Sophos: Win 7 UAC Ineffective Against Malware

Yesterday Chester Wisniewski of Sophos said that, despite Microsoft's claims that Windows 7 is more secure than its predecessors, the new operating system disappointed in recent tests just like earlier versions. Wisniewski and the security firm claim that the User Account Control feature in Windows 7--when set at the default configuration--failed to catch eight out of ten pieces of malware.

But even though Windows 7 is more secure than Vista and XP, consumers will still need to install anti-virus software to catch all the nasties according to Wisniewski. "Windows 7 users need not feel left out," he said. "They can still participate in the ZBot botnet with a side of fake anti-virus. Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up."

eWeek contacted Microsoft about the Sophos test. As normal, the company avoided the question in its typical pseudo-government-type-fashion and highlighted other features of Windows 7 that offer improved security. "Windows 7 retains all of the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released," a Microsoft spokesperson said.

Wisniewski's reports that the test did not include additional, installed anti-virus software. Instead, the company tested Windows 7 with UAC on and UAC off. Two malware samples used in the test would not run in Widows 7: Troi/Bredo-M sn Troi/Banker-EUT. Out of the remaining eight, one malware sample provided a prompt.

As we all say, the best defense against maleware starts at the person sitting behind the keyboard.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
37 comments
    Your comment
    Top Comments
  • cyprod
    Wow, imagine that. A guy who works for an AV company says Windows 7 needs AV software.
    Not going to argue the correctness of the statement, but just saying...
    23
  • Scotteq
    Hmmm.. I wasn't aware that User Access Control was being touted as a replacement for Anti-Virus. Let me check on that...


    Nope - UAC has not been advertised as a replacement for proper AV protection. Next non-story, please.
    10
  • Other Comments
  • lenell86
    nothing new to report, everyone knows windows fails without a proper AV/Firewall...
    -10
  • anamaniac
    "As we all say, the best defense against maleware starts at the person sitting behind the keyboard."

    First off, thank you.
    Second off, how hard is it to use a spell checker?

    Running no AV and going just fine myself. For 11 months now.
    My bros comp is running the Microsoft AV. Be nice if Win7 actually came with their OneCare (or whatever it's called).
    6
  • cyprod
    Wow, imagine that. A guy who works for an AV company says Windows 7 needs AV software.
    Not going to argue the correctness of the statement, but just saying...
    23