What I Would Change In Windows: October 2020 Edition

SwiftOnSecurity asked “What would you change in Windows?”. There are a lot of replies to the thread, and I read them all. I have some of my own thoughts, too, but it was too much for a bunch of Twitter replies, and I think it’s probably useful to collate everything I saw in the thread (or at least the ones that I agree with – some of them are a bit wild) into one place. So without further ado, here’s what I would change in Windows:

Finish the new settings UI

The new settings system was a recurring theme in many of the replies, and I very much agree. It feels unfinished and we’re at a really awkward transition point between the old and new systems. The new UI is missing a lot of settings from the old UI, and often requires you to click an “additional settings” link to launch the old UI in order to be useful.

Key areas I find lacking are:

• The networking settings. There’s very little that can be actually changed in the new UI, forcing you to click through a bunch of pages to get to somewhere useful (i.e. the old UI).
• Power settings. I’ve never used the Power and Sleep settings page – every time I open it it’s because it’s the first search result and I just use the “Additional power settings” link to launch the old power plan UI.
• Audio settings. The new UI offers roughly the same settings that you get from the tray icon anyway, and none of the more advanced settings (e.g. sample/bit rates, listening through other devices). I’m not sure who the “manage sound devices” page is for, since the only things you can do from there are “test” or enable/disable the device, but maybe someone else has a use-case.

While we’re on it, I’d fix this bug, where clicking the “change adapter options” button throws an error. It’s not the only place this happens, but it’s the most frequent.

This isn’t a stock screenshot. It happened while I was writing this blog post.

This one also seems to be related:

Shown when clicking “Adjust the appearance and performance of Windows” from Start

Bit of a weird one. Killing and re-launching the primary Explorer process doesn’t fix it. A bit of procmon debugging shows it might be related to RuntimeBroker, which makes sense considering what that does, but I can’t be sure.

Credit where credit is due: they did a pretty good job of the new settings pages for Windows Update, Display, and Personalisation.

Make it easier to change the profile for a network connection

When a new network connection is detected and the notification popup appears to select which profile (public/private) you want to use for it, it’s really easy to click away from it by accident, or select the wrong option. Changing this is usually annoying and the location for doing so has changed a number of times. If you search for a tutorial on how to do it, you’re usually presented with options that don’t exist. The location and availability of this option also seems to be dependent on whether the connection is WiFi or wired.

Selectable text on the “View your network properties” page

Currently there’s just a button at the bottom that copies all of it. Not very useful when you just wanted the MAC address of one adapter and you’ve got a dozen or so on a machine. You could go through to the old UI and get it from there, but that’s another example of the settings gulf.

Fix the photo viewer

Anyone that has used it knows what I’m going to say here. Startup times for the UWP photo viewer are abysmal. It often just hangs on opening an image. The next/previous buttons are awfully slow. I’m using an absolute behemoth of a machine (56 cores, 192GB of RAM, reading files off an NVMe VROC array) and it’s still utterly unusable. It fails to open more times than it succeeds. It’s actually often been faster to launch Paint.NET to view an image than launch the photo viewer.

Another thing I’d add to the photo viewer is better support for transparent PNGs, with the ability to change the background colour/pattern (checkerbox) when viewing.

As Tay noted in the thread, UWP startup times are a problem in general. Calculator should not take 2.5 seconds to open, especially when there’s already another instance of it running. Some folks in the thread are arguing for throwing UWP in the bin. I can see their point.

Fix search

A bunch of folks complained about search, particularly with it not showing apps. This might get better in the 2004 release now they’ve separated Cortana out. I run into this occasionally on my machine, but not that often, although when I tried it on my dad’s computer a few weeks back it was useless. I’d put in the name of an application and it’d show me nothing, or just Bing results, despite there being a tile right there with the exact name I typed in.

Get rid of ads and sponsored apps

I know that nobody on the technical teams at Microsoft likes this stuff anyway, and it’s a business decision from further up the chain, but come on. I should not be installing a professional SKU and suffering through Candy Crush and marketing telemetry. The first thing I run on every new install is Win10Debloater. It all has to go.

I feel like a reasonable middle-ground solution is to take a page out of Amazon’s book (loathe as I am to say those words) in terms of how they do things with the ad-supported Fire tablet ecosystem. Offer two variants of the home license: a cut-price one that comes with sponsored apps and some advertisements, and a full-price one that comes with none of that. Make it possible to pay an upgrade fee, where the ads are removed and sponsored apps are optionally uninstalled, in case the user used any of them.

To be clear, these are the apps that I consider to be inappropriate to come default-installed on a professional version of Windows:

• Asphalt 8
• The Bing app suite
• Candy Crush
• Caesers Slots Free Casino (I have serious reservations about bundling gambling games with absolutely anything at all)
• CyberLink apps
• Drawboard PDF
• Duolingo
• FarmVille
• FlipBoard
• iHeartRadio
• King apps
• March of Empires
• Minecraft
• Netflix (this is the only one I actually use, but it shouldn’t be pre-installed on a professional SKU)
• NYT Crossword
• Pandora
• Photastic Collage
• PicsArt PhotoStudio
• Royal Revolt 2
• Shazam
• TuneInRadio
• Twitter
• Zune Music
• Zune Video

One grey-area item for me is the Xbox integration stuff, such as the game bar, Xbox Live, etc., which are definitely not professional apps, but still probably useful to a lot of professionals who are human beings that happen to play games on a console. It should probably be something you get asked about during the Windows install process, perhaps with a nice integrated workflow for getting things hooked up if you’ve got an Xbox Live account and a console on your network. Of course, the option to install the Xbox integration apps should be available later if the user changes their mind.

Another thing I’m not keen on is the fake Office 365 install that comes bundled, or at least did the last time I installed Windows. It makes it look like you’ve got Office, but the buttons on the start menu just link to a purchase page.

I don’t know if any of these apps come pre-installed on a workstation edition of Windows. I do actually run the Workstation SKU, but it was an upgrade from Pro, so that doesn’t really tell me anything. I’ve heard that Workstation editions don’t come with the games, so that’s at least something.

Another solution that a couple of people mentioned: have a “bare install” option on Pro that comes with the absolute minimums.

Give Home users full BitLocker

I know that the Home SKU kinda has BitLocker, but c’mon. FDE is a fundamental security feature and it really shouldn’t be gated and restricted for home users. Their data isn’t somehow less susceptible to physical theft. BitLocker should be fully available for everyone.

Stop nagging about OneDrive

OneDrive is neat! I can see the appeal. But not everyone wants it, and showing a popup asking to set it up on every login is really frustrating.

Stop pushing Microsoft accounts so hard during the install process

This has gone way too far. It’s gotten to the point where you have to unplug the machine from the network during setup in order to get it to show the local account option. Internet sign-in should not be mandatory.

It has gotten a little less egregious with the store app now being decoupled from your login, so you can use it on a local account, but that should never have been an issue in the first place.

Tone down noise in event logs

Everyone’s heard the standard script from scam callers pretending to be from Microsoft. They get you to launch Event Viewer, and then… oh no! So many warnings and errors! Because everyone has warnings and errors in their event log. But if everyone has them, and they’re not affecting anything, are they really useful?

There needs to be a thorough review of what error and warning event log entries are created by 90% of computers in an average week of usage, to see how many of them are totally superfluous. It’s not really an error if it’s standard operating procedure. Looking at you, DistributedCOM.

It also wouldn’t hurt to do a performance pass over Event Viewer and see if some improvements can be done on UI responsiveness and data processing parallelism.

Make updates less painful

This one is a tricky one. A lot of folks in the Twitter thread were calling for reboot-free updates. It’s an incredibly difficult engineering challenge to hotpatch live services even in a walled garden ecosystem, but when you have to consider potential interactions with millions of different user applications, and factor in security concerns around code injection and binary signing, it’s almost impossible. Even if the user applications are all well-behaved (you can’t see me but I’m laughing right now) and don’t inject garbage into random processes, you still have to contend with a billion possible edge-cases.

I feel like there’s definitely work to be done on this, but I can’t come up with a concrete plan. The existing nag notifications are very annoying, and unilaterally performing a reboot (with applications open!) while the user has gone for lunch is truly awful, but the cold hard truth is that updates are important. The problem is that updates are important in a way that is abstract to the user, but a reboot is inconvenient in a way that is tangible to the user.

I think a good approach for now would be to start looking at which of the commonly-updated system components could feasibly be updated without a reboot. I feel like .NET might be a good candidate for this, since most updates I see contain a cumulative framework update, and the runtime is designed in such a way that hotpatching a non-breaking framework update should at least be easier than for natively compiled applications.

Show detailed information about pending updates

The UI only shows the names of the updates and KB numbers. It’d be nice to be able to click into that and see more detailed information about what those updates are for, even if it’s just linking to the MSKB page.

Also, for feature updates (e.g. the Win10 2004 release) there should be more information about what’s currently holding the update back for you. I’m still getting the “once it’s ready for your device” notice, but the release information page doesn’t show anything relevant. This seems to be a common complaint online.

ARM64 support

I know this is already being investigated for use in laptops and tablets, with x86_64 emulation support so that the application ecosystem isn’t completely cut off, which is great news. I hope it works out!

The reason I brought this up is that winocm suggested an ARM64 server SKU. I definitely support that move. ARM’s power efficiency is a big selling point for the server market.

Better performance accounting for shell UI extensions

Applications often install shell extension DLLs, e.g. for adding items to the Explorer context menu, but they can often be a source of massive latency when interacting with files. It’s hard to figure out exactly which one is causing problems without breaking out a full profiler. Even worse if the binaries don’t have symbols. It should be possible to identify which shell extension DLL spawned a thread within the process and track child threads and wait objects in order to measure their performance through some inbuilt interface.

Better error reporting for in-use files and devices

When a file or folder can’t be deleted, or a device can’t be safely removed via the eject button in Explorer, because it is in use by a process, I’d like to know who’s causing those problems. Explorer got better at this for files in Windows 10, showing “because this file is in use by [blah]”, but it doesn’t always show that information. It also doesn’t show it for ejecting devices.

The information is there, in process handle tables, and can be queried by Resource Monitor, procexp, and similar tools. The functionality is undocumented (see SystemHandleInformation) and only returns a complete list of handles for the system, leaving the application code to filter through everything. It also has a long-standing kernel pointer leak (the Object field gives you the kernelspace address of the target descriptor) which is very useful for exploiting kernel write-what-where bugs, but that’s a separate issue. A proper user-mode API for querying object dependents wouldn’t be amiss here.

Stop switching my sound device

The way Windows implements sound devices is that when one is disconnected from the computer, it is uninstalled. When you plug it back in, it is reinstalled. The drivers aren’t removed, but the device is marked as being in an uninstalled state. When you plug in a new sound device, it presumes that you would like to use it immediately. This is fine, except when it isn’t.

I never ever want to use the sound output from any of my monitors. But when I update my graphics card drivers it sees my monitor disappear, then come back, so it presumes that I want to use it as a sound device, even though the correct device, which I had already selected, didn’t go anywhere.

What the sound device implementation really needs is a priority system, so that when a sound device is installed or uninstalled it can look at your configured priority list and make a sane decision, instead of just picking whatever device happened to be plugged in last.

Improve the audio system

The Windows audio system is quite basic, especially compared to Mac OS. It really needs to support multiple output devices, multiple input devices, virtual audio pipes, aggregation/mixing, and proper loopback support. While lower latency would be nice, the biggest source of it is that you have to run audio through circuitous paths just to get things combined.

As an example, I was forced to do drum lessons over Skype for a while due to, y’know, 2020. In order to get the audio from my mic, drums, and backing audio from FL into Skype at the same time, and get the call audio and backing audio through my drumkit’s headphone jack, all without tripping Skype’s background noise cancelling (which you can’t turn off), I had to come up with this monstrosity involving four virtual audio cables:

You might be thinking “why not just feed it all through FL”, and the answer is somewhere between “Skype’s overzealous background noise cancelling muted the audio as soon as I started playing” and “because the Windows Audio service kept crashing when I tried that”. The latency issues on this setup were horrendous, leading to my playing being consistently out of sync with the backing music by the time it went out via Skype. Luckily my teacher kicks ass and was still able to tell the difference between me playing out of time and sync problems.

A convenient way to tell Defender to stop on-access scanning a task

Defender’s on-access scanning of file activity is obviously a critically important security feature, but it’s also CPU-intensive in a way that rarely scales nicely over multiple cores. I can be running an operation that’s performing 30+ threads of parallel IO and find that most of my execution time is bottlenecked in Defender.

In these situations I don’t want to create an exemption on the target files, because that’s a non-volatile operation that I’ll forget to undo, and I don’t want to create an exception on the process for the same reason. What I want is a convenient way to say “for the lifetime of this process, or the next 6 hours, whichever is less, stop doing on-access scanning”. This doesn’t have to be something that’s included in the Home SKU, since those users have a different risk profile, but for technically adept users it’s a real pain to have such a heavy performance bottleneck on an operation that you know is safe, with only ham-fisted options to avoid it.

Fewer needless notifications

One example that was brought up was Windows Defender saying “I did a scan (which I’m always doing anyway) and found nothing (but felt like telling you anyway), please click this annoying box”. Apparently there’s a setting to turn this off, but it’s called something like “enhanced notifications”, which is definitely a really descriptive name that in no way sounds like a bad thing to turn off.

Better naming for svchost

I have 94 svchost processes running right now. While it’s not that hard to figure out which processes belong to which services, and vice versa, from within Task Manager, it’s much less easy to figure it out from error log and crash information that only provides a process name, or even a PID if the process has died.

I feel like it shouldn’t be that hard to have a system directory somewhere that contains automatically-managed NTFS hard links to svchost, but renamed to include the service name, e.g. ServiceContainer_Dnscache.exe. This makes it much easier to identify what a process is for to on first glance.

See also: RuntimeBroker. I have 8 of those processes. A little transparency on what they’re associated with would be nice, especially if you’re going to continue pushing UWP.

Clipboard support for non-Windows guests in Hyper-V

Please? All the major VM tools support clipboard integration for Windows, Linux, and BSD. All except Hyper-V. I’ve spoken to Microsoft folks about this before, who swear that there’s Definitely Guest Integration Tools For Linux And I’m Sure They Work™, but I’ve yet to find a single person who has gotten it working. A quick search shows that people have been complaining about this for more than nine years now. It should be a standard plug and play feature.

And speaking of Hyper-V…

Support other VM tools on top of Hyper-V

It’s really frustrating to me that Hyper-V locks the virtualisation bit, meaning that if you want Hyper-V, it’s all you get. You can’t run VMware or VirtualBox on your base OS alongside it. This also means you can’t enable advanced security features like VBS, HVCI, or credential guard, if you want or need third-party virtualisation.

WMI latency

Nothing much to say here. WMI queries usually take forever and the latency can often be measured in seconds. The provider service processes also eat up an absurd amount of CPU for something that should be as simple as “instantiate a COM object and ask it for some numbers”.

If the performance can’t be fixed due to some architectural issue (to be fair, WMI is ancient), there at least needs to be an “abort this query” feature that actually works immediately, and better tooling for figuring out what the heck a particular WMI provider is burning so many watts on.

Better CPU usage reporting in Task Manager for many-core systems

Task Manager only displays an integer CPU usage value per process, which is measured as the percentage of total CPU time on the system, across all cores, being consumed by it. This becomes useless as the core count climbs, because it cannot describe single-core loads with sufficient precision.

Here’s a worked example. Let’s say you bought a Threadripper CPU with 32 cores. With SMP that shows up as 64 logical processors on Windows. Now let’s say a process has gotten itself stuck in a loop, and it’s continuously eating up about 30% of the CPU time on a single core, wasting a bunch of energy. The details tab in Task Manager will show that process as using 0% CPU. Why? Because a process that uses up 100% of the CPU time of one core, on that system, is using 100/64=1.5625% of the total available CPU time. 30% of that is 0.47%, which rounds down to zero when converted to an integer. This also means that the only numbers you’ll ever see in the CPU usage column, for processes operating on single-core tasks, will be 0, 1, or 2. On systems with 50 or more physical cores, the only numbers you’ll see are 0 or 1. That’s not very useful.

One approach to fixing this is to just provide a couple of decimal points, for higher precision, but that still doesn’t really paint a good picture of what the process’ load impact looks like. Seeing 0.47% doesn’t make me think “process doing something bad”. Another option is to display CPU usage percentages in IRIX mode, whereby one fully loaded processor is displayed as 1.00, or 100%, and multi-core loads exceed that. I actually prefer this approach, but I can see how it might confuse other users, so perhaps it should be a non-default column in the Select Columns dialog.

Add a “number of active threads” metric for processes

It’d be quite useful to know how many unique threads the kernel’s thread scheduler gave some meaningful execution time to (i.e. not just scheduled but immediately yielded), per tick, on a per-process basis. This would be useful for performance analysis of multi-threaded applications.

Default to showing file extensions

This one’s a no-brainer. Explorer shouldn’t hide file extensions by default. It maybe made sense back in the Windows 95 days to hide them, but in 2020? Nah. People can figure that out. Plus it eliminates the double-extension trick that malware authors so often use.

Let me re-order windows from the same program in the taskbar

This one is particularly annoying for those of us who tend to have a lot of browser windows open and don’t use the taskbar in combined icon mode. The windows are currently forced into chronological order and there’s no way to change that.

Put NIC Teaming back on Windows 10 for Workstations

I already figured out how to bypass this, but it’s still annoying. I understand not including teaming in Home and Pro, but restricting it to only server SKUs and disallowing Workstation makes no sense to me. There are a lot of situations where teaming NICs makes sense for workstations, and it’s clearly a premium product for professionals.

Add an Always On Top context menu option for windows

Self-explanatory, really. Apparently this one is being tracked on the feedback hub, which is nice.

Aggressive optimisation of NTFS, or move to something new

Benchmarks of compiling large C/C++ projects on Windows and Linux show the latter having a clear edge in terms of IO performance. NTFS is slow, particularly at creating new files. It’s a major bottleneck.

Another ridiculously slow operation is changing ACLs on a large directory structure. For some reason if you edit an inheritable ACE it has to touch every single file underneath it, and it’s exceedingly slow.

Implement DirectStorage technology for use with SMB Direct

Microsoft recently announced DirectStorage on Xbox, and later for PC, which is a technology used for transferring data directly between an NVMe SSD and the GPU’s VRAM without needing to involve the CPU. This isn’t really a desktop Windows concern, but it got me thinking about the opportunities for a similar technology in the enterprise storage space. RDMA-enabled NICs already support SMB crypto offload, and SMB Direct already supports RDMA, so the final bottleneck is largely around getting the data from the storage device into system memory. DirectStorage could enable a zero-interrupt pipeline for data transfers in that kind of environment, by moving data directly from the storage device to the NIC, thus reducing CPU load and power consumption. It’d also be ludicrously fast.

I suspect this may already be Microsoft’s intention. Gaming offers a way to fund the tech development and try it out on a large user-base before going to enterprise with it.

Add a proper screen recorder

Sometimes I want to record a short video of a problem, or a set of steps. Steps Recorder does not do video, and the game recorder thing from Game Bar isn’t really designed for recording videos of your desktop. It needs to be something that follows the active window, preferably with pen support for annotations.

Take the in-built Screen Reader app and expose it as an API

Before my father-in-law passed away, he suffered from severe vision loss due to a brain tumor. While the scaling and accessibility features helped somewhat, a screenreader would’ve been nice. The problem is that the existing screenreader is an awful experience for a new user, constantly inundating you with confusing speech that is hard to follow. I experimented with a few alternative options and they were all lackluster or endlessly complicated to use.

One complaint I continuously see is that fancy unicode versions of characters (the kind people sometimes use in their twitter names) come out as long descriptions of each individual character rather than the intended text. There’s no way to fix this in the Windows in-built reader, and if there was a way to do so in any of the others I tried it was either very hidden or very difficult to set up.

I looked into writing my own, and the API is awful. Or should I say APIs? Because there are several. None of them are consistently useful, they mostly rely on applications explicitly providing text, and none of them provide the same level of information that the actual Windows Screen Reader app clearly infers or gathers by itself. What we need is all that clever inference to be available by developers as a clean API, rather than leaving them to replicate the work.

Allow monitor selection for RDP sessions

Right now you the display options for RDP sessions allow for either one screen, or all of your screens. This is frustrating for those of us who have three or more screens and only want to use two of them for an RDP session. It’d be nice to be able to just pick the monitors. Bonus points if you can swap them in a live session, and gracefully handle a monitor disconnecting.

Invertible mouse wheel scrolling

You can swap this in the registry but there’s no UI for it. Would be a nice feature to expose.

Better night light, like f.lux

I know Windows has Night Light, and honestly f.lux does what I want, but it’d be nice if the night/day tracking functionality was just a native feature.

Show Start on the active screen when WinKey is pressed

At the moment it shows on your primary display regardless. There should be an option to have it appear on the screen that your mouse cursor is on when triggered by pressing the Windows key.

Don’t make BSOD dumps dependent on the pagefile

It should be possible to quietly reserve BSOD dump space without needing a pagefile configured. Yes, I know it makes sense to keep a pagefile even if you have a ton of RAM, but there are certain hardware configurations where they aren’t feasible. It’s silly that we still can’t save that crash info without a pagefile.

Also, on this front, better support for recording bugcheck information to onboard flash where available on workstation and server motherboards. This has been a standard UEFI feature for ages but as far as I can tell Windows still doesn’t support it on desktop SKUs.

Remove the Downloads folder from the list of items in Disk Cleanup

I think this was originally a default-checked option when it was introduced. A lot of people lost a ton of data. It’s now unchecked by default, but that’s a huge footgun. Update: I’m told this was resolved in the 2004 update.