In Test, Windows 7 Vulnerable To 8 Out of 10 Viruses

← Back to Stories (view on slashdot.org)

In Test, Windows 7 Vulnerable To 8 Out of 10 Viruses

Posted by kdawson on Tuesday November 3, 2009 @09:33AM from the take-your-shots dept.

As Windows 7's market share passes 3.6%, up from 1.9% the day before launch, llManDrakell notes an experiment they did over at Sophos. They installed Windows 7 on a clean machine — with no anti-virus protection — with User Access Control in its default configuration. They threw at it the next 10 virus/worm samples that came in the door. Seven of them ran; UAC stopped only one baddie that had run in the absense of UAC. "Lesson learned? You still need to run anti-virus on Windows 7."

47 of 843 comments (clear)

Min score:

Reason:

Sort:

Not News!! by Kohenkatz · 2009-11-03 09:35 · Score: 2, Insightful

Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get. Especially with the number of good free anti-virus programs available for Windows, there is no excuse not to have one either way. I use Avast Home Edition. It's free (just registration required), fast, and small-footprint. Even if 9/10 viruses would be blocked by UAC, an anti-virus program that blocks the last one is worth it.
1. Re:Not News!! by tomhudson · 2009-11-03 09:41 · Score: 5, Insightful
  
  Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get
  
  Sure - just that you won't get a virus by running linux. I have yet (in over a decade of tending linux and bsd servers) had a single machine get infected.
  Lesson learned - friends don't let friends run Windows.
2. Re:Not News!! by Drakin020 · 2009-11-03 09:41 · Score: 4, Insightful
  
  Anyone that installs Anti-Virus on their PC and expects it to protect them from their own stupidity deserves what they get.
  
  --
  The greatest revenge in life is massive success.
3. Re:Not News!! by mcgrew · 2009-11-03 09:42 · Score: 4, Insightful
  
  Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get.
  Yeah? Can you point to ONE virus in the wild that has ever bitten any Mac or Linux user? Trojans don't count. Install Linux on your Windows box and you do NOT need any antivirus (unless you boot into the Windows side), provided you're not stupid enough to run an executable from an untrusted source.
  
  --
  Free Martian Whores!
4. Re:Not News!! by Barny · 2009-11-03 09:42 · Score: 5, Insightful
  
  Why would you need an anti-virus if you have a router whose firewall is worth a damn, have a browser that doesn't develop un-patched exploits like college kids develop acne and you don't click and run every damn executable bit of code you see on web site?
  If you have a good firewall and secure applications, the only remaining way to get a virus is if you download it and run it yourself.
  Virus and virus-checker free for over 8 years.
  
  --
  ...
  /me sighs
5. Re:Not News!! by black3d · 2009-11-03 09:46 · Score: 5, Insightful
  
  I have yet (in over a decade of tending windows and NT servers) had a single machine get infected.
  Lesson learned - Give the same system rights to your windows users as your Linux users have, and they can't get infected even if they wanted to.
  
  --
  "The true measure of a person is how they act when they know they won't get caught." - DSRilk
6. Re:Not News!! by Xest · 2009-11-03 09:50 · Score: 4, Insightful
  
  No, people who run shit they shouldn't are asking for what they get.
  I don't run a real-time scanner, it's too much of a resource hog, I do let AV do an overnight scan once a week though. I've done this for years and never had a virus. Why? Because I don't run shit I know may not be safe to run. I do not open attachments I was not expecting to recieve.
  It's not as if AV software is even that effective anyway, even when it does detect threats half the time it fails miserably at dealing with it and just gives the option of deleting, and sometimes some AV software doesn't even manage that. The paradigm used for AV software is that which has been used for a couple of decades, and it never even worked particularly effectively back then, let alone now that viruses have evolved whilst AV software really hasn't. Again, the best option is really to cover all the attack vectors - don't run executables you don't trust, don't have Javascript enabled on sites you can't be sure are safe, don't open attachments you weren't expecting and so on.
7. Re:Not News!! by jbacon · 2009-11-03 09:52 · Score: 5, Insightful
  
  Out of curiosity, how exactly do you verify that you are infection free without a scanner? Sure, you probably don't have anything overt, like a botnet hijack, but what about less obvious things like rootkits?
  You should probably take your magical ninja virus detection powers and do some consulting for those poor bastards who run Norton....
8. Re:Not News!! by kimvette · 2009-11-03 09:56 · Score: 5, Insightful
  
  Lesson learned - Give the same system rights to your windows users as your Linux users have, and they can't get infected even if they wanted to.
  The corollary to that rule is that many applications won't run because they're poorly architected and require administrative rights to run. Oh, sure, you can finagle around with permissions and get many of them to run, but is it really worth the time to work around broken software? (running Windows which itself is broken notwithstanding)
  
  --
  The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
9. Re:Not News!! by whoever57 · 2009-11-03 10:01 · Score: 4, Insightful
  
  I have yet (in over a decade of tending windows and NT servers) had a single machine get infected.
  Let's be clear here (and the same is true for anyone running Linux), you don't know that none of your machines were infected. You know thatyou never discovered an infection.
  
  --
  The real "Libtards" are the Libertarians!
10. Re:Not News!! by Jazz-Masta · 2009-11-03 10:01 · Score: 4, Insightful
  
  As a Windows (and Unix) System Administrator dealing with numerous users of the 'average' type, I must say giving users limited rights only work if the programs they need to run can do so within those rights.
  We deal with a lot of industry specific software (ie. badly produced software) and many of the users need to have full access to absolutely everything in order for it to work, including mapped drives to the data!
  Some of the users I support are absolutely mind-numbingly stupid. You tell them over and over to NOT do something and they do it again. You try and educate them on attachments and safe web browsing, and they don't care! Many of them will try all the risky things at work that they wouldn't do at home - because they know if they screw up their home computers they'll have to pay to get it fixed. At work, I fix them, someone else pays.
11. Re:Not News!! by maxume · 2009-11-03 10:03 · Score: 2, Insightful
  
  It isn't real clear from the Sophos article, but at a glance, it looks like 8 out of 8 of the viruses discussed are trojans (or were executed as if they were trojans, a couple of them are autorun worms, but the article implies that they just copied each of the programs to the system and then ran them).
  
  --
  Nerd rage is the funniest rage.
12. Re:Not News!! by Atraxen · 2009-11-03 10:03 · Score: 2, Insightful
  
  Getting the sound card, network card, and multibutton trackball working on my Linux machine took plenty of finagling too. Just sayin', neither this cast iron pot nor kettle are LeCresuet red - they look black to me...
  
  --
  Be careful of your thoughts; they could become words at any minute...
13. Re:Not News!! by DoofusOfDeath · 2009-11-03 10:05 · Score: 2, Insightful
  
  Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get
  Sure - just that you won't get a virus by running linux. I have yet (in over a decade of tending linux and bsd servers) had a single machine get infected.
  ... that you know of.
14. Re:Not News!! by PRMan · 2009-11-03 10:17 · Score: 3, Insightful
  
  On that note, if a virus did sit idly doing nothing for years on end, why would I care that I had it?
  That would already make it 10X better than running McAfee to avoid getting it.
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
15. Re:Not News!! by mabhatter654 · 2009-11-03 10:17 · Score: 4, Insightful
  
  None of the 10 they picked!
16. Re:Not News!! by RobDude · 2009-11-03 10:20 · Score: 4, Insightful
  
  The Linux community, as a whole, needs to get it's story straight. (Yeah, I'll probably get modded troll, I'm okay with that).
  One day I hear Linux has great hardware support. It's not like Linux in the past, we even have *BETTER* hardware support than Windows now.
  Then, the next day I hear, 'Well, yeah, Linux doesn't work; but you don't have the right hardware. You need to BUY A NEW FRIGGIN MACHINE if you want to bank on Linux working without spending hours trying to get it to work.
  Which is it? It can't be both.
17. Re:Not News!! by Lord+Ender · 2009-11-03 10:23 · Score: 3, Insightful
  On Windows you can get along without AV, too. The three main vectors for malware to get on your machine are:
  Direct network connections - mitigated by firewall/NAT router
  Browser exploits - mitigated by avoiding IE and using adblock
  Clicking dumb (running executables that come in from email or the web) - mitigated by not installing shit unless you know exactly what it is you're installing
  I have followed these practices for about ten years, without ever using AV, and I have never had malware on my machine. Avoiding AV is important to me, because I play fast-paced online games.
  That said, 99% of Windows users absolutely should be using AV, because my third point (not clicking dumb) requires technical sophistication most people lack.
  TL;DR: You don't need AV if you know what you're doing.
  --
  A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
18. Re:Not News!! by digitalunity · 2009-11-03 10:26 · Score: 2, Insightful
  
  I recall the days when I would download the newest slackware, install it and spend days getting my X config just right, reconfiguring my kernel an endless number of times to get just the right balance of built in options and building modules, trying to get the hardware to work right and basking in the supreme glory of getting everything to work just right.
  Some days I miss that. Other days I boot up Ubuntu and just enjoy the fact that I don't have to do shit and it supports everything but my old canon multifunction printer.
  
  --
  You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
19. Re:Not News!! by drsmithy · 2009-11-03 10:37 · Score: 2, Insightful
  
  Trojans don't count
  Why on Earth not ? The bulk of Windows "viruses" are, in fact, trojans.
  Install Linux on your Windows box and you do NOT need any antivirus (unless you boot into the Windows side), provided you're not stupid enough to run an executable from an untrusted source.
  I've spent nearly 15 years running Windows using this principle, without an AV problem, and - unsuprisingly - have yet to be infected by anything.
  The problem is not the OS.
20. Re:Not News!! by V!NCENT · 2009-11-03 10:38 · Score: 1, Insightful
  
  You are trolling because more hardware (amount of devices and architectures) work with Linux out of the box, but less brand new hardware works with Linux straight away.
  More brand-new hardware works with the latest version of Windows and launch date, but less older hardware is able to even run the latest version of Windows, or the other way around.
  So Linux can actually run more hardware, but some exotic crap, and do note crap (I don' t care how much you paid: still technically crap!) doesn' t work with Linux. But ehm... how much hardware still worked with Vista/Windows7? Yup...
  
  --
  Here be signatures
21. Re:Not News!! by david_thornley · 2009-11-03 10:51 · Score: 2, Insightful
  
  I don't know about MacOSX malware in the wild (although any system can get trojaned), but if you've been running for 25 years that includes the old OSs, and they did have viruses. Some of them, like WDEF, were pretty virulent, and my habit of carrying my own Disinfectant diskette proved very useful. Were you just really, really careful what you exposed your system to?
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
22. Re:Not News!! by RobDude · 2009-11-03 11:04 · Score: 2, Insightful
  
  The claim I frequently hear is that, in order for Linux to really work as intended, you need to buy a machine with 'Linux supported' hardware.
  The other claim I hear is that Linux has vastly superior hardware support than Windows.
  When I said it can't be both - I meant that both of the above can't be true. You can buy any PC - even one preloaded with Linux and there is zero doubt in my mind that Windows will be able to run on that hardware.
  The fact that you have to hand-pick hardware for Linux means that it can't be better than Windows.
23. Re:Not News!! by Andreas+Mayer · 2009-11-03 11:08 · Score: 5, Insightful
  
  I can't, but google can:
  [...]
  http://images.google.nl/search?q=osx+virus+in+the+wild
  
  I guess you did not bother to actually check the search results, right?
  Because I can't find any report about a real virus in the wild.
  Oh, by the way, Google says Barack Obama is a Jew:
  http://www.google.com/search?rls=en&q=barrack+obama+jew
  (Hint: He's not.)
24. Re:Not News!! by RobDude · 2009-11-03 11:39 · Score: 2, Insightful
  
  I think there is an understandable difference between not meeting the minimum requirements and not being able to use a device because of lack of driver support.
  Crysis won't run on seven year old hardware; but that doesn't mean Crysis doesn't support that hardware.
  Anyway, I certainly wouldn't disagree with the claim that 'Linux has much better support for seven year old hardware'. My objection is that the hardware support is presented as being both infinitely better than Windows *and* so bad you need special Linux hardware....at the same time.
  One or the other.
  My personal opinion is that, while Linux 'can' run on virtually anything under the sun (I'm sure some guy, somewhere, has managed to install Linux on his toaster...just because he can) the typical PC hardware that I see people using has much better 'out of the box' support in Windows. But I'm not trying to say Linux has bad support - just that I constantly see Linux supports claim both things, at the same time.
25. Re:Not News!! by drsmithy · 2009-11-03 11:46 · Score: 4, Insightful
  
  Please remember that the vast majority of hardware and peripherals are designed from the ground up to work with Windows and that most computers are sold with Windows preinstalled and preconfigured.
  How do you design a piece of hardware "from the ground up" to work with a particular OS ?
26. Re:Not News!! by shaitand · 2009-11-03 12:10 · Score: 3, Insightful
  
  "When I said it can't be both - I meant that both of the above can't be true. You can buy any PC - even one preloaded with Linux and there is zero doubt in my mind that Windows will be able to run on that hardware."
  Both can be true. I've never seen a non-preloaded windows system where windows supported all the hardware. In every case full hardware support required downloading third party drivers. Ubuntu may or may not support the hardware but if it is going to work at all, it most likely worked out of the box with no additional configuration or third party downloads required. In the few cases where they are needed the system uses detects it and prompts you to download them.
  The difference might not be especially troublesome for you today but it will be when that hardware is a few years old. For instance I guarantee when many windows users "upgrade" to vista aka windows 7 their perfectly functional printers/scanners/multi-functions/digital cameras/web cams that are a few years old will have to be replaced to accommodate the upgrade. Ubuntu will continue to support nearly every piece of hardware it supported with the last release on into the future until some compelling TECHNICAL reason makes it infeasible.
27. Re:Not News!! by Tubal-Cain · 2009-11-03 12:50 · Score: 3, Insightful
  
  One day I hear Linux has great hardware support. It's not like Linux in the past, we even have *BETTER* hardware support than Windows now.
  It does.
  Linux supports hardware.
  Hardware supports Windows.
28. Re:Not News!! by tomhudson · 2009-11-03 13:47 · Score: 2, Insightful
  
  I never claimed that ISS or Apache were operating systems. You might want to brush up on your reading skills :-)
  What I *did* claim was that the whole "there are more exploits because it's more popular" argument is simply not true - Apache serves much more traffic than IIS, and yet the study showed it was much less vulnerable, so the "more popular" argument isn't supported by evidence.
  According to that argument, there should be more exploits the more popular instances of EVERY class of software, from operating systems to web browsers and servers to email clients. Apache vs. IIS disproved that, so we can fall back on the "Windows has more design problems" theory. Given that they still insist on maintaining backward compatibility (because they need to preserve their customer lock-in at any cost, including security), bad design flowing from that bad choice is more reasonable.
29. Re:Not News!! by tomhudson · 2009-11-04 06:42 · Score: 2, Insightful
  
  The original person made the unsupported claim that Windows market share was solely responsible for it having more viruses and trojans. Only ONE counter-example, no matter how old, is sufficient to burst that bubble.
  Correlation does not mean causation. In this case, the larger market share might correlate with the larger number of viruses, but there is no causation agent. To put it more plainly, increased market share does NOT in some way create more bugs, or the products with the smallest market share would be the most bug-free. Bugs are created solely by bad coding practices, and again, there's no way that an increase in market share can suddenly make code worse. There's no "spooky action at a distance" effect that would allow an increase in market share to suddenly retroactively introduce new bugs into existing code.
  Code is either defective, or not defective. Buggy or not buggy. A decline in market share can't suddenly make code less buggy, just as an increase in market share can't suddenly make the same code more buggy. Any apparent correlation, absent a mechanism for causation, is just that, an "apparent" correlation, not a cause and effect.
I'm shocked! by jtownatpunk.net · 2009-11-03 09:36 · Score: 5, Insightful

Next you'll be telling me that 8 out of 10 people who have unprotected sex with HIV-positive, syphilitic, sore-encrusted prostitutes will contract some sort of venereal disease.
More data needed by PhxBlue · 2009-11-03 09:53 · Score: 3, Insightful

Did the account set up on Vista / Win7 have an administrator role, or was it a "normal user" account? By not disclosing that, Wisniewski is only giving us half the story.

--
!#@%*)anks for hanging up the phone, dear.
Is this really surprising? by Sc4Freak · 2009-11-03 09:58 · Score: 5, Insightful

Viruses use security holes to get onto PCs in the first place - once the virus is running on the PC, it's got free reign. There can be absolutely no security vulnerabilities on a system and the virus usually still do what it wants if it's preloaded onto the system.
You don't need administrative privileges to do many things that viruses want to do (eg. send mail, monitor keypresses). They ran the test by loading the virus onto the machine, then letting it execute. That doesn't demonstrate that the system is full of holes - it demonstrates that the system is very good at backwards compatibility!
Re:Firewall? by clone53421 · 2009-11-03 10:02 · Score: 2, Insightful

Agreed, to know whether this is scary would require me knowing whether these were drive-by exploits or require me being stupid enough to run their virus.
I'm pretty confident in my ability to avoid the social networking sort of viruses. It's the drive-by exploits that I'm concerned about.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
It's the defaults by Jim+Hall · 2009-11-03 10:03 · Score: 2, Insightful

They could have at least tested it with Security Essentials . . . it's freely available to Windows users.
And yet the post at the Sophos blog says: "On October 22nd, we settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. We configured it to follow the system defaults [emphasis mine] for User Account Control (UAC) and did not load any anti-virus software." The point is that they installed Windows with the defaults like 99.999% of the users out there would do.
My mom is probably a typical Windows user, and when she eventually installs "the new Windows", I'm willing to bet she'll just go with the defaults. Because it's easy. So if the default install of Windows 7 doesn't include & configure Security Essentials by default, then this test reflects what real users will see.
Sure, they could have done a followup test to install Microsoft's Security Essentials, then see how that would have fared with the same 10 viruses. But these guys sell their own anti-virus software, so I don't really expect them to take the extra step.
Wall of Shame by NoYob · 2009-11-03 10:06 · Score: 3, Insightful

The corollary to that rule is that many applications won't run because they're poorly architected and require administrative rights to run
Slashdot should have a Wall of Shame for programs that are like this.
Kodak Easy Share is my pick.

--
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
1. Re:Wall of Shame by CrazyKen · 2009-11-03 10:31 · Score: 2, Insightful
  
  It would probably be easier to list the applications that do work, fully, without administrative rights... or power user rights.
Missing the point of the article by dwlovell · 2009-11-03 10:14 · Score: 4, Insightful

This article is not saying Windows 7 is insecure. You couldn't even come to that conclusion if you look at what they did. They ran untrusted code known to contain viruses on a Windows 7 machine. UAC only blocked those that tried to perform administrative tasks, which is what its job is. They did not try to do remote infection.
I could write a virus attached to an executable that deleted your favorites file or all of the documents in your user's document folders. This would still be a nasty virus and would not be classified as an administrative activity, thus not triggering UAC. This would not indicate any flaw in the OS or it's level of security. This is no different from any other platform, running as admin or not, if you run untrusted code, it will be able to do anything your logged in user can do.
The point of the article is that people should not pretend UAC *is* virus protection. Microsoft doesn't market it as virus protection, and people shouldn't be under the impression that UAC prevents viruses from running.
no... by Anonymous Coward · 2009-11-03 10:22 · Score: 1, Insightful

They threw at it the next 10 virus/worm samples that came in the door. Seven of them ran; UAC stopped only one baddie that had run in the absense of UAC. "Lesson learned? You still need to run anti-virus on Windows 7."
Lesson learned: don't execute random questionable crap on your computer and you can almost certainly live without AV.
Yet another lesson revision... by Anonymous Coward · 2009-11-03 10:35 · Score: 1, Insightful

Yes, even Mac and Linux need (and regularly run) anti-virus software... If the role demands it.
Grandma running a Mac to check her email and (gah!) facebook will likely never need it.
Linux running a mail server absolutely needs to have and run it. It would be downright irresponsible not to, regardless of whether the Linux server was vulnerable to any of the viruses coming through or not.
and to also throw in my "who is surprised by this?"... You mean to tell me that they are surprised that windows software, written to specifically take advantage of a "feature" of windows, still runs on the newest version of windows, which is only minimally different from previous versions of windows, and was written specifically to remain as compatible as possible with previous windows software?... Hmmm
Re:Best anti-virus next? by 1s44c · 2009-11-03 10:47 · Score: 3, Insightful

So...what's the best anti-virus software for Windows 7?
Disconnect it from the network.. You asked..
Stupid test? by 140Mandak262Jamuna · 2009-11-03 11:06 · Score: 5, Insightful

They got some malware, and ran it. If these malware did not need elevated privileges, they are expected to run. You download a bash script from the net that goes "\rm -rf ~" and then complain that your $home is hosed? I am not sure the test is fair. Did the malware get root privileges? Did they do any damage that simple plain process with user privilege could not do? Unless such things happened, this test amounts to nothing more than testing backward compatibility of some old binaries in new OS. Duh.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Re:Why blacklist instead of whitelist? by Monkeedude1212 · 2009-11-03 11:12 · Score: 1, Insightful

This makes logical sense to me, but (apparently) it isn't done.
It is done. Everytime Windows Firewall says "This application is trying to access the internet" and you hit unblock. Everytime Windows Vista says "You need administrative Rights to run this, do you want to continue?".
It's either
A) A whitelist the users can set, which frustrates users to a point that they don't care and allow everything they come across.
B) A blacklist run by some antivirus or another, which is constantly trying to keep up (and failing).
C) A whitelist that is set by some third party (Like Apple - which is why Macs are so Virus free*) which can annoy users when they can't run their application.
*They aren't, I know, but their software limitations are what keep them at their virtually safe status.
hmm by nomadic · 2009-11-03 11:28 · Score: 3, Insightful

You still need to run anti-virus on Windows 7."

Or, alternately, DON'T INTENTIONALLY RUN VIRUSES ON YOUR COMPUTER. Geeze.
Re:Error in summary by kestasjk · 2009-11-03 13:29 · Score: 5, Insightful

On what OS can you run viruses written for that OS, which will not run? RTFA; they ran virus.exe on Windows 7 and were gobsmacked that they ran. This is FUD and/or a slashvertisement for Sophos..

--
// MD_Update(&m,buf,j);
Re:In other exciting news... by cgenman · 2009-11-03 13:45 · Score: 2, Insightful

...software written for Macs...
You lost me here. Is there a Wikipedia entry you could point to?

--
The ______ Agenda
Re:What's new? by hesaigo999ca · 2009-11-04 01:39 · Score: 2, Insightful

Well, yes seeing as the whole purpose to upgrade is to be able to have little or no security issues, and no need for AV.
Cancel or allow, so what, it is bypassed, so I will just stick with XP seeing as I already have my license and already have my Av on it.
M$ needs to come out with an OS that has no possibility of being owned by a virus, sort of like linux does, linux only has rootkits. Sysinternals is good for rootkit detection and is owned (now) by M$, so if they could tweak their OS to be more like linux, we would all be in a safer place.