News & Information for Technology Purchasers NewsFactor Sites:     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Tame your scariest paperwork. Find Out How
Average Rating:
Rate this article:  
Sophos, Microsoft Disagree on Windows 7 Security
Sophos, Microsoft Disagree on Windows 7 Security

By Richard Koman
November 10, 2009 2:27PM

    Bookmark and Share
Security firm Sophos says Windows 7 is far from secure and highly vulnerable to the latest viruses. Microsoft insists Windows 7 builds on features in Windows Vista, "the most secure Windows operating system ever released." An analyst said the real question is whether the Windows 7 UAC can stop user-launched malware from running.

Conventional wisdom calls for IT managers to wait for the first service pack before installing a new Windows operating system. But since Windows 7 builds on all the security improvements Vista made over Windows XP, there may be a temptation to ignore the rule.

That could be a problem because Windows 7 is far from secure, security firm Sophos says. In a company blog, Chester Wisniewski wrote that Windows 7 is highly vulnerable to the latest viruses.

"We grabbed the next 10 unique (virus) samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC [User Control Account] held up. Unfortunately, despite Microsoft's claims, Windows 7 disappointed just like earlier versions of Windows," Wisniewski wrote.

"The good news is that, of the freshest 10 samples that arrived, two would not operate correctly under Windows 7," he added.

Antivirus Still Required

Not surprisingly, Sophos' recommendation includes purchasing antivirus software. "Lesson learned? You still need to run antivirus on Windows 7 ... Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up," Wisniewski wrote.

Microsoft was not amused by this. While agreeing that all computer users, including Windows 7 users, should run antivirus software, Paul Cooke, Microsoft's director of Windows Enterprise Client Security, wrote in a blog post, "I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software."

Cooke emphasized that viruses don't come from the ether. They enter systems via the web and e-mail. Thus, Internet Explorer features like SmartScreen Filter "will notify you when you attempt to download software that is unsafe -- which the SophosLabs methodology totally bypassed in doing their test."

And of course, Microsoft offers its own free antivirus software, Microsoft Security Essentials.

Seat Belts Still Advised

Cooke took the opportunity to further promote the security features in Windows 7. "Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware," he wrote. Among those features: UAC, Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP).

"Windows 7 retains and refines the development processes, including going through the security development life cycle, and technologies that made Windows Vista the most secure Windows operating system ever released," he boasted.

The question of whether Windows 7 users still need antivirus software is basically a straw man, Andrew Storms, director of security operations for nCircle Security, wrote in an e-mail. "Despite all the safety innovations in cars, the auto industry doesn't advise persons to stop wearing a seat belt. Microsoft hasn't done the same when it comes to AV. In fact, they are now giving it away for free."

"It would seem obvious that given a piece of known malware and a user selects to run it, then bad things will happen -- even on Windows 7," Storms said. "The Sophos test should better be classified as a test of the Windows 7 UAC feature. Despite the user actively selecting to run malware, how many of the times did Windows 7 UAC still intervene to help protect the user?"

Tell Us What You Think

Name: is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.

1.   Lenovo Still in Small Windows Tablets
2.   How Chrome Eats Your Battery Life
3.   Are These Layoffs Best for Microsoft?
4.   Microsoft Axes Android Phones
5.   Microsoft Will Lay Off 18,000 Workers

Review: Microsoft's Surface Pro 3
Is it a tablet and laptop replacement?
Average Rating:
Bing Lets Europeans Be 'Forgotten'
Following in Google's footsteps.
Average Rating:
Microsoft Announces $199 Laptop
Taking on Google's Chromebooks.
Average Rating:

Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
34 European Banks Hit by Android-Skirting Malware
Criminals have been finding gaping holes in Android-based two-factor authentication systems that banks around the world are using. The result: 34 banks in four European countries have been hit.
New Web Tracking Technologies Defeat Privacy Protections
Recently developed Web tracking tools are able to circumvent even the best privacy defenses, according to a new study by researchers at Princeton and the University of Leuven in Belgium.
Juniper DDoS Solution Aims at High-IQ Networks
In the face of more complex attacks, Juniper Networks is boosting its DDoS Secure solution to help companies mitigate the threats with more effective security intelligence throughout the network fabric.

Enterprise Hardware Spotlight
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.

NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.