Microsoft Corp. today revealed a laundry list of changes it has made to Windows 7 since it issued a public beta more than a month ago.

Developers have slipped three dozen improvements and modifications into the under-construction release candidate (RC) for the new operating system.

These changes have been outlined in a long post to the company’s Engineering Windows 7 blog by senior program manager Chaitanya Sareen.

Microsoft executives have said the release candidate is the next milestone on the road to final code.

However, Sareen did not disclose any new information about a timetable for wrapping up the RC.

The changes Sareen highlighted include:

• 10 affecting the Window 7 desktop

• Four to the operating system’s new touch-sensitive features

• Four to the Control Panel, and

• Eight to Windows Media Player.

Many changes are so minor, they may be difficult to spot.

One tweak, for example, increases the number of times that notification windows — such as those of an incoming instant message — flash to get the user’s attention.

Microsoft upped the number of flashes from three in the beta to seven in the release candidate.

Others modifications should be easy to spot. For instance, developers have squeezed up to 39 per cent more icons on the taskbar before it begins scrolling to show the remainder, according to Sareen.

One change made between Windows 7’s public beta and the upcoming release candidate has to with the UAC feature.

“If you’ve been following this blog, you already know about a recent design change we’ve made that will prompt for any modification made to the [User Account Control] Control Panel,” said Sareen.

The program manager was referring to the brouhaha earlier this month over a design decision that could let attackers disable the UAC security feature.

Within a week, Microsoft caved to the increasing pressure and said it would change UAC’s behaviour in the RC.

A couple of these UAC behaviour changes were revealed by John DeVaan and Steven Sinofsky, the two Microsoft executives responsible for Windows’ development, in a post to the Engineering Windows 7 blog on February 5.

“First, the UAC control panel will run in a high integrity process, which requires elevation,” said DeVaan and Sinofsky. “Second, changing the level of the UAC will also prompt for confirmation.”

The changes, they said, were prompted by user feedback, including comments appended to an earlier post by DeVaan in which he defended the modifications Microsoft made to UAC in Windows 7.

“Our dialog is at that point where many do not feel listened to and also many feel various viewpoints are not well-informed,” DeVaan and Sinofsky said. “That’s not the dialog we set out to have and we’re going to do our best to improve.”

36 ways to say I’m listening?

Several prominent Windows bloggers saw the list as Microsoft’s response to a groundswell of comments from testers — including those in a small, invitation-only group — that Microsoft was ignoring the feedback they’d provided about Windows 7.

Paul Thurrott, who writes SuperSite for Windows, for instance, took Microsoft to task over the issue.

On Wednesday, Thurrott argued the company never had any intention of making major changes based on user feedback.

“The real problem here is that the feature set of Windows 7 was frozen well before the Beta release,” he said.

Yesterday, Thurrott acknowledged the list of 36 changes, but dismissed them as a “laundry list of tiny changes, much like the ‘300+ New Features’ lists that Apple makes every time it ships a new version of Mac OS X.”

Thurrott singled out for special criticism the move to boost the number of notification window flashes.

“As any Windows Live Messenger user will tell you, what we really need is a way to turn off the flashing ‘needy’ notification, not make it more prominent,” he said. “They’re making it more annoying. Nice!”

Several of Thurrott’s readers, however, said he was being too hard on Microsoft. “This goes to illustrate the classic problem that Microsoft faces when they make a [user interface] change,” said a user identified as Raskin in a comment to Thurrott’s Thursday post.

“They can’t please everyone.”

Microsoft launched the Windows 7 public beta on Jan. 10, but has since discontinued downloads.

It has not said when it will wrap up the release candidate, but Steven Sinofsky, senior vice president in charge of the Windows engineering group, has repeatedly hinted that the RC build will also be offered to the public for a test drive.

UAC controversy

The UAC feature, which debuted in 2007 as part of Windows Vista but was altered to reduce the number of prompts in Windows 7, has been under fire since two Windows bloggers, Rafael Rivera and Long Zheng, first reported that it could easily be disabled by attackers.

They followed up with more information about how hackers could piggyback on UAC-approved applications to fool Windows 7 into giving a malicious payload full administrative rights.

“This is definitely the result we’ve been looking for,” Long said in an e-mail. “[But] I’m a little bit shocked at just how quickly Microsoft has turned around, considering they made a post not 12 hours earlier stating that they would not change their position.”

Rivera, Long and others urged Microsoft to reconsider the default setting of UAC in Windows 7.

That default, which DeVaan said Microsoft had selected because people running Windows balked at dealing with more than two security prompts per day, was to “Notify me only when programs try to make changes to my computer.”

Microsoft, however, won’t be taking that tack. Instead, they said the RC would prompt the user before allowing any changes to UAC settings.

“The way we’re going to think about this [is] that the UAC setting is something like a password, and to change your password you need to enter your old password,” DeVaan and Sinofsky said.

Microsoft has not yet spelled out a Windows 7 RC timetable, but Sinofsky reiterated that the development process was moving straight from the public beta, which was launched Jan. 10, to the release candidate.

In the past, the company has delivered multiple betas before moving to the RC milestone.

The other change to be implemented in Windows 7 RC will effectively render moot the proof-of-concept attack that Rivera and Long published, which silently disables UAC.

“That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working,” DeVaan and Sinofsky said.

They didn’t issue an apology for the dust-up, but said Microsoft had erred when deciding how to implement UAC in Windows 7. “We said we thought we were bound to make a mistake in the process of designing and blogging about Windows 7.”

“We want to continue the dialog and hopefully everyone recognizes that engineering, perhaps especially engineering Windows 7, is sometimes going to be a lively discussion with a broad spectrum of viewpoints,” they said.

One security professional praised Microsoft’s move. “This goes back to what beta programs are supposed to provide: feedback from a real audience,” said Andrew Storms, director of security operations at nCircle Network Security Inc.

“This was an obvious design flaw, and for them to say they simply weren’t going to fix it, that was the real problem,” Storms said. “I think they realized that they needed to do something, more over the concern about their reaction than to the vulnerability itself.”

Source: Computerworld.com

Share on LinkedIn Share with Google+