Default Windows 7 vulnerable to eight out of ten attacks

What does this tell us?

Does this not expose some sort of myth that MS OS's are getting progressively more secure?
Going back a generation - when I was running both XP & Vista machines - I was always suprised that patches for the XP machine nearly always had an equivalent to fix a similar vuln in Vista. Surely if OS security was on an upward curve then the number of patches should have decreased with the new OS?
Yet month after month the numbers for both OS seemed to be fairly similar IIRC.
I suppose that's the price we pay for backward compatibilty. The newer OS is still keeping hold of older established technologies from it's predecessor.
Just my tuppence worth anyhow.

By mikeeJ on 3 Nov 2009

"Out of the box, new Windows 7 machines have ... no other AV software"

And if MS installed their Security Essentials software "out of the box", Sophos and every other AV firm would be straight to the competition commission.

By Bassey1976 on 3 Nov 2009

Just another embarrassing report into Microsoft security.

I haven;t had AV software on my home machine for several years without a single issue. Why? Because I don't browse dodgy sites, don't use P2p or download from non legal software.

Another cheap way of a company advertising its products while PC Pro keeps publishing them (or maybe they're getting paid by them to publish the stories?).

By a_byrne22 on 3 Nov 2009

Normal user or Administrator?

Was the user logged on normal user or system administrator?

By jbarnett on 3 Nov 2009

no av - you think you are safe?!

a_byrne22.
You do realise that a large number of regular websites have been hacked to push down malware...the most famous was the official Superbowl website from a couple of years ago. The site was official for a big event, looked normal, worked normally, but just had a line injected into the header that installed malware without any indication to the user.
How would you necessarily know that you haven't got a "single issue" - are you sure that a keylogger hasn't got onto your system, or you are not part of botnet?

As soon as you connect any computer (using any OS) to a network you are vunerable (to differing degrees).

By oufc_gav on 3 Nov 2009

Is this Sophos campaign

For an antivirus ballot page just like the proposed browser ballot page?

I don't understand what point they are trying to make here. Do they expect Microsoft to make an operating system so secure that Sophos and their like are no longer needed? Do they expect the writers of the freshest new virii not to have been using the Windows 7 beta and not have worked out how to attack it?

By windywoo on 3 Nov 2009

This isn't news, this is just Sophos pointing out there is still a need for its products. (Or Sophos, the products of your competitors will suffice too.)

By halsteadk on 3 Nov 2009

AV software? What's that?

I don't run AV software on my home computers either.

I run Linux.

By Linux_User on 3 Nov 2009

"I don't run AV software on my home computers either. I run Linux."

So does that mean there are no Linux viruses? If there aren't, why run AV on Linux machines at work? And if there are Linux viruses....

By AdrianB on 3 Nov 2009

The reason there are fewer viruses on Linux is simply because the user base is much smaller, hence there's less gain for the virus writers. It's not just down to the actual security of the product.

By halsteadk on 3 Nov 2009

The obvious

"Windows without anti-virus software is vulnerable to viruses" - say anti-virus vendor.

Is this 'news' at all?

By Stiggy on 4 Nov 2009

Notable that the same structural flaws are present - processes still able to affect systems they shouldn't, a flawed (by design) security model and so forth.

Why is an EXE able to access core system files? Why do those files allow themselves to be altered?

OK, so if MS did produce a truly secure OS they'd be slammed for it by the AV companies but, frankly, tough. AV is like insurance. You buy it, thinking you're safe then one day disaster strikes and suddenly, amazingly, you're not covered by the very thing that's affected you.

By bubbles16 on 4 Nov 2009

Linux & AV

If you ever run AV in a Linux environment it's to protect Windows boxes on the same network/that might connect to the Linux machine. Whilst the viruses won't affect Linux, they can still be passed on to vulnerable Windows machines.

As to Linux not being more secure - that's just not correct. Yes, Linux also has its vulnerabilities but UNIX and UNIX-like OSes are inherently more secure by design.

By Linux_User on 4 Nov 2009

Linux and Internet Security

"As to Linux not being more secure - that's just not correct"

Funnily enough we are in total agreement - but I for one never said they weren't more secure. I'm happy to acknowledge that Linux is inherently more secure by design. What I object to is the attitude often seen that you do NOT need to use AV on Linux. In the first place there are Linux threats. In the second a full internet security package will attempt to protect against all sorts of things including (I hope!)phishing mails of the "Please send us your bank id and password" type. Correct me if I'm wrong but such a mail isn't affected by the operating system. And if people answer stupidly to such mails, there's every chance they'll answer stupidly to security prompts from Linux.

If real users get themselves Linux on a Netbook and don't run internet security because they've been told they don't need any, then they are vulnerable - certainly not as vulnerable as anyone running Windows, but their belief in their own impregnability is wrong, and it's the fault of the "Linux equals no need for AV" brigade. (Which I exclude Linux_User from!)

By AdrianB on 4 Nov 2009