Windows 7 News Roundup #6

New round of posts related to Windows 7.

Overall, things have been fairly quiet. Either most folks are still deep in their bat-caves working out the Beta version or have become bored with the fact that it seems to just work well, and moved on.

Either way, it looks like a good thing for Microsoft.

• Review: Windows 7 BitLocker and Windows 7 BitLocker to Go – Manageability – 4sysops blog.  Good digestible looks at W7 BitLocker implementation.

• Disk Defragmentation – Background and Engineering the Windows 7 Improvements - Engineering Windows 7 blog – As someone who finds defragmentation fascinating for some reason, this review of how it has been implement in W7 was grand.  The GUI has been updated to be a bit more helpful for users.  From the post:

Among the other changes under the hood in Windows 7 are the following:

• Defragmentation in Windows 7 is more comprehensive – many files that could not be re-located in Windows Vista or earlier versions can now be optimally re-placed. In particular, a lot of work was done to make various NTFS metadata files movable. This ability to relocate NTFS metadata files also benefits volume shrink, since it enables the system to pack all files and file system metadata more closely and free up space “at the end” which can be reclaimed if required.
• If solid-state media is detected, Windows disables defragmentation on that disk. The physical nature of solid-state media is such that defragmentation is not needed and in fact, could decrease overall media lifetime in certain cases.
• By default, defragmentation is disabled on Windows Server 2008 R2 (the Windows 7 server release). Given the variability of server workloads, defragmentation should be enabled and scheduled only by an administrator who understands those workloads.

Best practices for using defragmentation in Windows 7 are simple – you do not need to do anything! Defragmentation is scheduled to automatically run periodically and in the background with minimal impact to foreground activity.

• Windows 7 Runs Faster Thanks to New Service Controller – OSnews post.

One of the reasons Windows 7 runs faster (faster start up, resume, shut down, less churn during user sessions) is due to the re-engineering of how Windows maintains and activates services running in the background. Microsoft's Channel 9 has an interesting video with a Windows kernel developer whose team designed a new trigger-based service controller that enables service developers to mark services as needing to run only when certain conditions are met. This means Windows 7 can more intelligently manage when to make resources avaiable for services that employ this trigger pattern for starting and stopping. Less code that runs at any given time means Windows 7 has more resources available for foreground processes that impact users interacting with the OS. The net effect of this for users is a snappier OS.

• Showcasing Windows 7 Platform with Applets - Engineering Windows 7 blog – Look into how several mini-applications and features have been redesigned and integrated in W7.  To me the interesting stuff was buried at the very end: Restart and Recovery.  Besides giving good feedback and trouble-logging for administrators, I wonder what value it might contain for forensics folks as well.

The Windows Error Reporting (WER) infrastructure is a set of feedback technologies that is built into Windows 7 and other earlier versions of Windows client and server. WER allows applications to register for application failures and capture this data for end-users who agree to report it. This data can be accessed and analyzed and can be used to monitor error trends and download debug information to help developers and ISVs determine the root cause for application failures.

Related to failure recovery, Applications can also register with WER for restart on application of a Windows patch that terminates the application and on application of an update that reboots the computer, as well as failure caused due to an application crash or hang or not responding state. Applications can optionally register for recovery of lost data, can develop their own mechanism for recovery.

Several Windows applications adopt the WER infrastructure to collect and analyze data. Calculator, Paint and Wordpad register for restart and additionally recover the current data in the sessions of the application that were running. Sticky Notes also registers for restart and recovery, and returns the user to the set of notes open on the desktop. Using WER, end-users would allow Windows to capture and collect problem data and then would be returned to the applications in the same state that they were in earlier.

• Our Next Engineering Milestone - Engineering Windows 7 blog. The engineering team is doing some major (and deserved) chest thumping here.  They run down the progress and stability they have achieved in the Beta version of W7. It is pretty remarkable that it is able to use most all drivers and software that is already Vista supported, and more drivers are being developed. They also recognize the contributions of Beta testers both with automatic and manual feedback. Then they move on to the release schedule discussion thusly:

So to summarize briefly:

• Pre-Beta – This release at the PDC introduced the developer community to Windows 7 and represents the platform complete release and disclosure of the features.
• Beta – This release provided a couple of million folks the opportunity to use feature complete Windows 7 while also providing the telemetry and feedback necessary for us to validate the quality, reliability, compatibility, and experience of Windows 7. As we said, we are working with our partners across the ecosystem to make sure that testing and validation and development of Windows 7-based products begins to enter final phases as we move through the Beta.
• Release Candidate (RC) – This release will be Windows 7 as we intend to ship it. We will continue to listen to feedback and telemetry with the focus on addressing only the most critical issues that arise. We will be very clear in communicating any changes that have a visible impact on the product. This release allows the whole ecosystem to reach a known state together and make sure that we are all ready together for the Release to Manufacturing. Once we get to RC, the whole ecosystem is in “dress rehearsal” mode for the next steps.
• Release to Manufacturing (RTM) – This release is the final Windows 7 as we intend to make available to PC makers and for retail and volume license products.
• General Availability (GA) – This is a business milestone and represents when you can buy Windows 7 pre-installed on PCs or as full packaged product.

The obvious question is that we know the Pre-Beta was October 28, 2008, and the Beta was January 7th, so when is the Release Candidate and RTM? The answer is forthcoming.

• Quickpost: Vigenère Is Beta-Only - Didier Stevens. Turns out Microsoft is only using this technique for an additional warning for folks not to mess around without expecting consequences.  Kinda of like saying, stay out, but if you do muck around here, we warned you.  They will be returning to the ROT-13 scheme in final versions of W7.

• Windows 7: Why Microsoft Should Give Windows 7 Away – Gizmodo thinks that Windows users have been burned enough.  Especially after that Vista release mess.  In an effort to show good will to all men (and women), the argument goes that maybe Microsoft should offer it at bargain-basement rates to encourage Vista adopters to move on to a better implementation.  It would be the Right Thing to do. (Don’t hold your breath for this one.)

• Windows 7 to be “thoroughly” tested by antitrust regulators – ComputerWorld – Right. With that whole economic downturn thing giving states the blues, and reduced revenue intake, and the EU leading the windmill tilting efforts against Microsoft, why not see if you can squeeze some more anti-trust blood from Microsoft out of a new OS release?  I mean it’s so hard to find another alterative OS that is consumer oriented now days.  We are just poor victims of Redmond’s continued dominance and bullying. Right?

• Windows 7 Beta: Virtual Roundtable with Mark Russinovich – Ask the Performance Team blog. Mark down your calendars for Feb 12th then Mark Russinovich leads a roundtable discussion on some new highpoints for Windows 7.  Considering all the discussions and Beta testing, it should be a lively and informative presentation. Topics scheduled are so noted:

Learn about the evolution of features such as:

• Group Policy
• BitLocker to Go
• DirectAccess
• BranchCache
• Software Restriction.

In addition to a discussion of the new features there will also be information and tips on Windows 7 Troubleshooting, Application Compatibility and Deployment.

• Windows 7 Tip: How to Burn ISOs in Windows 7 – Lifehacker. Burning stuff in XP is such a pain. I haven’t tried it in Vista as I got used to having so many alternative freeware burning applications I wouldn’t think of using something embedded in the OS.  However, it looks like W7 might be too simple not to use.  Considering how ubiquitous ISO files are now, and the confusion consumers and noobies still show when offered and instructed to burn an ISO to disk, having an easy-to-use solution for everyone makes sense.

The W7 UAC “Firestorm”

Not sure anyone was expecting this melee to break out.

• Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code) – istartedsomething blog

• Malware can turn off UAC in Windows 7; "By design" says Microsoft - Within Windows blog

• Microsoft dismisses Windows 7 UAC security flaw, continues to insist it is “by design” – istartedsomething blog

• TechBlog: Windows 7’s UAC is now insecure “by design”

So what’s the big deal? Well, W7’s UAC got tweaked to allow a finer degree of control. It ranges from “death-row lockdown” to “asleep at the wheel” depending on your comfort level. What Long and Rafael found out is that (under an administrator-level account) a script (or malware or whatever) can run and turn UAC down or off.  Kinda a dangerous thing.  And they called Microsoft out for it.  To which Microsoft said basically, um, yeah, we implemented it that way on purpose.

To their credit, I have to imagine long nights were spend by teams of security, user-operability, and engineering teams screaming and yelling and taking contract hits out on each other.  In the end the user-operability team seemed to have watched The Godfather movies the best and walked away the winners.

Frequent TechBlog commenter Master Guru pointed out the following observation: the ability to modify UAC settings (via script or program) appears to only work while operating under an administrator-level security account.  If you are working under a normal “user-level” account, the “feature” doesn’t work and requires elevation by an administrative level user. Makes sense and is fair enough. Only the default account setup by Windows 7 is an administrative level one.  And many (most) Windows users who set up accounts do so and run under administrative accounts. This is arguably either due to lack of knowledge of the security benefits that come from running under a limited account or because they do know better but just don’t want to fuss with the headaches that some software causes when used under that limited account. Those who don’t probably are restricted by corporate/enterprise policy restrictions by folks who know better or savvy and disciplined users who appreciate the benefits his arrangement provides.

Me? I just want everyone to feel the love.  Microsoft should do more to guide users who set up accounts under W7 to opt for the more limited (but still functional) standard-user account level.  They should also heed Long Zheng’s plea to at least “…force a UAC prompt in Secure Desktop mode whenever UAC is changed, regardless of its current state.”

--Claus Valca