Windows 7 Hate to say it but Windows 7 sucks in my experience

Status
Not open for further replies.
So-called pro like yourself should know how to correct those issues very easily... the forum is full of such useful tweaks, yet you clearly never even disabled UAC... lmao if you can't even do that you have no call judging the stock defaults as the only way to do things, try googling the god folder, suddenly all your prayers are answered, but I guess you ARE the luddite I thought you where if that's the best excuses you have for rubbishing Windows 7.
 
So-called pro like yourself should know how to correct those issues very easily... the forum is full of such useful tweaks, yet you clearly never even disabled UAC... lmao if you can't even do that you have no call judging the stock defaults as the only way to do things, try googling the god folder, suddenly all your prayers are answered, but I guess you ARE the luddite I thought you where if that's the best excuses you have for rubbishing Windows 7.

I don't actually remember calling myself a pro, but if you think I did at some point...

I did disable the UAC before I installed Firefox. You know what happened? I couldn't install firefox until I re-enabled the UAC. Not being able to install software on my own computer until I've jumped through enough hoops and said "Yes I'm Sure" enough times isn't an improvement.

I looked at the so-called "god folder". Big whoop, It's just the control panel in one window. The "god folder" does nothing about grouping folders alphabetically does it? No, because it's beyond the ability of Windows 7. All of my music is on an external hdd. If I want to listen to Devo, I want to look in the D's... not in the middle of the A-H block. I'm sorry if you feel this is an improvement. The "god folder" doesn't let you upgrade to media player 10 does it? No. What does MP10 do that 12 doesn't? Let's see. You can see the album artist, album title, full size (in my case 500x500) album art, song titles, song length, total album play time, bit rate... oh yeah, I almost forgot, I can change the background color. Nothing says improvement to you like lack of information and choice I guess.

I gave Windows 7 a fair shake. A few times actually. I just don't see how something that takes up 4x the space, uses 2x the system resources and lets you do 1/2 as much is an improvement. It isn't a user friendly OS, it's user safe. I imagine the thinking was something like this... "If we don't let them do anything, they can't break anything."

I'm not opposed to change when the change is for the better. Windows 7 (or if you prefer, Vista SP2) is NOT an improvement to XP.

Now you tell me... how exactly, as you put it, "all they have done is improve things"
 
........I'm not opposed to change when the change is for the better. Windows 7 (or if you prefer, Vista SP2) is NOT an improvement.......

Off topic perhaps & pardon my butting in... but you sound a tad like me.
I have 2 laptops here on my desk. Both purchased as new with high end specs & each with a new OS - One Vista Ultimate 64-bit the second Win7 Ultimate 64-bit { ALIAS VISTA SP3}
My preference is to use the Vista lappy on a daily basis.

I wouldn't go so far to say Win 7 sucks but it is not my preferred choice.
 
I had exactly the opposite experience. Purchased a new laptop with Vista pre-installed from Dell and it was a nightmare. I wanted to downgrade to XP but was told it would void my warranty so I took the only option left and clean instlled Win 7 beta. I have not looked back. Search works, drivers are available, sidebar, and more efficient given the same hardware. Sure it isnt perfect but I am used to that.

My parting comment time marches on, support for vista ends soon, and sooner or later users will migrate to win 7 IMHO
 
There are some issues with the Sandy Bridge architecture on newer laptops because the drivers on the SP1 disc and Retail/OEM original copies don't have compatibility for USB3, the new unprecedented architecture, and so forth. By today's standards (July 2011), Windows 7 is actually an old operating system on install. This makes it impossible to install Windows 7 via USB3 flash drives. All clean installs need proper drivers after the fact. For Intel boards once you have the Intel INF Chipset drivers, Intel Rapid Storage Technology, and the video/graphics and audio drivers for your system, you are usually good. For USB3 they are sometimes on a non-Intel controller (JMicron is a good example here). This is the only place I've experienced issues.

BSODs can be cured - without specifics and just saying "Ahh I'm getting blue screens, I should go back to XP" - you put yourself into a tough spot and that includes an unwillingness to adapt to technology changes. Windows 7 shipped with more compatibility drivers for more devices than any other operating system in history. At the end of the day, it is up to the manufacturer of these devices to support their hardware. Admittedly when we are looking at blue screens, most of them are caused by faulty/crappy drivers when its not a software or hardware issue directly. The Dell 15z laptop on sale now is a great example: A clean install is difficult because the OS is kind of clunky without drivers. Once you install drivers after the clean install process, including drivers for the integrated Intel graphics adapter and the NVIDIA card you are good. Manufacturers are starting to build systems with an integrated video card just for Aero and the desktop experience to save battery life / electricity and then add on the dedicated card for video editing, graphics, and gaming support.

Because Windows 7 is fairly pre-USB3 and pre-Sandy Bridge you are going to run into problems with new hardware on a clean install. But with best practices, we collect a list of drivers we need post-install and work our way from there. This should help avoid BSODs altogether. Using premium software is also key - software like ZoneAlarm and other security apps that try to integrate into the HAL (Hardware Abstraction Layer) usually cause more harm than good. Look at our BSOD forum and you will see how many crashes we are getting from people using ZoneAlarm combined with anti-virus software like McAfee or some other solutions. These are heavily advertised in the marketplace, but cause conflicts and hardly secure the system any way.

An informed user running Microsoft Security Essentials and Malware Bytes, could probably get away with never seeing a virus. Users looking for a more robust option could use ESET Smart Security or just NOD32. I use ESET SS with the firewall feature disabled and it has worked great for years. You should see the quarantine list on a friend's computer.

Over all, I don't see how you can say Windows 7 is inferior to Vista or XP. It can run on nearly the same hardware as XP and the security is bolstered 10-fold. Let's not even go into Vista because hardware compatibility was turned into a joke by late manufacturers. Its a good OS but its bulky. Windows 7 reduces that bulk. Best practices with Windows 7 and you will have a great computing experience. Start thinking ahead, use quad core procs, get boards with USB3 and eSATA, start looking into touch screens. Forward looking custom-built systems will last much longer than cheap throw-away hardware. If you build a computer for $200-$300 you're going to experience lag, freezes, and the problems associated with having a bottle-necked computer. I would not build a new system today that did not have at least 4GB+ DDR3, SSD, and a mid-level gaming graphics card. Doing so would be irresponsible and a gigantic waste of money.
 
"...you put yourself into a tough spot and that includes an unwillingness to adapt to technology changes" But there are no technological changes here. At least none for the better. They've made the colors a bit brighter and the corners a bit rounder I admit, but it's twice a hard to actually find anything and at least 4x bigger. Everyone keeps saying how much better Windows 7 is, but they never say how.

"Windows 7 shipped with more compatibility drivers for more devices than any other operating system in history." Great... but I only have one printer. Why do I need every printer driver under the sun on my computer? Oddly enough, when I bought my printer it came with the drivers. Imagine that. Is this another reason why Windows 7 is so big?

"A clean install is difficult because the OS is kind of clunky without drivers." Harder to install on a completely blank hard drive? Now I am convinced.

"An informed user running Microsoft Security Essentials and Malware Bytes, could probably get away with never seeing a virus." I've never run updates on my XP machine. Why, you ask? Because for every 1 update to fix a "security leak" it creates 10 more leaks, needing 10 more fixes, and on and on it goes. ZoneAlarm firewall and a good anti-virus is all you need. I also use Malwarebytes and SuperAntiSpyware. I have never had a virus that I can remember, (apart from a few back before I had at least an idea of what I'm doing). Windows 7 isn't more secure than XP, just bigger.

"I don't see how you can say Windows 7 is inferior to Vista or XP. It can run on nearly the same hardware as XP and the security is bolstered 10-fold." If by security you mean having to say "Yes I'm Sure" over and over... Being able to do almost as much while being 4x the size...

"Start thinking ahead, use quad core procs, get boards with USB3 and eSATA, start looking into touch screens." This is all well and good, but most people buy their PC at one of those brick and mortars. And if they go into a Best Buy, well, they're doubly screwed. Most people will also never benefit from a Quad. For many people, their PC is for e-mail and Facebook. This is who Windows 7 was made for. The Facebookers. USB3 and eSATA are external and have no impact on the performance of the PC. Touch screens? You think those will catch on? Do you have one?

"If you build a computer for $200-$300 you're going to experience lag, freezes, and the problems associated with having a bottle-necked computer." This isn't true. It might be slower, but it'll run just fine. I know, I tried it. (and I'm not just making that up. Or that.) You can also fix bottle-necking in the bios. I have 4GB DDR2 800 in my XP machine. I under-clocked it to 667, raised my FSB to 400 bringing my memory back to 800 and my INtel e6750 from 2.66 to 3.2. My FSB/DRAM ratio is now 1:1. No bottle-neck.

"I would not build a new system today that did not have at least 4GB+ DDR3, SSD, and a mid-level gaming graphics card. Doing so would be irresponsible and a gigantic waste of money." Depending on the timings, DDR3 memory is no faster than DDR2. Just because 3 is bigger than 2, that doesn't make it better. SSD drives wil make no difference to the Facebookers of the world, they just cost more. How would that be "irresponsible? An odd choice of word.
 
"If you build a computer for $200-$300 you're going to experience lag, freezes, and the problems associated with having a bottle-necked computer." This isn't true. It might be slower, but it'll run just fine. I know, I tried it. (and I'm not just making that up. Or that.) You can also fix bottle-necking in the bios. I have 4GB DDR2 800 in my XP machine. I under-clocked it to 667, raised my FSB to 400 bringing my memory back to 800 and my INtel e6750 from 2.66 to 3.2. My FSB/DRAM ratio is now 1:1. No bottle-neck.


I also overclock but overclocking isn't for your average windows user. The average user wants stabilty and speed, so I normally recommend they over spec their machine so it'll last. Most of windows 7's problems from my point of view are old drivers the oem's use in their install images. It has always amazed me when some ones building a pc they'll use the drivers that come with the mobo etc. When I built my current machine. I assembled it and then used my laptop to grab the latest drivers. Not had one single problem with windows 7 and Vista before it.
 
"...you put yourself into a tough spot and that includes an unwillingness to adapt to technology changes" But there are no technological changes here. At least none for the better. They've made the colors a bit brighter and the corners a bit rounder I admit, but it's twice a hard to actually find anything and at least 4x bigger. Everyone keeps saying how much better Windows 7 is, but they never say how.
There are plenty of new features to go around in every new release of Windows. Working in an enterprise environment, we witnessed plenty of total mayhem with Windows XP computers. In every possible way, their security was compromised, and this was the result of exploitation of an open system.

"Windows 7 shipped with more compatibility drivers for more devices than any other operating system in history." Great... but I only have one printer. Why do I need every printer driver under the sun on my computer? Oddly enough, when I bought my printer it came with the drivers. Imagine that. Is this another reason why Windows 7 is so big?
Windows 7 is smaller on disc and on ISO than Windows Vista. The kernel is actually smaller, and so are the number of pre-installed applications.

A complete copy of Windows 7 64-bit with Service Pack 1 in ISO format is 3.09 GB (3,319,478,272 bytes). Windows Vista with Service Pack 1 is 3.59 GB (3,861,460,992 bytes).

"A clean install is difficult because the OS is kind of clunky without drivers." Harder to install on a completely blank hard drive? Now I am convinced.
This is going to happen whenever you install an operating system on a machine that was created with parts that were designed after the operating system was released.

"An informed user running Microsoft Security Essentials and Malware Bytes, could probably get away with never seeing a virus." I've never run updates on my XP machine. Why, you ask? Because for every 1 update to fix a "security leak" it creates 10 more leaks, needing 10 more fixes, and on and on it goes. ZoneAlarm firewall and a good anti-virus is all you need. I also use Malwarebytes and SuperAntiSpyware. I have never had a virus that I can remember, (apart from a few back before I had at least an idea of what I'm doing). Windows 7 isn't more secure than XP, just bigger.
Nearly everything Microsoft does after the release of an operating system is now based on securing the operating system. Please familiarize yourself with SDL.

What was changed in Windows 7 security?
  • Windows 7 is built upon the security foundations of the Windows Vista® operating system while improving auditing and the User Account Control (UAC) experience.
  • Windows 7 helps IT control what software can run in their environment with AppLocker™.
  • Windows 7 enhances the core features of BitLocker™ Drive Encryption with the introduction of BitLocker To Go™ for removable storage devices.
"I don't see how you can say Windows 7 is inferior to Vista or XP. It can run on nearly the same hardware as XP and the security is bolstered 10-fold." If by security you mean having to say "Yes I'm Sure" over and over... Being able to do almost as much while being 4x the size...
Windows 95 is a 5.46MB zip file. By this logic, we should continue using this operating system. I think most mainstream IT personnel would agree that this is not the proper way of evaluating the usability of an operating system. Most businesses today are still using Windows XP for cost and training reduction reasons. IT departments are not willfully withholding new technology from employees that they know can improve their management role. The problem is that adoption of new operating system technology takes place en-mass when application development becomes impossible for the previous operating system. It almost never has anything to do with feature set, performance, or security (which it should).

"Start thinking ahead, use quad core procs, get boards with USB3 and eSATA, start looking into touch screens." This is all well and good, but most people buy their PC at one of those brick and mortars. And if they go into a Best Buy, well, they're doubly screwed. Most people will also never benefit from a Quad. For many people, their PC is for e-mail and Facebook. This is who Windows 7 was made for. The Facebookers. USB3 and eSATA are external and have no impact on the performance of the PC. Touch screens? You think those will catch on? Do you have one?
I use touch screen devices all the time. I use USB3 and eSATA to backup my files. The next decade will involve surface and touch technology. While there will always be a role for the keyboard and mouse, development for HIDs is moving ahead because that is what is attracting consumers. Consumers will be buying touch screen enhanced phones, tablets, and other ARM/RISC-based devices well into the future. The first dual-core cell phones have already been rolled out.

"If you build a computer for $200-$300 you're going to experience lag, freezes, and the problems associated with having a bottle-necked computer." This isn't true. It might be slower, but it'll run just fine. I know, I tried it. (and I'm not just making that up. Or that.) You can also fix bottle-necking in the bios. I have 4GB DDR2 800 in my XP machine. I under-clocked it to 667, raised my FSB to 400 bringing my memory back to 800 and my INtel e6750 from 2.66 to 3.2. My FSB/DRAM ratio is now 1:1. No bottle-neck.
I can run a Commodore Amiga perfectly as well, but the point would be I don't use it anymore. The production work I still do requires more than 3.5GB of RAM so I need a 64-bit operating system. I won't run Vista because secure as it is, it still does not manage resources as well as Windows 7. I can install Windows 7 32-bit on an under-powered netbook with a first generation Atom processor and minimal RAM and it runs just as well as Windows XP. Mind you, not everyone can overclock, but the ones who do aren't doing it to run an operating system that lost mainstream support from the manufacturer two years ago. That's right: Windows XP lost mainstream support 4/14/2009 and will lose all extended support in 2014. There will never be another service pack for workplace deployment for Windows XP. Windows XP has no DirectX 11 support and suffers from severe kernel-level vulnerabilities. The fact that you "have never patched your operating system" should be cause for concern.

"I would not build a new system today that did not have at least 4GB+ DDR3, SSD, and a mid-level gaming graphics card. Doing so would be irresponsible and a gigantic waste of money." Depending on the timings, DDR3 memory is no faster than DDR2. Just because 3 is bigger than 2, that doesn't make it better. SSD drives wil make no difference to the Facebookers of the world, they just cost more. How would that be "irresponsible? An odd choice of word.
When the system crashes, people wonder why. They bring it to a store, and the magician repairs all of the parts for X price. For those of us who want efficiency or want to bring efficiency to a workplace environment, this involves using better technology. Devices with non-moving parts are a part of that equation. DDR3 has an 8-burst prefetch buffer which is superior to DDR2 and allows for more high bandwidth data transfer. This is the same reason performance systems need better L1 and L2 cache on the northbridge. Its the same concept. DDR3 is simply faster and it is a factually inaccurate statement to say its "just as fast". It can be just as fast if you buy DDR2 modules and overclock them until you can cook breakfast on them, but they're not just as fast or just as good as DDR3.

Obviously we won't agree on these issues, and I understand your desire to continue to run Windows XP in your solemn environment. However, recommending this to a business at this point in time, or a group of unskilled computer users is disastrous. There are a lot of people out there that really do know nothing about computer systems and the basic security that is provided in Windows 7 can prevent bot nets and major security holes in a business environment. Windows XP is becoming a legacy operating system, and whether you like it or not, this will be difficult for mainstream computer users to deal with over the coming years. The alternative that you would suggest is that everyone just stay with Windows XP forever. What this would lead to is stagnation in technological development as a whole when it comes to hardware and software.

Windows 7 is based on Windows Vista, which was based on the Windows XP kernel. Windows Vista substantially improves the security for the end-user by providing user account control, service hardening, and the implementation of security as the end design goal. I urge you to read this document on how security has been improved since Windows XP:

Download Details - Microsoft Download Center - Windows Vista Security Enhancements

Windows Vista is the first Windows client operating system to be developed using Microsoft’s Security Development Lifecycle (SDL), which makes security a top priority throughout the development cycle by mandating a repeatable engineering process that every developer must follow, and then verifying that process before product release.

Starting in 2003, Microsoft established strong internal security design and development processes to help engineering groups create more secure products. A special internal team—called the Secure Windows Initiative (SWI) team—was formed to create, oversee, evangelize, and enforce the process.
The SWI team, which comprises security experts from the Windows group and from across Microsoft, helps the company’s product groups focus on potential security threats and acts as a central internal security consulting group.

The SWI team developed the SDL to ensure a consistent framework for integrating security broadly across the company’s products. The SWI team operates at every level of the company, including helping executives understand current and future threats and working with Microsoft Research to help develop new defensive technologies and security analysis tools. The SWI team is also working with many independent software vendors (ISVs) to help them make their products more secure by applying SDL principles and tools.

The SDL is an evolving process that implements rigorous standards of secure design, coding, testing, review, and response for all Microsoft products. The SDL helps remove vulnerabilities and minimize the surface area for attacks, improves system and application integrity, and helps organizations more securely manage and isolate their networks.
Building on lessons learned from applying the SDL to other Microsoft products, security reviews and engineering practices associated with previous versions of Windows, and analysis of Microsoft Security Response Center (MSRC) bulletins, Windows Vista was the first Microsoft client operating system to be developed from start to finish using this approach.

Microsoft created more than 1,400 threat models for Windows Vista to ensure identification of risks that required mitigation, code that needed special attention and parts of the operating system that required especially intensive testing. The SWI team provided product teams with training and tools to support the threat modeling process, and the team reviewed the threat models for completeness and depth.

Throughout the development process, Windows Vista was checked for vulnerabilities that were previously discovered in Windows XP, and security processes and tools for both operating systems were reevaluated and improved.

Automation was a key focus in this engineering process. For example, the product groups used two tools developed by Microsoft—known as PREfix and PREfast—to identify source code vulnerabilities not found by typical compilers. The tools integrate cleanly with the build process, reduce development time, streamline code review, and help improve overall quality and reliability.

The Windows team annotated all Windows Vista functions containing readable or writeable buffers using the Standard Annotation Language (SAL), which allows these automated code quality tools to evaluate the consistent use of variables and buffers and helps developers detect and remove exploitable coding errors.
The team extensively “fuzz tested” components of Windows Vista that parse or process inputs from potentially hazardous sources. Fuzz testing automates the process of supplying corrupt or malformed data to these components to see how they deal with potentially malicious inputs.

Fuzz testing is effective at detecting vulnerabilities that an attacker could exploit to run malicious code or cause a software component to fail. Fuzz testing on particularly complex parsers was complemented by a security code review and a deeper level of SAL annotations.

Another Microsoft-developed tool, called FxCop, scans managed code applications for vulnerabilities and helps prevent malicious code from taking advantage of buffer overruns in applications. In addition, the Microsoft Visual C++® 2005 C runtime library adds buffer checks to functions that are known to be vulnerable to attack. These tools were initially developed for internal use at Microsoft but are also available to the developer community in Visual Studio® 2005.

The Windows Vista code base was also scrubbed for issues that commonly lead to security vulnerabilities. All instances of cryptographic algorithms, for example, were reviewed to assess weaknesses in algorithm choice or key strength. More than 100 programming APIs that had been maliciously exploited in the past were systematically removed from the code base and replaced with more secure versions. In addition, non-Microsoft components in Windows Vista were reviewed against the SDL.

Microsoft also provides detailed guidance on the SDL for ISVs that are creating products to run on Windows Vista and for the worldwide security community, to enable others to improve the security of their products.
The impact of the SDL

Microsoft’s in-depth analysis of vulnerabilities in Windows XP, several Linux versions, and Mac OS X Tiger has provided a solid context in which to view the first 90 days of Windows Vista.
Security is a process

Complementing the SDL is Microsoft’s unparalleled worldwide security response process operated through the Microsoft Security Response Center (MSRC). When a security incident poses a threat to customers—whether it is an Internet-based attack or narrower in scope—the MSRC quickly mobilizes teams across the company and around the world, including affected product teams, Microsoft’s Product Support Services (PSS), Microsoft IT, and external partners. The goal is to respond quickly to security threats and to provide customers with the information, guidance, and mitigation tools and measures they need.

As soon as a potential vulnerability is reported, the MSRC works to establish a strong communications channel with independent security researchers. The MSRC provides regular updates to individuals and organizations that report vulnerabilities. In the bulletins that accompany vulnerability updates, the MSRC publicly recognizes many security researchers for their vigilance and responsibility. Relevant security findings and responses are integrated into the SDL. Because detailed public disclosure of a vulnerability before an update is available can lead to malicious activity and expose customers to security threats, the MSRC encourages security researchers to report their findings responsibly to minimize the potential impact on customers.

In Windows Vista, engineering for security also means supporting technologies that help non-Microsoft developers write more secure code and help protect the operating system kernel from malicious software.
Windows service hardening

System services are background processes that are always running, to support key functionality in the operating system. Because of their importance, and because they typically run with high system rights, they have been a major target for malicious software attacks. A malicious attack that exploits system services can cause problems by running arbitrary code with administrator rights on the user’s computer. The Slammer, Blaster, and Sasser worms all targeted system services.

To mitigate this threat, Windows Vista has introduced the concept of restricted services, or service hardening. Restricted services can run under only the most restrictive rights possible, and they limit their activities to the minimum local machine or network resources they require to fulfill their task.

Windows service hardening is also designed to be used by ISVs. Microsoft is actively evangelizing the technology to ISVs to help ensure that the service components they write will be more secure when running on Windows Vista. The Windows service hardening infrastructure is used by system services on an opt-in basis, so there is no application compatibility impact with previous system services, such as services that accompany non-Microsoft software.

More defense-in-depth: NX and ASLR

Another way that malicious software can install onto a user’s computer is by taking advantage of buffer overruns—essentially, tricking software into running code that has been placed in areas of the computer’s memory that are set aside for data storage.

A way to reduce the impact of such vulnerabilities is through the use of no-execute (NX) technologies at the hardware level. NX enables software to mark sections of the computer’s memory as being exclusively for data, so the processor will prevent applications and services from executing any code there.

Many of the newest processors support some form of NX, and Microsoft has included support for NX-capable processors since Windows XP SP2 through the Data Execution Prevention feature. Windows Vista introduces additional NX Group Policy controls that allow software developers to enable NX hardware protection for their code, independent of system wide compatibility enforcement controls. An ISV can mark its program as NX-compliant when the program is built, which allows protection to be enforced when that program runs. This enables a higher percentage of NX-protected code in the software ecosystem.

Address Space Layout Randomization (ASLR) is another defense capability in Windows Vista that makes it harder for malicious code to exploit a system function. ASLR randomly assigns executable images, such as DLLs and EXEs, to one of 256 possible locations in memory. This makes it harder for malicious code to locate and take advantage of functionality inside the executables.

Windows Vista also introduces heap buffer overrun detection that is even more rigorous than that found in Windows XP SP2. When the operating system detects signs of heap buffer tampering, it can immediately terminate the affected program, limiting the damage that might result. This protection technology is enabled for operating system components, including built-in system services, and can be used by ISVs through a single API call.
64-bit security enhancements: Kernel patch protection and driver signing

Some of the most serious security issues can arise from malicious software that manipulates the operating system kernel to render itself undetectable to anti-virus software and to run unnoticed on a user’s system. This type of malicious software is known as a rootkit. Rootkits are often used to cloak other potentially unwanted software, such as bots and spyware. Beyond the serious security implications of rootkits, this class of malicious software can reduce the stability, reliability, and performance of the entire computer.

Kernel patch protection. The 64-bit versions of Windows Vista support Microsoft’s kernel patch protection technology (sometimes referred to as PatchGuard), which prevents unauthorized software from modifying the Windows kernel. Kernel patch protection works by preventing kernel-mode drivers from extending or replacing operating system kernel services through unsupported means and by prohibiting all software from performing unsupported patches in the kernel. In addition to improving security and making it more difficult for hackers to modify the kernel for malicious purposes, kernel patch protection also greatly improves the security and reliability of Windows Vista and enables future improvements in the kernel environment that can address the evolving landscape of malicious software.

Mandatory kernel module and driver signing. To give users visibility into the source of drivers and other software running in the operating system kernel, Microsoft introduced the concept of “signed drivers” with Windows 2000. Unsigned drivers could be prevented from installing, but the default configuration merely warned users if they were about to install an unsigned driver. IT administrators could also block installation of unsigned drivers with Group Policy, but the large installed base of unsigned drivers made this impractical in most situations. Malicious kernel software typically tries to install “silently,” without notifying the user or asking for approval, so malicious kernel software was still likely to run successfully.

With Windows Vista on 64-bit systems, security at the kernel level has been significantly enhanced by requiring that all kernel-mode drivers be digitally signed. Digital signing provides identity as well as integrity for code. A kernel module that is corrupt or has been subject to tampering will not load. Any driver that is not properly signed cannot even enter the kernel space.

Signed drivers help identify and prevent many malicious attacks, while allowing Microsoft to help non-Microsoft developers improve the overall quality of drivers and reduce the number of driver-related crashes.

Windows Vista provides a rich set of customizable new user, network, and application security options that administrators can configure to balance their security needs with their usability requirements. These provide security oriented choices for controlling user accounts, defending against malicious software, and supporting multiple authentication methods.

User Account Control (UAC) in Windows Vista provides a way for IT administrators to separate standard user rights and tasks from those that require administrative rights. UAC increases security by establishing a standard user account with an improved user experience as the default user access level. Standard users can perform a wide range of tasks and enjoy high application compatibility without the need to be logged in with administrative rights. This helps reduce the effect of malicious software, the installation of unauthorized software, and unapproved system changes—all of which helps to reduce the cost of desktop management.

When a standard user attempts an action that requires administrative rights, the User Account Control dialog box prompts the user for administrator account credentials. Administrator account credentials include the user name for a user account that is a member of the Administrators group on the local computer or in a domain and that user’s password. This dialog box prompt is known as a credential prompt because it requires credentials from another account to proceed. Much has been written about credential prompting and UAC, but the bottom line is that, when best practices are followed, standard users will rarely see the credential prompt after they install their favorite applications.

UAC best practices can be summed up as follows:

Run all users as standard users. Enterprise environments should require all (or most) users to be standard users. Home users should make the first user account a parental account (even on a child’s computer) and protect it with a strong password. All other user accounts for the family—especially for children—should be standard user accounts.

Enable administrator approval mode and consider the use of Ctrl-Alt-Delete. Enterprises should require a password for the use of administrator approval mode. This makes it harder for malicious users to “spoof” the system and also makes it difficult for an unauthorized person to complete an administrative task on a computer that is left unattended. Another option is to require that the Ctrl-Alt-Delete key sequence be used before an administrator can enter credentials to complete a task.

Over the past several years, malicious software has become a major problem for computer users. Unwanted malicious software is found on more than two-thirds of all computers, and it is putting users’ privacy and personal information at risk, as well as causing significant performance and reliability issues.
Windows Defender, built into Windows Vista, helps protect against and remove a wide range of malicious software, including spyware, adware, rootkits, bots, keystroke loggers, and control utilities. (Windows Defender does not provide protection against malicious software that is classified solely as a worm or a virus.)

In Windows Vista, Windows Defender helps protect against unwanted application installation and monitors aspects of the operating system commonly abused by malicious software, such as the Startup folder and the Run registry keys. If an application attempts to make a change to one of the protected areas of the operating system, Windows Defender prompts the user to either allow or reject the change. Windows Defender also provides a feature called Software Explorer, which provides users with additional visibility into a computer’s software and system state. This is a significant improvement over previous versions of Windows, in which stopping or disabling malicious software sometimes involves investigating the system registry or conducting other complex analysis. Windows Defender also logs activity, such as cleaning and removal events to the Windows event log, which enables administrators to keep updated on the status of the computer.

Windows Vista provides firewall functionality that is turned on by default and begins protecting a user’s computer as soon as Windows starts. The Windows Firewall includes both inbound and outbound filtering and can prevent unexpected data messages from leaving the computer. It also allows IT administrators and home users to block applications, such as peer-to-peer sharing or instant messaging applications, from contacting or responding to other computers. In response to feedback from customers and third-party security vendors, Microsoft has made improvements to the Window Security Center in Windows Vista, including displaying the status of anti-spyware software, Internet Explorer security settings, and User Account Control.

In fact, Windows Security Center can monitor multiple ISV security solutions running on a computer and indicate which are enabled and up-to-date. If a non-Microsoft anti-virus or anti-spyware solution is out-of-date, Windows Security Center provides a link to the program’s Web site so that the user can activate or renew a subscription or get the necessary updates. This new capability is important when, for example, a trial subscription to an anti-virus solution that came with a new computer expires. Knowing when security software is turned off or out-of-date, and being able to easily download updates, can mean the difference between being protected and being vulnerable. One of the biggest challenges IT administrators face is ensuring that the computers on their network have all the necessary security updates and meet the network’s health requirements.

As more networks encompass users’ laptops and home computers, which often are not under the administrator’s direct control, the risk of exposure to viruses, malicious software, and other security threats grows. In fact, many attackers create malicious software specifically to target “out-of-date” computers. Network Access Protection (NAP) is a network access control system that lets IT administrators ensure that only “healthy” computers connect to their network, while enabling potentially unhealthy computers to get clean before they gain access. The NAP client in Windows Vista simplifies the enforcement of network health policies and protects against malicious network attacks by enabling organizations to establish requirements for client health status, such as current software updates and up-to-date virus scanner signatures, and enforcing those requirements when the client connects to the network. If a client computer does not meet health requirements, NAP can automatically update the computer or direct it to a separate “quarantine” area where the user can remedy the situation. NAP can be extended and provides an infrastructure and API for health policy enforcement. Independent hardware and software vendors can plug their security solutions into NAP, so IT administrators can choose the security solutions that best meet their needs. NAP also helps ensure that every computer on the network makes full use of those solutions. NAP requires functionality and support from the Windows Server Code Name “Longhorn” operating system.

Many organizations and software vendors are choosing to supplement passwords or smart cards with additional authentication factors, such as biometrics or one-time passwords. In previous versions of Windows, implementing these factors often required developers to rewrite the Graphical Identification and Authentication (GINA) interface—a difficult and expensive process. It also was not possible to use multiple GINAs simultaneously. In Windows Vista, the logon architecture has been redesigned to make it easier to support new types of credentials. Supporting new credential types requires creating a new credential provider; the Windows logon user interface can interact simultaneously with multiple credential providers to make use of different authentication methods, including biometrics and tokens from non-Microsoft credential providers. Customers can enhance their security by choosing the appropriate combination of authentication methods. Developers can also easily implement future authentication methods into the existing architecture. The new logon architecture also enables credential providers to be event-driven and integrated throughout the user experience. For example, the same code that is used to implement fingerprint authentication at the Windows logon screen can be used to prompt for a fingerprint when the user tries to access a particular resource.

The same prompt also can be used by applications that use the new credential user interface API. In addition to these security benefits, the new logon architecture improves overall system reliability and stability since functions that were not essential to the logon process have been moved to separate processes in the operating system. Many organizations are further enhancing security by using a smart card with a personal identification number (PIN) as their preferred two-factor authentication method in place of passwords. Microsoft has provided native operating system support for smart cards since Windows 2000. However, previous versions of Windows required IT administrators to deploy and maintain additional components to support their smart card infrastructure, such as cryptography modules and communications support for smart card readers. Windows Vista includes new advances in its smart card infrastructure that make the process dramatically simpler, more secure, and less error-prone. A common cryptographic service provider (CSP) implements all the standard back-end cryptographic functions that hardware and software developers need. In addition, integrated non-Microsoft smart card modules make it easier to rapidly deploy a smart card solution and enable secure, predictable communication between the CSP and other components of the smart card infrastructure.

Microsoft is also working with partners to ensure that major smart card vendors are familiar with this new architecture and are developing smart card modules for Windows Vista. This effort includes a process to certify smart card modules to validate their quality, and to ultimately make them available with Windows Update. This initiative will provide customers with better quality and ease of use for their smart card deployments. These enhancements complement other improvements to the smart card infrastructure in Windows Vista, including improvements to the Kerberos authentication protocol, which reduces the need for smart card users to reenter their password when accessing certain resources. The customizable security features in Windows Vista also include new and improved technologies for advanced data protection, rights management, and data encryption on client computers.

Yes, there have been improvements in security. It is a more secure operating system. Windows 7 was all about complimenting the security that came with Windows Vista's development with performance improvements. New generations of games and audio/visual/graphic intensive applications are designed around DX11. You are using a kernel that hasn't had a significant change since October 2001. The reality is Windows 7 is the same as Windows XP. It is the same kernel. It just has 8-9 years of development on your old OS. This is the reality. Recommending that people stick with XP is a bad idea for countless reasons. If you are going to stay on XP, do the rest of the Internet a favor and unplug the ethernet cable. (Maybe it's Cat3?)

This is an argument that will never end, but I assure you that changes have been made an urge you to read about both SDL, Microsoft's life-cycle practices, and the documents I have linked to you above. Come back to me and tell me XP is a better system.
 
"I did disable the UAC before I installed Firefox. You know what happened? I couldn't install firefox until I re-enabled the UAC. Not being able to install software on my own computer until I've jumped through enough hoops and said "Yes I'm Sure" enough times isn't an improvement.

Hi

This is the kind of thing that I don't understand.
I have the UAC turned off on my computer so...

Just for the hell of it I downloaded Firefox and tried to install it.

In less then 90 seconds from the time I hit the download button I had Firefox downloaded installed and open and running.

I didn't have to turn on the UAC or have any other problems with it.

There have to be something going on here that has some elements beyond the operating system.

I'm always seeing posts that say that something doesn't work in Windows 7, when I find that it works fine on my computer.

It's the old Apple argument.

If they had to run the Apple operating system on every computer that every discount computer manufacture or basement assembler puts together, then it wouldn't be any more reliable then Windows.

For myself, I found that Windows 7 worked better even on my old 5 year old computer then Windows XP.
On my new computer which is powerful enough to take advantage of the features it wouldn't make any sense at all to run XP.

I haven't had problems running anything in W7, not even my old Tomb Raider games from the 90s.

The only problems I have had at all relate to running things in 64 bit as opposed to 32 bit.
And even that was only 2 programs, Adobe InDesign CS2 and the computer game the Witcher, both of which ran fine in W7 32 bit on my old computer.

I think the hand holding goes too far, you shouldn't have to run an app like "Grant Admin Full Control" to access folders that you created yourself the day before but on the whole it's still a big improvement.

Mike
 
I agree with Mike, I disabled UAC the first thing after doing a Clean Install of W7. I have never had a problem loading any software with UAC off. I would bet 2 cents the problem is with the user as 90 percent or greater of problems are.
 
An impressive post, but you'll excuse me if I cherry pick.

"Windows 7 is smaller on disc and on ISO than Windows Vista. The kernel is actually smaller, and so are the number of pre-installed applications." But my question was if 7 is so big because it has hundreds of drivers I'll never need.

"This is going to happen whenever you install an operating system on a machine that was created with parts that were designed after the operating system was released." Referring to a difficult clean install... This has never been a problem with XP. I just got some new stuff a couple of weeks ago.

"Windows 95 is a 5.46MB zip file. By this logic, we should continue using this operating system." Well, if the other 16GB is nothing but a load of fluff, stuff like Aero, then maybe we should. I've always said I don't need an OS to try to make me say wow, I can install my own software for that.

"I use touch screen devices all the time. I use USB3 and eSATA to backup my files." Touch screen devices, yes. But the original poster said "touch screens". I assume (feel free to say what you need to say here) he was referring to tower-less pcs. As I said USB3 and eSATA are external and don't directing effect the performance of the computer.

"The first dual-core cell phones have already been rolled out." My Cowon S9 has a 500MHz dual-core, and that came out at the end of 2008. Just saying.

"Mind you, not everyone can overclock, but the ones who do aren't doing it to run an operating system that lost mainstream support from the manufacturer two years ago." Umm, ok? You're right... I didn't overclock to run XP. I did it to get my FSB/DRAM ratio 1:1. I could always lower my cpu multiplier so it isn't overclocked, but it's been running great for 3 years so what the hell. I'm not really sure why you brought this up. Also, I'm not a "gamer" so DX11 means nothing to me. I should mention that I do have SP2 on one and SP3 on another. I never do the automatic updates. I should have said that. I feel I was very misleading and I apologize.

"When the system crashes, people wonder why. They bring it to a store, and the magician repairs all of the parts for X price." Your true colors are starting to show. It sounds like you're saying PC's crash because of DDR2 and HDDs.

"The alternative that you would suggest is that everyone just stay with Windows XP forever." I'm all for change, I really am. What I'm against is bloatware. I'm opposed to having to jump through hoop after hoop. I really don't like having a 2-3 click operation turned into a 8-10 step process. This isn't progress.

"If you are going to stay on XP, do the rest of the Internet a favor and unplug the ethernet cable." Are you saying my using XP is going to give you a virus? Ok... I've just lost all respect. (Maybe it's Cat3?)" Your true colors again. I love how everyone uses sarcasm and name calling to prove their points. It really works.

By the way... Microsoft extends Windows XP downgrade rights until 2020 - Computerworld
I guess we can keep on blaming Microsoft for spreading virus then... according to you anyway.
 
First, how have they improved things? All they've done is make it twice as hard to do things, bury folders in multiple sub-folders and load up on useless crap like Aero (which does nothing but use up resources). Can you show your files and folders in groups alphabetically? No. You get blocks like A-H, and I-P... wow that is better. They did manage to hide the Quick Launch pretty good so I guess you can have that one. Media Player 12, that says enough about that. One thing I did like was every time I wanted to run a program like Ccleaner I had to say "Yes I'm Sure" and then "Yes I'm Sure I'm Sure". That made up for NOT being able to change the Start-Up sound. Hovering the mouse over the Show Desktop button in the bottom right and seeing outlines of open windows, I admit is a huge improvement... although I never really found a use for it... but then I'm not overly impressed by such things. Let's be honest, you sound like someone who needs people to tell you what you can and can't do on your own computer, and that's who Windows 7 is for.

As you can guess I am "one of those XP Luddites" because I like being able to do what I want on MY computer.

Okay this was so miss guided that I had to post a reply to it. Aero is the 3D component used for the transparency, it is also what runs the thumb nails and peak, that you mentioned. Aero Peak is the ability to look behind any windows on screen with out moving them, this is good for seeing any kind of system monitoring tool gadget you may have running on the desktop. Granted it dose take a lot of resource, but its not useless. You got a point on the grouping, point for you. Screw the quick launch, its for lazy people. Media Player 12 is really good, some of my friends use it, and it takes even pirated music and ads the digital information to it and makes it run perfect, not advocating what they are doing, just a point. The reason you have to confirm the starting of some applications, is because you give it permission to change things outside of the user area, the reason you are having to do it twice in 7 is because you are not an administrator. That is one thing they changed in Windows 7, over Vista. UAC is smarter and changes depending on your level of permissions. Disabling UAC is a bad idea, I know it is annoying, but it is needed. Say you get a new screenshot program, all it dose is run, not install required. When you run the program, it attempts to install an plugin to your web browser, with out your knowledge or you accepting it. UAC was made to stop that. If you disable UAC, that would get through. It doesn't stop there, it will watch browser extensions as well, and even extremely snoopy cookies. I loved XP and still run a copy of XP Pro SP3 on an older computer, as well as Server 2003 Enterprise R2 SP2, Server 2008 Enterprise R2. Tech people are starting to sound like wanna be gamers, "Why play BioShock, when BioShock 2 is out" Umm, cause its not an update, but an entirely new game. BTW, that was part of a real conversation that I had with a person, trying to fix the no sound on my BioShock on Windows 7 64 Bit. I have fixed it before, just cant remember how.
 
After Vista the first thing I did in Windows 7 was disable UAC and have never had problems installing anything.
Joe
 
After Vista the first thing I did in Windows 7 was disable UAC and have never had problems installing anything.
Joe

Joe, not that you will have problems installing things. I'm talking about the things that can get in through your browser, and install that way. Windows is not virus proof, and never will be. Not even virtual installs of Windows are safe, that was proved at my school, when over 150 installs of Windows got that Confliktr in one day. The idea behind it is if something comes through your browser or attempts to mess with anything outside your user directory, then you know about it. This was a great idea, don't take away the ability, just make it obvious to the user.
 
Status
Not open for further replies.
Back
Top Bottom