Windows 7 SP1 Bundles Up Security, Fixes

Microsoft's Windows 7 SP1 bundle rolls together fixes and minor features. Deployment will take careful planning to accommodate the bulky update.

The first service pack for Windows 7 is a healthy dose of security fixes and minor updates rolled into a single installation package. The relatively large size of Windows 7 SP1 along with the multistep installation process means that IT managers should make plans now to minimize the productivity impact of rolling out the update to user systems.

The Windows 7 SP1 update became available on Feb. 22 from Microsoft's developer Websites and is also being made available via Windows Update.

One key feature of Windows 7 SP1 is the relatively large download size and lengthy installation processes. Notes from Microsoft advise that the process can take anywhere between 30 minutes and one hour, and this was confirmed at eWEEK Labs on a variety of physical and virtual test systems. In tests, the newly updated physical and virtual systems exhibited no unusual problems, and IT managers who are deploying Windows 7 SP1 in a production environment are advised to take only customary caution to ensure that applications work without error when running on this latest version of Microsoft's flagship desktop operating system.

The service pack is also meant for Microsoft Windows Server 2008 R2, which shares a common code base with the Windows 7 desktop OS. Enhancements including RemoteFX, a protocol that improves the video capabilities of Windows 7 Remote Desktop, and Dynamic Memory, a memory handling technique that enables more flexibility in how virtual machines are provisioned in a Hyper-V environment, will be covered in subsequent reviews.

What's new

Windows 7 SP1 is a rollup of security patches, minor bug fixes along with a few tweaks that improve features that were already present when Windows 7 first shipped in late 2009. Nearly all these updates had been made previously available as individual hot fixes and patches. Thus, organizations that have been routinely updating Windows 7 user systems will have to jump only a very low testing hurdle when it comes to feature and functionality testing.

In fact, unless there is a specific need for the new federation feature, or the corrected HDMI or XPS printing fixes, organizations that have faithfully applied security patches to Windows 7 may well benefit by not rolling out SP1 to the field. The reason is simple: Windows 7 SP1 is big and it takes a while to install. To avoid potentially large network usage and lost productivity time while the service pack installs, IT desktop managers should, rather, adopt the Windows 7 SP1 slipstream version as the base image for new systems and keep previously installed Windows 7 systems on a regular diet of security and feature patches as provided by Microsoft.

Among the enhancements in Windows 7 SP1 is new support for identity, authentication and minor bug fixes that correct audio and printing problems. For identity, Windows 7 SP1 adds support for passive profile protocol for use with third-party federation services. The feature adds support for the WS-Federation protocol and enables passive identity requesters such as Web browsers to more easily handle subsequent identity tokens such as cookies or custom identification mechanisms.

Other bug fixes address problems with audio and printing. Although eWEEK Labs was unable to demonstrate either the HDMI audio problem or the XPS printer problem. In both the original Windows 7 version and machines with Windows 7 SP 1, we were able to connect HDMI TV monitors to the systems reboot and still have a connection to the device. I was also able to print documents that contained a mix of portrait and landscape pages using the XPS printer driver with no error.

This version of Windows 7 also provides more control over how some features are implemented. For example, it is now possible to change the "Restore previous folders at logon" function that is governed by the Folder Options Explorer dialog. If this check box is selected, all folders are restored to their previous positions.

In a nod to processor changes and improved security, Windows 7 SP1 now supports AVX (Advanced Vector Extensions). AVX is a 256-bit instruction set that can be used by floating point intensive application performance. With AVX support in Windows 7 SP1, applications can now take advantage of the new instruction set and register extensions.

Shops that use IKEv2 authentication protocol should look for the additional identification types that have been added to the identification field. The minor change in this feature will likely aid organizations that have wanted to use e-mail ID or certificate information when performing authentication tasks.