Slider settings for UAC in Win 7 are source of controversy.

Network administrators looking to Microsoft’s latest operating system Windows 7 for a measure of relief from the armada of malware aimed at past versions of the OS aren’t likely to find it if a recent experiment conducted by security researchers is any indication of what’s in store for new users of the software.

The White Hats installed the operating system on a clean machine without any anti-virus software and, using the default settings for User Access Control (UAC) discovered that seven of 10 malware samples easily infected the computer.

Malware programs that successfully ran in Windows 7 were Troj/FakeAV-AFY, Mal/EncPk-KY, Mal/EncPk-KP, Troj/agent-LIW, TrojFakeAV-AFX, Troj/Zbot-JN and W32/Autorun-ATC. Malicious code that failed to execute included Troj/Bredo-M, W32/autorun-ATK and Troj/Banker-EUT.

Folks naive enough to believe Microsoft’s security claims about Windows 7 will no doubt be disappointed by these findings that suggest the new operating system shares some of the drawbacks of its progeny, but the bad app battlers said they weren’t surprised by the results. A major concern with the new UAC system in Windows 7 is that users will believe that it will protect them from cracker attacks. It won’t. The revamped UAC feature is as ineffective in blocking a majority of malware programs as anti-virus applications that rely solely on signature-based scanning to prevent the execution of malicious code. Moreover, the false sense of security the new UAC can create among users may induce them not to install security software on their machines, which would be a serious mistake.

Continue reading Enterprises face Win 7 security challenges

One of the biggest user complaints about Windows Vista was the UAC (User Account Control) feature, which generated frequent popups as a way of notifying users whenever anything tried to make changes to the computer. The UAC was in theory a good idea. Spam or rogue email attachments frequently contain malware designed to make changes or trigger a download, and the UAC would let you know when something’s going on. The problem was that it popped up for many routine tasks, and users became annoyed. Now personally, I’d rather have tight security and have to deal with clicking “allow” a few times a day, as opposed to loose security and more convenience, but that’s just me, and I always tend towards paranoia.

According to a Microsoft blog entry, Windows 7’s UAC now has a little more flexibility, with four settings: “Never notify”, “Notify me only when programs try to make changes to my computer (without desktop dimming), “Notify only when programs try to make changes to my computer (with desktop dimming)”, and “Always notify.” Vista on the other hand, was all or nothing, with choices only for “Always notify” or “Never notify.” The risk now however, is that users will tend towards shutting it off completely, since that option is now a lot easier to do—thereby leaving the door open to more attacks.

Of course, Microsoft took a lot of flak over the UAC under Vista, and they’ll probably take more flak now for going in the other direction with Win7’s UAC. The medium setting on Windows 7, which is the default setting, may offer inadequate protection, though time will tell. It is advisable to bite the bullet and use the “Always notify” setting—although it may be a hard sell to get users to agree.

Will Exchange support boost Apple's corp cred?

Despite the crowing by fans of Apple computers that  their lovely machines are gaining traction in the corporate realm, resistance to OS X boxes by CIOs appears to still be strong, even with the much trumpeted support of Microsoft Exchange in the latest edition of the Mac operating system, Snow Leopard.

The logic behind the expectation that Exchange support will be a deal maker for corporate IT departments stems from the infectious behavior Apple products have had in the past on markets. The iPod’s popularity, for example, had a halo effect that enticed consumers to move to Apple computers. More to the point, when Exchange support was built-in to the iPhone, it began to win nods from more corporate users.

But there are indications that, at least initially, the halo effect may not be as strong this time around. One of those indicators is a recent “jury poll” taken by TechRepublic, a Web site targeted at IT professionals. In that poll, a “jury” of CIOs voted 12-0 against adding new Macs to their existing computer mix. All the executives voted “no” to the question, “Does the release of Snow Leopard make your IT department more likely to adopt more Mac OS X machines?

Continue reading Mac resistance still strong despite Exchange support

Microsoft is changing the AutoPlay feature of Windows 7, so that it will not be able to enable AutoRun for USB devices. The change was necessary, since some malware (including Conficker), uses the AutoRun feature to spread. Malware isn’t just an email-borne problem any more–specifically, malware writers recognize that email security has been improving overall, and are looking for new attack vectors. Removable media, such as USB devices, make a perfect attack vector for them.

Although Conficker is the most well-known piece of malware that uses the default AutoRun settings to propagate itself, others have also used this feature in the past and continue to do so now. Spreading malware via USB devices started to become prevalent last year.

There will no doubt be some outcry about Windows 7 hampering usability, but the move makes sense. With this update, the AutoRun task will continue to work for removable media such as CDs and DVDs, but it will not be enabled for other devices, such as USB drives. In addition to being incorporated in Windows 7, the change will also be reflected in future updates of Vista and XP.