Windows Vista: 99 Performance Tips and Tweaks

therealjustin

therealjustin

Limp Gawd
Joined
May 19, 2008
Messages
471
I'll be getting Vista soon and I have been looking for any sort of guide to give me an idea of what to do. Having used XP since 2003 going to Vista probably won't be that easy at first.

While searching I found this guide featuring 99 Windows Vista tips and tweaks and I found some of them really useful even for the advanced user. I consider myself an advanced user of XP but I'm a beginner when it comes to Vista!:p

http://www.pcstats.com/articleview.cfm?articleid=2238&page=1
 
Any article that lists 'overclock the CPU' and 'overclock the GPU' as operating system "tweaks" gets thrown off my 'credible' list.

Second, a lot of their 'tips' are utter crap. Their list of services to disable is draconian; disabling system restore and hibernation is stupid as well (I find hibernation incredibly useful even on my desktops). Enabling simultaneous downloads in your browser is rather rude and a horrible idea in general. Disabling Aero will be a performance HIT in many situations since it moves more load from GPU to CPU. And on and on. This guide is crap.
 
I tend to agree with the comments above. As someone that wrote not one but two stickies here related to how to live with UAC way back around the time Vista was released, whenever I see a "guide" like this one say something like tip #11: "Turn off User Account Control" that's basically the point where I simply stop reading it. I'm really sorry (not really but I'm saying it) that people don't like UAC - directed towards those that don't like it - but it's the way things are done now. If you - meaning the people that don't like it - don't like it, go back to XP or 2K3 or XP x64 or some other OS. Personal opinions don't mean Jack Shit more often than not, especially ignorant ones...

Let's go over a few of these relatively ridiculous tips:

The first three are relatively very dangerous territory for any user, even "power" or [H]ard users. Rookie mistakes are always possible, and no one around here - and I admit I make 'em all the time regardless of my 3+ decades of computer experience - is immune from them. Messing around with the Registry is just that, very dangerous territory, so I wouldn't ever put such "tips" in a guide like that anyway, especially not at the very beginning. Following this guide from Step 1 on could end up hosing your machine before you even get to #4 actually.

#4 is the best one of all, seriously. :) #5 is tricky stuff, but getting more reliable and less error-prone than years past; #6 is obligatory more often than not, but newer does not always mean better, especially where drivers are concerned. #7 is useful only if you're actually having some random issues you can't troubleshoot and never EVER use a Windows-based memory tester - always use something that works outside of any OS (meaning don't use the one that works off the Vista DVD either because that software is running in a Windows PE environment, a stripped down bare-metal version of Windows. You must test RAM outside of any codebase possible - the memory test on the Vista DVD is running on top of the WinPE codebase and therefore cannot be as trustworthy as something like memtest86 is/can be. And test for at least 2 complete cycles, however long it takes.

#8 is [H]ardcore stuff, best left to serious enthusiasts and some tinkerers, obviously. #9 and #10, same thing. I wouldn't put them in a Vista tweak guide because they tweak the hardware and have nothing to do with Vista, even though the results - if successful - should result in better OS performance. #12 through #15 are ok, nothing bad noted.

#16 is questionable as almost every machine running Vista, especially OEM boxes, already have default settings in the BIOS and the OS for better power savings. Why mess with the setting at all? There's no need as today's machines based on Intel and AMD processors automagically use technology like SpeedStep or whatever AMD calls their CPU-speed altering technology. The processors stay in a lower power consumption state anytime they aren't required to be putting out the full Monty, so to speak. Dynamic speed adjustment is a major benefit when it comes to power savings in this day and age, especially on mobile devices meaning laptops. Setting a laptop to full power regardless of power consumption = that battery dies just that much faster, requiring you to hit the AC outlet to use more power sooner than would be required if you'd just left the machine alone at default settings. The speed adjustments are nearly instantaneous and give you exactly what you need when needed. Think of it this way:

If you had a Ferrari that is capable of 190 MPH, would you prefer to have the engine running at the RPMs necessary to go that fast even if you're just driving 55 MPH? No, you wouldn't. You'd prefer to conserve power and energy (aka gasoline) by leaving the engine running at the required power levels as required. When you need to go faster, you accelerate - aka dynamic speed throttling in CPU terms - wham, you ramp up the power and you go faster. Same principle with CPUs and modern machines. Leave the power settings at defaults. Even if you're using apps that use idle resources (Folding@Home, SETI@Home, that sort of thing) they'll use what CPU power they require as required. Setting the power to FULL or HIGH PERFORMANCE doesn't automagically mean your work units will suddenly double over the default settings. You get the same results, but the processor can throttle down whenever it's able, enhancing battery life in a portable and using less power overall.

I can't imagine why #17 would even be included in a "performance tweaking guide" myself. Third party DVD players are far more capable and offer more features than WMP possibly could when playing DVDs, even more than Media Center itself too. Kinda pointless tip, but useful for some people I suppose - I just wouldn't call it a "performance tip."

#18 isn't necessary IF you install the application using Administrative rights in the first place. Install the software using Administrator privileges and 99.9% of the time you'll never have issues with that software again, making running the application each time you start it up as an Administrator effectively not necessary. I covered that in one of the stickies I wrote, "The best Vista tip I can offer and one that is sorely needed".

#32 obviously is horrendous, even pre-SP1 release. Recommending to general users that they install beta software (a beta service pack!!?!?!?!) is a bad idea, period. I understand this "guide" is at what's considered to be an enthusiast site, but even so, it's a bad suggestion.

#43 is also a bad one. Vista's defragmenter works when it's needed, stays out of the way, runs in low I/O priority (you never notice it, ever) and keeps Vista at under 5% fragmentation almost 99.9% of the time - as long as you don't fuck with it and do something stupid like disable it like this tip is telling you to do. Yes, there is a scheduled time where Vista will run and you can change that time, but there really isn't any need to do that - because of Vista's low I/O prioritization (unlike any other previous version of Windows) means the stuff happens and simply will not interfere with any task you're doing. It will use idles cycles when the hard drive is typically not in use or has any data reads/writes happening to defragment. Third party defraggers are simply unnecessary anymore, really. No one believes it, but it's actually true.

#44 is iffy because there's only one way to MOVE the pagefile and get a performance boost: moving it from a slower drive to a faster one, period. ADDING another pagefile on a secondary physical hard drive is a better solution if you have more than one, but simply moving it from the system drive will not result in automagically better performance that you'd ever even notice unless you're talking about moving it from an older 7200 rpm drive to a brand spankin' new Velociraptor 300GB 10K rpm speed demon drive. Anything else is relatively pointless to do; leave it alone - the defaults really do work best in the long run.

#45 and #46 are iffy as well, enough discussion takes place about this to just say "Leave it alone" once again. #63 seems pointless to me when you can just press Windows+R and get the Run box anytime, anywhere, and never need to click the Start Button ever. People should take some of the keyboard shortcuts in #62 and make them habits, really. They will do more to increase efficiency and productivity than most of the "tips" on this damned list.

#74 is pointless, really. It requires modification of one of the most important system files there is: boot.ini, which is honestly better left alone unless it's absolutely necessary to modify (for 99.9% of users, that means absolutely never). The "speed boost" is like 1-2 seconds max, and if you're more concerned about 1-2 seconds shaved off your boot time, perhaps you might want to take a look at the big picture. You turn your computer off? Why? Standby is far more efficient and uses a mere scrap of power and brings the machine back up to usable state in seconds...

#87 is somewhat useful, but simply using IE7Pro is vastly more efficient and makes such adjustments easier and more efficient. IE7Pro makes IE7 the browser it really should be.

#88 isn't a Vista performance tip: it's a Firefox tip, so again this is a situation where they're throwing in all sorts of stuff that aren't Vista-specific. Fasterfox (an addon for Firefox) is the best way to make Firefox faster on all platforms.

#90 I actually agree with unless you have a specific need for IPv6 support. It's relatively simple to disable on the NIC and is reversible without any negative performance aspects.

#94 is questionable as there have been some benchmarks published since Vista came out about whether disabling Aero on a notebook/laptop actually affects battery life. Since Aero is a totally 3D GUI (everything is a 3D rendered object by the video card/chip's GPU) the concept is simple: if you disable that, the GPU isn't running nearly as often, hence better battery life. But the tests I've seen published at many websites didn't show any appreciable difference in battery life with Aero enabled or disabled. There typically was less than a 2% difference - and that translates to about one additional minute either way on a notebook or laptop. So technically yes, it can make the computer run just a bit longer, but even so, the basic battery and power settings - the defaults - still tend to work best for almost all notebooks/laptops on the market today.

#96 is iffy, it really is. Gaming on laptops isn't a high priority for most people I'd hazard to say, and over the years there have been endless debates about disabling some aspects of the OS or applications to supposedly boost performance only when the games are running. I'd say it's more hype than actual real-world results. Again, I'd say leaving it alone is the best overall long-term solution.

I'll shut up now. I didn't mean to cover that much really, and I could debate a lot more of 'em actually; those are just the ones that jumped right out at me and bit me in the ass. But I got started like a snowball on a long downward slope, just couldn't help myself, Your Honor. :D
 
I don't understand why everyone needs to find a guide to feel good about their OS choice. Why not just install the OS, configure it they way you want, and go one using the computer?
 
Some of those tips and tweaks are common things that apply to XP, some are decent and some are very poor suggestions, especially for n00bs. It's not a bad guide overall though.
 
pxc said:
Some of those tips and tweaks are common things that apply to XP, some are decent and some are very poor suggestions, especially for n00bs. It's not a bad guide overall though.
Click to expand...
You expect noobs to play with ram timings?

This is no Vista tweak, this is a general computer tweak.

And a bad one at that.
 
BlackViper service configs FTW. And any "layman's" guide that recommends overclocking is, well, not exactly a layman's guide...
 
Arainach said:
Any article that lists 'overclock the CPU' and 'overclock the GPU' as operating system "tweaks" gets thrown off my 'credible' list.

Second, a lot of their 'tips' are utter crap. Their list of services to disable is draconian; disabling system restore and hibernation is stupid as well (I find hibernation incredibly useful even on my desktops). Enabling simultaneous downloads in your browser is rather rude and a horrible idea in general. Disabling Aero will be a performance HIT in many situations since it moves more load from GPU to CPU. And on and on. This guide is crap.
Click to expand...

I agree, this guide is crap. All tweak guides are crap. Disabling any default services makes no difference in performance. Tweaks were somewhat handy in the days of Windows 95 and 4 MB of RAM. This stuff is pretty useless today.
 
Sovereign said:
BlackViper service configs FTW.
Click to expand...

I'm skeptical that disabling services has much effect either; if they weren't doing much to start off with, disabling them will have little beneficial effect (and could be setting yourself up for future problems), and if they were busy doing something then you'll be losing the functionality they were enabling. There aren't lots of (any?) services which have a noticeable impact on speed and yet can be disabled without negative effect.

This belief was reinforced by the lack of any significant effect that service tweaks had on XP in this test:
http://forums.anandtech.com/messageview.aspx?catid=34&threadid=1678445&enterthread=y&arctab=y

(I've seen the reply that the tweaks would be more significant on a machine with 64MB RAM or something. Maybe so, but that doesn't mean that they're worth doing on current machines.)

As an aside, while BlackViper's list doesn't recommend turning the ReadyBoost service off in any but the bare-bones configuration, he does mention on the service information page that it can be safely turned off if you don't have a ReadyBoost drive. However, that's not such a good idea, as the service also runs ReadyBoot (not dependent on USB drives) to speed up boot times.
 
It is nice to see that BlackViper's information is still full of crap. I remember back when he was referred to as QuackViper online. Those service "tweaks" have been debunked for quite some time now, so I couldn't see using a guide like that, or following anything he suggests doing.
 
I disabled ReadyBoost and Superfetch the other day on my laptop to see if it had a noticeable effect, as I had been reading articles that recommended disabling them. Didn't take long to turn them back on, everything slowed way down. Turning these things off aren't tweaks. The number of running processes aren't important anymore on current operating systems.
 
OMG, what a horrible list! I've had it with the IT media regarding Vista. Ed Bott on Zdnet has been the only person that has had useful comments that I've seen.

I really hate that Vista has been so misreported. What a wonderful OS if you simply run it on the right hardware, which today is anything out there. What I've found about Vista is just how little I actually have to do. I only have one problem that I can't sort out on my sig rig. The new Windows Search 4.0 from the Start menu and OneNote integration is broken which kind of sucks. I can see the results I just can click on them and open OneNote. That's the biggest issue I've had with Vista in a while.
 
The author must be a complete moron for suggesting that Superfetch be disabled. Even on systems without a lot of RAM(I ran Vista on my laptop with 1GB for several months before I upgraded to 2GB), Superfetch still gives a huge boost in performance.

Joe Average said:
#44 is iffy because there's only one way to MOVE the pagefile and get a performance boost: moving it from a slower drive to a faster one, period. ADDING another pagefile on a secondary physical hard drive is a better solution if you have more than one, but simply moving it from the system drive will not result in automagically better performance that you'd ever even notice unless you're talking about moving it from an older 7200 rpm drive to a brand spankin' new Velociraptor 300GB 10K rpm speed demon drive. Anything else is relatively pointless to do; leave it alone - the defaults really do work best in the long run.
Click to expand...

Actually, moving the pagefile to a different drive can improve performance by a reasonable amount. The reason why is that when the pagefile is on the system drive, when the OS moves something to the pagefile, the HD has to perform a read operation on the sectors being copied from, and then a write operation on the sectors where the pagefile is located. This is often in an entirely different area of the drive, so it has to move to the write location once the buffer is full, then move back to the read location to fill up again, and it ends up performing many consecutive read and write operations.

When you have the page file on a separate drive, even if it's the same speed as the source drive, neither drive has to move back and forth between two sections, so the source drive can perform a continuous read operation and the destination drive can perform a continuous write. This removes a lot of the latency involved in copying to the page file, and although some latency is added because data has to be copied between drives, since drive interfaces are faster than most drives' continuous read and write speeds, it still ends up being faster.
 
Sovereign said:
BlackViper service configs FTW.
Click to expand...

Are you serious?


There was a great post written on here about 3 years ago from someone who benchmarked quackviper's Xp tweaks. He found that it did nothing for performance, but it did free up some RAM. The RAM usage was slightly less, I'm thinking < 50MB. So I guess if you were someone who ran XP with 256MB of RAM it might have helped, but if you're hurting that bad why bother?
 
Yah, after I finished writing that post I realized I left out that part about being able to do simultaneous reads on one drive and writes on another, but my suggestion about adding a secondary pagefile on another physical hard drive also covers that performance aspect to a great degree:

When Windows needs to read something from the system drive, even if it has a pagefile on it, if there's a secondary pagefile on another physical drive, it'll use that pagefile to do the write operation or even another read operation simultaneously, so again it's covered.

I decided to adopt the K.I.S.S. attitude and make it basic: more than one pagefile on one than one physical drive automagically boosts performance, period. I just didn't want to do a diatribe about pagefiles and virtual memory subsystem optimization yet again as there are bazillions of such posts on forums across the Internet. :)
 
I didn't read most of these. There were so many that jumped out at me, it's ridiculous.

It'd be one thing if this were geared to enthusiasts (and even then, my question would be "what the hell kind of enthusiast needs to be told how to tweak their system?"), but all this stuff to general users is ridiculous.

From the stuff I saw (other than the Add RAM- would you could save yourself a hell of alot of work and problems down the road just doing that rather than reading this list), most have marginal to no, or even negative effects on performance.

This guy is a freaking moron.


Some of this stuff goes against each other. This guy seems to want to disable everything he sees, yet suggests adding more shit to your right-click context menu????
 
Joe Average said:
I decided to adopt the K.I.S.S. attitude and make it basic: more than one pagefile on one than one physical drive automagically boosts performance, period. I just didn't want to do a diatribe about pagefiles and virtual memory subsystem optimization yet again as there are bazillions of such posts on forums across the Internet. :)
Click to expand...

Fair enough :). I just felt I should clear it up in case someone happens to be reading this thread and could benefit from the info. I definitely agree that it's a shitty tweak guide though. IMO, no one aside from computer enthusiasts should look at this type of guide altogether because only people who know what they're doing are experienced enough to be able to ignore the suggestions that are obviously not beneficial.
 
TechieSooner said:
This guy seems to want to disable everything he sees
Click to expand...

That's pretty much what most tweaking guides go for, yep - if it's not going to make the system keel over if you remove it, it's unnecessary, turn it off! The possibility that some non-essential things are beneficial or at least harmless isn't often given much consideration.

As someone else commented above, this sort of thing made sense when everyone was desperately hurting for RAM, but nowadays a little RAM used and a few CPU cycles isn't a big deal.
 
Here's my Windows Vista Tweaking Guide, folks...

1) Install it.
2) After the first full reboot to the Desktop, use it.
3) Afterwards, leave it alone.

Can't get much simpler than that. After tweaking machines and OSes for decades now, I've finally realized (actually I realized it about 2.5 years ago, but even so...) that, seriously, the best way to deal with and handle Windows OSes is just install 'em, get 'em functional (that part sometimes does require effort sometimes), and then just leave it alone and use it.

Sure, you can do a minor tweak here and there to get a slight boost in performance depending on what version we're talking about, but honestly it's this simple:

When you fuck with the defaults, the defaults will fuck with you - sooner or later this statement always gets proven 100% true. Windows does work, really, but whenever people get all fussy about tinkering, it always comes back to bite the user in the ass at some point.

Nowadays, I install the OS (XP Pro x64 is my OS of choice nowadays, will be for years to come), I do some minor tweaks to disable AutoRun completely, disable some notifications during startup and shutdown, set the Classic mode on the UI, and... well... that's about it. In the past I would do more tweaks than anyone could possibly care about - if it's in a tweak guide someplace, I was probably doing it myself before the guide was ever written.

But I've discovered haphazardly on my own that Windows just works better if you leave it alone, seriously. A lot of people are actually coming around to that way of thinking nowadays, and I'm happy to see it when it occurs.

Vista is truly the world's first capable self-tuning OS in many respects, and it really does work the way it was designed - as long as people don't fuck with the defaults. When they do, that's when all bets are off and you're rolling the dice. Some people have better luck than others, of course, but overall it's just a bad idea anymore. Sometimes I think Windows has the reputation it has because so many people do tend to fuck with the defaults in a variety of ways.

Cut it out, dammit. :)
 
There were some ok tweaks in that guide but most were useless. The disable AERO when running games by setting disable themes under compatibility for the game exe or shortcut is a good one because that can actually cause issues in games. I had graphics glitches in Oblivion on Vista64 until I used that compatibility setting.
 
I do have a fair share of "tweaks" on my vista box such as disabling indexing services, disabling restore points (if you have your own backup software), I also have defender disabled for various reasons. All said and done, at idle after startup, I might have 39 processes and about 600MB used out of the 2gigs installed.

However, probably the best tweaks I have used are disabling some of the visual enhancements (aero transparency, shadow options,etc). This has made the desktop more responsive and I still have the aero features intact. Though, I do have file/folder thumbnails disabled because it can be demanding on a laptop HDD in a picture folder, but there is definitely a use to it if you don't have your pictures properly organized.
 
Biskquik said:
I do have a fair share of "tweaks" on my vista box such as disabling indexing services, disabling restore points (if you have your own backup software), I also have defender disabled for various reasons. All said and done, at idle after startup, I might have 39 processes and about 600MB used out of the 2gigs installed.

However, probably the best tweaks I have used are disabling some of the visual enhancements (aero transparency, shadow options,etc). This has made the desktop more responsive and I still have the aero features intact. Though, I do have file/folder thumbnails disabled because it can be demanding on a laptop HDD in a picture folder, but there is definitely a use to it if you don't have your pictures properly organized.
Click to expand...

The value of such tweaks depend on what they are worth to you. The things you have disabled are probably the only reasons I have for running Vista, otherwise I would still be on XP. I have 80 processes running, and couldn't care less. Not criticizing your setup, it just wouldn't work for me. I do agree with disabling Defender though. It just sucks. :D
 
UAC sucks, due to its poor implementation. I'm building a new rig, and I forgot how many times one could be asked if they actually want to do the thing they just tried to do. Saying "its how things are done now" is short-sighted, and the same mind set as "if you have nothing to hide, you won't mind your privacy being eroded."
 
Never mind that every other OS has done it for years; Linux and Mac both do it. UAC isn't just the way things are done now, it's clearly superior.
 
Down8 said:
Saying "its how things are done now" is short-sighted, and the same mind set as "if you have nothing to hide, you won't mind your privacy being eroded."
Click to expand...

Windows XP security model sucks, look at OS X and Linux, so much secure....

Windows Vista security model sucks, I like XP so much better...


I'll never effing understand it.
 
///M3 said:
I'll be getting Vista soon and I have been looking for any sort of guide to give me an idea of what to do. Having used XP since 2003 going to Vista probably won't be that easy at first.

While searching I found this guide featuring 99 Windows Vista tips and tweaks and I found some of them really useful even for the advanced user. I consider myself an advanced user of XP but I'm a beginner when it comes to Vista!:p

http://www.pcstats.com/articleview.cfm?articleid=2238&page=1
Click to expand...

These sites are much better and go in depth.

http://www.winsupersite.com/
http://www.hardforum.com/showthread.php?t=1065219
http://www.tweakguides.com/TGTC.html
 
TechieSooner said:
How the hell is UAC invading your privacy???????

You loose every single ounce of credibility when you say shit like that.
Click to expand...

From http://www.m-w.com:

lose
3 entries found.

Main Entry:
lose Listen to the pronunciation of lose
Pronunciation:
\&#712;lüz\
Function:
verb
Etymology:
Middle English, from Old English losian to perish, lose, from los destruction; akin to Old English l&#275;osan to lose; akin to Old Norse losa to loosen, Latin luere to atone for, Greek lyein to loosen, dissolve, destroy
Date:
before 12th century

transitive verb1 a: to bring to destruction —used chiefly in passive construction <the ship was lost on the reef> b: damn <if he shall gain the whole world and lose his own soul — Matthew 16:26(Authorized Version)>2: to miss from one's possession or from a customary or supposed place3: to suffer deprivation of : part with especially in an unforeseen or accidental manner4 a: to suffer loss through the death or removal of or final separation from (a person) b: to fail to keep control of or allegiance of <lose votes> <lost his temper>5 a: to fail to use : let slip by : waste <no time to lose> b (1): to fail to win, gain, or obtain <lose a prize> <lose a contest> (2): to undergo defeat in <lost every battle> c: to fail to catch with the senses or the mind <lost what she said>6: to cause the loss of7: to fail to keep, sustain, or maintain <lost my balance>8 a: to cause to miss one's way or bearings <lost himself in the maze of streets> b: to make (oneself) withdrawn from immediate reality <lost herself in daydreaming>9 a: to wander or go astray from <lost his way> b: to draw away from : outstrip <lost his pursuers>10: to fail to keep in sight or in mind11: to free oneself from : get rid of <dieting to lose weight>12slang : regurgitate, vomit —often used in such phrases as lose one's lunchintransitive verb1: to undergo deprivation of something of value2: to undergo defeat <lose with good grace>3of a timepiece : to run slow
— los·able Listen to the pronunciation of losable \&#712;lü-z&#601;-b&#601;l\ adjective
— los·able·ness noun
— lose ground
: to suffer loss or disadvantage : fail to advance or improve
— lose it
1: to lose touch with reality; also : to go crazy2: to become overwhelmed with strong emotion : lose one's composure <so angry I almost lost it>
— lose one's heart
: to fall in love

Sorry, had to do it. I see so many people these days saying "loose" instead of "lose" it just grates my skin like sandpaper, so I'm callin' y'all out when you pooch it. :D

The example given by the quote from Down8 isn't saying UAC invades your privacy; he was using the statement as a way of demonstrating his point. He's one of those people that thinks UAC is some "hand holding" mechanism built into Windows now, and that some people - those idiots that supposedly think they know everything and never make mistakes (you idiots know who you are so I won't point you out directly) - believe they'll never need "hand holding" and are in absolute total control of every aspect of their OS 24/7.

Yeah, right.

And to those that hate UAC for the "hand holding," here's what:

You (the idiots, that is) come up with a better way to manage user restrictions and account permissions in Windows, contact Microsoft, provide proof-of-concept and examples, and become and instant millionaire when they buy the code from you. Merry fucking Christmas...

Until then, well... UAC is better than the previous situation in Windows regarding restrictions and permissions, and that's better than nothing at all.
 
I don't think it's possible to, on a general level, do any better than UAC; it's the same model as OS X and Linux, but moreover there's the fundamental problem that there's no way for the computer to know whether this program that's trying to change system settings is some useful administration program or a piece of malware. No action is inherently bad, and it's all just code to the OS. Therefore a human has to agree to privileged operations, unless you're going for the all or none approach of XP which everyone complained about.

That said, I have wondered whether a whitelist would be acceptable, based on checksums and/or digital signatures. Modifying the whitelist would itself be an administrative action, so it shouldn't be possible for malware to change the list and make itself run (if it can do that, it has admin rights already - the horse has bolted).
 
Joe Average said:
Sorry, had to do it. I see so many people these days saying "loose" instead of "lose" it just grates my skin like sandpaper, so I'm callin' y'all out when you pooch it. :D
Click to expand...
Oh man, I normally catch those things. Stuff like that drives me nuts too... Can't believe I did that. No use editing it though now that I've been caught ;)


You (the idiots, that is) come up with a better way to manage user restrictions and account permissions in Windows, contact Microsoft, provide proof-of-concept and examples, and become and instant millionaire when they buy the code from you. Merry fucking Christmas...

Until then, well... UAC is better than the previous situation in Windows regarding restrictions and permissions, and that's better than nothing at all.
Click to expand...

Exactly. And what the idiots don't understand is that Windows is finally implementing the same security found on other Operating Systems for some time now.
They bitched because Windows wasn't as secure as ____ (Insert... OS X, Linux, whatever). Windows implements the security _____ uses, and it's still no good.

Just drives me crazy.

Mithent said:
I don't think it's possible to, on a general level, do any better than UAC;
Click to expand...
You can't.
System-wide level changes are protected. Can't get much better than that.
And if ANYONE can come up with a better solution without sacrificing security- I'd love to hear it.

That said, I have wondered whether a whitelist would be acceptable, based on checksums and/or digital signatures. Modifying the whitelist would itself be an administrative action, so it shouldn't be possible for malware to change the list and make itself run (if it can do that, it has admin rights already - the horse has bolted).
Click to expand...
The issue with this... Most people use shortcuts (which reside user-level). Anything in the start menu is a shortcut.
Being user-level, malware could change that shortcut, and being it's on your whitelist... Goodbye system.
 
You and the arrogant asshat calling people idiots won't gain you any friends. If some people hate UAC and want to disable it then that is their choice. If their system gets malware because they did then they can simply wipe the HDD and reinstall. People choose to run the OS how they want and not how you dorks think they should.
 
TechieSooner said:
The issue with this... Most people use shortcuts (which reside user-level). Anything in the start menu is a shortcut.
Being user-level, malware could change that shortcut, and being it's on your whitelist... Goodbye system.
Click to expand...

Any whitelist would have to be of executables, not shortcuts; while users may not get the distinction between a shortcut to the program and the program itself, that shouldn't be an issue provided the way such a whitelist worked was to put the executable currently started by the shortcut on the whitelist. If the shortcut changes to a non-whitelisted executable, you'd get the UAC prompt as normal. The executable would have its checksum/certificate checked to ensure it hadn't been tampered with (although I guess a very clever manipulation could mean the old checksum was kept, which bothered me when I thought about this before - maybe that's a reason not to do it).

With this method, if you upgraded or patched the executable, you'd get the prompt again. Hrm.. does Windows Firewall check anything to make sure that the programs on the allowed list haven't changed? I can't remember.
 
Joe Average said:
Here's my Windows Vista Tweaking Guide, folks...

1) Install it.
2) After the first full reboot to the Desktop, use it.
3) Afterwards, leave it alone.

Can't get much simpler than that. After tweaking machines and OSes for decades now, I've finally realized (actually I realized it about 2.5 years ago, but even so...) that, seriously, the best way to deal with and handle Windows OSes is just install 'em, get 'em functional (that part sometimes does require effort sometimes), and then just leave it alone and use it.

Sure, you can do a minor tweak here and there to get a slight boost in performance depending on what version we're talking about, but honestly it's this simple:

When you fuck with the defaults, the defaults will fuck with you - sooner or later this statement always gets proven 100% true. Windows does work, really, but whenever people get all fussy about tinkering, it always comes back to bite the user in the ass at some point.

Nowadays, I install the OS (XP Pro x64 is my OS of choice nowadays, will be for years to come), I do some minor tweaks to disable AutoRun completely, disable some notifications during startup and shutdown, set the Classic mode on the UI, and... well... that's about it. In the past I would do more tweaks than anyone could possibly care about - if it's in a tweak guide someplace, I was probably doing it myself before the guide was ever written.

But I've discovered haphazardly on my own that Windows just works better if you leave it alone, seriously. A lot of people are actually coming around to that way of thinking nowadays, and I'm happy to see it when it occurs.

Vista is truly the world's first capable self-tuning OS in many respects, and it really does work the way it was designed - as long as people don't fuck with the defaults. When they do, that's when all bets are off and you're rolling the dice. Some people have better luck than others, of course, but overall it's just a bad idea anymore. Sometimes I think Windows has the reputation it has because so many people do tend to fuck with the defaults in a variety of ways.

Cut it out, dammit. :)
Click to expand...
For the love of god, sex.

Also, yes.
 
UAC is good but its not hard to make a system more secure than what it does.

Step 1: Remove the fucking registry from windows.
Step 2: Since all vital areas no longer are confined into 1 giant pool of crap, lock down critical areas which would require UAC privs.
Step 3: All new programs are installed into a user controlled area folder allowing the program to never need UAC access and thus preventing any harmful effects.

Once you do those things any program that wants UAC access, is obviously not something you want to run unless its an admin control area.

Sound familiar?

Oh yea, that's how OSX and Linux do it. Not UAC.
 
The Registry is totally unrelated to UAC. It's used only for system-wide configuration options. Mac and Linux just scatter what Windows puts in the Registry across a few thousand files in a few hundred directories, no difference.
 
The Registry is used for most configuration in Windows, but UAC is correctly applied to it - applications are certainly allowed to modify keys that most applications are likely to need, or nearly every program would require elevation. Changed the default font in Notepad? Oops, that needed elevation, can't do it. The Registry has full access control - on the whole, HKCU doesn't require elevated privileges, but other hives do, I believe?

It's not really 'UAC' at all though - there appears to be confusion that UAC is the entire Windows security model. All this existed long before Vista, UAC is just a way to run most programs as a limited user while easily elevating others. Most of its capabilities have existed for a long time in Windows NT.
 
You guys are totally are missing the point. With having a centralized area of failure like windows does that's the biggest security risk when it comes to programs and why you would want to be a limited user anyways.
 
Mithent said:
The executable would have its checksum/certificate checked to ensure it hadn't been tampered with (although I guess a very clever manipulation could mean the old checksum was kept, which bothered me when I thought about this before - maybe that's a reason not to do it).

Windows Firewall check anything to make sure that the programs on the allowed list haven't changed? I can't remember.
Click to expand...
Good Q on Firewall- I have no idea.

However- I think you are opening yourself up to more chances to break something trying to whitelist things like that. Chances of security going by the wayside go way up.

Vashypooh said:
Step 1: Remove the fucking registry from windows.
Step 2: Since all vital areas no longer are confined into 1 giant pool of crap, lock down critical areas which would require UAC privs.
Step 3: All new programs are installed into a user controlled area folder allowing the program to never need UAC access and thus preventing any harmful effects.
Click to expand...
First: Microsoft is still a business.

Now that we have that understood, why the hell would they throw out compatibility?

Microsoft had issues trying to get device manufacturers, game developers, etc just to make some small changes to not generate UAC prompts and become compatible- a whole freaking change of their apps???? Just isn't happening.

There technically isn't anything wrong with the registry. My main dislikes is it serves as a dumping ground for all apps... You can't just delete the apps' folders and be done away with it- it still exists in registry.

Vashypooh said:
You guys are totally are missing the point. With having a centralized area of failure like windows does that's the biggest security risk when it comes to programs and why you would want to be a limited user anyways.
Click to expand...
Just like saying your root is a single point of failure. But as is exactly in the case of the registry- it is broken down from there.
You can delete a hell of alot of stuff from the registry and it won't affect the system... It's just 99% of your users don't know which stuff they can do that to and which they can't.
 
You must log in or register to reply here.
Back
Top