backtop


Print 107 comment(s) - last by weskurtz0081.. on Nov 11 at 8:55 AM


Windows 7 may be more secure, but its UAC is less functional than Windows Vista's, according to a recent security study. The study suggests that only antivirus protection can properly protect Windows 7.  (Source: Switched)
Antivirus protection still necessary, says firm

One of the most unpopular features of Windows Vista among casual users was the User Account Control (UAC).  Ironically, while the UAC provoked irate comments from these users, like "why is my computer asking me to approve everything", the feature was one of the most appreciated features by power users as it gave them much more control over their security and ability to prevent inappropriate actions.

With Windows 7, Microsoft pledged to go the OS X route on this topic, tuning down the UAC's warnings to a lesser level.  Many security firms complained about this approach and Microsoft relented slightly, restoring some of the UAC's warnings, in particular a warning about the disabling the UAC altogether (experts showed that attackers could disable the UAC without prompting the user in early builds of Windows 7).

While these changes helped make Windows 7's release edition more secure than the test builds, the UAC's default setting is still neutered compare to Vista's robust solution, indicates Sophos Senior Security Adviser Chester Wisniewski.  He's just completed a study of attacking Windows 7 with malware and seeing how the new UAC responds.

Of the ten pieces of malware tested, Windows 7 wouldn't install two of them.  Of the remaining eight only one generated a UAC warning, allowing the user to disallow its installation.

Microsoft officials, though, minimized the test, saying the UAC just isn't that important a security feature anymore.  They point to Windows 7's improved memory protections and Microsoft free Security Essentials antivirus suite as two critical tools that can be used to fight infection, in addition to the UAC. 

States a Microsoft spokesperson, "Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware; this includes features like Security Development Lifecycle (SDL), User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP)."

"Windows 7 retains all of the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released," the spokesperson added. "Coupled with Internet Explorer 8—which includes added malware protection with its SmartScreen Filter—and Microsoft Security Essentials, Windows 7 provides flexible security protection against malware and intrusions."

While he understands that with other supplemental protections Windows 7 will likely be safe, Mr. Wisniewski seems mildly disapproving of defaulting the UAC to reduced functionality.  After all, users of Windows Vista may be lulled into a false sense of security expecting prompts to save them from malware.  Ultimately, though, there's little that can be done to convince Microsoft to change this, though, and he concludes, "Lesson learned? You still need to run antivirus [protection] on Windows 7."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I don't know of anyone...
By Motoman on 11/5/2009 3:42:51 PM , Rating: -1
...who can stand to have UAC turned on at all. As far as I'm concerned, it makes the PC unusable.

...and what kind of an idiot is not going to have antivirus on their machine at all anyway?

UAC is a non-feature.




RE: I don't know of anyone...
By jonmcc33 on 11/5/2009 4:36:39 PM , Rating: 2
For the 95% of Windows users that merely use e-mail and web browsing it is extremely useful. They will never get any UAC prompts though. It's the gamers that can't stand UAC because PunkBuster needs the programs to run as admin to work properly.


RE: I don't know of anyone...
By Smilin on 11/7/2009 7:29:19 PM , Rating: 2
I've never gotten a UAC prompt from punkbuster. In fact no game should ever UAC prompt. Even if it's really old and still writes to program files it will get redirect to a link without requiring admin privledges.

UAC just really isn't that big of a deal.


RE: I don't know of anyone...
By Smilin on 11/6/2009 1:42:38 PM , Rating: 1
I use it.

I anticipate the prompt based on actions I'm taking so it isn't really "in my face" at all. It's rare to see it after the first few days of setting up a machine and getting software installed.

It has also saved my bacon before (when antivirus didn't). If you hit a website and get a UAC prompt something is very wrong.

It's a very useful feature. It allows you to run as a split token admin so you get the best of both worlds: The safety of running as a user with the convenience of running as an admin.

This kills me though:

"it makes the PC unusable"

LOL you're quite the drama queen aren't you?


"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki