Windows 7: The almost-there operating system

One thing that struck me soon after I upgraded my main computer from Windows XP to Windows 7 is how many things it gets almost right. The OS is full of well-engineered features that seem awesome, yet – upon closer inspection – turn out to have some hidden flaw that renders them useless or at least very frustrating.

Math Input Panel

I’ll start with the Math Input Panel. This is a feature so awesome that you want to show it to your friends. You scribble a mathematical expression with your mouse, touch screen or graphics tablet, and it is magically converted into proper typographical form.

Screenshot of the Math Input Panel

But then you want to insert your formula into a document. You open the built-in (and greatly improved) Write editor of Windows 7. You click “Insert”. Nothing happens. You open Paint (also improved in Windows 7) and try again. Nothing. OpenOffice Writer? Nothing. Word 2003? Nada. Does this thing even work?

Then you read the small print. The Math Input Panel only works with applications that support MathML. As of this writing, the only popular application with MathML support would be Word 2007. There are no other output options. The Math Input Panel cannot generate code in LaTeX, which is the de facto standard in the mathematical community and has been adopted by projects such as Wikipedia, WordPress and jsMath. It cannot generate OLE objects for older versions of Word. It does not even let you paste the damn equation as an image. How can something so ingenious be so useless?

Windows Firewall

On its face, the Windows Firewall has everything you need to say goodbye to third-party firewalls like Comodo. It’s lean, well-integrated with the OS, and the new “Windows Firewall with Advanced Security” console lets you specify detailed rules for inbound and outbound connections to/from specific programs and ports:

Screenshot of the Windows Firewall control panel

Perfect, isn’t it? Unfortunately, it has two fatal shortcomings:

  • Any application can add its own exceptions to it by means of a simple API call. Why? The official rationale is that it is not the firewall’s job to block malicious applications from accessing the network – once you have executed malicious code on your computer, it can pretty much do whatever it wants, including sending data via a trusted process in a way that is invisible to the firewall. There is some truth to this, but a less permissive firewall would still make things that much harder for wrongdoers. More importantly, however, this reasoning misses the use case where you want to prevent legitimate applications from “phoning home”. If I block Adobe Photoshop from using my Internet connection, it probably won’t go so far as to hijack another process, but it will make use of an official Windows API to add an outbound rule for itself.
  • There is no way to get pop-up notifications about outbound connections. In a typical software firewall, when a new application attempts to establish an outbound connection, you get a pop-up window which enables you to allow or block the connection, and add a permanent rule for this application. The Windows Firewall does not have this functionality. The only thing you can enable is a notification about blocked incoming connections, which gives you a chance to unblock an application. What about outbound connections? The best you can do is block all unknown applications, but then you will never know that an application wanted to access the Net. It will just silently fail.

Sticky Notes

Screenshot showing two sticky notes on the desktopThe Sticky Notes feature looks really useful at first. For someone who stares at his screen for most of the day, the Windows desktop seems to be a logical place for “notes to self”. The UI is pretty straightforward and has some nice touches, such as the fact that every note has a little plus button that lets you quickly add another note.

Unfortunately, for some unknown reason Sticky Notes is not a gadget, like the weather thingy you can see on the screenshot above. It’s a separate application. One that cannot be minimized to the system tray. And I don’t know about you, but I don’t like tiny utilities like this taking up space on my taskbar. I need the space so I can comfortably switch between my productivity applications.

Windows Backup

The final “almost perfect” Windows 7 feature I’m going to talk about is Windows Backup. Now this is a seriously exciting utility that promises to replace third-party backup applications like Acronis True Image. On the face of it, it has everything you need. Scheduled and on-demand backups? Check. System drive snapshots? Check. Backups of selected folders? Check. Incremental backups? Check. Restore from bootable CD/DVD? Check. Time needed to back up 500 GB of data to an external USB hard drive? 35 hours. That’s right. Thirty-five freaking hours. (If you suspect there is something wrong with my setup, read these other reports.) Try it once and you’ll never try it again.

It’s as if Microsoft developed a perfectly good backup application and then decided to cripple it on purpose, just to let ISVs make a buck. I don’t want to give my money to Acronis again, especially after reading their official response to a compression bug in TrueImage Home 11 (“just turn off compression”), but it seems I’m going to have to.


18 thoughts on “Windows 7: The almost-there operating system

  1. What gets me about microsoft is they fool most of the world into thinking that they are protected using microsofts firewall and fill the outbound rules and forget to mention that by default the outbound rules are turned off.

    As a sys-admin what gets to me is that to use network discovery microsift adds about 20 firewall rules and even if you delete them all and add a silly rule like allow all on any protocol to any remote machine then network discovery still won’t work.

    You are not allowed to roll your own firewall rules even if you are an expert and you cannot edit microsoft huge bank of rules so its no wonder that my computer feels like it has become a remote terminal for microsoft.

    Sys admins and developers are being locked out of windows by microsoft and I for one may return back to windows XP that works with 4gb of ram instead of 1000 X more at 4gb that we have today.

  2. And doesn’t the firewall exception adding require a UAC prompt? So it’s not like an app is silently adding itself to the firewall. And Vista had the Sticky Notes as a gadget. You can copy that to your Windows 7 installation. Works. As for backup, it SUCKS I know. It’s slow as hell.

  3. Btw if you use a freeware called Windows 7 Firewall Control from Sphinx Software, it lets you have outbound notifications for the firewall. All outbound connections are blocked by default unless specifically allowed. I guess Microsoft didn’t want the firewall to be too intrusive/annoying for the user which is why it doesn’t have outbound notification. But it should have had I agree at least as an option for those who want to have control over which software “phones home”.

  4. Every OS so far has been the “almost-there” version.

    Regrettably, EVERYTHING that Microsoft releases is always half-ready junk. Nothing is ever fixed or updated until it is correct. I don’ believe the company will ever make a solid and reliable product.

  5. tszynalski:

    Thank you for posting this informative article about Windows 7.

    I value all of your articles, and look forward to reading your new ones.
    I have been thoroughly impressed – not only with the information within the articles, but also with your superb writing style, and eloquent use of grammar.
    Your ideas, reviews, and opinions are very much appreciated.

    I am certain that there would be some writing awards and very well paying jobs for you here in the USA.

    Please continue to provide us with more of the same.

    p.s. I am still using XP, and plan on continuing to do so.

    It is articles like yours that are truly the most helpful in the process of researching any or all of the topics you have posted on.

    Thank you sincerely.

  6. I do full backups by booting Linux and executing a dd from my system drive to a USB(2.0)-attached drive formatted ext2.

    My 320GB drive is imaged in about 4000 seconds, so I don’t see how it could take longer than about 2 hours for a 500GB drive. Of course compression will slow that down, but don’t argue USB speed is the culprit.

  7. Applications can also call the Math Input Panel directly; Mathematica, for example, already does this and supports expressions being inserted.

  8. @Björn

    One benchmark for deciding whether 35 hours for 500GB is unrealistic, is how fast you can copy that same 500GB with, say, xcopy. Since Backup is compressing the data, there should be less data across the USB connection to the drive, so that argues for the backup taking less time than xcopy. If Backup takes longer, that’s just not right. (Of course, that’s making sure neither Backup nor xcopy is doing a separate validation step that the other is not.)

    USB is very likely slower than internal SATA drives. You can’t expect a backup of 500GB to a USB drive to be the same as a backup of 500GB to an internal drive, or even across a LAN to a storage device, much less to a tape drive — some might be slower, some faster. But I’d expect it should be possible to say more about Backup’s relative performance than “500GB is simply a lot”.

  9. I don’t know – the math thing, obviously they wouldn’t support LaTex (too bad), but the lack of MathML support could be because of them recently being sued over XML in Office? Perhaps they had to take it out on short notice – in that case, there is hope for some replacement?

    Firewall: there are applications that try several ways to connect to the network at once. They even try the official way so that the user can feel safe when he has blocked it in the Firewall. (RealPlayer, for example). Since blocking outbound connections simply doesn’t work, I think MS did the right think by not pretending it does. After all, fake security is one of the main points of criticism that had been pointed at MS in the past. Silent blocking – OK, could be better.

    Backup: you have to keep TimeMachine running over night for the first full backup, even on my 160GB hard disk. 500GB simply is a lot – that is why most of the time you will make incremental backups rather than full backups.

    • Firewall: I’m not sure this sort of argument is valid. We all know locks don’t work. You can pick them, you can pry the door open, etc. Therefore it seems better to have no lock at all, because by using one you are lulled into a false sense of security. Yet we all know locks are effective against a certain class of threats.

      An outbound-blocking firewall would be valuable even if it were not 100% secure. In general, legitimate applications don’t try to be sneaky. (The example you gave, RealPlayer, is hardly a reputable application.)

      Take a look at user account control. It is well known that any app can elevate itself to run as an administrator. Yet Microsoft will neither fix the security hole nor disable UAC. Why? Because the purpose of UAC is not to protect the user, but to teach software vendors that if they run their software with admin privileges, the user will get the annoying UAC dialog box (unless the software is sneaky). A firewall with outgoing connection alerts could have a similar effect.

      Backup: It is not normal for a 500GB backup to take 35 hours. Acronis TrueImage does it in less than 7 hours.

      • Personal firewalls are not like locks. They are more like a sign you put up that says “please don’t open the door”. If you make a case about reputable software: how is the user supposed to know? Even Yahoo and Google are in the business of pushing spyware with their toolbars. Is Adobe reputable? What about Flash cookies, they seem rather sneaky to me? And if a software is reputable, why do you even want to block it? Overall it is probably a tradeoff as the pf can also be confusing to noobs, and I see little to be gained from personal firewalls. An extreme case I have seen recently: the firewall blocking the updates of the virus scanner. In that sense, it might have been best to just remove blocking of outgoing things completely.

        Not sure I get the UAC point, either – wouldn’t the average software vendor come to the conclusion that he should always be sneaky? Is that a desirable outcome?

        Backup: no idea, but I am pretty sure that TimeMachine takes more than 7 hours for my 160GB.

        • TimeMachine does take a while, but my nearly-full 160gb with over 2,000,000 files took ~4-5, if I remember right. And with 2 million files, I’ve had other backup tools totally choke or miss things, and its incremental backup for me is miles faster than others I’ve tried.

          Not that I’ve tried many, mind you. I wouldn’t even be remotely surprised that something out there does a significantly better job.

          (and yes, I do actually have over 2 mil files. Loads of source code.)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s