FUD - Fear, uncertainty and doubt
Yesterday, a senior security advisor at Sophos, who is responsible for working with the security community and communicating information on security threats to IT professionals, posted an entry on his blog entitled "Windows 7 vulnerable to 8 out of 10 viruses". Given the bad publicity that surrounded the launch of Windows Vista, is this yet another failing on the part of Microsoft that will lead to poor adoption of the Windows 7 platform? Fortunately for Microsoft, if you take the time to read the entry, it turns out that the tests are not even close to stringent enough to make claims that many will interpret to mean Windows 7 is vulnerable to 80% of the infections in the wild.
The first known computer virus was created in the early 1970's, and since then literally millions more have been written, with more being created daily for various nefarious reasons. Sophos, in its test of Windows 7 security in late October, tested a clean install of the operating system against ten of these potential infections. Out of the ten, seven infected the machine successfully, with a further one being able to infect the machine once UAC was manually disabled. The viruses chosen for the test were picked from the top of the SophosLab feed, where researchers from around the globe work to identify known and emerging malware spreading across computer systems all over the world.
If the top ten items in the feed had been mac viruses, that are unable to run on Windows, would their headline have been "Windows 7 invulnerable to viruses"? Somehow I think not. This is yet another case of a high profile company publishing results without making it clear exactly what they represent, many people who do not take the time to read the article would assume this means Windows 7 has an 80% chance of becoming infected, when in reality, this is only true if the only ten viruses in the world were the ones with which Sophos conducted the tests. At the end of the day, the only way to truly know the risk of infection of running a Windows 7 machine is to conduct this test with a far larger (and statistically sound) number of viruses, randomly chosen from a pool of all the viruses currently in the wild, as any high school maths student who has studied statistics will tell you.
Windows 7 is not perfect by any means, if it were, anti-virus companies would go out of business, but it is a highly secure operating system. As long as UAC is enabled, and the system is kept patched, and safe computing is practised, the chance of getting infected is minimal. Running an anti-virus package will further decrease the likelihood, but as always, no system is 100% secure.