80 percent of viruses love Windows 7

[Syanide]

According to one leading security research lab, Windows 7 is vulnerable to an astonishing 8 out of 10 viruses it was exposed to during testing. But wait a minute, just how astonishing is this, really?

Sophos loaded a retail release copy of Windows 7 onto a clean PC, configured it to the system default as far as the User Account Control process was concerned, and failed to install any anti-virus software. OK, so this might be a little unfair you would think, but it does represent the actions of many a person new to the new OS. Microsoft insists it is the most secure version of Windows yet, and ?ordinary users? will take the company at its word.

What Sophos did next was less typical, instead of connecting the machine to the Internet and clicking every link under the sun until it was infected up the wazoo, it instead ?grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up? says researcher Chet Wisniewski.

Unsurprisingly, Windows 7 didn?t do too well in fighting off these new threats. Indeed, it only managed to prevent 2 out of those 10 from operating correctly. Wisniewski insists that this just goes to show that his pre-launch warning that the UAC is not fit to protect a PC from malware was indeed correct. While I actually agree with him on this point I?d also argue that any machine that is not running an up to date anti-virus solution is asking for trouble no matter what version of Windows is installed.

I?d be more interested to see that same test performed on the same Windows 7 PC but running different AV solutions, including the new and free Microsoft Security Essentials to be honest. I wonder how far and how many of those 10 viruses would get then?

I wonder if Microsoft will come out fighting against Sophos this time, like it did when XP Mode security came under attack in the summer?

Source.

-----------

Wow, not having an antivirus seems really unfair, but at least it'll be interesting to hear from the 'I never run an antivurs and never have security problems on Windows' crowd.

[Argi]

My post on this FUD from another forum (keep in mind is from an AV company).

'm pretty sure Microsoft's said that UAC isn't intended to protect your PC against malware that's already running (that's what anti-virus software is for – as you mentioned). It's designed to prevent it from being infected to begin with through things like IE Protected Mode (which can be used by other applications if they want).

Presumably they just got a PC and run each exe on it which is stupid because of course they're going to run – Windows is backward compatible. Now whether or not it was able to write itself into the registry to run at each boot we'd have to see.

[franzon]

Sophos sells virus :yes:

[jmc777]

The original Sophos article is just as light on details. I'm going to steal a comment from another forum...

What exactly happened?

a) Ran malware - no UAC prompt - user infected

b) Ran malware - UAC prompt - Clicked 'Yes' - user infected

c) Ran malware - UAC prompt - Clicked 'No' - user infected

[Elliott]

Depends on what each virus was attacking, I suppose. If a virus attacks things specific to the user, it probably wouldn't get stopped by UAC.

[techbeck]

What Sophos did next was less typical, instead of connecting the machine to the Internet and clicking every link under the sun until it was infected up the wazoo, it instead ?grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up? says researcher Chet Wisniewski.

So they grabbed the top 10 unique not well known/looked at viruses and pit them against Win7?...ummm....ok

[Eric Veteran]

It should be 100%. I'm pretty sure the 'other two' will accept and run malware if you intentionally install it. And these companies think it's not them that's hosing their sales.

[acnpt]

OMG! Let me run out and buy a Mac :rolleyes:

:laugh: I think in this case, they want you to buy Sophos anti-virus.

[franzon]

What exactly happened?

a) Ran malware - no UAC prompt - user infected

yes, it infects the user's files, the files where the user have write permission, but this happens on all operating systems (Windows, Linux and Mac).

b) Ran malware - UAC prompt - Clicked 'Yes' - user infected

yes, but this happens on all operating systems. In Vista/7 you have an UAC's elevation prompt, in Linux and Mac you have a sudo's elevation prompt.

c) Ran malware - UAC prompt - Clicked 'No' - user infected

no, because the malicious program is not executed if the user clicked 'NO'

Edited November 4, 2009 by franzon

[(Spork)]

sounds like another Mac add

[jmc777]

yes, it infects the user's files, the files where the user have write permission, but this happens on all operating systems (Windows, Linux and Mac).

yes, but this happens on all operating systems. In Vista/7 you have an UAC's elevation prompt, in Linux and Mac you have a sudo's elevation prompt.

no, because the malicious program is not executed if the user clicked 'NO'

I know that, that's why I'm wondering why this is such a big deal. The only one of the scenarios I mentioned that would be newsworthy would be 'c', if—and only if—the malware managed to install with admin privileges even if the user clicked 'No' when the UAC prompt appeared.

[BajiRav]

That report is so light on details and it is clearly to drive more sales for Sophos but was there any doubt that if you run *any* malware in user context, it will damage the system? Say there is a virus that reads user's address book and then spams all contacts using the default mail client.... that will work equally good on a Mac or Linux or any damn OS.

Just a big boatload of bull crap.

I know that, that's why I'm wondering why this is such a big deal. The only one of the scenarios I mentioned that would be newsworthy would be 'c', if?and only if?the malware managed to install with admin privileges even if the user clicked 'No' when the UAC prompt appeared.

I think they did not play fair in this test. One of the big advantage of using Vista or 7 is that it is mighty difficult to get viruses on to the system (without physical access) in its default config. If you ignore flash vulnerabilities and assume a fully updated system, how did the virus get on the system in first place?

1. IE8 will prompt like a thousand times before a file is downloaded

2. WinExplorer will prompt before opening/launching a file downloaded from internet

3. If something gets past 1 & 2, I am not sure how it will affect the system files without a user prompt.

[Hoang Trong Tuong]

80 percent of viruses love Windows 7

:D :D I like it

[Boz]

Well anti-virus companies are scared sh**less because of free Security Essentials. Apple is scared ****less because OSX now doesn't hold a candle to Win 7.

So you can expect more and more of these type of "revelations". Of course a person should have an anti-virus software unless you are really computer savvy and you are vary of visiting unknown sites. So let me get this straight, they deliberately installed new 10 viruses on the system instead of using it like any other user will? How unbiased :rolleyes:

A regular user should install Security Essentials and be done with it. UAC was never meant to protect against infection, but to disallow execution of system files. And if a person keeps clicking YES to UAC warnings then there's nothing you can do about it. You'd get infected on any other system.

The whole "study" is completely useless and just fear-mongering for people to get their products.

[cabron]

This is why Microsoft will always going to lose more and more markets. They brainwashed their users telling them that this is the more secure and better windows yet. But its just another windows version like all previous. Microsoft need really to do something from scrath for windows 8 or Apple will keep getting more market shares!!!

[Growled Member]

Viruses have always loved Windows. What's new?

[justmike]

Malware is technically not a virus, well at least to most anti-virus companies. :p

[Elliott]

Apple is scared ****less because OSX now doesn't hold a candle to Win 7.

I agree that's it's useless fear-mongering (especially since the Action Center will yell at you if you're not running anti-virus software, in which case you can get the free and sufficient Security Essentials), but where the **** did Apple come into this? It's not like Apple sponsored this study or something. :laugh: You're relentless in your attack, aren't you?

[jonhapimp]

Well anti-virus companies are scared sh**less because of free Security Essentials. Apple is scared ****less because OSX now doesn't hold a candle to Win 7.

So you can expect more and more of these type of "revelations". Of course a person should have an anti-virus software unless you are really computer savvy and you are vary of visiting unknown sites. So let me get this straight, they deliberately installed new 10 viruses on the system instead of using it like any other user will? How unbiased :rolleyes:

A regular user should install Security Essentials and be done with it. UAC was never meant to protect against infection, but to disallow execution of system files. And if a person keeps clicking YES to UAC warnings then there's nothing you can do about it. You'd get infected on any other system.

The whole "study" is completely useless and just fear-mongering for people to get their products.

agreed

[ToneKnee]

This is why Microsoft will always going to lose more and more markets. They brainwashed their users telling them that this is the more secure and better windows yet. But its just another windows version like all previous. Microsoft need really to do something from scrath for windows 8 or Apple will keep getting more market shares!!!

Fanboy/common sense/stupid Alert!

For starters, of course a Anti-Virus is going to post these figures. After all, if Microsoft designed an OS that can stop 80% of viruses on the internet then these companies will go out of business.

Also, 8 out of 10 "unique" viruses do no represent 80% of the viruses on the internet. If any thing, 80% of the viruses on the internet will be outdated.

Also, it was AV companies who forced Microsoft to open up/weaken it's x64 kernel so they could have access to the OS's higher functions... I believe they bitched to the EU about this.

UAC is designed to help "prevent" viruses, though obviously if you hit "yes" then it's still the users fault.

It's not possible to design a 100% free virus operating system, Unix, Linux, OSX and so on can be hacked, cracked and so on. It's funny how many misinformed people there are.

[Madoshi]

This is why Microsoft will always going to lose more and more markets.

Apple will never reach more than 20% market share, at the rate they are going. they have nothing going for them anymore. they are not the only mouse-based GUI. they are not the only 16-bit color display. they do not use proprietary CPUs. they do not use SCSI. they do not bring any new technology to the table. as time went on the Mac lost alot of that ****. all its got left is the OS, the looks (which were copied by the smart folks at Sony and HP) and the price tag.

****ty designs, poor quality, higher-yet price tags.

They brainwashed their users telling them that this is the more secure and better windows yet.

um no. they do that with every NT release. sometimes they hold their word (2000, XP, 7) and other times they **** up big time (Vista). and actually, this time they are doing better then ever.

But its just another windows version like all previous.

...

Microsoft need really to do something from scrath for windows 8 or Apple will keep getting more market shares!!!

do you use a Macintosh? because it really sounds like you are a Macin***. you know, the kind that make Mac look bad with all their ignorant bull****. Windows 8? tell us about Snow Leopard, please!

[Ricardo Gil]

Well anti-virus companies are scared sh**less because of free Security Essentials. Apple is scared ****less because OSX now doesn't hold a candle to Win 7.

You just have to bring Apple into every thread... I guess the trolling never stops.

[Ci7]

Microsoft need really to do something from scratch for windows 8 or Apple will keep getting more market shares!!!

that sound like a genius plan , bravo! :rolleyes:

[Boz]

You just have to bring Apple into every thread... I guess the trolling never stops.

Well it's not Apple per se.. it's what's happening in the media with companies.. Apple is just coming out with more and more stupidity trying to present Windows in some false light. Sophos is doing useless tests that have no connection with reality because Microsoft now has an anti-virus solution that's free and very effective and I'm sure we wont' see the end of it soon. Seems that companies have more and more PR campaigns that spit on Windows instead of actually showing why their products are better.

[Elliott]

This is why Microsoft will always going to lose more and more markets. They brainwashed their users telling them that this is the more secure and better windows yet. But its just another windows version like all previous. Microsoft need really to do something from scrath for windows 8 or Apple will keep getting more market shares!!!

Please just shut up, Cabron. I own a Mac and love it, but I know its limitations. I'm just as open to having all my user files deleted by a virus as any Windows machine is. Snow Leopard and Windows 7 are very similar, and I don't see one being better than the other when you look at the two side by side. It just boils down to personal preference.

However, I think that both Microsoft and Apple should be careful in lulling their users into a false sense of security just to get sales. That's the kind of crap that leads to pointless class action lawsuits.