Slider settings for UAC in Win 7 are source of controversy.

Network administrators looking to Microsoft’s latest operating system Windows 7 for a measure of relief from the armada of malware aimed at past versions of the OS aren’t likely to find it if a recent experiment conducted by security researchers is any indication of what’s in store for new users of the software.

The White Hats installed the operating system on a clean machine without any anti-virus software and, using the default settings for User Access Control (UAC) discovered that seven of 10 malware samples easily infected the computer.

Malware programs that successfully ran in Windows 7 were Troj/FakeAV-AFY, Mal/EncPk-KY, Mal/EncPk-KP, Troj/agent-LIW, TrojFakeAV-AFX, Troj/Zbot-JN and W32/Autorun-ATC. Malicious code that failed to execute included Troj/Bredo-M, W32/autorun-ATK and Troj/Banker-EUT.

Folks naive enough to believe Microsoft’s security claims about Windows 7 will no doubt be disappointed by these findings that suggest the new operating system shares some of the drawbacks of its progeny, but the bad app battlers said they weren’t surprised by the results. A major concern with the new UAC system in Windows 7 is that users will believe that it will protect them from cracker attacks. It won’t. The revamped UAC feature is as ineffective in blocking a majority of malware programs as anti-virus applications that rely solely on signature-based scanning to prevent the execution of malicious code. Moreover, the false sense of security the new UAC can create among users may induce them not to install security software on their machines, which would be a serious mistake.

Continue reading Enterprises face Win 7 security challenges