How-To Geek

Posted for information and comment.

February 3, 2009 (Computerworld) Looking to answer complaints about the proliferation of Windows flavors, Microsoft Corp. said today that it will generally deploy two primary versions of Windows 7, although it will still offer six editions for sale.

The two main editions will be Windows 7 Home Premium for consumers and Windows 7 Professional for business users.

"The first change in Windows 7 was to make sure that editions of Windows 7 are a superset of one another. That is to say, as customers upgrade from one version to the next, they keep all features and functionality from the previous edition," Mike Ybarra, Microsoft general manager for Windows, was quoted as saying today in a Q&A on Microsoft's PressPass public relations Web site.

That decision represents a return to the version structure that Microsoft used for Windows XP.

As for the decision to focus on just two versions, Ybarra said: "We think those two SKUs will meet most customers' needs."

Home Premium will give consumers "a full-function PC experience and a visually rich environment in everything from the way they experience entertainment to the way they connect their devices," he said. Windows 7 Professional "is the recommended choice for small businesses and for people who work at home but have to operate in an IT-managed or business environment where security and productivity are critical. For those running Windows Vista Business, it will be a very logical move to Windows 7 Professional.

The total number of editions depends on how you look at things.
Windows XP had Home, Professional, Media Center, Starter Edition, Tablet PC Edition, Professional and x64 Edition.
By the time Windows Vista came out Windows XP already had 6 editions at the minimum. See http://en.wikipedia.org/wiki/Windows_XP_editions for the full list.
Windows Vista only had 6 total editions which made a lot more sense then Windows XP and all but Starter have 32-bit and 64-bit version.
Starter edition was is like Windows XP Starter Edition which seems to be a bad idea.
Home Basic is for home users that use a computer but not much.
Home Premium is for home users who regularly use the computer but aren't business users, don't have more then 16GB of RAM, etc.
Business is for normal business users
Enterprise is for serious business users who need things like Bitlocker and support 128GB of RAM.
Ultimate is everything for the person who wants everything. Usually geeks.

A couple of the names are confusing like Starter, Basic, Premium and Ultimate but that doesn't mean the idea of 5+ editions isn't a good one.
I don't know why so many people found a problem with it. It was much better then the editions that Windows XP had at the time Windows Vista came out.

Lol, I like that Scott!!

MS has stated that it will handle UAC in Win7 the SAME way it is implemented in Vista with the same warnings, etc., etc.
That is good news. I always thought what Microsoft did with UAC in the Windows 7 beta made the system less secure.

Appears from reading news articles that Win7 will just be a (slight make over) of Vista instead of a major version change as once believed.
This is something that I knew from the start. It is just not possible to do a major version in the time period of development for Windows 7 (Almost two years for Windows 7 when Windows Vista was at least a 5 year project, maybe more).
Microsoft only said Windows 7 was major release to Windows Vista because the Windows Vista brand name has been branded as a failure by many.
If you look at the history of the longhorn alphas, Windows Vista and Windows 7 you will see that Windows 7 is a lot closer to what Microsoft wanted from the start:
Windows Search in Vista: Like WinFS was but didn't quite work right in the Longhorn alpha.

User Account Control (UAC): Upgrading the security of Windows to be more like other modern Operating Systems.
Example of prompts in modern Operating Systems:
GNU/Linux Systems like Ubuntu, UNIX, Apple OS X: Prompts for the root password when Administrative access is needed.
Windows Vista/Windows 7: Prompts for yes/no when Administrative access is needed. Which uses the Secure Desktop feature by default to ensure no other program can bypass the prompt.
After using GNU/Linux systems after the years I can certainly say that Windows Vista handles things in a much better way.

Windows Aero and many other driver changes: Better support for new hardware. The changes in driver frameworks were needed to run todays devices properly.

Device Stage in Windows 7: A working implementation of what can be seen as "Devices and Printers" in a an early version of Longhorn. A very useful feature that is worth upgrading for. See my new topic Device Stage in Windows 7 - Very Nice Feature for more on what it does and discussion about it. (This topic would go even more off-topic then it already is to point of confusing topics because of how complex Device Stage is though it does something great and its easy to use)

Action Center in Windows 7: Something that Microsoft has been wanting for quite a while. Just look at the "Taskbar Icon Hiding", "Balloon Tips", "Windows Security Center", etc in Windows XP and higher and you can see that they are early attempts to stop the amount of programs bugging you about what they are doing.

New Taskbar in Windows 7: Like the action center clearly something Microsoft has wanted for a while. "Taskbar Grouping" was an early attempt at it.

There are many many other things I have observed about Windows and read about over the years that I could go into very high detail about each of the above and even more features I haven't even listed. I just don't have the time.

[ Revising Content ]

The problem with UAC in Win 7 beta is that if it is set below always notify, it can be turned off completely using a simple script. The fix supposedly is to require admin rights to change the setting so you'd know if a malicious website just tried to turn off UAC. It's a good solution and allows users to change UAC as needed. I turn off UAC in Vista when setting up a new machine and I'm installing several programs ect. When I'm done, I turn it on because I hardly ever see it, in day to day use. Considering how many web servers are compromised, running as an admin on the web without UAC seems risky to me I think it is a positive move from Microsoft. I just fixed my brothers pc running XP as an admin and the thing was fairly well hosed. I see XP machines constantly being infected because end users run as admin and don't have a clue, surfing away, opening email attachments. "Oh look I better get this XP antivirus 2009, it says I'm infected!" Those are the kind of people who need UAC.

@raphoenix: Yes, you can always disable the security features of any Operating System.
You can disable UAC in Windows Vista and Windows 7 just as you can run as enable the superuser (root) on Ubuntu and use it all the time.
It's just a horrible idea if you want to protect your system from being infected by sneaky malware.

The best alternative to use if you find the prompts annoying is to disable the prompts and have UAC automatically elevate programs that need it. This is similar to configuring Ubuntu to always elevate to the superuser instead of prompting for a password. It’s much safer than running as the superuser all the time but still not the best thing to do.

The reason the current Windows Vista UAC prompts are more annoying than other Operating Systems like Ubuntu is mostly due to the Operating System's software environment.
Software for the UNIX environment has been programmed to support the concept of a low privilege user for everyday tasks and a superuser for Administrative tasks for at least the last 25 years (probably longer but I don't know the exact amount of years)
Thus most all of UNIX’s software environment contains software that works with the concept of least privilege as it’s needed.

When the Linux kernel was developed in 1991 by Linus Torvalds, it was designed to be UNIX-Like so it had all the great ideas from UNIX like least privilege that were basically free (Free as in Linus Torvalds didn't need to come up with the ideas, just coded them into a new kernel).
I don't know much about pre-Apple OS X versions but I do know that OS X has a very similar history, only I think that OS X actually uses a real UNIX kernel.

Unlike Apple, Richard Stallman (Started the GNU Project, See http://www.gnu.org/philosophy/.....eedom.html for how it relates to Linux) and Linus Torvalds, Microsoft decided they would just build their own Operating System not based on UNIX in any way; so all the features including least privilege have to be re-implemented for usage in Windows where Linux and OS X got their security features for free in a “the implementation is done so only the actual code needs to be written” way which is easier then the coming up with an entirely new implementation.
Microsoft for a long time has had a totally different view on how security should be implemented; they assumed that most computer users would find security systems like UAC annoying and made all user accounts on pre-Vista systems have full Administrator access by default where any running program can do anything including install a rootkit if the program wants to do so.
Microsoft has since found out that users will be even more annoyed by amount of malware that gets onto their systems so they created User Account Control (UAC) to be the best of both worlds, it has the security of a least privilege system but the convenience of a one click prompt to allow Administrative tasks.

The problem with it at the current is that the software developers for the Windows platform were not prepared for this*, many developers still thought writing the configuration for their software to C:\Program Files or C:\Windows was a good idea when Microsoft has been recommending against this in their guidelines for writing Windows XP compatible programs from the start for Windows XP, which left developers with plenty of time to make compliant software but like with the driver problems, the developers just kept on writing programs that worked on Windows XP but it was against the guidelines.

Thus when programs do things like that they were not suppose to be doing in the first place, UAC attempted to gracefully handle it by with things like redirecting writes to the VirtualStore folder but that didn't always work correctly so it will prompt for Administrator access because the program wants what it never should have needed.
Hardly anyone seemed to even try to figure out the perfectly logical reasons behind it before going to their favorite web site and complaining about the prompts.

Also UAC goes even farther than any UNIX-Like Operating System for privilege separation by providing what are called integrity levels. You can check out the article at http://www.securityfocus.com/infocus/1887 for more information on them. The really good thing is the Low Integrity Level, Internet Explorer 7 in Windows Vista will render all Web Pages there so should any security hole be found, it can’t do anything beyond screw up a couple minor things writable by that Integrity level (It pretty much just boils down to the C:\Users\[User Name]\AppData\LocalLow folder only).
For that reason alone, UAC makes Windows Vista and Internet Explorer more resistant to malware. In fact more so then Mozilla Firefox but most people don’t seem to realize this fact.
Or they just don’t care. The Low Integrity Level still has read ability to read all files that the user can read. Thus it doesn’t stop any information theft via methods phishing. That is one of the reasons Internet Explorer 7 includes a phishing filter to warn people of it. Unfortunately, IE7’s phishing filter is not very good. IE8 is supposed to have a much better phishing filter and to my knowledge Windows 7 will include IE8.

Fine Print:
* To be fair to other software developers, Microsoft still doesn’t follow their own guidelines** for Microsoft Office, Windows Live and many other programs unless it’s required for Windows Logo certification like UAC is.
** To be fair to Microsoft developers, they at least always follow what is required*** of a Windows software program.
*** To be fair to other software developers again, there are many that do follow the requirements too but they are usually developing a minor program that isn’t used by many people.

raphoenix said Was concerned that MS would make new Win7 users like me have to "jump through hoops" in order to Disable the UAC feature.
Glad to hear that, it what you meant and I agree.
I certainly would hope Microsoft wouldn't make it too hard to disable but on the other hand shouldn't made it so easy that a novice can get into trouble.
Microsoft did make it a mistake in the User Interface for UAC in Windows Vista.
Windows 7 corrects this by having 4 levels of UAC preferences.
* "Always Notify" - The default for Windows Vista and Windows 7 which the most secure and best for average users.
* "Notify me only when programs try to make changes to my computer" - This is probably the best setting for geeks who do a lot of Administrative tasks but some prompts are still needed for some things for security. This is the default setting in Windows 7 beta at the moment which is probably why it is a bit of a shock to people that the default will change. I would guess Microsoft planned this from the start as the users who test the beta should already be aware of security issues from using a beta in general.
* "Notify me only when programs try to make changes to my computer and disable Secure Desktop" - This setting is like the above one only Secure Desktop is disabled. Because Secure Desktop switches Sessions for security reasons (Programs in the main Session cannot talk to the Session with the UAC prompt and click Continue on their own, defeating the purpose), the computer needs a fairly good CPU and graphics card so there is not a big delay in displaying the prompt.
* "Never Notfiy Me" which disables all the prompts and always elevates when a program asks.

I don't believe any of those actully disable UAC but "Never Notify Me" will function exactly the same for 99% of software and you gain features like Protected Mode in Internet Explorer without the prompts.

Ending Thoughts:
After writing this post, I now see where much of the confusion around Windows Vista came from.
* There was no easy to disable the prompts for people who would rather take their chances with malware.
* The only way to disable Secure Desktop was to change a value buried in the registry so by default even Windows Vista Home Basic required fairly a high CPU and graphics card just to avoid the prompt delay and it would be very easy for people to misunderstand that the delays were due to Secure Desktop, not UAC and assume Windows Vista was a resource hog for no appearent reason.
* Due some minor bugs in Windows Vista, some games ran slower then they should have but it made to difference to any normal person who plays games like me. I played Codemasters DiRT on Windows Vista and I couldn't find any issue.

Then some news sites, blogs, people posting on forums, etc. started reporting those problems, other sites took those problems and over-reacted causing even the sites that rationally reported the problems to say things like "Unknown XYX Blog Poster said 'Windows Vista has problems'", then the blogs and posts said "Big News Site reported that 'Windows Vista has problems'", then the cycle starts all over again.
It is almost certain that no matter how good Windows Vista or even Windows 7 when it comes out is, many people will still find fault and then the cycle of sites with news that doesn't even make since anymore happens like "Windows Vista is a failure".

If they had listened to my feedback, 7 would be released as Vista SP2.

Not too difficult to do, problem is , too many programmers in the dark.