Yesterday Chester Wisniewski of Sophos said that, despite Microsoft's claims that Windows 7 is more secure than its predecessors, the new operating system disappointed in recent tests just like earlier versions. Wisniewski and the security firm claim that the User Account Control feature in Windows 7--when set at the default configuration--failed to catch eight out of ten pieces of malware.
But even though Windows 7 is more secure than Vista and XP, consumers will still need to install anti-virus software to catch all the nasties according to Wisniewski. "Windows 7 users need not feel left out," he said. "They can still participate in the ZBot botnet with a side of fake anti-virus. Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up."
eWeek contacted Microsoft about the Sophos test. As normal, the company avoided the question in its typical pseudo-government-type-fashion and highlighted other features of Windows 7 that offer improved security. "Windows 7 retains all of the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released," a Microsoft spokesperson said.
Wisniewski's reports that the test did not include additional, installed anti-virus software. Instead, the company tested Windows 7 with UAC on and UAC off. Two malware samples used in the test would not run in Widows 7: Troi/Bredo-M sn Troi/Banker-EUT. Out of the remaining eight, one malware sample provided a prompt.
As we all say, the best defense against maleware starts at the person sitting behind the keyboard.