I've been reading a lot about Windows 7 lately, and most of it is disturbing. Yes, it has improved performance, and runs somewhat faster on lower end hardware than Vista. But a lot of people are saying it's just Vista SP3, except you have to pay for the upgrade. They've shortened the beta length and decided the first release candidate is what they'll push out the door regardless of what testing finds (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9127071). What kind of quality assurance is that?? Furthermore, they've apparently been disregarding feedback from the beta users, dismissing any problems as "intentional". (http://www.istartedsomething.c.....w-insists-by-design/) For example, someone found that a malicious program can turn off the annoying "Cancel or Allow" prompt without the user's knowledge. Now I hate that darned prompt more than most, but to not cause such a prompt when disabling the thing? How's that secure?
Here's a humorously written article illustrating the explosion of editions with each incremental version of Windows. http://gadgets.boingboing.net/2008/10/14/microsoft-announces-1.html As usual, I'll be using the "Secure Edition" (See the article) but might consider the last option in the list.
Microsoft has backtracked on this issue. They will now be releasing a patch very soon after the release candidate which puts the "Cancel or Allow" task at a heightened security level (thus preventing ordinary executables from disabling it). http://it.slashdot.org/article.pl?sid=09/02/06/1257258
Here is the best description I've ever read of how UAC security is a failure:
Quoted Text
... to bring up a car analogy, UAC is like asking the user for tire pressure, the mixture rate of gas and air, and the precise timings of ignition in order to drive a car. Then telling drivers they're stupid fucks because most of the cars on the streets stutter around or burn up.
Security education is an utter and total failure and most serious security professionals have long moved away from it. Today we train security awareness, which is a lot simpler and more basic, or on the car anology: We teach people to call the garage when any red lights flash.
And no, UAC isn't a red light. It doesn't indicate that something is wrong, it asks the user if something is wrong, and most of the times while the user clicks on "no, go on" what he really means is "how should I know? shut the f*** up already and let me work.".
UAC stands for User Acceptance Checks, and is precisely what the "Cancel or Allow" prompt in Vista and Windows 7 is. Adobe has also recently added this security constraint to Flash 10, yet completely fails by letting the application define the message for the prompt.