'Windows 8.1'

[Pete]

My new laptop came with 8 and I tried for two days to battle with it, eventually giving up and putting 7 onto it (which also took ages due to the complexities of disabling secure boot and then trying to install on the new style of HDD partitioning used by UEFI which is supported by 7 but you wouldn't know it given the utterly unhelpful error messages in the 7 installer)

But no it's a car crash, metro just gets in your way and keeps throwing up utterly baffling and mismatching error messages. In addition things like MSN (god rest its soul) was impossible to use whilst the useless metro messaging app decided to listen in and give you notifications about the message you'd just read just arranging. And heaven forbid you tried to close the bastard as that was also a nightmare.

[woah]

I've come to the conclusion that Windows 8 is nice on a tablet, but it just does not work well in it's normal state as a desktop OS. I use it on my laptop but use Start8, which is a very faithful replica of the old Windows 7 start menu - so I've got the best of both worlds. A more modern, quicker OS with the faithful Start menu.

On another similar note, I've been playing with a Surface Pro tablet for the last few weeks as we've been setting up a couple of at work for demonstrating our software. They feel very solid and high quality, but they are quite heavy and the kickstand on the rear could be better so that it adjusts to different angles. Windows 8 itself though works very nicely on the tablet.

We tried installing Windows 7 on them initially because our software is tried and tested on 7 (and is touch capable without Windows being involved), but Microsoft have been very crafty to stop anyone downgrading to the older OS - I am sure they must have expected some companies would attempt it. They seem to have left out legacy BIOS mode so it will not boot older 32-bit OS discs. It will not boot the 64-bit Windows 7 installer from DVD/USB or when a Windows 7 WIM image is applied, it will crash on the boot splash screen, which according to Microsoft is again because there is no legacy BIOS support.

One word of warning - don't get the touch keyboard. It's a terrible thing to type on and it costs £129. Get the one with proper physical buttons or better yet, spend £129 on something better.

[cwathen]

I have the misfortune of having to use a Windows 8 laptop at work. Truly awful user experience. I normally find it quite easy to use new operating systems but Windows 8 makes the most simple tasks unnecessarily and bizarrely complex. Even shutting it down is particularly difficult. As far as I can see the fastest way of doing this is going into the dreadful start menu, navigating all the way to the right and then swiping quickly up and down on the touch pad before it decides that you have put enough work into this task thereby earning you the honour of seeing that side bit that appears when it wants to. Only then can you choose to shut down the machine but IIRC even that is hidden under the settings button.

This is my issue with Windows 8. I cannot understand how making the user interface essentially undiscoverable, requiring knowledge of gestures, where in the screen to point, or keyboard shortcuts to use it can be viewed as progress.

That was how PC's worked in the DOS-days, with an operating system which was relatively capable (on it's intended hardware) and applications which were pretty powerful and feature-rich too, but the learning curve required to fully utilise everything you could do with MS-DOS and common DOS applications of the day made serious PC use an arena for the experts and the specially trained. Inexperienced users could only ever dabble with simple features and rarely understood how to make the operating system work for them.

I wouldn't say people have ever become savvy enoug to return to this way of working - I still get people reacting with amazement when they see me using Alt-Tab to switch between applications or who don't know about Alt-F4 (and lets not even get started on Ctrl-F4). Knowledge of pinch-to-zoom on mobile devices might be high but I seldom see people who know any other gestures. I would say the average punter relies on being able to see things to click on/tap in order to use a computer effectively.

What I do find particularly disturbing with Windows 8 is the 'secureboot' technology which seems to exist solely for the purpose of trying to block people from running anything other than Windows 8 on their hardware, be that a different OS entirely or even an earlier version of Windows.

Granted, on a conventional desktop/laptop this can be easily disabled in the BIOS, but how long before BIOS vendors do not permit disabling it?

In a couple of years will we get SecureBoot 2.0 which won't allow anything other than Windows 9 to be installed? Or will it work in reverse too and newer versions of Windows won't install without a compatible secureboot mode set in the BIOS, regardless of whether or not the hardware is otherwise capable?

I can't believe that Microsoft got hauled over the coals for doing nothing other than bundling a web browser and media player with their operating system but have gotten away with what appears to be a blatant attempt to cut out any OS which they don't approve of - including their own.

I've always said that Microsoft's biggest competition is older versions of their own software. That things like Windows XP and Office 2003 are still staples of IT despite being ancient and replaced many times over is testament to that. The conspiracy theorist in me believes that Secureboot is Microsoft's attempt to make sure they can forcibly kill off anything they don't want any more.

[dosxuk]

What I do find particularly disturbing with Windows 8 is the 'secureboot' technology which seems to exist solely for the purpose of trying to block people from running anything other than Windows 8 on their hardware, be that a different OS entirely or even an earlier version of Windows.

More nonsense.

The primary purpose of the secure boot technology is to prevent unauthorised software modifying the contents of memory / core OS files before the OS has booted and is able to secure itself. Because Windows has become much more resilient to attack in the last few years, malware authors are targeting unprotected areas, including the pre-Windows boot environment.

Granted, on a conventional desktop/laptop this can be easily disabled in the BIOS, but how long before BIOS vendors do not permit disabling it?

It's a condition of the Windows licencing that OEMs agree to that the secureboot system can be turned off by end users.

Your conspiracy theory may have legs, if it wasn't for that required OFF switch, and the fact that anyone can get their OS authorised to boot under the system. The main reason it's causing issues is politics in the Linux world - because a primary condition of getting your OS signed is that you can't share the private key, and not sharing stuff goes against the principles of open source, you've got a head on collision of ideas.

If Microsoft really wanted to restrict what OS's you could put on a machine, there are much simpler ways which don't need this level of subterfuge - require a specific new processor instruction, require a Microsoft "Securecode" chip on the motherboard or only distribute the OS on ROM chips which need upgrading physically.

It's all the same argument as people demanding the W3C actively prevent the inclusion of DRM technologies in HTML5. If HTML5 doesn't get DRM, we're not going to get rid of Flash / Windows Media / Quicktime plugins which will happily play the DRM files, it's not going to make the media owners suddenly decide to unprotect their content.

[cwathen]

More nonsense.

The primary purpose of the secure boot technology is to prevent unauthorised software modifying the contents of memory / core OS files before the OS has booted and is able to secure itself. Because Windows has become much more resilient to attack in the last few years, malware authors are targeting unprotected areas, including the pre-Windows boot environment.

Firstly, the security concern itself. The reality is that if you are running at least XP SP2 with the firewall turned on you are unlikely to encounter any malware, even with no anti virus and no further updates applied. That's not to say that there aren't 9 years worth of new security exploits out there, just that in practice you aren't likely to encounter them. I'm running Windows 7 SP1 fully patched with a virus scanner. It is beyond unlikely that anything will happen to my system - even though I don't have secureboot. Whilst the security risk which secureboot exists I am unconvinced that it is a big enough threat to justify a perceived need to roll it out on as large a scale as is happening. You also have to wonder why no OS vendor apart from Microsoft seems to care about it.

And if the primary reason for it is to protect end users, why doesn't Microsoft retro-fit secureboot support to WIndows 7? After all it is still in mainstream support and so is entitled to feature updates and it is the most used version of windows out there.

With regard to secureboot itself, it already seems a bit flawed in that some Linux distributions are now looking at working in a secureboot-enabled configuration by using a Microsoft-certified bootloader which exists solely to load a further (non secureboot) bootloader to load the OS itself. In which case secureboot is useless at protecting these operating systems. And of course (in theory at least) anyone who is willing to pay $99 to Microsoft can get a secureboot-compliant binary compatible with Microsoft's key and which will run on any system with secureboot enabled. It doesn't seem beyond the realms of possibility that fully signed-off binaries with malicious intent may end up circulating.

It's a condition of the Windows licencing that OEMs agree to that the secureboot system can be turned off by end users.

It's a condition of the Windows 8 hardware logo requirements that OEMs allow secureboot to be disabled. Windows RT licencing on the other hands already mandates that secureboot cannot be disabled on devices it ships with. And from the opposite end, RT will not boot on a non-secureboot device. Regardless of what secureboot was invented for, it is already being used to lock down a device and prevent (or at least limit) the operating system from being changed, or that operating system from being run on other hardware which it is technically capable of running on. Do you honestly believe this concept won't spread?

If Microsoft really wanted to restrict what OS's you could put on a machine, there are much simpler ways which don't need this level of subterfuge - require a specific new processor instruction, require a Microsoft "Securecode" chip on the motherboard or only distribute the OS on ROM chips which need upgrading physically.

There may be other ways of locking the OS down, but these would all generate widespread condemnation. Doing it by utilising a security feature designed to protect end users is a much easier proposition to sell.

[dosxuk]

Firstly, the security concern itself. The reality is that if you are running at least XP SP2 with the firewall turned on you are unlikely to encounter any malware, even with no anti virus and no further updates applied.

While this is true for drive by downloads and things trying to get in from the outside, it doesn't stop any of the social engineering vectors which is the primary method used by malware these days to get themselves installed on a system. The idea of getting your malware into the pre-boot environment is not as a installation location, but as a way of avoiding detection and removal. If you're the software booted up by the PC, then you can happily patch the Windows kernal as it's loaded and put in your own hooks to make Windows believe that it's running as it expects while you silently remove any evidence of your existence.

That's not to say that there aren't 9 years worth of new security exploits out there, just that in practice you aren't likely to encounter them. I'm running Windows 7 SP1 fully patched with a virus scanner. It is beyond unlikely that anything will happen to my system - even though I don't have secureboot.

Unlike the majority of users, you sound like you have a clue. If a box pops up going "Important secutity update! Instal NOW!" are you going to click "Yes"? Lots of people will.

Whilst the security risk which secureboot exists I am unconvinced that it is a big enough threat to justify a perceived need to roll it out on as large a scale as is happening. You also have to wonder why no OS vendor apart from Microsoft seems to care about it.

Because no OS is targetted as widely by malware authors (although Android is getting there rapidly). Plus there's the after effects of a virus getting on to a system - with windows it's always Microsoft's fault, with Mac it's always the users fault, regardless of the merits of either claim.

And if the primary reason for it is to protect end users, why doesn't Microsoft retro-fit secureboot support to WIndows 7? After all it is still in mainstream support and so is entitled to feature updates and it is the most used version of windows out there.

Secureboot isn't just a feature that can be turned on or off like Notepad. It requires certified hardware, with the secureboot keys loaded into ROM (which weren't available at W7 release). It requires significant changes to the kernal. So to add it to a W7 machine, you'd need a clean install and probably new hardware. And unsurprisingly, Microsoft is quite interested in reasons which get people to upgrade.

With regard to secureboot itself, it already seems a bit flawed in that some Linux distributions are now looking at working in a secureboot-enabled configuration by using a Microsoft-certified bootloader which exists solely to load a further (non secureboot) bootloader to load the OS itself. In which case secureboot is useless at protecting these operating systems.

Are those OS's being targetted by malware to the same extent as Windows? Who's installing those OS's?

And of course (in theory at least) anyone who is willing to pay $99 to Microsoft can get a secureboot-compliant binary compatible with Microsoft's key and which will run on any system with secureboot enabled. It doesn't seem beyond the realms of possibility that fully signed-off binaries with malicious intent may end up circulating.

This is the danger with the whole system that some malware does get signed (or worse, the signing key gets leaked, as AFAIR the keys in the BIOS can't be altered (to prevent malware from adding themselves as validly signed) so a leak would invalidate the protection on every UEFI machine).

It's a condition of the Windows 8 hardware logo requirements that OEMs allow secureboot to be disabled. Windows RT licencing on the other hands already mandates that secureboot cannot be disabled on devices it ships with. And from the opposite end, RT will not boot on a non-secureboot device. Regardless of what secureboot was invented for, it is already being used to lock down a device and prevent (or at least limit) the operating system from being changed, or that operating system from being run on other hardware which it is technically capable of running on. Do you honestly believe this concept won't spread?

A primary reason for Windows RT's licencing requirements is hardware compatibility. Unlike the x86 / x64 world, ARM processors have no standard instruction support, no standard memory bus sizes, no standard peripherals and no standard interfaces. Each implementation, even of the same reference design can vary widely. Certifying a wide range of user-supplied hardware to work with the OS would be basically impossible.

Of course, there is the "why does it need to be certified" argument, but then if someone does manage to get RT running on some random tablet but it keeps crashing, all whoever installed it will do is complain to/at Microsoft that RT is shit.

[cdd]

It's a bit ironic that Microsoft gets criticised for their platform being vulnerable, and then when they take the obvious steps to prevent malware from getting "underneath" Windows, they also get criticised.

I have to say I used to believe that I was invulnerable to viruses. But nobody is. At best, you're "invulnerable" to obvious drive by downloads, email attachments and so on. You're not invulnerable to the times you actively choose to take a risk and install something. You're not invulnerable to REALLY slick drive by downloads that do a beautiful job mimicking the Windows GUI and catch you at a tired moment. You're not invulnerable to the actions of Random Moron X who uses your computer to "check my email". And you're certainly not invulnerable to a trusted web site getting compromised and giving you a dodgy file.

That's why digital signing is so important, even though it has no "theoretical" value. 10-20 years ago, people used computers for word processing and gaming. Who cares if you get infected in that context? Viruses were written by sociopaths and the worst they could do was take up an hour of your time. Today, people use computers for online banking, and viruses written without the goal of financial gain are practically unheard of. If your bank account is compromised through your own negligence (like, say, turning off security features...) you're probably going to be liable. And (again, talking in the theoretical) once a sufficiently advanced virus has got "underneath" Windows, there is quite literally no way to detect it from within. You could be infected RIGHT NOW and not know it. Most viruses stay nice and quiet these days.

Do you really want to be operating in that kind of environment? And even if you do, you can't blame Microsoft for trying to deal with the number one reason people switch away to its competitors.

[Nick Harvey]

You're not invulnerable to REALLY slick drive by downloads that do a beautiful job mimicking the Windows GUI and catch you at a tired moment.

I never use the Windows default colour scheme for that reason. I'm still on XP on this machine. All the 'attacks' on XP make themselves look like the default blue colour scheme. My colour scheme is the silver, so a blue box sticks out like a sore thumb and is very obviously something to beware of.

[Critique]

You're not invulnerable to REALLY slick drive by downloads that do a beautiful job mimicking the Windows GUI and catch you at a tired moment.

I never use the Windows default colour scheme for that reason. I'm still on XP on this machine. All the 'attacks' on XP make themselves look like the default blue colour scheme. My colour scheme is the silver, so a blue box sticks out like a sore thumb and is very obviously something to beware of.

I've noticed a more recent one is a pop-up window which looks like an update to Flash Player but is actually some other piece of software - the design and colours of the pop-up make it look like a Flash player update screen, but then you see the icon is just an exclamation mark and you read into it and see that it's just weird software they want you to install. I've almost fallen for it a few times because there's always a Flash update to be downloaded, and it looks quite genuine.

[Critique]

This download is now accessible for UK users, and whilst on the most part it's a good update, I miss not having the start button. When I first got Windows 8 I missed the start button for a few days, and then realised that I didn't need it - the reintroduction in 8.1, with no way to hide it again, is now quite annoying! It looks like it's trying to blend in with the other icons, unlike in Windows 7 and before, and it's a smaller size than app icons - the sizing of it just doesn't seem right and I look forward to being rid of it again!

[Critique]

Four days after installing 8.1 I've dropped back down to 8.0 because it was quite unstable on my system (it didn't seem to like the drivers for the graphics card so it crashed everytime it tried to use it and when I updated the driver it would occasionally do something like what is seen in the image below (via Google Images showing an XP user with a similar issue, although the volume of the lines was worse and everything went greyish):



On top of all that, I don't mind not having a Start Button and as the solution in 8.1 isn't a Start Button just a bigger sized Start screen shortcut with a Windows Logo suddenly always in the corner again it annoyed me quite a bit. Also, they've changed the Search thing in the Start Screen from taking the entire Start screen space to condensing it into the tiny sidebar, which seems counter-intuitive.

However I think generally there are a fair few improvements - I just didn't see many of them.