British security experts say Windows 7 still can't effectively defend against malware

According to foreign media reports, Chester Wisniewski, senior security consultant at Sophos, a British security company, said that although Windows 7 has improved security, Windows 7 still cannot effectively defend against it. malicious software.

Vulnerability Attacks

Cybercriminals typically use two methods to install malware on a user's PC. When a user browses a webpage with an attack code, if the user's Windows program or third-party application has a security vulnerability, the attacker will use these vulnerabilities to install the malware.

In contrast, social engineering attacks trick users into downloading and installing bots. For example, some attackers will send you an email with a PDF document, and as soon as you open the PDF document, you will trigger an Adobe Reader vulnerability.

H.D. Moore, director of security research at BreakingPoint Systems, said that Windows 7 can defend against multiple attacks against targeted software vulnerabilities. For example, IE 8's security model protects against ActiveX attacks.

Windows 7's Address Space Layer Randomization (ASLR) will increase the difficulty for attackers to find bugs in computer memory. Data Execution Prevention (DEP) can block attacks that exploit vulnerabilities.

Wisny Oschi believes: "Although the ASLR and DEP features in Windows 7 can protect more applications (compared to Vista), these two security features do not cover all applications. "

Is Vista more secure than XP?

In order to better understand the security features of Windows 7, we may wish to discuss the security features of Vista.

Microsoft's Security Intelligence Report for the first half of 2009 (pre-IP 7) shows that the latest (installation of the latest update) Vista virus infection rate is 62% lower than the latest XP system .

However, considering that Vista users are generally technical staff, Vista users have lower virus infection rates than XP users.

But Wisconsin thinks that Vista's ASLR and DEP functions also play an important role. Now that Windows 7 has improved these two security features, we have reason to believe that they will continue to work.

HDMoore said: "Malware threats will not disappear. Many attackers may continue to threaten new operating systems, we should be vigilant."

For users, not programs

Vulnerability attacks can be difficult to threaten Windows 7, and social engineering attacks are still very dangerous.

In October 2009, Sophos used 10 malicious programs to test the UAC functionality of Windows 7. The test results show that eight of the programs can be run. Only one of the eight programs needs to be closed after UAC is turned off, and the remaining two are completely inoperable.

Sophos' test proved two things. First of all, the Windows 7 UAC feature was not designed to block malware, so users should not expect too much from it.

Second, if an attacker tricks you into downloading a Trojan, ASLR and DEP have no effect at all. IE 8's SmartScreen feature prompts users when they download unidentified files from a web page, but malware can circumvent this security policy.

Social engineering attackers can even send hidden emails to their friends by invading the user's social network account. Therefore, Windows 7 users must not be taken lightly on malware.