i have to wait for a patch for this punkbuster.
haplo602 - Tuesday, October 27, 2009 - link
it seems to me that if Linux did what MS does with marketing, we'd have a new major Linux version every year :-) (under Linux I mean a distro like Suse or Ubuntu).too much hype about too little a change. basicaly they are milking $$$ out of people for performance that should have been in Vista and naming it Windows 7 ... yeah ... More like Vista SP1 that this should have been.
anyway I don't see a reason to upgrade from XP (moving to Linux completely on my next new HW build anyway).
Also, to the folks complaining about missing codecs, mail client and whatnot. MS is essentialy stupid. If they followed the Linux distro model, they could just sell the core OS to OEMs and let them create distributions with any applications the OEMs like. This way they get around the anti-trust issues and also get rid of supporting the distributions. but guess they are too stupid to do that.
Chlorus - Tuesday, October 27, 2009 - link
"Also, to the folks complaining about missing codecs, mail client and whatnot. MS is essentialy stupid."Yeah, because the distro vendors make so much money! Oh wait...
alpine18 - Tuesday, October 27, 2009 - link
In 1995 I remember talking to an older guy that worked at Radio Shack about Windows. He said he'd never upgrade from Windows 3.1 to Windows 95 because he said the memory usage was wasteful, and because even the OK buttons took up 16K of memory each.Over the years have I often wondered if he is still running Windows 3.1.
xrror - Tuesday, October 27, 2009 - link
Problem is, he was right...It's wasn't so great to watch your decked out 4mb 386 that worked well in win3.11 choke horribly just trying to load the win95 taskbar.
Then again, it didn't really help that Microsoft was saying win95 worked fine with 4mb ram. Note fine doesn't imply being able to use more than one application at once.
heh, no the real question is if he is still running win3.1 exclusively
mejobloggs - Monday, October 26, 2009 - link
I have Vista... And from what I can see in this article, there is no point in upgrading to Win 7I'd upgrade for $20 or so, but anything more seems a waste of money