features you disabled in Windows 7 and why?

[bradavon]

User Account Control -> Useless for me. I run 7 as a Administrator, and I'm virus free since the release of Vista.

Why risk damage/malware and run as Administrator (with UAC turned off)? There are very valid reasons you should never run as Administrator on a day to day basis. In Vista the nag prompts were at least annoying but in Windows 7 they're so rare, it's pointless turning it off. With Vista I set the prompts to silent.

It's not useless for you or anyone. You just like to be deluded you don't need it. Anti-malware can only do so much. If Malware gets passed them, the malware has free-for-all to do whatever damage it chooses. As it did on releases of Windows prior to Vista. As you've disabled UAC you've also disabled Folder Virtualisation, so bad code can access Windows, Windows\System, all Profile Folder and Program Files. Disabling UAC also disables IE's protected mode, so bad web content has full access to your system too.

There are so many reasons it's dangerous to disable UAC and none to not leave it enabled. The few apps that fail with UAC enabled can be fixed by running as admin (under the compatibility tab or shortcut properties).

Windows Search (Indexing services) -> Search is already fast because all my files are organized in specific folders.

Windows Defender -> NOD32 can detect malware.

Me too but Kaspersky Internet Security. I also always set Microsoft Update to Manual. I can then review and install what I want.

[hdood]

Why risk damage/malware and run as Administrator (with UAC turned off)? There are very valid reasons you should never run as Administrator on a day to day basis. In Vista the nag prompts were at least annoying but in Windows 7 they're so rare, it's pointless turning it off. With Vista I set the prompts to silent.

It's not useless for you or anyone. You just like to be deluded you don't need it. Anti-malware can only do so much. If Malware gets passed them, the malware has free-for-all to do whatever damage it chooses. As it did on releases of Windows prior to Vista. As you've disabled UAC you've also disabled Folder Virtualisation, so bad code can access Windows, Windows\System, all Profile Folder and Program Files. Disabling UAC also disables IE's protected mode, so bad web content has full access to your system too.

This is just false security though. Any malware that wants to can easily bypass UAC approval prompts as well as protected mode (the settings level you describe where various binaries are whitelisted introduces yet another possible attack vector, making it less secure than Vista). That is if it really wanted to. You don't even need administrator access to do things like steal all your data or make you part of a botnet. All this can be done without ever triggering a UAC prompt. The only relevance the user/administrator boundary has on a single-user home computer (most computers) is when it comes to reliability, which is very different from security.

The reality is that whenever you run any code from an account that also has the ability to elevate, you need to consider the entire system compromised beyond recovery. This is what is important to make people understand. They have to be very careful with what they run. You wouldn't pick food up from the street and eat it, would you? No, so don't do it to your computer either. One bite could kill either of you.

Now I'm not suggesting that everyone go and disable UAC (or even AAM, which is what most people actually mean when they say UAC, not understanding that it's only a subset of UAC), but let's not pretend that it is something that it isn't.

[lalalawawawa]

None. I don't see any need to.

[LiquidSolstice]

This is just false security though. Any malware that wants to can easily bypass UAC approval prompts as well as protected mode (the settings level you describe where various binaries are whitelisted introduces yet another possible attack vector, making it less secure than Vista). That is if it really wanted to. You don't even need administrator access to do things like steal all your data or make you part of a botnet. All this can be done without ever triggering a UAC prompt. The only relevance the user/administrator boundary has on a single-user home computer (most computers) is when it comes to reliability, which is very different from security.

The reality is that whenever you run any code from an account that also has the ability to elevate, you need to consider the entire system compromised beyond recovery. This is what is important to make people understand. They have to be very careful with what they run. You wouldn't pick food up from the street and eat it, would you? No, so don't do it to your computer either. One bite could kill either of you.

Now I'm not suggesting that everyone go and disable UAC (or even AAM, which is what most people actually mean when they say UAC, not understanding that it's only a subset of UAC), but let's not pretend that it is something that it isn't.

The other day, an mp3 file my brother downloaded asked me for admin privileges when I ran it. Hm.

Yeaaaaaah, I don't think it's useless. Nice speech, by the way, but you're not the mass market, you're one person.

Don't pull the whole "malware can bypass" blah blah blah crap because by that token, I'll have you know that there are tons and tons of tools out there that can fully bind and FUD (fully undetectable) malware files with legit files, and then post them on legitimate sites. So that "food" that you just bought from a "five-star restaurant" can certainly still steal/destroy your computer in any way it sees fit. Also, for the record, most virus coders don't care enough and/or don't know how to create a tool that doesn't require admin privileges.

Enjoy your popup Viagra ads, I'll take my security in any small amount that I can get it; it all adds up.

Seriously, don't start the UAC argument, it's been tried and discussed to death and no one ever wins that fight.

[lawtai]

I've found that Windows 7 just runs nice and smoothly even with everything turned on. I haven't bothered to turn anything off.

[Zlain]

The other day, an mp3 file my brother downloaded asked me for admin privileges when I ran it. Hm.

Yeaaaaaah, I don't think it's useless. Nice speech, by the way, but you're not the mass market, you're one person.

Don't pull the whole "malware can bypass" blah blah blah crap because by that token, I'll have you know that there are tons and tons of tools out there that can fully bind and FUD (fully undetectable) malware files with legit files, and then post them on legitimate sites. So that "food" that you just bought from a "five-star restaurant" can certainly still steal/destroy your computer in any way it sees fit. Also, for the record, most virus coders don't care enough and/or don't know how to create a tool that doesn't require admin privileges.

Enjoy your popup Viagra ads, I'll take my security in any small amount that I can get it; it all adds up.

Seriously, don't start the UAC argument, it's been tried and discussed to death and no one ever wins that fight.

I had UAC disabled because it kept notifying me too much, but I think I will re enable it now after my laptop is repaired. Liquid is correct. The small little features add up.

[MikeChipshop Member]

I was half way through typing 'None' but then remembered i have other processes in place for backup so disable windows version.

Apart from that i don't disable anything else and this is the first version of windows where i don't see the need to go in and fiddle around.

[callummr]

The other day, an mp3 file my brother downloaded asked me for admin privileges when I ran it. Hm.

That makes no sense. I'm guessing it was a [name].mp3.exe file, because an mp3 simply cannot execute. So that's user error, and something you really shouldn't have needed UAC to tell you about in order to avoid. Most people seem to see and need UAC as a replacement for common sense.

For clarity, I'm not suggesting turning it off. By all means set UAC how you like, I'm just saying that reasons like the above should not exist, because they're easily avoided by using a little bit of common sense.

Here's my Windows Features dialog:

I don't need Windows Media Player given MPC is faster, lighter, and more functional (and iTunes manages my music).

I've disabled everything else I can't see myself ever needing.

Edited January 24, 2010 by callummr

[MikeChipshop Member]

That makes no sense. I'm guessing it was a [name].mp3.exe file, because an mp3 simply cannot execute. So that's user error, and something you really shouldn't have needed UAC to tell you about in order to avoid.

Of course running an .mp3 file would of course execute a player (.exe) that is associated to play the file. If this player needed admin privileges to run/update then UAC would indeed kick in.

[callummr]

Of course running an .mp3 file would of course execute a player (.exe) that is associated to play the file. If this player needed admin privileges to run/update then UAC would indeed kick in.

Of course, of course, but the post implied that the mp3 was executing and had no reason to need admin privileges. Again, common sense would tell you there's no problem if the file UAC was notifying about was to do with their player :)

[MikeChipshop Member]

Of course, of course, but the post implied that the mp3 was executing and had no reason to need admin privileges. Again, common sense would tell you there's no problem if the file UAC was notifying about was to do with their player :)

Sorry just realised how many time i wrote 'of course' in that paragraph haha

Yes an MP3 file alone would not execute itself and the .exe on the end would normally be something quite dodgy :p

[yxz]

Here's my Windows Features dialog:

Remote Differential Compression Myth

[hdood]

The other day, an mp3 file my brother downloaded asked me for admin privileges when I ran it. Hm.

Yeaaaaaah, I don't think it's useless. Nice speech, by the way, but you're not the mass market, you're one person.

Instead of your borderline personal attack, how about you actually read the post? It does not say that it is useless, nor does it say that I think people should disable it.

What I said applies to absolute everyone. Everyone should be aware of what UAC is and isn't. It's important to understand this if you want to keep your system secure. If you want to preach ignorance, then that is your right, but don't attack me.

Also, for the record, most virus coders don't care enough and/or don't know how to create a tool that doesn't require admin privileges.

Correct on the first part, not on the second. It's also true that most current malware is not designed to cleverly hijack UAC and instead relies on uneducated users just clicking yes. Does any of that mean anything in this context? No. That is just the current behavior. Malware has changed a lot over the years, and there is no reason to believe that it won't continue to change and adapt. This is something that should be taken seriously.

[callummr]

Remote Differential Compression Myth

Is there anything I'd want to enable it for though? If it won't help anything, I just don't see the point enabling it :p

[RvXtm]

Nothing disabled here, i run it with the default setup components. I don't see a need to disable all my components, maybe on a Pentium, athlonXP machine, but on a quad it's pretty pointless, it won't go any faster.

[Matchmuchach]

System restore... It eats your harddrive faster than anything else, and I just dont use it at all. Just keep a good back-up, system crash? Re-install Windows and load the back-up, done!

[neo158]

System restore... It eats your harddrive faster than anything else, and I just dont use it at all. Just keep a good back-up, system crash? Re-install Windows and load the back-up, done!

You could just change the amount of space allocated to system restore, then there's no need to reinstall windows unless absolutely necessary, everyone should backup regularly anyway.

[Roger H. Veteran]

I do a backup but i always disable system restore too. I know i don't need to format whenever something goes wrong but it just drives me nuts to think something going on in the backgrounds there that might be causing an issue or 2 whenever something happens. I always think it might be the cause of whatever new problem i'm having. To help my sanity and to calm my OCDs i format my system.

I know i could also use a VM to test out various configs or software or even hardware but i rather doing it on here and then once i'm done i'll format and only install whatever i liked from my "testing" phase. I dunno, i'm weird :D

[bradavon]

Here's my Windows Features dialog:

I don't need Windows Media Player given MPC is faster, lighter, and more functional (and iTunes manages my music).

I've disabled everything else I can't see myself ever needing.

With DVD Maker disabled (which I'll never use), will it also remove DVD Playback support? I've let it enabled, as I think it does.

[iamwhoiam]

With DVD Maker disabled (which I'll never use), will it also remove DVD Playback support? I've let it enabled, as I think it does.

Removing it won't keep you from having DVD playback.

[cabron]

I thought Windows 7 was already optimized, so it does not need to be disabled any services.

[pezzonovante]

Media Player Classic sucks. It has a horrible UI. WMP 12 and Zune 4.0 FTW.

[callummr]

Media Player Classic sucks. It has a horrible UI. WMP 12 and Zune 4.0 FTW.

I actually prefer functionality. Also you can hide all of the UI and have a thin glass border only, which is how I usually use it so it doesn't affect me at all. Every function I need (Open File, Open DVD, View settings, play/pause etc) can be accessed via right click or keyboard shortcuts.

[pezzonovante]

I actually prefer functionality. Also you can hide all of the UI and have a thin glass border only, which is how I usually use it so it doesn't affect me at all. Every function I need (Open File, Open DVD, View settings, play/pause etc) can be accessed via right click or keyboard shortcuts.

But you can install shark 007's codecs on Windows 7. Then you will be able to play every file using the beautiful WMP12.

[callummr]

But you can install https://www.neowin.net/forum/index.php?act=announce&f=12&id=11's codecs on Windows 7. Then you will be able to play every file using the beautiful WMP12.

I fail to see what WMP has over MPC-HC. I can't say I care about how it looks when it's not even playing anything, and there's nothing wrong with MPC's appearance when it's playing with only video visible as I've said.