Windows 7 Vulnerability Claims

    Windows 7 Vulnerability Claims


    Posted: 06 Nov 2009
    Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

    Here's a quick summary for those who missed Chester's blog. During a test SophosLabs conducted, they subjected Windows 7 to "10 unique [malware] samples that arrived in the SophosLabs feed." They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that "Windows 7 disappointed just like earlier versions of Windows." Chester's final conclusion? "You still need to run anti-virus on Windows 7." Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

    Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don't need to do that. I'm a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don't knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

    Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

    Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user's PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe - which the SophosLabs methodology totally bypassed in doing their test.

    So while I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7. This is why we've made our Microsoft Security Essentials offering available for free to customers. But it's also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.


    More...
    z3r010's Avatar Posted By: z3r010
    06 Nov 2009



  1. Posts : 239
    Windows 7
       #1

    Interesting.

    What I find the most humorous is the fact that while testing, they bypassed one of the BUILT-IN features that directly help protect against these things. On top of that, they actually thought they'd be able to run any Windows operating system at all without Anti-Virus protection, go out and purposely try to infect themselves and it wouldn't actually become infected?

    How ridiculous.

    Typical day at the Sophos office:

    Bob: Hey Jim. I was thinking....maybe today we should turn off ALL security features in Windows. You know, such as UAC, KPP, WSH, ASLR etc. Then, try to infect that machine with spyware, viruses and malware.

    Jim: Wow. I think that's a fantastic idea! Then when we're done, we should totally write an article about how unsecure Windows is!

    Bob: I love you man.

    Jim: I love you too.

    What...a...joke.
      My Computer


  2. Posts : 18
    Windows 7 Ultimate Edition x64 v6.1 Build (7600)
       #2

    lol i couldnt agree more with nekkidtruth, sounds like these guys are just looking for ways to bash win7
      My Computer


  3. Posts : 291
    Vista/Windows 7
       #3

    LOL I agree with you both...anyone who deliberately runs Windows without any protection and goes out purposely to get it infected is an idiot. A bit like sleeping with 100 prostitutes* and not wearing any protection and then complaining you caught an STD...lol!

    *no offence intended to any working ladies.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 12:31.
Find Us