Posted on 11/03/2009 9:35:44 PM PST by Gomez
Now that we in the northern hemisphere have had some time to digest the Windows 7 hype and settle in for the coming winter, we thought we would get some more hard data regarding Windows 7 security.
On October 22nd, we settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. We configured it to follow the system defaults for User Account Control (UAC) and did not load any anti-virus software.
We grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft's claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7.
User Account Control did block one sample; however, its failure to block anything else just reinforces my warning prior to the Windows 7 launch that UAC's default configuration is not effective at protecting a PC from modern malware.
Lesson learned? You still need to run anti-virus on Windows 7. Microsoft, in the Microsoft Security Intelligence Report released yesterday, stated that "The infection rate of Windows Vista SP1 was 61.9 percent less than that of Windows XP SP3."
But let's not get complacent. Microsoft seems to be saying that Vista is the least ugly baby in its family. You can be sure the next report will highlight its even less ugly younger sibling, Windows 7.
Why do I say this? As of October 31st www.netmarketshare.com states that Windows Vista has a 19% market share against Windows XP's 70.5% and Windows 7's 2%. Approximately 1 in 5 Windows users is using either Vista or Windows 7. These users often have newer computers, automatic patching, and firewalls and anti-virus software in place.
With millions of hosts still infected with Conficker, ZBot and Bredo, it is obvious a lot of unprotected machines are still out there, and it is no surprise that most of those are XP.
As the chart above shows, Windows 7 users need not feel left out. They can still participate in the ZBot botnet with a side of fake anti-virus. Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up.
Not to anything approaching any kind of parity with the petri dish that is Windows.
Other operating systems have a few bits of malware most of which have never been seen outside of a lab, and the rest are largely theoretical. Windows has thousands of active infections ranging across millions of infected hosts.
So, by saying that other operating systems don't have the problem, the problem being that Windows infections are so bad that 70% of spam now comes from infected Windows machines, then no, they don't.
Really? I’ve always ran a mac without anything but a firewall and neighter of us here have ever had anything like that?
If by "plenty" you mean, "less than a hundred, most of which are theoretical," then sure.
If by "plenty" you mean "almost as many as the thousands of viruses for Windows, currently infecting at least 10% of all Windows machines," then no.
No OS can ever be 100% secure from viruses, unless you made it so the user couldn’t do anything.
This is a pointless argument. No on is saying that Windows should be 100% secure or that any other OS is 100% secure. But to continue to give Microsoft a pass for having the thousands of security issues it has had that allow these problems is just silly.
It's not impossible to build an OS that is resistant to malware. Apple does it, Sun does it, IBM does it. Microsoft needs to do it too.
Well, OK. People don’t write many viruses for the Commodore 64 either. I guess that makes it the best of all.
I'd be a lot more concerned if they didn't.
It only took one (Morris) to know down most of the Unix boxes on the internet.
It’s not a pointless argument at all, it’s the TRUTH. MS bashers like to talk as if no OS made by anybody other than MS has ever had a virus. Out in reality though ALL OSes have some vulnerability. You said “other operating systems don’t seem to have this problem” and that statement flies in the face of reality. All OSes have the problem, maybe not as bad as Windows but they still have it.
And now you’re changing to “resistant”, showing you know you’re original statement was silly.
Perhaps, if your going for the "nobody uses it so that makes it secure" argument. Or it's corollary, "Lots of people attack Windows, that's why it has so many bugs," which is false.
There are millions of Linux web servers. Somehow they don't get compromised. That shoots down the idea that a well-used OS can't be secured. It also shoots down the idea that only Windows is used a lot.
The reality is that Windows is malware-ridden because Windows is bug-ridden. And bugs come from the factory.
And that's Microsoft's fault.
And it used to be that you could take down any Windows (95) box with a simple ping packet that was too large. If we include the Morris Worm then we get to say, "Every single Windows system can be shut down with a single ping!" and it would make just as fair of a comparison.
But we aren't judging operating systems by how bad they used to be. We're judging them by how bad they are now.
And Windows 7 just showed that Microsoft still won't fix their OS. It's their newest product yet 7 out of 10 randomly selected malware packages still work on it.
It’s not a pointless argument at all, it’s the TRUTH. MS bashers like to talk as if no OS made by anybody other than MS has ever had a virus.
I challenge you to point out where I said that. Ever. In my 10 years on Free Republic.
You said “other operating systems don’t seem to have this problem” and that statement flies in the face of reality.
Not at all. Other operating systems don't have THOUSANDS OF ACTIVE VIRUSES. Get it yet?
Other operating systems have a few. Most have never been outside of a lab. Microsoft has thousands and thousands of currently active viruses infecting tens and maybe hundreds of millions of PCs. That is a fundamental difference.
And now you’re changing to “resistant”, showing you know you’re original statement was silly.
Not at all. If Windows was anywhere close to being as resistant to infection as AIX, Solaris, Linux or MacOS, we wouldn't be having this discussion.
But it isn't. And as the original story of this post shows, it doesn't seem to be getting any better.
OK... so you don’t like Microsoft. Big deal.
Sure, I’ve got a bunch of linux boxes. They’re good for some things. I’ve got a bunch of Windows boxes too. And Mac boxes. Until recently I also had some VMS. Of the hundreds of servers I’m responsible for I don’t really have any chronic problems with *any* of them, or I wouldn’t have them. They do what they do and they all do it pretty well.
If it makes you happy to just simply hate Windows, well... then go for it.
We have to include Morris because it shows that this problem HAS and DOES exist in OSes outside of Windows. Everybody is vulnerable, the only question is how vulnerable. Is Windows the most vulnerable? Yes. Is there an OS out there that is invulnerable? No.
It’s good to note your original reply was to the idea that AV is an application function not an OS function and stated that’s why Linux is better. Because as it turns out almost everybody that makes AV for Windows (including the company that wrote this article) also makes AV for Linux.
Now as for everything else: stop nuancing like Kerry. You said something silly, you said no other OS has this problem, now you’re trying to redefine “this problem”. This problem is malware and ALL OSes have this problem, some have MORE but they all have it. You can nuance until you have to buy a new keyboard and it won’t make your statement not silly.
You know, I've never come across someone who said, "I have hundreds of Windows systems and they all have malware on them!"
But someone out there has the bot-infested machines because a substantial portion of the installed base of Windows machines is infected with at least one bot.
Bot software isn't like the days of Nimda or CodeRed where an infection takes your network down. The new software goes out of it's way to be unobtrusive. A box that runs badly or fills up the network gets formatted. That does the botnet owner no good at all.
They do what they do and they all do it pretty well.
Well, I suppose so. If you mean they do a great job of acting as hosts for botnets and other malware, then yeah.
If it makes you happy to just simply hate Windows, well... then go for it.
Of course, that's it! I just hate Windows. THAT's why 70% of the spam on the Internet comes from zombied Windows machines.
If I could just stop my hate it would all go away, right?
No, you include the Morris Worm because you want to try to provide an excuse for Windows to be as bad as it is.
Everybody is vulnerable, the only question is how vulnerable. Is Windows the most vulnerable? Yes. Is there an OS out there that is invulnerable? No.
Absolutely true, if a bit simple.
Actually, it goes like this. All operating systems have bugs. Some of the bugs cause security issues. Most operating systems have a few active exploits. And then there is Windows which has tens of thousands of them.
It's like pointing to the creek near your house in Colorado and saying, "Look. Water. We have to be careful living near water because some people get hit with tsunamis!"
It’s good to note your original reply was to the idea that AV is an application function not an OS function and stated that’s why Linux is better. Because as it turns out almost everybody that makes AV for Windows (including the company that wrote this article) also makes AV for Linux.
I'm glad you brought that up. My Unix-based mail server runs an anti-virus. You know why?
Because Windows machines keep sending me mail that's infected with viruses. And if I forward a piece of mail that's got a virus attached my users will be upset.
I'm not worried that my mail server will become infected. In fact, the virus scanner only scans incoming mail, not the rest of the system.
Now as for everything else: stop nuancing like Kerry. You said something silly, you said no other OS has this problem, now you’re trying to redefine “this problem”. This problem is malware and ALL OSes have this problem, some have MORE but they all have it. You can nuance until you have to buy a new keyboard and it won’t make your statement not silly.
There is still a world of difference between "All OSs have this problem" and "One OS has tens of thousands more problems than all the rest."
If Windows had a few dozen viruses out there, then sure, you'd have a point.
But it's not even close. Windows is a malware cesspool with millions of infected PCs world-wide. Attempting to say that it's the same as a few Unix and Linux viruses is either stupid, pollyanna-ish or intentionally deceiving.
Just keep trying to say that tens of viruses is equal to tens of thousands. We won't laugh at you.
Much.
Well, golly, I guess I just don’t know nuthin’ bout them there computers, then.
Be well.
Maybe not, but you figured out how to apologize for Microsoft just fine.
No I included Morris because it proved this statement from you: other operating systems don’t seem to have this problem, to be false. Morris, as a very high profile Unix worm, shows that other OSes DO seem to have this problem. It’s not like Morris was the last Unix malware, it just was the highest profile one.
It’s funny how your number of Windows viruses keeps going up. Hyperbole much?
These are mostly client AV apps, basically the same product they make for Windows only for Linux, not mail server AV.
Linux has nearly a thousand, and the number was half that in 2005. Viruses happen. Viruses happen to everybody. Once again showing that you’re statement was wrong, other OSes do seem to have this problem.
I’m not saying anything about equal, that’s nuancing again. I’m saying that this statement “other operating systems don’t seem to have this problem” is WRONG, other OSes not only SEEM to have this problem, the DO have it. All OSes have malware, period. And you can jump your number from thousands to tens of thousands and even to millions if you want, it doesn’t change the simple fact that Windows is not alone. Your statement was wrong. Now stop nuancing, man up and admit you said something silly.
You're becoming very silly, and even more tiresome.
Morris was over 20 years ago. Name, oh, let's say four Unix viruses since 2000. That's about one for every 10,000 Windows viruses since then.
Viruses. That spread by self-replication. Worms.
Go ahead, name them. Just four, or more if you know of them. That actually affected at least a few thousand machines (Morris affected 6000); laboratory curiosities don't count.
> Linux has nearly a thousand, and the number was half that in 2005.
Where's -that- list? Name it, provide a URL. Or STFU. You have become very silly. Put it up now.
Tonight's my night to get educated on how insecure Unix and Linux are. C'mon.
And why is that? Why don't we use AIX, Solaris, Linux or MacOS on all the desktops?
Well, silly me, I must have imagined all those Mac’s on our benches.
I’m a certified technician on both PC and Mac.
I like them both, and they’re both good for certain things and certain users.
Here’s the real constant: Mac users are arrogant a-holes, as you can tell by this thread.
Stick your Mac’s up your rear ends!
YOU BOUGHT THE BEST COMPUTER EVER!!! OUR PC’S SUCK SH*T!
Is that what you want? Feel better now?
Foxtrot Uniform
I’m a certified technician on both PC and Mac.
I like them both, and they’re both good for certain things and certain users.
Here’s the real constant: Mac users are arrogant a-holes, as you can tell by this thread.
Stick your Mac’s up your rear ends!
YOU BOUGHT THE BEST COMPUTER EVER!!! OUR PC’S SUCK SH*T!
Is that what you want? Feel better now?
Foxtrot Uniform
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.