Microsoft's Windows 7 is vulnerable to eight out of ten viruses.

Source

 

original blog

I wonder how sensitive UAC was set.

 

their u go lol

 

Thanks for finding that one for me.

 

I'm not surprised in the least. In spite of all their "advances", Microsoft is still incapable of making an OS that's reasonably secure "out of the box". Yes, Windows has tools built in that can make it quite secure. That's been true for many versions of Windows, even the 9X systems. Unfortunately it's also true that those tools are beyond the average users ability to use effectively without a lot of studying or help. Like it or not, most copies of Windows 7 will be running with "out of the box" settings, just like all the previous versions. For all the hype, nothing has really changed for the average user as far as OS security is concerned.

 

Simple solution is set it to maximum level. Good grief Charlie Brown.

 

UAC is not a security boundary.

 

__________________________

But the complaint about the UAC weakness in the original article doesn't stress how a different outcome might have been reached if the user sets the UAC to maximum level. That seems fishy to me since it was user complaint that requested MS back off the UAC strictness.

 

Well, I tried not to reply to Sophos' brilliant comments, but obviously I failed.

A big, fat LOL at Sophos from me. What they should have said is: "Windows 7 is generally compatible with most software designed for earlier Windows NT versions. We are AMAZED, AMAZED DO YOU HEAR, that this also includes malware. How can that be? We can't wrap our minds around this! Or maybe we can, but our marketing department couldn't think of anything else to write today. So please buy our AV, because you really-really-really need it! Buy it! NOW! Please? You'll get owned if you don't, I promise!"

"Vulnerable"? Well, if by "vulnerable" you mean "users can execute this malware and then it'll run just fine", sure. Sure, most old malware works just fine in new Windows versions. Obviously. And why? Because MS chooses not to change everything so that no old software works on their new OS. Because their customers, most likely including most people on security forums, would hate that.

For all the people who think it's just a sign of Microsoft's incompetence that current malware works on new Windows versions as well, I have a question. Please think through it seriously. The question is this: What could Microsoft, or indeed anyone who makes an operating system, do in their new operating system version to break malware designed for old and current versions of the operating system, without also breaking legit software designed for those versions of the operating system? Riddle me that, folks.

Yeah, Microsoft could design every new version of Windows so that absolutely all software made for older Windows versions would just not work at all. Then no old malware would work either. But don't you think that hundreds of millions of Windows users might be a little annoyed if this was done? Especially considering how much even supposedly advanced users cry about every little change that breaks even the most obscure and badly coded of apps. Microsoft doesn't have any real choice here. To please their customers, they have to keep compatibility with older software. And if they do that, then also malware will work just fine, because malware is just software.

As for Windows 7 as a security improvement, from what I can tell, it is.

 

Wow good read here

 

Yes, it's possible that UAC on it's most secure setting might have stopped more malware in this test.

My post was directed towards Sophos Lab's 'refuting' the straw-man argument that, in Windows 7, UAC is effective at protecting a PC from malware.

Microsoft has never claimed that UAC defines a security boundary on any setting. It's primarily a convenience, but better than nothing at all, according to Mark Russinovich.

 

That's certainly true that the UAC is not primarily "hard armor", but it does provide secondary "soft armor" against lots of currently written malware and viruses. I realize it's first purpose is to make standard user accounts easier for the admin, yet I do believe in unintended consequences. So far I like the UAC's resistance to malware and viruses.

Yes, I appreciate your clarification on the Sophos article.

 

If UAC's purpose is not security, then why does Windows allow limited accounts at all? Wouldn't it be simpler to simply have all accounts run with full admin privs just as it was back in Win95-ME? One can have separate accounts without having limited privileges.

 

I'm not sure that the article specified whether or not the test was conducted on an admin or limited-user account. If they are using default settings, the default account is admin. Running as a limited-user account may have also prevented some of the infections.

And I could be wrong but I thought UAC was set to maximum by default? That's what is says on my comp.

 

According to Mark Russinovich:

 

Are you logged in as administrator, or are you trying to view UAC settings from a standard user account via UAC?

 

From The Windows Blog (1/23/07):

 

I thought that should be obvious, as it's been said roughly a million times since Vista and UAC were announced, but I guess all the articles written by people who didn't do their homework that tout UAC as some great security feature have drowned all that out. UAC is not the same as limited user accounts at all, so why would UAC's purpose have anything to do with whether there should be limited user accounts in the OS or not? In fact, UAC is a method to force developers into making software that works in limited user accounts. And UAC does this by making the default admin account that most everyone will be using a kind of make-believe limited user account where you don't just automatically have admin rights, you have to take those rights first (and you can, easily, whereas in a real limited user account you can't). So, UAC's purpose is simply forcing devs to make LUA compatible software and to make incompatible software work better (by file system and registry virtualization for example). Basically, UAC is a compatibility hack and a minor security feature. It's not a security boundary, whereas LUA is. Or in other words, UAC by design has methods to bypass it because it was never intended to be a security boundary, but any possible methods one can discover to get out of LUA are privilege escalation security vulnerabilities and will be treated and fixed as bugs instead of "by design" features. Sure, UAC provides some security, since a lot of current malware expects to automatically get admin rights without doing anything, but with UAC they no longer do, and instead would actually have to do something to get those rights. But said security is not strong at all, as compared to just using a real limited user account. This is not a technical problem at all, though: UAC was made to be "strong enough" so that legit developers would not be able to go around it to get admin rights without making their software look malicious, which then forces them to make their software LUA compatible in order to keep it legit looking. Malware devs of course won't care, and will happily hack around UAC. The big problem with UAC in my opinion is that some people have gotten the idea that it provides reliable protection, and will even go as far as claiming: "I don't have any reason to run as LUA since I've got UAC on!" Augh. But that is a PEBKAC issue.

It's quite simple, really, and I can't fathom why folks are getting UAC and LUA somehow mixed up. They are not the same. What Microsoft seems to be up to here is that with UAC, they're trying to get developers to make LUA compatible software. Once enough software works with LUA, Microsoft can and hopefully will, in some new version of Windows, finally create limited user accounts by default during the installation. And then this would no longer be inconvenient to folks, because even the less bright developers would have started making LUA compatible software.

 

Exactly, but what other reason does he want "all users to run with limited privileges" if not for security?

 

...

It's really simple.

Microsoft, and Mark Russinovich, want "all users to run with limited privileges" because that is safer, in other words, for security. Yes, this is obvious. But UAC does not equal limited privileges. I'll say it again: UAC is not LUA. UAC is a way to make the default admin account a kind of make-believe limited user, so software developers have to create software that is compatible with LUA. In this way, there will be more LUA compatible software, and when there's enough LUA compatible software, all users can finally create limited user accounts for themselves and use those, and finally have real limited privileges.

In short:
- running LUA is for security
- but UAC is for forcing developers to make software that works in LUA, so that people can run LUA for security, without having all their software break.

 

The default is still an admin account that in theory acts like it has less privileges. UAC pops up and asks if you really want to run britney_spears_naked.jpg.exe. I don't think it was meant to be an alternative to a real limited user account.

 

You're right Dogbiscuit. I was looking as a standard user. I noticed the difference setting up accounts on another comp.

 

I guess there are two options left now:Maximum or off.

BTW,do those malwares that successfully bypassed UAC caused damage to the real system? It seems however the answer is negative for some malwares actually. If it's true,it doesn't necessarily mean that Windows 7 failed.

 

Once again after reading one of these apparent claims of exploits, I come away a bit confused as to what actually happened. According to the Win 7 UAC default level as seen in the screenshot, the user still has to allow the program's attempted changes to the system, which leads me to ask: even at default uac level, isn't it still up to the end user whether to allow the file to run? IOW, even at maximum level, could the system still not incur infection due to the user permitting all alerts, even though at maximum there will be more of them? If more alerts at maximum, it simply means more clicks to permit the attempted changes, at least if the end user wants to install the software.

I'm thinking, and in agreement with Windchild, that this is just another one of those "you need an antivirus solution for protection - especially our product " article.

As I suggest above, I don't think it makes a difference; it's still entirely up to the end user.

for some, maybe not, but for others yes, especially contingent upon how often the user is allowing attempted changes at a given uac level. The more permitted, the more damage done, I would guess.