FUD - Fear, uncertainty and doubtYesterday, a senior security advisor at Sophos, who is responsible for working with the security community and communicating information on security threats to IT professionals, posted an entry on his blog entitled "Windows 7 vulnerable to 8 out of 10 viruses". Given the bad publicity that surrounded the launch of Windows Vista, is this yet another failing on the part of Microsoft that will lead to poor adoption of the Windows 7 platform? Fortunately for Microsoft, if you take the time to read the entry, it turns out that the tests are not even close to stringent enough to make claims that many will interpret to mean Windows 7 is vulnerable to 80% of the infections in the wild.
The first known computer virus was created in the early 1970's, and since then literally millions more have been written, with more being created daily for various nefarious reasons. Sophos, in its test of Windows 7 security in late October, tested a clean install of the operating system against ten of these potential infections. Out of the ten, seven infected the machine successfully, with a further one being able to infect the machine once UAC was manually disabled. The viruses chosen for the test were picked from the top of the SophosLab feed, where researchers from around the globe work to identify known and emerging malware spreading across computer systems all over the world.
If the top ten items in the feed had been mac viruses, that are unable to run on Windows, would their headline have been "Windows 7 invulnerable to viruses"? Somehow I think not. This is yet another case of a high profile company publishing results without making it clear exactly what they represent, many people who do not take the time to read the article would assume this means Windows 7 has an 80% chance of becoming infected, when in reality, this is only true if the only ten viruses in the world were the ones with which Sophos conducted the tests. At the end of the day, the only way to truly know the risk of infection of running a Windows 7 machine is to conduct this test with a far larger (and statistically sound) number of viruses, randomly chosen from a pool of all the viruses currently in the wild, as any high school maths student who has studied statistics will tell you.
Windows 7 is not perfect by any means, if it were, anti-virus companies would go out of business, but it is a highly secure operating system. As long as UAC is enabled, and the system is kept patched, and safe computing is practised, the chance of getting infected is minimal. Running an anti-virus package will further decrease the likelihood, but as always, no system is 100% secure.
I've been using Avast! Home Free for a few years now and really like it; much ore than I liked AVG. Microsoft Security Essentials is another good free one; I was a beta-tester and was quite impressed with it.
It's the only OS in which such mass infections exist, so are you surprised?
Because it has the largest distribution on the planet.
+1, if Mac OS even managed to get 20% market share you would see it targeted. Apple can drag there feet too, look how long it took them to fix that java vulnerability.
HEY LEO LAPORTE
This is the same crap they spin for Mac's stating a big attack is around the corner, still waiting for that one.
This is the same crap they spin for Mac's stating a big attack is around the corner, still waiting for that one.
2009 is the death of OS viruses, currently and next year,its finding exploits in things like Adobe Acrobat etc for Remote Command and Control of the system.....and guess what its not platform specific. Adobe 8 +9 both have wide open issues with exactly this and it affects mac version, windows, linux, you name it, it has the exploit ;o) so Yes mac and Linux systems are as much to risk of this than windows.
This is the same crap they spin for Mac's stating a big attack is around the corner, still waiting for that one.
2009 is the death of OS viruses, currently and next year,its finding exploits in things like Adobe Acrobat etc for Remote Command and Control of the system.....and guess what its not platform specific. Adobe 8 +9 both have wide open issues with exactly this and it affects mac version, windows, linux, you name it, it has the exploit ;o) so Yes mac and Linux systems are as much to risk of this than windows.
I'll stick to using Preview to view my pdf's then.
This is the same crap they spin for Mac's stating a big attack is around the corner, still waiting for that one.
2009 is the death of OS viruses, currently and next year,its finding exploits in things like Adobe Acrobat etc for Remote Command and Control of the system.....and guess what its not platform specific. Adobe 8 +9 both have wide open issues with exactly this and it affects mac version, windows, linux, you name it, it has the exploit ;o) so Yes mac and Linux systems are as much to risk of this than windows.
I'll stick to using Preview to view my pdf's then.
I'm pretty sure Preview is exploitable, too. The attack vector is the document.
This is the same crap they spin for Mac's stating a big attack is around the corner, still waiting for that one.
2009 is the death of OS viruses
I think 2007 or 2006 was the death or The OS virus. Ever since them its been Trojans and malware.
This is the same crap they spin for Mac's stating a big attack is around the corner, still waiting for that one.
2009 is the death of OS viruses, currently and next year,its finding exploits in things like Adobe Acrobat etc for Remote Command and Control of the system.....and guess what its not platform specific. Adobe 8 +9 both have wide open issues with exactly this and it affects mac version, windows, linux, you name it, it has the exploit ;o) so Yes mac and Linux systems are as much to risk of this than windows.
I'll stick to using Preview to view my pdf's then.
I wish I could preview. Windows 7 broke my PDF previewer in Outlook.
You might want to check this link. This fixed the preview handler for me in Outlook 2007 when I changed to Win 7 (64-bit).
Thanks, but I just found this .reg fix from: http://www.pretentiousname.com/adobe_pdf_x64_fix/index.html (which is actually referring to your link as well, LOL)
Works like a charm now.
This is like saying that if a web page exploits a vulnerability in IE, Firefox will be vulnerable as well, because the attack vector is the web page.
Most other OS's are secure by default and have been for decades. Windows is the only OS that needs bloated antivirus, antispyware, anti-*, firewalls etc. The rest of us just work away happily knowing that our systems are secure and stable
There will always be exploits for sure, but windows will always have a sole monopoly on viruses!
But wait, I thought the UAC was supposed to stop all these mass infections? Perhaps MS aren't quite so confident now.
Are you referring to windows servers? Because they are the only ones which need antivirus software.
Truth hurts eh? And how big do they have to get? Isn't hundreds of millions of windows PC's infected with viruses enough?
Last edited by LoveThePenguin on 05 Nov 2009 - 19:32
If that was so, then why is windows the only OS with mass infections worldwide? I think calling users dumb (which you are effectively doing) is a poor excuse.
Errm except they dont have a consumer product to sell...... business only with Sophos I think youll find.
This.
I quite agree with you, this is just marketing tactics
They don't need much scaring when windows is universally synonymous with viruses and spyware.
These results are garbage
You don't have to be a computer expert to avoid viruses. Just try Ubuntu
If you enjoy blind faithfulness and leaving your fate to luck, then sure go ahead.
You're right.
Security companies, above many others, should be objective when publishing test results. Titles like this only mislead the user to think the OS will surely get infected.
That's an oxymoron surely?
I read the sophos article and I couldn't find any F.U.D. I mean we aren't talking about the blatant lies about Linux which MS frequently espouses. Now that is F.U.D.
So tell me, if these were ported to other operating systems, wouldn't the Linux or Mac OS X system be "vulnerable" in the same way??
I mean, those operating systems would block any system-changing program (as does Vista/Win7), but would happily allow something run in just the user's local profile.
I guess virus protection isn't a big deal if you're running some tiny, minority OS like Linux or Mac OS X where no one bothers writing viruses.
Mac OS X and Linux are still vulnerable to the rm -rf ~/* virus. So what?
Windows retains compatibility for running code dating back a very long time. Why would these viruses suddenly not work?
Actually one of those viruses didn't work for precisely the opposite reason. That is, due to incompatibilities with previous versions.
cos its the operating system's fault that some website convinces the user they have spyware on their computer and need to download a fake AV package...course its playing on potential holes in the OS that the users are bombarded with, but stupidity is the main vector here.
This place is really going down the drain. You won't see me here anymore....sigh
Put people where they can be heard, add some anonymity, you get people breaking what should be the 11th commandment (don't be a d*ck). Me included.
edit: was gonna add a "your mum" joke but decided against it!
Its fud because they dont state how they tested. They dont even say if the user was elevated to an admin or not.
Any criticism of MS and its products is F.U.D didn't you know?
What they did was more like an "install" of trojan horses.
Last edited by mmck on 06 Nov 2009 - 13:40
Out of all of those "viruses" tested not all of them are viruses, in fact many are trojan horses which for those who don't know is something pretending to be something else and requires human action to actually work.
A virus on the other hand is something malicious that sits on the back of a file and without the user knowing is run as the file is legitimate just something else is attached to it.
The two worms (the only Viruses included in the test) - one failed... but anyway these are autorun worms (presumably from their names) - so again in Windows 7 the user must have accepted the autorun (as you do in Windows 7)... so its closer to a Trojan Horse in its behavious on Windows 7 (whereas in older versions of windows autorun acted regardless of user confirmation - a worm is considered a higher threat than a Virus as it requires no human action... which is not true in this instance. I'm guessing they didnt go with a "WORM" headline as people don't understand the difference.
Conclusion - to Windows 7 none of these are viruses, hence no viruses succeeded.
psexec.exe -dl "C:Program FilesMozilla firefoxfirefox.exe"
I do this for all apps that don't need to run with admin access.
psexec.exe -dl "C
I do this for all apps that don't need to run with admin access.
Great Tip schwit, You rock!
They don’t sell to home users so unlikely.
Doesn’t mean I agree with the article though.
but this is yet another example of bull**it blog posts which serve no purpose.
1) A system without anti virus is not a normal setup, unless you are think and deserve to be infected
2) malware by its nature needs to almost always be run by the user, its the way they get people to run it thats the problem.
3) Are you seriously telling me XP fares better on the same test? no chance you install xp sp0 and see what happens?
4) 7 ships with the firewall on. So unless you are purposely running malware on your computer without anti virus installed then the risk isnt as big as they make out.
Maybe they should post, Mac OS still vulnerable if you dont patch or use av.
Why are you using terms, which quintessentially describe MS press releases, to distort the truth? Are you sore that windows 7 is seemly just as infectable(yes, I just made that up) as every other version of windows?
I mean one of those viruses that didn't run only did so because of windows 7's own incompatibilities with previous incarnations, not because of increased security. Perhaps that's MS's new strategy; it's easier than fixing the thing I suppose lol.
win7 is new and no viruses were written for the OS, so it seems that these are old xp and vista viruses.
An the lame excuse of "I know how to browse and I never get infected" is flawed too : if you don't have an antivirus how the ell would you know f you're infected or not?
The only reason OSX is less flawed is because not sufficient viruses are written to attack that OS, ifApple would have the market share MS has this would be a different story.
Long story short: this article doesn't do anything but prove you need antivirus software, nothing else.
Regarding the AUC, it also has a preventive role against bad manip for Beginners
Does Sophos need this kind of testing to earn money?
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.