Feeds

Naked Win 7 still vulnerable to most viruses

User Account Control easily bypassed

Internet Security Threat Report 2014

Out-of-the-box Windows 7 machines are still vulnerable to eight out of ten viruses, according to a test by security firm Sophos.

The experiment proves that the improved User Account Control (UAC) features built into Windows 7 are not enough and that additional anti-virus protection is still required. In fairness to Redmond, Microsoft crystal clear that anti-virus remains a necessary add-on to Windows PCs.

As well as paid-for products a number of free-of-charge products from AVG, Comodo, Avast and Avira are available, along with Microsoft's home-grown Microsoft Security Essentials freeware anti-malware scanner.

In the Sophos experiment, Windows 7 with User Account Control in default configuration and no-anti-malware installed was tested against ten malware samples that arrived in Sophos's labs on 22 October. Seven of these badware packages ran while two failed to work on Win 7 machines irrespective of whether UAC protection was in place or not.

UAC stopped only one example of malware that would otherwise have infected the PC, a strain of autorun malware (called Autorun-ATK by Sophos).

Two Trojans - a variant of Bredo and a banking trojan - failed to work on Win 7 machines. However, a variant of the notorious Zbot Trojan as well as a scareware package slipped through the net infecting Win 7 machines used in the test, irrespective of whether or not Windows UAC was running.

UAC debuted in Windows Vista as a technology designed to prompt users for permission before allowing applications to run. Widely criticised as annoying, Microsoft released a less intrusive version of the software with Windows 7.

"User Account Control did block one sample; however, its failure to block anything else just reinforces my warning prior to the Windows 7 launch that UAC's default configuration is not effective at protecting a PC from modern malware," writes Sophos security researcher Chester Wisniewski.

"Lesson learned? You still need to run anti-virus on Windows 7."

Wisniewski notes that Vista fared better then other flavours of Windows in a security report by Microsoft released on Monday. The infection rate of Windows Vista SP1 was 61.9 percent less than that of Windows XP SP3.

That, according to Wisniewski, means Vista is the "least ugly baby in its family" and ought not to confer any bragging rights. "You can be sure the next report will highlight its even less ugly younger sibling, Windows 7," he adds. ®

Bootnote

During a presentation on The Balance of Browser Security and Settings at the RSA Conference in London last month, Microsoft's Ed Gibson referred to the version of UAC that came with Vista as "User Annoyance Control". The terminology by Microsoft’s chief security advisor in the UK was clearly deliberate, and a sign that Redmond acknowledges that the constant pop-ups generated by the technology on Vista boxes were counterproductive. ®

Internet Security Threat Report 2014

More from The Register

next story
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.