Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Windows 7 Vulnerability Claims

06 Nov 2009   #1

Windows 7 Vulnerability Claims

Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

Here's a quick summary for those who missed Chester's blog. During a test SophosLabs conducted, they subjected Windows 7 to "10 unique [malware] samples that arrived in the SophosLabs feed." They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that "Windows 7 disappointed just like earlier versions of Windows." Chester's final conclusion? "You still need to run anti-virus on Windows 7." Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don't need to do that. I'm a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don't knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user's PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe - which the SophosLabs methodology totally bypassed in doing their test.

So while I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7. This is why we've made our Microsoft Security Essentials offering available for free to customers. But it's also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.


My System SpecsSystem Spec
06 Nov 2009   #2

Windows 7


What I find the most humorous is the fact that while testing, they bypassed one of the BUILT-IN features that directly help protect against these things. On top of that, they actually thought they'd be able to run any Windows operating system at all without Anti-Virus protection, go out and purposely try to infect themselves and it wouldn't actually become infected?

How ridiculous.

Typical day at the Sophos office:

Bob: Hey Jim. I was thinking....maybe today we should turn off ALL security features in Windows. You know, such as UAC, KPP, WSH, ASLR etc. Then, try to infect that machine with spyware, viruses and malware.

Jim: Wow. I think that's a fantastic idea! Then when we're done, we should totally write an article about how unsecure Windows is!

Bob: I love you man.

Jim: I love you too.

My System SpecsSystem Spec
07 Nov 2009   #3

Windows 7 Ultimate Edition x64 v6.1 Build (7600)

lol i couldnt agree more with nekkidtruth, sounds like these guys are just looking for ways to bash win7
My System SpecsSystem Spec

07 Nov 2009   #4

Vista/Windows 7

LOL I agree with you both...anyone who deliberately runs Windows without any protection and goes out purposely to get it infected is an idiot. A bit like sleeping with 100 prostitutes* and not wearing any protection and then complaining you caught an!

*no offence intended to any working ladies.
My System SpecsSystem Spec

 Windows 7 Vulnerability Claims

Thread Tools

Similar help and support threads
Thread Forum
Windows Claims its not genuine when it is
I turned on my computer yesterday to be told that "your copy of windows may not be genuine". It is genuine, so I have no idea why its doing this. Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 50 Cached Online...
Windows Updates & Activation
What to do when Windows claims your product key is inv.
Help! I am installing Windows 7 on a new pc and I have reached the point where it is asking me to enter the product key. After entering the product key, it tells me that the key is invalid. I ordered the product directly from Microsoft so it can not possibly be fake. What do I do ? Send it...
Installation & Setup

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:50.
Twitter Facebook Google+