Print 107 comment(s) - last by weskurtz0081.. on Nov 11 at 8:55 AM

Windows 7 may be more secure, but its UAC is less functional than Windows Vista's, according to a recent security study. The study suggests that only antivirus protection can properly protect Windows 7.  (Source: Switched)
Antivirus protection still necessary, says firm

One of the most unpopular features of Windows Vista among casual users was the User Account Control (UAC).  Ironically, while the UAC provoked irate comments from these users, like "why is my computer asking me to approve everything", the feature was one of the most appreciated features by power users as it gave them much more control over their security and ability to prevent inappropriate actions.

With Windows 7, Microsoft pledged to go the OS X route on this topic, tuning down the UAC's warnings to a lesser level.  Many security firms complained about this approach and Microsoft relented slightly, restoring some of the UAC's warnings, in particular a warning about the disabling the UAC altogether (experts showed that attackers could disable the UAC without prompting the user in early builds of Windows 7).

While these changes helped make Windows 7's release edition more secure than the test builds, the UAC's default setting is still neutered compare to Vista's robust solution, indicates Sophos Senior Security Adviser Chester Wisniewski.  He's just completed a study of attacking Windows 7 with malware and seeing how the new UAC responds.

Of the ten pieces of malware tested, Windows 7 wouldn't install two of them.  Of the remaining eight only one generated a UAC warning, allowing the user to disallow its installation.

Microsoft officials, though, minimized the test, saying the UAC just isn't that important a security feature anymore.  They point to Windows 7's improved memory protections and Microsoft free Security Essentials antivirus suite as two critical tools that can be used to fight infection, in addition to the UAC. 

States a Microsoft spokesperson, "Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware; this includes features like Security Development Lifecycle (SDL), User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP)."

"Windows 7 retains all of the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released," the spokesperson added. "Coupled with Internet Explorer 8—which includes added malware protection with its SmartScreen Filter—and Microsoft Security Essentials, Windows 7 provides flexible security protection against malware and intrusions."

While he understands that with other supplemental protections Windows 7 will likely be safe, Mr. Wisniewski seems mildly disapproving of defaulting the UAC to reduced functionality.  After all, users of Windows Vista may be lulled into a false sense of security expecting prompts to save them from malware.  Ultimately, though, there's little that can be done to convince Microsoft to change this, though, and he concludes, "Lesson learned? You still need to run antivirus [protection] on Windows 7."

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Flawed Methodology
By Cerin218 on 11/6/2009 5:11:22 PM , Rating: 1
Umm hello, you can maximize productivity of the user when the user isn't sitting at their desk twiddling their thumbs because they clicked on that UPS tracking number email and installed the .exe contained in there even while questioning the origin of that email to themselves, and as the IT staff you are now working to remove that virus from their computer before it infects other users or your server.
You are obviously not an IT person. If you can prevent problems, they do not become problems, and as stated it allows you to focus your attention on other products that may in fact, increase productivity.
Think before you speak.

RE: Flawed Methodology
By mark3450 on 11/7/2009 12:07:32 AM , Rating: 3
No I am not an IT person, however I do know computers and the shortcomings of IT mentality. Yes having some bozo infect his computer with a virus isn't good for productivity, but locking out users from admin causes it's own problems for productivity you so blistfully ignore.

Simple example, say I have a scientific paper in PDF I need to read, but it requires an updated version of adobe reading to view. With admin privliges it takes 5 minuites to get the new reader, without it's a major headache to get IT to install one for you. The difference in productivity is huge.

What I'm calling IT mentality is this thought process that the only goal is to minmizing the number of problems. The goal is to maximize productivity and that's not the same. Yes problems like viruses reduce productivity, but so do draconic IT measures like denying users admin privliges.

RE: Flawed Methodology
By DominionSeraph on 11/7/09, Rating: 0
RE: Flawed Methodology
By Alexstarfire on 11/7/2009 5:50:32 AM , Rating: 2
If IT is doing their job properly it shouldn't take much longer than doing it by yourself. That is of course assuming that the end user actually knows how to do it by themselves... of which many times I highly doubt.

RE: Flawed Methodology
By damianrobertjones on 11/8/2009 9:27:24 AM , Rating: 2
The moment you give users the rights to install, your days are numbered. Users are... to put it bluntly, thick. Really, really thick. You can train, state, send them FIFTY DAMN emails and they STILL won't take a blind bit of notice.

P.s. Adobe acrobat? Why? Foxit reader. With apps think quick and easy instead of bloated and slow.

P.P.s Admins can remotely update hundreds upon hundreds of pcs without even leaving their desk. You're not an it person so please try not to think like a user who 'wants' everything. :)

RE: Flawed Methodology
By mark3450 on 11/9/2009 5:04:12 PM , Rating: 2
Users are... to put it bluntly, thick. Really, really thick.

Yes some users are thick, but many are not. I know folks in IT can give endless examples of how clueless users are, but users can also give examples of how IT policies like locking out admin destroys their productivity. Obviously it's easier on IT to lock down admin, but quite honestly it's IT's job to make life easy for the user not the other way around.

"Well, we didn't have anyone in line that got shot waiting for our system." -- Nintendo of America Vice President Perrin Kaplan

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki