Palupix ™ News Center the place to share about the technology, business, and lifestyle.

Subcribe our post

Enter your email address:

Friday, November 6, 2009

Windows 7 RTM Infected by 8 Out of 10 Viruses, Claims Security Outfit

Security company Sophos has tested Windows 7 RTM and found that the latest iteration of the Windows client from Microsoft is vulnerable to no less than 8 out of 10 viruses currently spreading in the wild. The security outfit put a clean install of the gold edition of Windows 7, which hit store shelves worldwide on October 22nd, in the same arena with 10 samples of malicious code, and found the operating system lacking when it came down to offering protection to end users by itself. In addition, Sophos pointed out that Windows 7’s User Account Control, either turned off completely or was running with default settings, was not an impediment for the infections to run wild.

“We grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft's claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7,” noted Chester Wisniewski, Senior Security Advisor.

We will not comment on the legitimacy of the claims coming from Sophos, or of the initiative, but we will say that their testing methodology is far from, well, an actual testing methodology. The fact that a specific group of 10, and no more than 10, malware samples resulted in a high rate of infections for Windows 7 does not justify the generalization implying that Windows 7 is vulnerable to 80% of the malicious code currently active. Sophos should have tested a consistent portion of all its malware samples for various types of malicious code, and only thereafter draw conclusions.

“User Account Control did block one sample; however, its failure to block anything else just reinforces my warning prior to the Windows 7 launch that UAC's default configuration is not effective at protecting a PC from modern malware. Lesson learned? You still need to run anti-virus on Windows 7,” Wisniewski stated.

Malicious code that infected Windows 7
Enlarge picture
Just to be clear, Microsoft never said that Windows 7 didn’t need anti-virus products. In fact, much to the contrary, the Redmond company has always made sure to stress the necessity of running security solutions for its end users. Actually, it even proceeded to offering Microsoft Security Essentials 1.0, a basic but free anti-virus, designed to protect users that cannot afford, or simply don’t want to buy a complex security suite.

Early adopters that followed the development process of Windows Vista’s successor know that the software giant has made sure to have security solutions supporting the OS even as early as the Beta stage in January 2009.

“Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up,” Wisniewski concludes. Yes, Windows 7 is not a panacea for security. But on the other hand, the threat environment continues to expand, evolve, and thrive, even with all the antivirus products offered by security companies, some of which are multi-million businesses built on the back of the Windows operating system.

And Wisniewski should know that UAC is not a security barrier; namely, the User Account Control, whether in Vista or in Windows 7, does not offer impenetrable protection. The UAC is simply an added mitigation. Given sufficient time and effort, UAC, like any other security mitigation, can be bypassed. Still, it is specifically on the time and effort factors that Microsoft is betting on. Building a perfect operating system is a pipe dream. Creating and setting in place sufficient mitigations to deter attackers, by making it simply not worth their time and money to exploit Windows, is not only a realistic scenario, but also the strategy that made Windows Vista more secure compared to Windows XP.

UAC by itself is insufficient to stop attacks, but the User Account Control is designed to work in concert with additional security mitigation. Windows 7 does not rely on UAC as the first and only line of defense; it also offers users Internet Explorer Protect Mode, Kernel Patch Protection, DEP, Address space layout randomization (ASLR) etc.

This is not the first time that Sophos takes aim at a recently released Window client. Back in 2006, even before Windows Vista was finalized, the security company revealed: "Sophos experts note that on the launch date of Microsoft's Windows Vista operating system, three of the top ten - including Stratio-Zip - are capable of bypassing the product's security defences and infecting users' PCs. The Vista-resistant malware - W32/Stratio-Zip, W32/Netsky-P and W32/MyDoom-O - comprise 39.7% of all malware currently circulating."

Windows Vista is indeed more secure than Windows XP, and the statistics provided by SIRv7, and previous releases of the report are a clear indication of this fact. However, Microsoft always advised end users to run security solutions with Vista. The same is valid for Windows 7.

One problem that we have with Sophos’ test is that Wisniewski does not mention anywhere how it was actually performed. Was the Windows 7 computer simply connected to the Internet and the viruses infected the OS without any sort of user interaction? Because we really doubt this.

Or did Sophos researchers simply put the viruses on the Windows 7 machine and executed the malicious code samples? If this is the case, such a test only shows that the vulnerability sits behind the chair and the computer monitor, but certainly cannot be found in Windows 7. There’s no security barrier or patch for preventing users from installing malware on their own computers.

Microsoft Security Essentials 1.0 is available for download here.

Mac OS X 10.6.2 Build 10C540 Seeded to Developers

Apple developers have received a new build of the second maintenance and security update to Snow Leopard, Mac OS X 10.6.2 Build 10C540. The incremental update is on track to deliver over 150 code corrections, to which build 10C540 adds fixes for AirPort performance issues on the newly released iMacs, as well as for a problem that arose when plugging and unplugging a system to an Apple TV.

People familiar with the build also point out to a VMWare fix included with 10.6.2. The fix presumably targets the newly released VMware Fusion version 3.0, according to AppleInsider. Build 10C540 also fixes reported panic issues with USB, Apple Filing Protocol, and some video cards. Courtesy of World of Apple, the complete seed notes for Build 10C540 are available below. Mac OS X 10.6.2 is expected to drop this month. The update also includes an important fix for a widely reported data-eating bug on Snow Leopard.


Known Issues

None.

Focus Areas (Changes in 10C540)

AFP
Resolves an AFP panic.

AirPort
Resolves a performance issue on new iMacs.

GraphicsDrivers
Fixes a system hang issue on some video cards.
Resolves a kernel panic on some video cards.
Resolves an issue with plugging and unplugging to an Apple TV.

Kernel
Resolves a VMWare issue.

USB
Resolves a panic with USB.

Updated Components in Mac OS X 10.6.2:
AddressBook;
AFP;
apache;
AppleBacklight;
AppleDisplays;
AppleScript;
AppleWWANSupport;
ApplicationFirewall;
AppKit;
Apache Portable Runtime;
ASR;
ATS;
ATSUI;
Battery Menu Extra;
BezelServices;
Bluetooth;
CarbonCore;
CFNetwork;
CFPropertyList;
CFRunLoop;
CFURL;
ColorSync;
Component Manager;
configd;
Core Chinese Engine;
Core Media;
Core Animation;
Core Applications;
CoreAudio;
CoreData Framework;
CoreData Predicates;
CoreFoundation;
CoreGraphics;
CoreImage;
CoreMedia;
CorePDF;
CoreServicesUIAgent;
CoreText;
CoreTypes;
CoreUI;
CoreVideo;
CrashCatcher;
Date Time Prefs;
Dictionary Application;
Dock;
ExchangeWebServices;
Expose;
Family Controls;
Fax;
FileSync;
FileURL;
Finder;
Fonts;
Foundation;
Front Row;
Garbage Collection;
GraphicsDrivers;
GPU Compute;
Help Viewer;
HFS;
High Level Toolbox;
iCal;
iCal Exchange;
iChat Audio/Video/BuddyList/Jabber/Menu/Pref;
ICU;
iDisk Syncing;
Image Capture;
ImageIO;
ImageKit;
Inkwell;
InstallCmds;
IOAHCIBlockStorage;
IOAHCIFamily;
IOHIDFamily;
IOPlatformPluginFamily;
IONetworkingFamily;
IOKit Kernel;
iPhoto;
IPSec;
Japanese Analysis;
Kerberos;
Kernel;
KeyboardPref;
KeychainAccess;
Kotoeri Dictionary Trainer;
Language Analysis;
Latent Semantic Mapping;
LaunchServices;
libdispatch;
LibInfo;
libpcap;
libsecurity;
libxml2;
LoginWindowUI;
Mail;
mDNSResponder;
Migration;
MobileMe;
Mosaic Screen Saver;
network_cmds;
Networking;
Network Pref Pane;
NTFS;
Objective C;
OpenCL;
OpenGL;
OSInstaller;
PackageKit;
Parental Controls;
Persistence;
Phone Conduit Sync;
Photo Booth;
Preview;
Printing;
Quartz Composer ;
QuartzCore;
QuickLook Office;
QuickTime;
QuickDraw Manager;
QuickTime Player;
Screen Saver;
Screen Sharing;
securityd;
security_certificates;
SecurityAgent;
Software Update;
Spaces;
Speech Recognition;
Spell Checker;
Spotlight;
Sync Services;
System Prefs;
System Configuration;
System UI Server;
Text Checking;
Time Machine;
Time Zone Data;
Traditional Chinese Input Method;
Translation Widget;
Universal Access Pref Pane;
URLMount;
USB;
Voice Over;
VPN;
Weather Widget;
WebDAVFS;
xQuery;
xType.