Feeds

Top security firm: Default Windows 7 less secure than Vista

Reviled UAC nagware finds a defender

Providing a secure and efficient Helpdesk

Windows 7 is less secure out-of-the box than Vista, despite Redmond's protestations to the contrary, a top security firm has claimed.

Trend Micro said that the default configurations of Windows 7 are less secure than Vista. Raimund Genes, CTO of Trend Micro, said that Windows 7 had sacrificed security for useability - at least for default configurations.

"I'm not saying Windows 7 is insecure, but out of the box Vista is better," Genes told El Reg.

The User Account Control (UAC) feature that debuted with Vista was a security safeguard that asked users for permission before allowing applications to run. The nagware technology irked users and was blamed for producing numerous largely meaningless pop-ups that users blithely clicked past.

Even senior Microsoft execs, for example UK security advisor Ed Gibson, have taken to describing the technology disparagingly as "User Annoyance Control" over recent months. A toned down version of UAC has been developed for Windows 7, but Genes regards this and other changes as a step backwards.

"I was disappointed when I first used a Windows 7 machine that there was no warning that I had no anti-virus, unlike Vista," Genes said. "There are no file extension hidden warnings either. Even when you do install anti-virus, warnings that it has not been updated are almost invisible."

"Windows 7 may be an improvement in terms of useability but in terms of security it's a mistake, though one that isn't that surprising. When Microsoft's developers choose between usability and security, they will always choose useability," Genes argued.

Genes said the security of Windows 7 for consumers might be improved by offering virtual XP, a sandboxed version of the older OS, with Windows 7 home editions. The virtualisation technology (criticised by other security firms, most notable Sophos, as a security risk in its own right because it needs separate patching and security protection) was only released in enterprise versions of the operating system.

Trend's unfavorable default security comparison between Vista and Windows 7 was released alongside its Trend Micro 2010 Future Threat Report. The main focus of the report places the security implication of the wider IT industry shift towards cloud computing and virtualisation under the spotlight.

While offering significant benefits and cost-savings, the architectural shift means cybercrooks are likely to turn their sights towards manipulating the connection to the cloud, or attacking the data center and cloud itself, instead of trying to infect desktop or server systems.

"The focus for security firms has been protecting desktops or servers, but this needs to shift to providing security for the cloud, where sensitive information such as credit card records will be held. Using encryption to establish shielded containers for sensitive data and improving the security and back-up of cloud computing systems needs to be improved so that we can have safe cloud computing," Genes explained. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.