Print 107 comment(s) - last by weskurtz0081.. on Nov 11 at 8:55 AM

Windows 7 may be more secure, but its UAC is less functional than Windows Vista's, according to a recent security study. The study suggests that only antivirus protection can properly protect Windows 7.  (Source: Switched)
Antivirus protection still necessary, says firm

One of the most unpopular features of Windows Vista among casual users was the User Account Control (UAC).  Ironically, while the UAC provoked irate comments from these users, like "why is my computer asking me to approve everything", the feature was one of the most appreciated features by power users as it gave them much more control over their security and ability to prevent inappropriate actions.

With Windows 7, Microsoft pledged to go the OS X route on this topic, tuning down the UAC's warnings to a lesser level.  Many security firms complained about this approach and Microsoft relented slightly, restoring some of the UAC's warnings, in particular a warning about the disabling the UAC altogether (experts showed that attackers could disable the UAC without prompting the user in early builds of Windows 7).

While these changes helped make Windows 7's release edition more secure than the test builds, the UAC's default setting is still neutered compare to Vista's robust solution, indicates Sophos Senior Security Adviser Chester Wisniewski.  He's just completed a study of attacking Windows 7 with malware and seeing how the new UAC responds.

Of the ten pieces of malware tested, Windows 7 wouldn't install two of them.  Of the remaining eight only one generated a UAC warning, allowing the user to disallow its installation.

Microsoft officials, though, minimized the test, saying the UAC just isn't that important a security feature anymore.  They point to Windows 7's improved memory protections and Microsoft free Security Essentials antivirus suite as two critical tools that can be used to fight infection, in addition to the UAC. 

States a Microsoft spokesperson, "Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware; this includes features like Security Development Lifecycle (SDL), User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP)."

"Windows 7 retains all of the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released," the spokesperson added. "Coupled with Internet Explorer 8—which includes added malware protection with its SmartScreen Filter—and Microsoft Security Essentials, Windows 7 provides flexible security protection against malware and intrusions."

While he understands that with other supplemental protections Windows 7 will likely be safe, Mr. Wisniewski seems mildly disapproving of defaulting the UAC to reduced functionality.  After all, users of Windows Vista may be lulled into a false sense of security expecting prompts to save them from malware.  Ultimately, though, there's little that can be done to convince Microsoft to change this, though, and he concludes, "Lesson learned? You still need to run antivirus [protection] on Windows 7."

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: W7
By SavagePotato on 11/6/2009 4:53:16 PM , Rating: 2
Pirks never really shuts up, just goes to think up more nonsense to waste everyones time.

Like kicking his feet like a baby and calling your links lies.

Repeat with me, just because apple took a page down to save face does not make it a lie.

Reminder of the day...

A conversation with pirks is like the following.

RE: W7
By Pirks on 11/6/2009 5:50:57 PM , Rating: 1
just because apple took a page down to save face does not make it a lie
Precisely my point. No proof links exist NOW, so it's a lie NOW, although some links may have existed in the past. I'm not going to deny the past, Potato :P I was just asking about the PRESENT state of affairs, baiting trolls like you. Thanks for another amusement :) You never fail to deliver

RE: W7
By SavagePotato on 11/6/2009 9:16:37 PM , Rating: 2
Keep working on that 0 overall post rating donkey.

RE: W7
By Pirks on 11/7/2009 1:02:22 AM , Rating: 1
Suck on that link, redneck :P

RE: W7
By Alexstarfire on 11/7/2009 6:19:15 AM , Rating: 2
So, saying something makes it true, but then if you just take it back it's immediately not true anymore? Wish that worked in a court of law.

RE: W7
By Pirks on 11/7/2009 9:57:57 AM , Rating: 2
What if you said it by mistake (unintentionally lied) and later corrected this mistake? That's still a lie (although an unintentional one), isn't it? ;)

RE: W7
By DominionSeraph on 11/7/2009 11:23:08 AM , Rating: 2
Pirks, stop talking. You don't even know what bounds a lie, yet you blather on, completely oblivious to the mess you're making.

The analysis you're attempting to perform cuts along definitional lines. This means that you need to KNOW YOUR DEFINITIONS.

Jesus Christ. Why must every hour be amateur hour?

RE: W7
By Pirks on 11/7/2009 11:38:54 AM , Rating: 2
Thanks for your lesson in ethics but my question to Alex above still stands.

RE: W7
By DominionSeraph on 11/8/2009 12:31:33 AM , Rating: 2
Thanks for your lesson in ethics

Lesson? So you're still trying to figure out utilitariansim?
You realize that this is something that even a cat has no problem understanding, right?

my question to Alex above still stands

*sigh* Why me?

Pirks, your question is meaningless. Thus your presumption of meaning=1 is a faulty condition. Zero the potential with a strobe of -1, then reprocess the scenario.

RE: W7
By Alexstarfire on 11/8/2009 1:26:03 AM , Rating: 2
Unless they purposely lied I really doubt they'd post it on a webpage. Of course, without saying, "oops that's not we meant to say" what exactly are people supposed to assume? That it's true and they just don't want people to know. People do make mistakes, and if it's an innocent mistake they man to it and say "we made a mistake and that's not we meant to do." By purposely hiding something all you're doing is making the case stronger that it's true even if you don't outright say so after the fact.

RE: W7
By weskurtz0081 on 11/11/2009 8:55:03 AM , Rating: 2
Dude, you know when they posted that, Apple meant to recommend anti-virus. Then, when everyone started pointing at it and saying "see", they decided to reword it to cover their butts, but in a way that's saying "we aren't really saying either way, just that anything is possible".

Regardless of whether or not you want to admit it, you know what they meant when that was originally posted, and why they changed the wording.

“So far we have not seen a single Android device that does not infringe on our patents." -- Microsoft General Counsel Brad Smith

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki