According to foreign media reports, Chester Wisniewski, a senior security consultant at British security company Sophos, said that although the security performance of Windows 7 has been greatly improved, Windows 7 is still unable to effectively defend against malware.
vulnerability attack
Cybercriminals generally use two methods to install malware in user PCs. When a user browses some web pages that contain attack code, if there are security vulnerabilities in the user's Windows program or third-party application, the attacker will use these vulnerabilities to install malware.
In contrast, social engineering attacks trick users into downloading and installing botware. For example, some attackers will send you an email with a PDF document attached. As long as you open the PDF document, you will trigger the Adobe Reader vulnerability.
HDMoore, director of security research at BreakingPoint Systems in the United States, said that Windows 7 can defend against a variety of attacks targeting target software vulnerabilities. For example, IE 8's safe mode protects against ActiveX attacks.
Windows 7's Address Space Layer Randomization (ASLR) will make it more difficult for attackers to discover vulnerabilities in programs running in computer memory. The Data Execution Prevention (DEP) function can prevent attacks that exploit vulnerabilities.
Wisniowski believes: "Although the ASLR and DEP features in Windows 7 can protect more applications (compared to Vista), these two security features do not cover all applications."
Is Vista more secure than XP?
In order to better understand the security features of Windows 7, we might as well discuss the security features of Vista first.
A Microsoft Security Intelligence Report for the first half of 2009 (before Windows 7 was launched) showed that the virus infection rate of the latest Vista (with the latest updates installed) was 62% lower than the latest XP system.
However, considering that Vista users are generally technical personnel, the virus infection rate of Vista users is lower than that of XP users.
But Wisniowski believes that Vista's ASLR and DEP functions also played an important role. Now that Windows 7 has improved these two security features, there's reason to believe they will continue to work.
HDMoore said: "Malware threats will not disappear because of this. Many attackers may continue to threaten new operating systems, and we should be more vigilant."
Target users, not programs
Exploit exploits may have a hard time threatening Windows 7, and social engineering attacks are still very dangerous.
In October 2009, Sophos used 10 malicious programs to test the UAC function of Windows 7. The test results show that 8 of the programs can run. Only 1 of the 8 programs needs to turn off UAC before it can run, while the remaining 2 cannot run at all.
Sophos' testing proved two things. First of all, the Windows 7 UAC feature was not designed to block malware, so users should not have high expectations for it.
Secondly, if an attacker tricks you into downloading a Trojan horse program, ASLR and DEP will have no effect at all. IE 8's SmartScreen feature will prompt users when they download files from unknown sources from a web page, but malware can bypass this security policy.
Social engineering attackers can even compromise users' social network accounts and send their friends URLs that hide malware. Therefore, Windows 7 users must not take malware lightly.