Microsoft is disputing security vendor Sophos' recent claim that Windows 7 without antivirus software installed is vulnerable to most malware currently in circulation.
Although Windows 7 comes with 'defense-in-depth' security that includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP), it's still a good idea for customers to use antivirus software, said Paul Cooke, director of Windows Enterprise Client Security at Microsoft, in a Friday blog post.
"So while I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run antivirus software on Windows 7," Cooke wrote in the blog post."This is why we've made our Microsoft Security Essentials offering available for free to customers."
Last week, Chester Wisniewski, senior security engineer at Boston-based Sophos, claimed that Windows 7, configured with default User Account Control settings and without antivirus software running, was found to be vulnerable to 8 out of 10 unique virus samples in recent tests in Sophos' labs.
On Monday, Wisniewski said Microsoft's marketing of UAC as a complement to the security of Windows 7 is somewhat misleading.
"Most malware these days is behaving in a way that UAC doesn't help," Wisniewski said in an interview. "A lot of fake antivirus software doesn't elevate privilege, so users don't get any UAC warnings. We're seeing more of these threats operating in userland and not necessarily doing things that trigger UAC."
Given that Sophos sells antivirus software, Wisniewski has taken some heat from Microsoft proponents who claim he's just trying to drum up fear to sell more products. Although Microsoft is giving away its Microsoft Security Essentials antimalware offering for free, Wisniewski doesn't see that as a threat to Sophos' business. "The more PCs that are protected, the better," he said.
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
|
10 Security Predictions For 2012 CRN looks into its crystal ball and sees Android, hactivisim and cyber-espionage as some of the top 10 security threats in 2012. |
|
10 Biggest Security Breaches Of 2011 The Top 10 Security Breaches of 2011 show hackers were relentless in their pursuit of profit, compromising computer systems of universities, video-game makers and the largest banks. |
 More
Slide Shows |
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
- Remote Management and IT Security: Building Profits While Reducing Costs
