In Test, Windows 7 Vulnerable To 8 Out of 10 Viruses 843
As Windows 7's market share passes 3.6%, up from 1.9% the day before launch,
llManDrakell notes an experiment they did over at Sophos. They installed Windows 7 on a clean machine — with no anti-virus protection — with User Access Control in its default configuration. They threw at it the next 10 virus/worm samples that came in the door. Seven of them ran; UAC stopped only one baddie that had run in the absense of UAC. "Lesson learned? You still need to run anti-virus on Windows 7."
Firewall? (Score:2, Interesting)
Was the Windows Firewall up? If not, how many of these viruses would've made it through the default Windows Firewall settings? Or were these all of the "double click this attachment" variety?
Re:Not News!! (Score:4, Interesting)
Re:Not News!! (Score:2, Interesting)
Indeed - it is a nightmare that so many applications run as administrator by default. I remember once I got into a locked machine by going into Netscape Navigator (back in the day) and setting command.com to be the default application to open HTML files. While such access was disabled at user-level, applications running as administrator can do so freely.
Yes - it does require a lot of work to make Windows secure. The difference I see is that Linux comes with this out of the box, whereas Windows is designed to give users as much power as possible, with it being an administrative option to tune it down. And simply - that is the job is a system admin. Deploy an installation that is secure in the first place, keep it updated and patched, and try to keep appraised of security considerations while giving users access to everything they NEED.
I'm not anti-Linux at all, but am merely pointing out that sure it's worth the time maintaining Windows systems, since it's my job. I use Linux servers as well, and don't find their upkeep any less troublesome.
Re:Firewall? (Score:3, Interesting)
Sophos was testing Windows 7 in its default configuration. I don't know if the Firewall is enabled on a default install, but I suspect it probably is based on the defaults in XP Service Pack 3. If it's not, then the firewall is going to be irrelevant to a good number of users who are also likely to run Windows without AntiVirus on board. If it is, then it's not providing any protection to speak of, apparently.
One of the tests failed, not because Windows provided protection, but because the virus itself wasn't Win32 code. I'm sure the developers of Bredo-M are on it and will have a fix out soon.
Particularly disappointing in this test, however, was UAC's failure to protect against all but one of the eight buggers that did try to run in Windows 7. That is/was supposed to be Microsoft's response to allowing most applications to run as Administrator rather than a limited user (thereby enabling or even encouraging the existence of a large base of applications that REQUIRE Administrator access).
Re:Firewall? (Score:5, Interesting)
Side thought: Of course, this WAS written by Sophos, an AntiVirus marketer. One could hardly expect them to choose viruses/worms that cast "naked Windows 7" in a good light, now could they?
Re:Interesting market share stat there (Score:2, Interesting)
I would consider it harder to get started with a new Windows OS, since you have to install it, there is no live-CD option, you have to install alot of software from scratch for your system to be able to do anything rather than having a good usable set out of the box.
This should give some insight into the problems with Linux and how it could be addressed: for all it's strengths, it's not something people want. They want Windows, despite it's weaknesses. Make Linux wantable, watch market share change dramatically.