Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Microsoft left Windows 7 open to hackers, says Sophos

'Neutered' UAC misses 7 of 8 trojans

Article comments

Microsoft's decision to reduce the number of annoying security messages that Windows 7 delivers when users install software makes the new operating system more vulnerable to malware infection than Vista, a researcher said today.

"UAC was neutered too much by Microsoft," argued Chester Wisniewski, a senior security advisory with Sophos, talking about Windows' Users Account Control (UAC), the security feature Microsoft debuted with Vista.

UAC prompts users for their consent before allowing tasks such as program and device driver installation to take place. In an effect to quash user complaints which had condemned the constant intrusions, Microsoft modified UAC so it appears less frequently in Windows 7.

That wasn't a good idea, said Wisniewski.

"We wanted to know if UAC was going to be effective in Windows 7," he said. "So we grabbed the next 10 [malware] samples that came in and tried them out."

The 10 samples, most of them Trojan horses, were loaded onto a clean Windows 7 PC that lacked antivirus software, simulating payloads that an actual exploit would deposit on a compromised computer. Wisniewski then ran each piece of malware, as if a user had been duped into launching a file attachment or had surfed to a malicious site and been victimized by an drive-by attack and subsequent silent download.

Of the 10 samples, two would not run under Windows 7, not surprising since they were likely designed to execute on the far more common Windows XP and Vista, and only one of the remaining eight triggered an UAC prompt, said Wisniewski.

He acknowledged that the test was quick and dirty, and didn't accurately portray how secure Windows 7 was overall, or even how well it would withstand attack if protected by antivirus software, even basic programs like Microsoft's free Security Essentials. The point was to see how much Windows 7's reconfigured UAC would help block malware that made it past security software or got by other defensive measures of the operating system, like DEP (Data Execution Protection) and ASLR (Address Space Layout Randomisation).

"UAC is really not protecting users properly," Wisniewski said. "Frankly, people should turn it back into the more aggressive mode, like Vista," he said, speaking of the ability to set the feature's prompting frequency. "And if you find it annoying, you might just as well turn it off, because otherwise it's not doing any good."



Share:

More from Techworld

More relevant IT news

Comments

rlc said: actually there are ports left open for windows 7 making it vulnerable for some attacks try to ddos windows 7 using another machine and you will know it for yourself

TECHWATCHER said: I never thought I would see the day when I have to say or even disagree with anything on this website but today I find myself un this case I can say that this is just another way for the big companies to scare us into buying their products if a test is done it mus be done properly not like a kid would in grade 3

Dorian said: What a load of crap this is just Sophos pushing the sale of AV software to the masses with scare tactics Much better AV software that Sophos is available for free

Zeke Shadfurman said: This really is a silly article No security measure is supposed to be 100 Ive never had a problem with security and Ive only got a firewall in my router and run a virus scan every few months But as a previous comment pointed out there is no fix for stupidity and for that reason I thought the annoying UAC as default was a smart idea on vista Anyone NOT stupid can disable it make it too easy and stupid ppl will disable it

Mark said: I cant believe that the new operating system I just bought is so riddled with holes I thought Windows 7 would be good - better than Vista But now Im learning that I have just spent my good money buying a Vista wannabee I guess its back to Vista Anythings better than getting hit with malware and viruses

neverhome said: UAC is a pain I disabled it the 1st day with Vista Never looked back Norton has kept me secure for 10 years without a single problem

SnowDog1974 said: The fact that Vista handled UAC more securely is misleading I know for a fact that the first thing many technical users myself included was to turn off UAC in Vista because it was so annoying and intrusive

reinisb said: He acknowledged that the testdidnt accurately portray how secure Windows 7 was overall or even how well it would withstand attack if protected by antivirus software So it was basically pointless then Nice

Aaron said: Holy crap Can you idiots please make up your minds First its UAC sucks because it gets in your way now it sucks because its not in your way enough Stop with the stupidity If you dont know how to use a friggen computer then stop blogging about it

oldtech said: wow I knew ms had lots of guys looking for bad press so they could blog it away never thought there would be so many BTW using the word lame does not make you any cooler NICE TRY Boyz now get back to that corporate marketing work and leave the techies alone

Tim said: People say they want security but when it is given to them its too much of an inconvience There are items about Vista I dont like over XP but I realize those features are there for added security so I can live with it Never had any real complaints about UAC What UAC should be is smart enough to know what program have been run and youve accepted and not prompt you for them again

thom said: Microoft is damned if they do and damned if the dont This idiot got his 15 minutes worth and has been delegated to the waste bin with the rest of the reality show freaks Yes maybe most consumers are morons but this isnt an episode of no child left behind

MadGerbil said: For people who wander aimlessly around the internet downloading software from unknown sources there is no fix otehr than pulling the ethernet cable out of the wallFUN TIP FOR WISNIEWSKI Learn to do real research

huckleberry said: You should be sued by M for the sensational headline with no backing data And you should be fired for being an idiot

BustidWin7 said: Heh I wanted to test Vista on UAC amp it stopping malware install I ran an installer for CommonName rootkit It installed the startup and the kernel level driver and actually was running for about 15 minutes before I got a UAC promptYes UAC was enabled no other mods to system I had disabled AV to perform test In short -- UAC may not be all one thinks it is

Resuna said: UAC is a distraction If Microsoft wants to make Windows secure they need to dump Internet Explorer and bring the more secure UNIX-derived process creation and networking APIs from Interix into the core

Ryan said: Addled Hes a reporter not a messenger Hes meant to pick the stuff thats newsworthy

Addled said: Dont shoot the messenger guys Wisniewski is the idiot

GuyverXT9 said: Yep I agree with the rest of these comments This article is LAAAAAAAAME Crappy test dude Youve just added your name on the wall of shame

Christian Sciberras said: Hardly a fair test Why do you have to make Win7 secure on the inside Surely MS will not go on the Linux way having to sudo just about everythingI completely disagree with this researcherMicrosoft would be better off fixing remote attack exploits rather then local security What about the good old trust the user paradigmAh right Users are ignorant enough to run anything you throw a themMaybe MS should choose customers with integrated antiviruses



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *