topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 4:33 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Windows 7 — first impressions  (Read 43940 times)

a_lunatic

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 71
  • Fulltime Single Dad
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #25 on: November 30, 2009, 11:01 AM »
However, Norton was working on a UAC white-list app that would allow one to okay a UAC prompt once & then have the system remember that app as being okay & never prompting again. I haven't heard anything about that program lately, though.

Here's one but only works with Windows 2000/2003/XP/Vista but it does NOT support 64bit :down: & I have not tried it as I only got 64bit
http://www.replaceuac.com/

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #26 on: November 30, 2009, 11:32 AM »
I seriously don't think I understand what it *is* designed to do, other than to annoy and confuse. The problem seems to be that Windows can't tell the difference between a user-initiated action and an action that's possibly unauthorized.
-tranglos
If Windows tried to differentiate between user-launched and not, malware would simply send keystrokes/mouse-movements...

Since it's pretty much impossible to launch regedit or a snapin accidentally, the prompt seems redundant.
-tranglos
Double-clicking (or malware doing ShellExecute on) a .reg file...

Then it should alert when a process tries to do somtehing fishy, not simply when the process starts. It's impossible to know beforehand whether an app has been compromised or not. Again, this is what AV/antispyware software is there to detect.
-tranglos
Full HIPS style protection is outside the scope of UAC... IMHO what UAC does and protects again is perfectly fine for what it was designed for - only thing that really bothers me about UAC is the developer side of the story (not properly documented, no clean/supported way to drop rights).

At the same time, there are no prompts when TuneUp installer registers its services, which is where a malware app could do some real harm.
-tranglos
That's because you're already running the installer with admin privileges, to have write access to %ProgramFiles%.

I just can't see a scenario where I should be prompted before I knowingly execute a known application. It serves no purpose if the app is fine, and it serves no purpose if the app is a trojan, because I cannot know that. At the very least there should be an option like "Do not prompt for this application again".
-tranglos
Keep in midn that the main benefit of UAC is protecting you from stuff that happens behind your back, combined with the fact that Windows can't (and shouldn't!) try to differentiate between user-initiated actions and programmatic actions.

Why should there be a prompt to run a spyware scanner? How is it useful? Potentially, how many people will get spooked by the warning and decide not to run the scanner after all?
-tranglos
There shouldn't be a prompt. The programmers of the spyware scanner should have programmed properly, following the age-old design guidelines that's been available since NT4... move the privileged code to a service, let the GUI run as normal user code. Presto, problem solved. Yes, it's more work for the programmers, but it's the proper way to do things, and it's been for like fifteen years.

Shame on Microsoft for not dumping the 9x line sooner, and shame on them for making the default user on NT have admin privileges until Vista.

That may well be. I still don't get why deleting items does not require admin rights, but renaming does.
-tranglos
Probably because there's some (registry setting?) to "hide" items from AllUsers on *your* user account - while renaming would try to rename registry keys / .lnk files from AllUsers.

However, Norton was working on a UAC white-list app that would allow one to okay a UAC prompt once & then have the system remember that app as being okay & never prompting again. I haven't heard anything about that program lately, though.
-Innuendo
Convenient, but a bad idea anyway. It was covered in another thread.
- carpe noctem

JavaJones

  • Review 2.0 Designer
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,739
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #27 on: November 30, 2009, 12:46 PM »
Jump Lists:
http://windows.micro.../features/jump-lists
http://blogs.zdnet.com/BTL/?p=16143

Another "Ooo, shiny and new, only available in Win7!" feature that was actually available all the way back to WinXP and maybe even Win2k, although at that time it required more work on the part of the developer (see Winamp for example). Still a cool feature though, and much more powerful and flexible in Win7 in any case.

- Oshyan

tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #28 on: November 30, 2009, 12:50 PM »
If Windows tried to differentiate between user-launched and not, malware would simply send keystrokes/mouse-movements...

Sure, but then what's the point of prompting in the first place? If I'm about to start a virus, UAC doesn't know about it and neither do I. Only my AV software will. and if I'm starting a benign app, UAC serves no purpose.

Since it's pretty much impossible to launch regedit or a snapin accidentally, the prompt seems redundant.
-tranglos
Double-clicking (or malware doing ShellExecute on) a .reg file...

There has always been a prompt for double-clicking a .reg file, and that's good. On the other hand, starting regedit without any command-line parameters is not in itself harmful. I would sooner understand a prompt before regedit tries to write to the registry. I can't accept a prompt just for starting regedit.

Maybe this is a character issue, f0dder :) None of the UAC annoyances are present on XP, of course, but there is a distant hint of the same. XP creates a folder called "System Volume Information" on every drive. If my understanding is correct, this folder is used to keep the System Restore snapshots. These folders are inaccessible to admin users - you can't see what's inside, you can't read the contents nothing. Since the folders are locked out, I don't know if defraggers or apps that show disk usage by folder can even do their work properly. Maybe, maybe not. I turn System Restore off first thing after installing XP, because I don't like black boxes on my system that take up who knows what amount of space and can't be managed by the admin. Do I trust System Restore will work when needed? Not at all.

UAC, and the other new Vista/7 "security" features are in the same league. They lock me out of things on my own system I may want to look at and know about, and I don't like that.

Keep in mind that the main benefit of UAC is protecting you from stuff that happens behind your back, combined with the fact that Windows can't (and shouldn't!) try to differentiate between user-initiated actions and programmatic actions.

So far it's only trying to protect me from starting applications I want to start. It serves no purpose on a properly maintained system. Thankfully I can turn it off :)


MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #29 on: November 30, 2009, 01:37 PM »
Jump Lists:
http://windows.micro.../features/jump-lists
http://blogs.zdnet.com/BTL/?p=16143

Another "Ooo, shiny and new, only available in Win7!" feature that was actually available all the way back to WinXP and maybe even Win2k, although at that time it required more work on the part of the developer (see Winamp for example). Still a cool feature though, and much more powerful and flexible in Win7 in any case.

- Oshyan

I like 7stacks.  But after using it for awhile I seemed to remember these little gizmos for the OS/2 Taskbar where you click it and a whole "drawer" full of icons extends(kind of like how the equalizer pops out on a Winamp skin.) Of course 7stacks using glass which makes it more fun.  But it's essentially the same salt shaker only transparent.

zridling

  • Friend of the Site
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 3,299
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #30 on: November 30, 2009, 01:53 PM »
I haven't used Win7 much in the vm I have setup for it under Linux, but my first impression was similar to others': Why the heck did they bury select pieces of the Control Panel and Device Manager? Yet I do think it's the best Windows ever.

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #31 on: November 30, 2009, 01:58 PM »
Edited: I forgot the initial line:
"I am on Vista, and doesn't yet have Win 7"
---
Does UAC on Win 7 not have a "quiet mode", like Vista has?
Snap from WinAbility:

TweakUAC-main-screen.pngWindows 7 — first impressions

I don't believe UAC ever was invented to help the user. UAC is exactly like the EULA; it is there so that in case there ever will be a trial, they can claim, "oh, but we told you so!" And that is of course all the UAC as well is for. It was solely invented so Microsoft can keep their back in the clear no matter what ugliness gets into your computer: "Oh, but we told you so!". I have not seen the UAC pop-up since the day I installed the TweakUAC™, and I never looked back. Of course, I then have other programs to do the necessary job, but they also do it much better than I could do it. Because as it was said earlier in this thread, after a while, with UAC,  you just confirm  without reading what it is you are confirming.

I don't know if any of these UAC tweakers are ready for Win 7.

---

Regarding the Control Panel. It is a good idea to have it show up as a menu, rather than as a shortcut. My Vista was installed by a third party company, which, if you will forgive me the hight, gave me this quite awesome control panel menu (in Danish):

378x4169 pixels:

MasterControl.gifWindows 7 — first impressions




-
« Last Edit: November 30, 2009, 02:11 PM by Curt »

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #32 on: November 30, 2009, 02:16 PM »
- oh, I forgot:

Theory versus Real Life:

Theory: UAC is a good idea.
Real Life:
Curt to girl friend: "Did you install the security program I gave you?"
Girl friend: "No, Windows the computer said it was dangerous"

That is Real Life!
« Last Edit: November 30, 2009, 02:19 PM by Curt »

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #33 on: November 30, 2009, 02:24 PM »
Am I the only user who is NOT annoyed by UAC? Heck, even my wife uses her vista laptop and has not complained about UAC. She has even said UAC is helpful in that it can help prevent accidental deletion of a file she didn't intend to touch. UAC in Windows 7 is far from intrusive, in my opinion. Vista was overbearing at times with UAC but this was greatly improved in 7. The problem with UAC is that most application developers, even after a few years with Vista, have not realized what is throwing these UAC prompts and have not updated their applications. I have a feeling this will change with Win7, but one can only wonder why it hasn't happened sooner.
</rant>

Nope - doesn't bother me, either. I have not had an issue with it under Vista 32 bit, Vista 64 bit and now Windows 7.

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #34 on: November 30, 2009, 02:26 PM »
2) Instead of running the application via the normal startup option set up a scheduled task to start the program at login and give the task admin rights. See http://blogs.techrep...ow-on-windows/?p=616 for details on how to do it it Vista - the same appraoch works in Windows 7.

Yes - this is what I have done and I no longer suffer UAC prompts on system start for SpellChecker or for Acronis something or other  :-[

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #35 on: November 30, 2009, 03:32 PM »
Convenient, but a bad idea anyway. It was covered in another thread.

Agreed, but I don't use that Norton program nor am I one of those people who think UAC is bad. First thing I do after installing Windows 7 is go to the Control Panel & crank UAC up to max.

Now *there* is a setting that has the wrong default value.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #36 on: November 30, 2009, 03:37 PM »
I put a shortcut to the control panel on the desktop. "System" in control panel is where youwill find 'device manager'., among other places I suppose.

One thing I like about RocketDock is by default it has buttons for Computer, Network, Documents, Control Panel and Recycle Bin. It seems like the settings get shuffled around every few Windows releases.  RocketDock makes a nice common denominator across XP, Vista, Windows7.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #37 on: November 30, 2009, 03:39 PM »
Sure, but then what's the point of prompting in the first place? If I'm about to start a virus, UAC doesn't know about it and neither do I. Only my AV software will. and if I'm starting a benign app, UAC serves no purpose.
-tranglos
If you get an UAC prompt by something that isn't an installer, you should be very suspicious. And it adds an extra barrier, your antivirus app might not have the latest-and-greates trojan in it's database.

There has always been a prompt for double-clicking a .reg file, and that's good. On the other hand, starting regedit without any command-line parameters is not in itself harmful. I would sooner understand a prompt before regedit tries to write to the registry. I can't accept a prompt just for starting regedit.
-tranglos
There's a command-line option to silently import .reg files to the registry... unfortunately, because of the way UAC is implemented, elevation is only available while starting a process - you can't temporarily gain/drop admin privilege in-process. How often do you need to start regedit anyway?

None of the UAC annoyances are present on XP, of course, but there is a distant hint of the same.
-tranglos
Not if you run it in the standard & unsafe admin-user way. If you do it properly with a limited user account, there's more annoyance than Vista with UAC.

These folders are inaccessible to admin users - you can't see what's inside, you can't read the contents nothing.
-tranglos
You don't need to poke around there, just like you don't need to delete system files. You can give yourself access with cacls.exe anyway.

It serves no purpose on a properly maintained system.
-tranglos
Sure it does, it keeps bad stuff out. I'll rather be using UAC and not suffer the performance penalty of antivirus software... (not something I'd suggest for other people though). And I like how Vista is finally forcing developers to program correctly. Again, too bad it didn't happen 10+ years ago.

Agreed, but I don't use that Norton program nor am I one of those people who think UAC is bad. First thing I do after installing Windows 7 is go to the Control Panel & crank UAC up to max.

Now *there* is a setting that has the wrong default value.
AMEN to that! :up:
- carpe noctem
« Last Edit: December 03, 2009, 04:06 AM by f0dder »

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #38 on: November 30, 2009, 08:12 PM »
Poland is now in the EU so why not simply buy it from another EU country? Under the single market I can't see that Microsoft is legally able to restrict sales within regions of Europe.

Legally they can't restrict sales, but everyone does it anyway - from MS to Amazon to Embarcadero (you can only buy Delphi from a local reseller, at really aggravating prices and no added value).

I've ordered W7HP Family Pack from the USA via a intermediary here in Australia, (who will post to other countries if you're interested :) ).  At the time, the Family Pack wasn't available in Australia and now that it is, it'll still work out cheaper to get it from the USA.

urlwolf

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,837
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #39 on: December 01, 2009, 12:27 PM »
All those people annoyed by uAC should give linux a try. sudo su is all it takes to have a shell in which to be admin, while the rest of the system is user-owned. I couldn't find a way to do this the time I was on windows.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #40 on: December 01, 2009, 12:55 PM »
All those people annoyed by uAC should give linux a try. sudo su is all it takes to have a shell in which to be admin, while the rest of the system is user-owned. I couldn't find a way to do this the time I was on windows.

There was a user-written port of it that I used on NT 4 Server.  I don't know if the author kept up with it.  Could be the same version would work.  It used sockets and the listening part of the code would only accept connection from 127.0.0.1(the local machine.)  The fellow even had a way to create elevated shortcuts for a particular task by encrypting the password similar to how Linux login does it.

Google and ye may find. :)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #41 on: December 01, 2009, 04:28 PM »
All those people annoyed by uAC should give linux a try. sudo su is all it takes to have a shell in which to be admin, while the rest of the system is user-owned. I couldn't find a way to do this the time I was on windows.

You can do that same in Windows. Set your user account to be none admin and then use "Run as Administrator" on CMD.COM

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #42 on: December 01, 2009, 06:18 PM »
All those people annoyed by uAC should give linux a try. sudo su is all it takes to have a shell in which to be admin, while the rest of the system is user-owned. I couldn't find a way to do this the time I was on windows.
Simply start cmd.exe with administrative privileges - on Vista and Win7, open the start menu, type cmd, and hit ctrl+shift+enter. Same goes for recent versions of FARR :) - and the trick can be used for other apps than just cmd.exe . Notice that it won't work for explorer, though, because of the way explorer.exe handles multiple instances and your desktop.
- carpe noctem

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #43 on: December 01, 2009, 06:50 PM »
The su port will work from a non-administrative user group.  As I say, you can set up shortcuts with an included encrypted password to use it from accounts with lower privileges.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #44 on: December 01, 2009, 07:03 PM »
You can do that in Windows too - just right click on the shortcut and click on the Advanced button and you can choose to run it with a different user credentials - so you could run with an Admin account if you want.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #45 on: December 01, 2009, 11:31 PM »
You can do that in Windows too - just right click on the shortcut and click on the Advanced button and you can choose to run it with a different user credentials - so you could run with an Admin account if you want.

Yup. I think the only advantage would be the encrypted password in the shortcut.  I 'spose you could always use a macro to get around typing in a pw but it would kind of defeat the securty.

That and the fact that it likely works on about 1/2 flavors of windows.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #46 on: December 02, 2009, 01:55 AM »
Yup. I think the only advantage would be the encrypted password in the shortcut.  I 'spose you could always use a macro to get around typing in a pw but it would kind of defeat the securty.
Encryption doesn't help a lot when it's automated...
- carpe noctem

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #47 on: December 03, 2009, 01:25 AM »
Yup. I think the only advantage would be the encrypted password in the shortcut.  I 'spose you could always use a macro to get around typing in a pw but it would kind of defeat the securty.
Encryption doesn't help a lot when it's automated...

I think I made that point already.  With the su port you put your password through an encryption tool so that the clear text password isn't in the shortcut. Once you have the shortcut set up it saves you from typing it in every time your run a common house-keeping chore. Just double-click.

« Last Edit: December 03, 2009, 01:27 AM by MilesAhead »

SKA

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 229
    • View Profile
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #48 on: December 03, 2009, 02:08 AM »
Microsoft mucks up Windows 7 licensing
http://windowssecret...m/comp/091203#story1

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows 7 — first impressions
« Reply #49 on: December 03, 2009, 04:11 AM »
MilesAhead: you might not be able to directly read the password in plaintext, but since it's an automated method, what stops you from simply copying the encrypted password and using the sudo tool to launch other stuff?

And since it's automated, it's not going to be very hard to get the plaintext password... memory dump of the sudo process, or knowledge of the encryption method and simply decrypting it yourself.

Of course it's not something that's going to be exploited by malware because it's not a widespread tool, and it's probably only meant for single-user environments. I'd still call it a gaping security hole though :)
- carpe noctem