Sophos Says Windows 7 Susceptible To Viruses

In a Tuesday blog post, Chester Wisniewski, senior security engineer at Boston-based Sophos, cited recent tests in which Windows 7, configured with default User Account Control settings and without antivirus software running, was found to be vulnerable to 8 out of 10 unique virus samples from Sophos' research lab.

It's an odd observation given than Microsoft never suggested that customers shouldn't continue using antivirus with Windows 7. But Microsoft does portray UAC as a security enhancer, and Wisniewski has previously called out UAC's inability to protect PCs from modern malware. Sophos also hasn't been shy about pointing out other vulnerabilities in Windows in the run-up to the Windows 7 launch.

Wisniewski seems particularly perturbed by Microsoft's latest Security Intelligence Report. Released earlier this week, the report claims that the infection rate of Windows Vista SP1 is 61.9 percent less than that of Windows XP SP3.

"Microsoft seems to be saying that Vista is the least ugly baby in its family," Wisniewski wrote in the blog post. "You can be sure the next report will highlight its even less ugly younger sibling, Windows 7."

The irony here is that Wisniewski calls out Microsoft for using security as a selling point while simultaneously positioning the product his company sells as a solution to Windows 7 security.

"You still need to run anti-virus on Windows 7," Wisniewski wrote. "Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up."

Security vendors are often criticized for using fear to sell products, and some have been known to use the public forum to impugn the security of competitors' products. In this case, it looks like Sophos is the one spreading fear, uncertainty and doubt.