Posted on 11/03/2009 9:35:44 PM PST by Gomez
Now that we in the northern hemisphere have had some time to digest the Windows 7 hype and settle in for the coming winter, we thought we would get some more hard data regarding Windows 7 security.
On October 22nd, we settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. We configured it to follow the system defaults for User Account Control (UAC) and did not load any anti-virus software.
We grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft's claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7.
User Account Control did block one sample; however, its failure to block anything else just reinforces my warning prior to the Windows 7 launch that UAC's default configuration is not effective at protecting a PC from modern malware.
Lesson learned? You still need to run anti-virus on Windows 7. Microsoft, in the Microsoft Security Intelligence Report released yesterday, stated that "The infection rate of Windows Vista SP1 was 61.9 percent less than that of Windows XP SP3."
But let's not get complacent. Microsoft seems to be saying that Vista is the least ugly baby in its family. You can be sure the next report will highlight its even less ugly younger sibling, Windows 7.
Why do I say this? As of October 31st www.netmarketshare.com states that Windows Vista has a 19% market share against Windows XP's 70.5% and Windows 7's 2%. Approximately 1 in 5 Windows users is using either Vista or Windows 7. These users often have newer computers, automatic patching, and firewalls and anti-virus software in place.
With millions of hosts still infected with Conficker, ZBot and Bredo, it is obvious a lot of unprotected machines are still out there, and it is no surprise that most of those are XP.
As the chart above shows, Windows 7 users need not feel left out. They can still participate in the ZBot botnet with a side of fake anti-virus. Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up.
Ok lets load some mac based virus’s into a mac with no antivirus and see what happens.
I just clean installed Windows 7 yesterday..good thing I have a really good virus protection
There’s a reason that nobody does that.
Call me a renegade, but in my experience, Virus protection significantly hinders performance. I don’t use it. I disable UAC, as well. The only thing I have running is a firewall.
Somehow, I avoid infections... Including all the Spyware crap that I run scans for periodically. This stuff is more predominant, peskier and treacherous than viruses in my opinion, anyway.
My secret? Clean living, I guess.
I use Avast antivirus, never had any issues..great piece of software, and its free..I also use Spybot search and destroy, another great piece of free software. For Windows 7, the UAC is used sometimes, I have it for occasional use. Windows Vista was just a pain in the ass for me, so I decided to upgrade. Everything works fine, except my memory card reader that is in the computer no longer shows up. I guess it is not compatible. I have a Dell Inspiron 518 Desktop..so I hope in a few weeks there will be a fix for that
I'm still running 98SE (free AVAST, Tiny Firewall). I may not be as 'clean living' as you, perhaps it's my dial up, but I'm virus free. (I do have a ready set of XP PRO 64 disks on the shelf)
I've become even more adverse to CHANGE recently. /s
Whoever wrote this doesn’t seem to play on an even surface.
Should go without saying.
Had Vista for over a year now, I have had two computer lockups and zero viral infections. Best operating system I have ever had.
If you are running any flavor of Windows without virus protection, you are glutton for punishment.
The fact is the majority of it comes from searching for porn. If not your machine then Aunt Silvie's when she sends you a nude pic of Alyson Hannigan.
If you want good antivirus software, look at ESET's NOD32 Antivirus System.
No antivirus is perfect, but it certainly beats going without one.
I use Zone Alarm - what do you think of that program? Is it enough? Oh - and I have WinPatrol...
bmp!
You’re no renegade! You’re a common-sense thinking person. PCs are not like TVs. They have life and, unlike our Constitution, they are living entities subject to changes from even being connected to the Internet. I too live without virus scanners or UAC. I have a robust firewall rules list, and I regularly update my hosts file to ensure that the latest group of malware, spyware, and virus-producing sites go to a harmless 127.0.0.1.
Staying off of social networking sites, porn sites, using a browser OTHER than IE, deleting chain emails and those from who you don’t know, and changing the default settings on most security applications will keep you clean and safe.
Now don’t be completely fooled; I still run MalwareBytes and CCleaner on occasion. While I’m confident the viruses stay out, I still believe that external forces can muck up my machine without my knowledge. Preventative habits keep you safe but proactive scanning and knowledge of your system’s behavior when stable can help you to determine if that latest RSS reader or $1 bin video game was really a good download.
My machine is clean-- mostly because I contact Ms. Hannigan directly when I want a photo.
"This one time - at band camp!"
She's hot. Send me some... :^O
Hey! You and me ought to start a club or something. Firewall only here too. Sneaking up on two years of this setup. No infections, no malware, no nuttin'.
Ping.
Then use a light-weight anti-virus package like Eset's Nod32.
Malware is a fact of life and you have to be proactive in defending yourself. Windows 7, if setup properly, will handle malware as good as any OS, including Apple's.
I defended myself proactively by buying a machine with Unix OS on it. That is, I got a Mac. . . .
I prefer Kaspersky piggy backed with Malwarebytes.
I thought that's what OS are *supposed* to do. Run programs. Our job... to know, or at least enlist the help of antivirus software, to know which programs are safe and which are not.
We're using Avast, and I've seen no performance loss with it, but I've used others including Macafee that sure did.
Errr.. Avira. Not sure why it came out of my fingers as Avast.. ;~)
Was Windows (haha) Defender and firewall running? Or how about the really scary warning that your computer may not be safe, turn on Windows Update to protect it. LOLOLOL
Slightly Off Topic:
I think an OS manufacturer should make their products safe for us. These days, it’s a given that you will run across a virus or malware, or be attacked by some method, such as a trojan.
I use AVG, because it’s good, and it’s free, which falls in line with my opinion. I paid for my PC when I bought it. I paid for the OS, also, when I bought it from Microsoft or as a whole package from the OEM. I should NOT need to keep paying a “property tax”, or a “lease fee” each year, as in a subscription. I have 7 machines that I keep running, 7*60=$420.00 a year on top of the original purchase price. BS.
BTW, am I the only one that noticed that most attacks and virus’ come from overseas? And most A?V vendors are also overseas? Hmmmm!
Mac and Linux distros are of the same opinion that I am. That is, you should be safe, under most normal usages of your machine, without buying something else to protect you.
Microsoft has been leaning towards my opinion as of late. They started with defender, made some more acquisitions, and then rolled out One Care, which wasn’t good, and was a huge resource hog, as well as, it may be a snoopware application, itself.
Now, One Care is dead, a blessing. MS has rolled out “Security Essentials”. I installed it on an XP box, and it seems to be ok. At least it doesn’t use an inordinate amount of resources to operate. Next, I will install it on my Windows7 machine, and live with it for awhile, to see if it gives up any strange behavior, or of I get infected on a crackload site. haha
There’s rarely a day that goes by that we don’t have a call to clean malware off of a Mac.
Your perception of Mac’s is about two years outdated.
The more popular Mac’s get the more attention they will attract from hackers.
The Cult of Mac is about to have an awakening.
I understand the sentiment, but not everything is “bought and paid for” forever. Antivirus is not a one-time expense but a process and you’re paying people to keep updating the system and continually doing new work to detect and stop new threats.
Like with a car— the car may be paid for, but that doesn’t mean you can expect oil changes for free forever.
Bravo Sierra
Not a very good analogy-LOL. More like when seat belts came out, the OEM’s didn’t make us buy them from a 3rd party, did they?
It’s the same thing. We’re buying cars without seat belts.
So, if MS makes an A/V and ships it in their product, and I don’t like it, I buy something else. That’s fair, that’s a consumer making a choice. The same thing applies if it doesn’t work, I can choose to buy a 3rd party app., and/or not to buy MS’s product. Again, that’s the market in action by consumers making choices.
But, given the dangers, and the competition (who are providing a safer OS environment), we are buying incomplete Operating Systems, like a car without seatbelts.
BTW, I installed Security Essentials on my Win(64) machine and it seems to run nicely. I set the priority to low, and took about 2 hours to scan a 250GB drive, and my Ramomometer (Memory Usage) was only at 38%. Not bad, now let’s see if I catch a nasty. hahaha
No. Antivirus just isn’t an Operating System function. It’s an application. Remember how much trouble MS got in for merely including a web browsing application with their OS?
Not to torture the weak analogy even further, but the OS isn’t the whole car. It’s just the chassis. There’s lots of things that don’t belong there like Word Processing apps, CAD programs, and yes... antivirus apps.
Antivirus is essentially a subscription. It is a service that is continually updating patterns and engines in order to protect against continually evolving threats. It’s not a buy-it-once kind of thing.
Yoda says, "And that is why you fail."
The question isn't, "Is anti-virus an application or a system function?" the question is "Why is an operating system so easy to infect that it requires us to have this conversation?"
Other operating systems don't seem to have this problem. There are millions of Unix web servers out there, millions of Macs and Linux PCs, yet somehow all it's always Windows that has thousands of active viruses.
There’s been plenty of Unix viruses in the world. No OS can ever be 100% secure from viruses, unless you made it so the user couldn’t do anything. Computers are just like buildings, any door that can be opened for legitimate means can be opened for illegitimate means, if the OS will let a user install and run software it will let them install and run malware. The only real question is how many secret processes an OS will let run, that’s really the danger point in Windows, there’s way too many times a Windows machine is running code from god knows where without the user having any idea or buy in.
Oh, we could take this to the extremes of naming every part that comes on the car, and every line of code that comes in an OS, and each of us coming up with an analogy to suit our argument. Fun, but, let’s not.
I believe I’m correct as evidenced by MS spending lots of money and delivering security solutions for free, whether it’s bundled or not.
You believe you’re correct because you like buying seat belts for your 2010 Corvette. LOL
I agree to disagree. Isn’t America great? ;)
Oh yes they do.
Not to anything approaching any kind of parity with the petri dish that is Windows.
Other operating systems have a few bits of malware most of which have never been seen outside of a lab, and the rest are largely theoretical. Windows has thousands of active infections ranging across millions of infected hosts.
So, by saying that other operating systems don't have the problem, the problem being that Windows infections are so bad that 70% of spam now comes from infected Windows machines, then no, they don't.
Really? I’ve always ran a mac without anything but a firewall and neighter of us here have ever had anything like that?
If by "plenty" you mean, "less than a hundred, most of which are theoretical," then sure.
If by "plenty" you mean "almost as many as the thousands of viruses for Windows, currently infecting at least 10% of all Windows machines," then no.
No OS can ever be 100% secure from viruses, unless you made it so the user couldn’t do anything.
This is a pointless argument. No on is saying that Windows should be 100% secure or that any other OS is 100% secure. But to continue to give Microsoft a pass for having the thousands of security issues it has had that allow these problems is just silly.
It's not impossible to build an OS that is resistant to malware. Apple does it, Sun does it, IBM does it. Microsoft needs to do it too.
Well, OK. People don’t write many viruses for the Commodore 64 either. I guess that makes it the best of all.
I'd be a lot more concerned if they didn't.
It only took one (Morris) to know down most of the Unix boxes on the internet.
It’s not a pointless argument at all, it’s the TRUTH. MS bashers like to talk as if no OS made by anybody other than MS has ever had a virus. Out in reality though ALL OSes have some vulnerability. You said “other operating systems don’t seem to have this problem” and that statement flies in the face of reality. All OSes have the problem, maybe not as bad as Windows but they still have it.
And now you’re changing to “resistant”, showing you know you’re original statement was silly.
Perhaps, if your going for the "nobody uses it so that makes it secure" argument. Or it's corollary, "Lots of people attack Windows, that's why it has so many bugs," which is false.
There are millions of Linux web servers. Somehow they don't get compromised. That shoots down the idea that a well-used OS can't be secured. It also shoots down the idea that only Windows is used a lot.
The reality is that Windows is malware-ridden because Windows is bug-ridden. And bugs come from the factory.
And that's Microsoft's fault.
And it used to be that you could take down any Windows (95) box with a simple ping packet that was too large. If we include the Morris Worm then we get to say, "Every single Windows system can be shut down with a single ping!" and it would make just as fair of a comparison.
But we aren't judging operating systems by how bad they used to be. We're judging them by how bad they are now.
And Windows 7 just showed that Microsoft still won't fix their OS. It's their newest product yet 7 out of 10 randomly selected malware packages still work on it.
It’s not a pointless argument at all, it’s the TRUTH. MS bashers like to talk as if no OS made by anybody other than MS has ever had a virus.
I challenge you to point out where I said that. Ever. In my 10 years on Free Republic.
You said “other operating systems don’t seem to have this problem” and that statement flies in the face of reality.
Not at all. Other operating systems don't have THOUSANDS OF ACTIVE VIRUSES. Get it yet?
Other operating systems have a few. Most have never been outside of a lab. Microsoft has thousands and thousands of currently active viruses infecting tens and maybe hundreds of millions of PCs. That is a fundamental difference.
And now you’re changing to “resistant”, showing you know you’re original statement was silly.
Not at all. If Windows was anywhere close to being as resistant to infection as AIX, Solaris, Linux or MacOS, we wouldn't be having this discussion.
But it isn't. And as the original story of this post shows, it doesn't seem to be getting any better.
OK... so you don’t like Microsoft. Big deal.
Sure, I’ve got a bunch of linux boxes. They’re good for some things. I’ve got a bunch of Windows boxes too. And Mac boxes. Until recently I also had some VMS. Of the hundreds of servers I’m responsible for I don’t really have any chronic problems with *any* of them, or I wouldn’t have them. They do what they do and they all do it pretty well.
If it makes you happy to just simply hate Windows, well... then go for it.
We have to include Morris because it shows that this problem HAS and DOES exist in OSes outside of Windows. Everybody is vulnerable, the only question is how vulnerable. Is Windows the most vulnerable? Yes. Is there an OS out there that is invulnerable? No.
It’s good to note your original reply was to the idea that AV is an application function not an OS function and stated that’s why Linux is better. Because as it turns out almost everybody that makes AV for Windows (including the company that wrote this article) also makes AV for Linux.
Now as for everything else: stop nuancing like Kerry. You said something silly, you said no other OS has this problem, now you’re trying to redefine “this problem”. This problem is malware and ALL OSes have this problem, some have MORE but they all have it. You can nuance until you have to buy a new keyboard and it won’t make your statement not silly.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.