Safety and Security on Windows 7

There are only three reasons for me upgrading to Windows 7:

1. Significant improvement to safety and security
2. Compelling Directx 11 games
3. The usual Windows bundling to a new computer, of course! The European Commissioners really need to work on this one, I have so many copies of Windows on my old computers!

Main focus of this thread is on the first point, is Windows 7 significantly more secure than previous versions. Would like to hear your comments.

 

depends on the previous version. vista is a great step in security from xp, but 7 isn't a big step from vista. more a backstep actually, as the uac topics showed up, the new "less annoying" uac may be a security problem in the future (as it still was in some beta-cases)

 

According to a link posted in the Windows 7 Discussion thread, UAC is still broken, so security seems to be an issue, at the moment.

 

I prefer the 'annoying' but working UAC model of Vista.

Actually, it's not really annoying at all. If it is, one has to reconfigure some software, or file setup. Else it's in my eyes rather perfect. The only annoying thing is, it takes sometimes long to pop up. They should fix that, not the way it works.

 

Yeah, I hear you and agree. However, sooo many people were singing a different tune when Vista was still "new." So many people complained about how annoying it was and there were threads abound of people asking how to disable it and blah blah. Anyway, I sure hope they fix the issue.

 

I heard about the UAC thing, according to Microsoft it's a feature and therefore does not need 'fixing'.

I'm not a fan of the annoying UAC thing in Vista. Surely, Microsoft has enough geniuses to find a way around this without making it a potential exploit.

 

Problem is, no, there is just one one-fits-all solution, that is a full barrier between the system and the user. That's UAC. everything else is a barrier that has open doors. If those doors are not perfect, something will be able to go in that you can't control. And we all know, nothing's perfect.

UAC is the only real way to make your system save. But still, they showed how one can update the system to make UAC less and less needed (but still, it should always be there).

There should be two enhancements for UAC:
1) allow a user to manually raise-to-admin over a period of time. similar ui like the "you should do a reboot after the updates" always nagging that you should go back to ordinary non-admin behaviour. During that time, make the wallpaper red with a warning "you're admin, don't do ", similar how the os warns about an illegal installation with wga.
2) allow applications to get configured to be automatically admin without UAC prompt. but _EVERY_ executable has to get registered manually (with an UAC prompt), _and_ the applications get forced to not have any skinning + a visible (red) window border around it, and an "ADMINISTRATOR MODE: Name" in the titlebar (and make them glowing, as this would look cool in aero.. ).

in short:
1) allow UAC-Timeouts
2) allow UAC-skipping applications

but NEVER allow any UAC to be silent, or hidden.

any uac problem with the file system can be resolved.
any uac problem with other applications can be resolved.

so, it's really not a problem, but a feature, pikachu. any problems based on the feature can be resolved except system changes AND THIS SHOULD STAY TRUE.

one example of an application that solves it's problem by itself: steam.

steam needs write access to the c:\program files\steam folder (as games like to store data in there).

during the setup (which needs an UAC anyways to install), it does change the write access to c:\program files\steam to allow only in this folder, write access as a normal user account.

now steam is not save from changes, but this makes sence, and does not harm the system. only steam itself could get harmed thanks to it.

a typical problem: an ntfs formatted external hdd from xp does not have write access to normal users. everyone from vista writing to the disk gets an UAC prompt. solution: change the xp-formatted hdd rights to allow every user read/write access, and done.

etc..

 

That sounds very intelligent but I got lost somewhere in the technicalities

 

I think your point is that your grandma wouldn't understand what in the world daveperman was talking about.

And my grandma wouldn't either. And she shouldn't have to.

Which is Microsoft's dilemma. They know the right thing to do security wise is to make UAC more prominent. The problem is the vast majority of PC users don't care what UAC is. And they shouldn't have to. Eventually, UAC will be a non issue as developers finally rewrite their programs to play nice with a user account. They will learn not to demand Admin priviledges unless it really is necessary. I've been running a user account for over a year now and the only time I get UAC prompts is through Network connections. Otherwise its pretty much smooth sailing. I have even forgotten that I run a user account.

 

I, too, have been running a User Account for almost a year now and the only time I ever get the UAC prompt is when I run HDTune or try to install something new, which hardly ever happens.

 

Isn't that the issue at large with Windows in general? Making it really really easy to use for the most idiotic of computer users?

 

this is the biggest issue. but it's always, everywhere, the biggest issue.

so, simple term:

uac is the one-fits-all solution for the pc to take care of itself. he doesn't want you to (accidentally, by a virus, because you're angry, what ever) rip his organs out of his body. so he has uac around it's system data. and when ever you try to attack him in any way, he'll ask "are you sure?". he will allow any attack if you say 'yes, i'm sure'.

 

hm.. want to go in detail so i can explain the points where you got lost? i'll do everything you want (except shutting up hrrhrr )

 

By 'most idiotic' you are referring to the vast majority of users. Simplicity is an innovation, it requires more effort to make thing automatic and improve the pleasure of using the operating system (for the majority of people).

We can use the analogy between an automatic and manual car. Those who buy the former are not stupid, they gain more pleasure from the simplicity of just driving around without the hassle of changing gears. If you think about it unless you enjoy changing the gears there is no justification for it.

In conclusion it's a matter of preference not intelligence. I disagree with your statement, Microsoft are walking the right path for most users.

The blood and guts desciption pretty much put things into perspective. As long as the UAC is not disruptive, I am okay with that. For those complaining about it... why don't they simply turn it up to maximum??

 

I will (I won't have Win7 for a long time anyways). I just think it's wrong to not have that as default for the ordinary user.

UAC is normally not disruptive except for one thing: it can block the system for quite some seconds till it pops up, and that should get fixed (it is fixed for me by installing an ssd).

problem is, that when you get lots of UAC prompts, it's YOUR fault. and you have to be able to fix it, but normally you don't know, how. that's a thing that should get optimized (but will fade in the future.. it's mostly legacy things).