In preliminary Betanews tests Tuesday comparing the relative speeds of major Web browsers in Windows Vista- and Windows 7-based virtual machines, not only did the general performance of Microsoft Internet Explorer 8 improve by about 23%, but the latest production build of Firefox 3.0.10 appears to improve its performance by 17.5%.

This despite running in a Windows 7-based virtual machine that we estimate to be 12.1% slower overall than a Vista-based VM hosted by the same environment.

These are the initial findings of Betanews’ experiments in how the architecture of Windows 7 may or may not influence the performance of major Web browsers. We wanted to see whether Win7 made browsers faster or slower, and doing that meant hosting browsers in virtual environments whose relative speeds with respect to one another could be normalized.

As we discovered, Windows 7 RC Build 7100 runs perceptibly slower on a Virtual PC 2007 platform on XP SP3, than Vista SP2. This does not mean Windows 7 is a slower operating system, but rather that it behaves more slowly in this particular virtualized environment, which after all was designed for Vista. So to make our test fair, we needed to estimate just how much slower our Win7 environment was from Vista, and factor out that difference.

Up to now, we’ve been comparing relative browser performance in Vista using a relatively slow browser to judge against: IE7. We’ve used IE7 as our gauge of how much more readily other browsers blow right past it in the performance department, including IE8. But we don’t want to install IE7 on Win7 — although it’s technically feasible, doing so would pollute the operating system for running Win8 and other applications. So we needed a new, slow browser that we could rely upon to stand still for us, relatively speaking.

Our first choice was Firefox 1.5, but we learned it had difficulty running in Win7 at all. We ended up using Firefox 2.0.13, not quite the final build of that series of Mozilla’s browser. Our aim was to use this browser as a fair gauge of how much slower our Win7 environment was than Vista. This way, we could equalize our indexes, which are based on IE7 — we can’t run IE7 on Win7, but we can estimate how much slower IE7 would be if we could, by measuring how much slower Firefox 2.0.13 is. Though the average speed difference is 12.1% in favor of the Vista VM, for our browser benchmarks, we created differentials for each heat in the competition, to more accurately account for environmental factors between the two environments.

In the Vista VM alone, Firefox 2.0.13 puts in a performance index of 2.49, meaning it performs 249% as well as IE7 in the same environment. Compare that to Firefox 3.0.10’s index score of 5.19 in recent Betanews tests in the Vista VM.

Factoring out the speed differentials, we can reliably say that IE8 gives us a performance index of 2.69 in the Win7 VM versus 2.19 in the Vista VM. Meanwhile, Firefox 3.0.10 scores a 6.10 normalized index score in the Win7 VM versus 5.19 in the Vista VM.

The news is not all good for Mozilla, however. Under the same test conditions, Firefox 3.5 Beta 4 slows down in Win7, but only by about 2.5%, scoring a 10.18 normalized index score in the Win7 VM versus 10.44 in the Vista VM. So from this angle, it appears that Windows 7 helps close the gap between Mozilla’s production browser and its experimental browser. We’re interested to find out whether similar discoveries await us with regard to Google Chrome, and whether Win7 will play nicely with Apple’s Safari for Windows. Those results are still forthcoming.

Source: Betanews

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site: http://www.microsoft.com/technet/security/advisory/961051.mspx To work around this problem, use any of the following methods.
Note You must run the commands described in this article as an administrator. In Windows Vista and Windows Server 2008, you must run the commands from an elevated command prompt. To open an elevated command prompt, follow these steps:

1. Click Start, type cmd in the search box, and then press ENTER.
2. In the results list, right-click cmd, and then click Run as administrator.

Method 1: Use a System Access Control List (SACL) to disable OLEDB32.dll for fewer applications

loadTOCNode(2, ‘workaround’);

This workaround resembles the “Use SACL entries to disable OLEDB32.dll” workaround that is described later in this article. This workaround is more selective about which applications are blocked from accessing OLEDB32.DLL. Internet Explorer is still blocked. However, most other applications are not. This has the benefit of protecting Internet Explorer from attack. However, it still enables other applications that depend on OLEDB32.DLL to function correctly.

To provide this kind of selective protection, this workaround relies on the fact that Internet Explorer runs with Protected Mode turned on by default. This means that the iexplore.exe process runs at a low integrity level. For more information about what this means and how this works, visit the following Microsoft Web page:

The integrity mechanism makes it possible to block processes from writing to securable objects such as files that have a higher integrity level. It does this by applying a special integrity level entry to the SACL for an object.

Note It is also possible to block a process from being able to read or execute securable objects at a higher integrity level.

How to use this workaround

loadTOCNode(3, ‘workaround’);

Notes

• This workaround applies only to Windows Vista and later versions of Windows.
• To use this workaround, Internet Explorer must be running with Protected Mode turned on. This requires that both Protected Mode and User Account Control (UAC) are enabled. This is the default setting. To determine whether Protected Mode is enabled, examine the Internet Explorer status bar.

To use this workaround, follow these steps:

1. Save the following text to a temporary folder:
   • For 32-bit systems
     Save the following text to a text file that is named “BlockAccess_x86.inf”:

     [Unicode]
     Unicode=yes
     [Version]
     signature="$CHICAGO$"
     Revision=1
     [File Security]
     "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll",2,"S:(ML;;NWNRNX;;;ME)"

   • For 64-bit systems
     Save the following text to a text file that is named “BlockAccess_x86.inf”:

      [Unicode]
     Unicode=yes
     [Version]
     signature="$CHICAGO$"
     Revision=1
     [File Security]
     "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll",2,"S:(ML;;NWNRNX;;;ME)"

     Save the following text to a text file that is named “BlockAccess_x64.inf”:

      [Unicode]
     Unicode=yes
     [Version]
     signature="$CHICAGO$"
     Revision=1
     [File Security]
     "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll",2,"S:(ML;;NWNRNX;;;ME)"

2. Open an elevated Administrator command prompt in the temporary folder.
3. At the command prompt, type the following command, and then press ENTER:
   SecEdit/configure/db BlockAccess.sdb/cfg <inf file>
4. After the command is finished, you should receive a message that resembles the following:
   The task has completed successfully.

   See the %windir%\Security\Logs\Scesrv.log file for detailed information.

How to validate this workaround

loadTOCNode(3, ‘workaround’);

You can use the icacls command to determine whether the workaround was applied. To do this, use one of the following:

• For a 32-bit operating system
  At the command prompt, type the following command, and then press ENTER:
  icacls “%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll”
• For a 64-bit operating system
  At the command prompt, type the following commands, and then press ENTER:
  icacls “%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll”
  icacls “%ProgramFiles(x86)%\Common Files\System\Ole DB\oledb32.dll”,2,”S:(ML;;NWNRNX;;;ME)”

Every time that you run the icacls command, search through the output for the following line.

If the line is present and includes both the NR and NX values, the workaround has successfully been applied. However, if either the line is missing, or if one of the NR or NX values is missing, the workaround has not been successfully applied.

The effect of this workaround

loadTOCNode(3, ‘workaround’);

This workaround affects only ADO/OLE DB applications that are running in Internet Explorer. This is not common. This workaround has minimal effect because all other processes that are running in Medium or higher integrity level would still be able to load and use OLEDB32.dll.

How to undo this workaround

loadTOCNode(3, ‘workaround’);

To undo the workaround, follow these steps:

1. Save the following text to a temporary folder:
   • For 32-bit systems
     Save the following text to a text file that is named “unBlockAccess_x86.inf”:

     [Unicode]
     Unicode=yes
     [Version]
     signature="$CHICAGO$"
     Revision=1
     [File Security]
     "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll",2,"S:(ML;;NW;;;ME)"

   • For 64-bit systems
     Save the following text to a text file that is named “unBlockAccess_x86.inf”:

     [Unicode]
     Unicode=yes
     [Version]
     signature="$CHICAGO$"
     Revision=1
     [File Security]
     "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll",2,"S:(ML;;NW;;;ME)"

     Save the following text to a text file that is named: “unBlockAccess_x64.inf”:

     [Unicode]
     Unicode=yes
     [Version]
     signature="$CHICAGO$"
     Revision=1
     [File Security]
     "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll",2,"S:(ML;;NW;;;ME)"

2. Open an elevated Administrator command prompt in the temporary folder.
3. At the command prompt, type the following command, and then press ENTER:
   SecEdit/configure/db UnblockAccess.sdb/cfg <inf file>
4. After the command is finished, you should receive a message that resembles the following:
   The task has completed successfully.

   See the %windir%\Security\Logs\Scesrv.log file for detailed information.

Use the icacls command to verify that the workaround was removed. Then, you can safely delete the UnblockAccess.sdb and UnblockAccess.inf files. See the “How to validate this workaround” section of “Method 1″ for more information about how to use the icacls command to verify that the workaround was removed.

Method 2: Disable the “Row Position” functionality of OLEDB32.dll

loadTOCNode(2, ‘workaround’);

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

To disable the “Row Position” functionality of OLEDB32.dll, delete the following Row Position registry subkey:

The effect of disabling the “Row Position” functionality of OLEDB32.dll

loadTOCNode(3, ‘workaround’);

All ADO applications that use the RowPosition property and related information are affected. All OLE DB applications that use the OLE DB Row Position Library are affected. MSHTML is affected.

How to undo this workaround

loadTOCNode(3, ‘workaround’);

Use the following registry file to restore the Row Position registry subkey:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}]
@="Microsoft OLE DB Row Position Library"
[HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}\InprocServer32]
@="C:\\Program Files\\Common Files\\System\\Ole DB\\oledb32.dll"
"ThreadingModel"="Both"
[HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}\ProgID]
@="RowPosition.RowPosition.1"
[HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}\VersionIndependentProgID]
@="RowPosition.RowPosition"

Method 3: Unregister OLEDB32.dll

loadTOCNode(2, ‘workaround’);

To unregister OLEDB32.dll, use one of the following.

Note You must run the commands as an administrator.

• For supported versions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 for 32-bit Systems
  At the command prompt, type the following command, and then press ENTER:
  Regsvr32.exe/u “Program Files\Common Files\System\Ole DB\oledb32.dll”
• For supported versions of Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Vista x64 Edition, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems
  At the command prompt, type the following commands, and then press ENTER:
  Regsvr32.exe/u “Program Files\Common Files\System\Ole DB\oledb32.dll”
  Regsvr32.exe/u “Program Files (x86)\Common Files\System\Ole DB\oledb32.dll”

The effect of unregistering OLEDB32.dll

loadTOCNode(3, ‘workaround’);

Applications that rely on OLE DB data access will not function.

How to undo this workaround

loadTOCNode(3, ‘workaround’);

To undo this workaround, use one of the following.

Note You must run the commands as an administrator.

• For supported versions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 for 32-bit Systems
  At the command prompt, type the following command, and then press ENTER:
  Regsvr32.exe “Program Files\Common Files\System\Ole DB\oledb32.dll”
• For supported versions of Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Vista x64 Edition, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems
  At the command prompt, type the following commands, and then press ENTER:
  Regsvr32.exe “Program Files\Common Files\System\Ole DB\oledb32.dll”
  Regsvr32.exe “Program Files (x86)\Common Files\System\Ole DB\oledb32.dll”

Method 4: Use SACL entries to disable OLEDB32.dll

loadTOCNode(2, ‘workaround’);

You can use SACL entries to disable OLEDB32.dll. To do this, use one of the following.

Note You must run the commands as an administrator.

• For supported versions of Windows 2000, Windows XP, and Windows Server 2003
  At the command prompt, type the following command, and then press ENTER:
  cacls “Program Files\Common Files\System\Ole DB\oledb32.dll”/E/P everyone:N
• For supported versions of Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, and Windows Server 2003 for Itanium-based Systems
  At the command prompt, type the following commands, and then press ENTER:
  cacls “Program Files\Common Files\System\Ole DB\oledb32.dll”/E/P everyone:N
  cacls “Program Files (x86)\Common Files\System\Ole DB\oledb32.dll”/E/P everyone:N
• For supported versions of Windows Vista and Windows Server 2008 for 32-bit Systems
  At the command prompt, type the following commands, and then press ENTER:
  takeown/f “Program Files\Common Files\System\Ole DB\oledb32.dll”
  icacls “Program Files\Common Files\System\Ole DB\oledb32.dll”/save %TEMP%\oledb32.32.dll.TXT
  icacls “Program Files\Common Files\System\Ole DB\oledb32.dll”/deny everyone:(F)
• For supported versions of Windows Vista x64 Edition, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems
  At the command prompt, type the following commands, and then press ENTER:
  takeown/f “Program Files\Common Files\System\Ole DB\oledb32.dll”
  icacls “Program Files\Common Files\System\Ole DB\oledb32.dll”/save %TEMP%\oledb32.32.dll.TXT
  icacls “Program Files\Common Files\System\Ole DB\oledb32.dll”/deny everyone:(F)
  takeown/f “Program Files (x86)\Common Files\System\Ole DB\oledb32.dll”
  icacls “Program Files (x86)\Common Files\System\Ole DB\oledb32.dll”/save %TEMP%\oledb32.64.dll.TXT
  icacls “Program Files (x86)\Common Files\System\Ole DB\oledb32.dll”/deny everyone:(F)

The effect of unregistering OLEDB32.dll

loadTOCNode(3, ‘workaround’);

Applications that rely on OLE DB data access will not function.

How to undo this workaround

loadTOCNode(3, ‘workaround’);

To undo this workaround, use one of the following:

Note You must run the commands as an administrator.

• For supported versions of Windows 2000, Windows XP, and Windows Server 2003
  At the command prompt, type the following command, and then press ENTER:
  cacls “Program Files\Common Files\System\Ole DB\oledb32.dll”/E/R everyone
• For supported versions of Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, and Windows Server 2003 for Itanium-based Systems
  At the command prompt, type the following commands, and then press ENTER:
  cacls “Program Files\Common Files\System\Ole DB\oledb32.dll”/E/R everyone
  cacls “Program Files (x86)\Common Files\System\Ole DB\oledb32.dll”/E/R everyone
• For supported versions of Windows Vista and Windows Server 2008 for 32-bit Systems
  At the command prompt, type the following command, and then press ENTER:
  icacls “Program Files\Common Files\System\Ole DB”/restore %TEMP%\oledb32.32.dll.TXT
• For supported versions of Windows Vista x64 Edition, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems
  At the command prompt, type the following commands, and then press ENTER:
  icacls “Program Files\Common Files\System\Ole DB”/restore %TEMP%\oledb32.32.dll.TXT
  icacls “Program Files (x86)\Common Files\System\Ole DB”/restore %TEMP%\oledb32.64.dll.TXT

How to determine whether you are running a 32-bit or a 64-bit edition of Windows

loadTOCNode(2, ‘workaround’);

If you are not sure which version of Windows that you are running, or whether it is a 32-bit version or 64-bit version, open System Information (Msinfo32.exe) and review the value that is listed for System Type. To do this, follow these steps:

1. Click Start, and then click Run or click Start Search.
2. Type msinfo32.exe and then press ENTER.
3. In System Information, review the value for System Type.
   • For 32-bit editions of Windows, the System Type value is x86-based PC.
   • For 64-bit editions of Windows, the System Type value is x64-based PC.

For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:

APPLIES TO

• Windows Internet Explorer 7
• Windows Internet Explorer 7 for Windows XP
• Windows Internet Explorer 7 for Windows Server 2003
• Windows Internet Explorer 7 for Windows Server 2003 IA64
• Windows Internet Explorer 7 in Windows Vista
• Windows Internet Explorer 8 Beta
• Microsoft Internet Explorer 6.0 Service Pack 2
• Microsoft Internet Explorer 6.0 Service Pack 1
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 5.01 Service Pack 4
• Windows Server 2008 Datacenter without Hyper-V
• Windows Server 2008 Enterprise without Hyper-V
• Windows Server 2008 for Itanium-Based Systems
• Windows Server 2008 Standard without Hyper-V
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard
• Windows Web Server 2008
• Windows Vista Service Pack 1, when used with:
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Starter
  • Windows Vista Ultimate
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business 64-bit Edition
• Microsoft Windows Server 2003 Service Pack 1, when used with:
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
• Microsoft Windows Server 2003, Datacenter x64 Edition
• Microsoft Windows Server 2003, Enterprise x64 Edition
• Microsoft Windows Server 2003, Standard x64 Edition
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 Service Pack 2, when used with:
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
• Microsoft Windows XP Service Pack 2, when used with:
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
• Microsoft Windows XP Service Pack 3, when used with:
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional

Source: Microsoft