Windows 11 [2021]

Majority of users will gain major benefits from a secure OS
60% is a huge number and will go to make windows a much better experience
A 'huge' number would be a 100x reduction of malware infections, not a 2.5x reduction - which is useless when Windows Defender already blocks nearly 100% of known malware.

And to achieve that reduction, they had to ditch all systems released before 2017 (Intel) or 2018 (AMD), as well as all devices for which existing drivers won't be re-tested for HVCI and re-signed with recent certificates.

that is great for linux. Linux is not windows and if users want that without hardware requirements MS has set they can just go to linux
this is 80% of what windows 10x was. They decided they had enough here to go with a new OS.
TLDR, what the PC press used to call 'containers' and 'sandboxing' in Windows 10X would be wrong solutions to a non-existing problem.

How long should they support hardware ? Original skylake from 2015/16 were discontinued by intel in 2019 and are end of life.
As long as it is in use by its rightful owners? Skylake SKUs may be long discontinued but it's certainly not EOL since Intel still publishes GPU drivers and microcode updates.

It's better to rip a band-aid off than string stuff around and half create a half assed solution that blows up in their face.
Fully agree, unfortunately Microsoft prefers to add additional layers of abstraction rather then rework their kernel architecture ;)
 
Last edited:
Linux supports OS-level virtualization where the Linux Kernel can run multiple independent user spaces, isolating them from each other through separate virtual memory space and system call state.
So does Windows.
It can run a hypervisor host as a way to further manage isolation though.
Not quite. Linux Kernel has a stable user space API which lets you run Docker containers on any Linux distribution and kernel version. Whereas on Windows Server, you need to use the exact same build of Windows in your container image, otherwise containers will run in a virtual machine with hypervisor-based isolation.

I think it was a simple fix for Microsoft to introduce a hypervisor 'ring -1' in order to split the kernel 'ring 0' address space into 'secured' OS kernel VM and insecure kernel-mode driver VM, so they didn't have to retouch the kernel and make use of features like intermediate protection rings 1 and 2, available since Intel 80386. Instead they shifted the burden to OEMs who need to test their drivers for compatibility with HVCI code integrity.

Containers have no relation to hypervisor virtualisation or malware protection.]
depends on the container technology
No. Containers were originally designed to bundle server applications with required versions of user-mode libraries and configuration files, but share the main OS kernel and thus use much fewer processor resources than virtual machine instances running full OS images.

https://www.ibm.com/cloud/learn/containers
https://cloud.google.com/containers/

https://www.redhat.com/en/blog/arch...erstanding-user-space-vs-kernel-space-matters
https://www.redhat.com/en/blog/architecting-containers-part-2-why-user-space-matters
https://www.redhat.com/en/blog/arch...art-3-how-user-space-affects-your-application

etc.


So what would be the use of 'app containers' for desktop applications?

If the OS wraps all Windows apps in an 'app container' that includes user-mode OS subsystems (from the same build which allows 'process isolation') to additionally 'sandbox' them, then how that would be different from the way regular Windows OS works with multiple processes? User-mode OS components inside a container would have no additional protection, because they still run in that process' virtual address space, in the same protection ring 3, and all 'sandboxing' depends on security mitigations implemented in regular OS components.

That would make more sense if the OS could include only the required user-mode components in each app 'container', however automatically determining which API and library would be required by that specific process is not trivial, and even UWP apps do not include such detailed declarations.


There's little point in 'Hyper-V isolation', i.e. running app containers in a separate VM, since hypervisor virtualisation has a significant overhead (which is mitigated by the ability to easily launch multiple instances of the container across your server infrastructure), and user-mode apps have no access to kernel mode features like I/O operations in the first place.

https://shatteredsilicon.net/blog/2020/03/19/virtual-performance-or-lack-thereof/
https://petersenna.com/files/peters-top4-virtualization-benchmark-1.29.pdf
https://unrealcontainers.com/docs/concepts/windows-containers#hyper-v-isolation-mode-issues


Linux has more CVE's than Windows does, and they too are still finding new bugs in their code each day.
At least they are not pretending it wasn't their fault so they can put the burden on OEMs and end users. Microsoft is instead forcing server/enterprise specs for remotely-managed 'secured-core PC' on everyone as their solution.
 
Last edited:
The last breaking hardware and driver change was Windows Vista and it generated a lot of the same complaints. Everyone sht-hammered Microsoft about how it's so irresponsible and unacceptable, and yet we all got over it.
These were performance requirements, not processor generation requirements, and demanding features were automatically enabled according to performance figures measured by the Windows Experience Index (aka Windows System Assesment Tool).

This time, they ditch anything relased before 2017-2018 - instead of automatically enabling advanced feartures on supporting systems, as they did with Windows Vista (for Windows Aero) and later versions of Windows 10 (i.e. for HVCI code integrity).


I also recall Vista requirements were indeed outrageous, because real-world requiremends for hard disk space and system memory increased like 10x (ten-fold) comparing to Windows XP. It also suffered from reduced peformance, because significant parts of GDI acceleration and sound processing were re-implemented in software, deprecating existing components and driver models.

Adoption rates only improved with Windows 7 four years later, which coincided with CPU performance breakthrough from Intel Core (Nehalem) architecture.


If you have Windows Vista hardware, you can still run Windows 10 to this very day.
In my experience, AMD systems before Ryzen are only good for stop-motion animation, even with maxed-out RAM and an SATA SSD.

Intel Nehalem (with an UEFI emulator) and higher can run Windows 10 x64 editions with ease if you add 8 GBytes of memory and install an NVMe disk to the PCIe slot.

A breaking change to a base operating system of your PC once a decade isn't the same as forced obsolesence of a cell phone every three years.
They intend to disqualify CPUs released as late as 2018-2019, how it's not the same?


Microsoft has highly prioritized compatibility with legacy, and in doing so, unfortunately must drag along a lot of legacy interfaces. Windows 11 is going to break a lot of this, on purpose, and it's going to make people upset.
Windows 11 does not break legacy programming interfaces, only legacy hardware.

Let me help you out: Isolation Modes
Thank you, but I'm watching this 'Windows Containers' saga since it has began in 2014, so I've read these marketing materials (I treat them as such since they make incredible claims of using namespaces and OS-level vritualisation in Docker for Windows).

Microsoft made it through Vista just fine, they'll make it through Windows 11 just fine.
Microsoft arguably made it through Vista, it's just Vista that didn't really make it.
 
Last edited:
They intend to disqualify CPUs released as late as 2018-2019, how it's not the same?
It's not the same because they're doing it for an architectural reason and are unlikely to repeat that sort of hardware cut off again for a very long time. This is resetting a baseline, done once in a very long while. It's not a play to increase hardware sales by perpetually and arbitrarily dropping support after a low single digit number of years.

If they announce Windows 12 in 3-4 years with more cpu gen cut offs, then yeah, it'd be the same thing. We should all get angry at that. If we go another decade+ without significant new requirements though then not at all the same thing.
 
I also recall Vista requirements were indeed outrageous, because real-world requiremends for hard disk space and system memory increased like 10x (ten-fold) comparing to Windows XP. It also suffered from reduced peformance, because significant parts of GDI acceleration and sound processing were re-implemented in software, deprecating existing components and driver models.

Vista/Longhorn at least had a fairly lengthy semi-public beta period, so it didn't get dropped on the world out of nowhere a matter of months from launch. Also the fact that its release was occurring at the tail-end of the Dennard scaling era meant that any PC hardware that was 4-5 years old at that point was dramatically weaker in every metric (CPU, mem, storage, GPU, etc). At the time that Vista launched there were still a huge number of users with WinXP systems limping along with 256MB and were well overdue for an upgrade anyways, so the growing pains of Vista's introduction at least came with an improvement in daily usability just from the CPU and memory upgrade. Windows 11's hardware requirement cut-off point on the other hand has no relation to user experience as any CPU made in the last decade is largely indistinguishable for common everyday tasks. It's hard to see how this isn't going to result in fragmenting the userbase and cripple the adoption of DirectStorage in the coming couple years.

Curious what the Steam survey stats indicate for what percentage of systems meet the Win11 requirements.
 
Last edited:
Vista/Longhorn at least had a fairly lengthy semi-public beta period, so it didn't get dropped on the world out of nowhere a matter of months from launch. Also the fact that its release was occurring at the tail-end of the Dennard scaling era meant that any PC hardware that was 4-5 years old at that point was dramatically weaker in every metric (CPU, mem, storage, GPU, etc). At the time that Vista launched there were still a huge number of users with WinXP systems limping along with 256MB and were well overdue for an upgrade anyways, so the growing pains of Vista's introduction at least came with an improvement in daily usability just from the CPU and memory upgrade. Windows 11's hardware requirement cut-off point on the other hand has no relation to user experience as any CPU made in the last decade is largely indistinguishable for common everyday tasks. It's hard to see how this isn't going to result in fragmenting the userbase and cripple the adoption of DirectStorage in the coming couple years.

Curious what the Steam survey stats indicate for what percentage of systems meet the Win11 requirements.
Given that DirectStorage requires a 1TB nvme ssd and a DirectX 12 Ultimate gpu (Which is the Nvidia RTX 2000 and 3000 series) I don't expect the other requirements to Windows 11 will materially impact the number of DirectStorage capable systems. It's very much a forward looking thing. For the next several years Xbox will drive adoption, not PC.
 
MS PR is clearly in damage control mode now, so I'd say the only information worth treating at face value would be what's in SDK documentation. The initial requirements felt arbitrarily chosen (1TB was downright silly), they were called on that, they revised them, and then pulled the compatibility app altogether.
 
things i noticed after using w11 for a few days

  • faster startup and shutdown.
  • more responsive. Maybe animation trick? because there are more elaborate animations, so they can hide the initial lag/loading?
  • conneted standby is still as broken as w10 (it could take minutes to standby if connected to wifi)
  • windows defender is buggy. it keeps disabling auto sample submission every reboot. Maybe defective by desig? (i.e. microsoft doesnt want samples from w11 at the current time?)
  • the bloody taskbar is stuck at the bottom
  • taskbar 3rd party widgets are removed
  • mish-mash of the classic and modern control panel
  • no stability issue
  • the type to search in "start" is way faster than W10. Its as fast as when i blocked "start" from accessing the internet in w10. Maybe because microsoft makes it offline-only in W11? By default it do offline search, and it only do online search when i clicked the approriate tabs
 
That requirement language was refined to remove the size of 1TB and DX12 Ultimate.
Even if it's not 1TB, I'm not sure how DirectStorage is supposed to work without specific GPU hardware support. I'll be surprised if it doesn't end up requiring a modern GPU.
 
Even if it's not 1TB, I'm not sure how DirectStorage is supposed to work without specific GPU hardware support. I'll be surprised if it doesn't end up requiring a modern GPU.

The requirement now is a DX12 GPU that supports SM 6.0
https://www.microsoft.com/en-us/windows/windows-11-specifications

"DirectStorage requires an NVMe SSD to store and run games that use the "Standard NVM Express Controller" driver and a DirectX12 GPU with Shader Model 6.0 support."
 
As far as I recall Windows allowed to duplicate and extend. Are there other options now?
Has been since 2009 when AMD brought in Eyefinity with Radeon HD 5000 -series.
(and I'm pretty sure Matrox has allowed it since forever)
 
yes with nvsurround and eyefinity for example as far as windows was concerned I didnt have 3x 22" 1680x1050 monitors I had a single 5292x1050 monitor (the extra 252 pixels come from bezel compensation)
mbVOnlM.jpg


you can also have a taskbar that stretches across all monitors

BZ0Rqyp.jpg
 
Last edited:
yes with nvsurround and eyefinity for example as far as windows was concerned I didnt have 3x 22" 1680x1050 monitors I had a single 5292x1050 monitor (the extra 252 pixels come from bezel compensation)
mbVOnlM.jpg


you can also have a taskbar that stretches across all monitors

BZ0Rqyp.jpg
I see. I personally just use regular Windows options and don't use my Nvidia panel at all.
 
Thats fine for the desktop but if you have 3 1080p monitors its the only way to play a game at 5760x1080 (or 1920x3240) or 5760x2160 (if you have 6)
Tg8CXNT.jpg
 
Last edited:
Thats fine for the desktop but if you have 3 1080p monitors its the only way to play a game at 5760x1080 (or 1920x3240) or 5760x2160 (if you have 6)
I see. I actually prefer playing games in a smaller screen than my native resolution because I tend to switch to browser and other apps. New games work more or less, but old games sometimes break.
 
Back
Top