Windows 7 is a valuable upgrade delivering an awesome new user interface, but don't expect any major improvements in security.

Anti-virus software vendor Sophos tested Windows 7's built-in anti-virus capabilities by feeding a clean system 10 pieces of the newest malware. Eight out of the 10 samples ran successfully, claims Sophos.

"Unfortunately, despite Microsoft's claims, Windows 7 disappointed just like earlier versions of Windows," says Chester Wisniewski, a senior security advisor at Sophos, in a blog post. "The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7."

Sophos' findings aren't surprising: Windows 7 promises backward compatibility with most software that works on older operating systems, such as Windows XP. It would be reasonable to infer most malware compatible with Windows XP or Windows Vista is likely going to harm Windows 7.

Also, prior to the release of Windows 7, Microsoft did not promise that the OS would be safer against viruses. Security enhancements that Microsoft highlighted were automatic data encryption for thumb drives, a feature for IT administrators to control which applications can run on a corporate network, and a malware filter in Internet Explorer 8 – nothing promising to prevent malware from working at all.

In fact, Microsoft has steadfastly insisted that Windows 7 users continue to run anti-virus software and regular system updates to stay safe.

"Security in Windows 7 is very multi-faceted and we have never advised customers to rely on just one specific feature in the OS," a Microsoft spokeswoman said in a statement. "We recommend that customers configure their computer to download and install updates automatically, and install all security updates and service packs when available to ensure the highest level of protection against malware and other vulnerabilities."

Many security researchers agree that Windows operating systems will always be more vulnerable to malware. That's because the vast majority of PC owners are Windows users, and that gives "the bad guys" greater economic incentive to attack Windows systems.

Thus, even though Windows 7 ships with more built-in security features than Apple's Mac OS X, the Mac is still safer because fewer malicious hackers are targeting the less-popular platform.

"If you're a bad guy and you're doing this to make money … you don't want to spend 90 percent of your time on Windows and 10 percent on Mac," said Charlie Miller, a security researcher and author of the The Mac Hacker’s Handbook, in a September interview with Wired.com. "You're going to want to spend 100 percent of your time on Windows."

Sophos says the "lesson learned" from its malware test is you still need to run anti-virus on Windows 7. That hardly seems to be a new lesson, since Microsoft never told anyone to stop running anti-virus in the first place.

So why is Sophos so "disappointed" with Windows 7? Clearly, the company is sensationalizing its findings in order to sell more anti-virus software. All of this should have already been obvious, though numbers do help confirm previous assumptions.

All you should gain from the Sophos report is reaffirmation of something you already knew: So long as you're running Windows, you need anti-virus software. So keep running it.

See Also: