Last week, security vendor Sophos published a blog post in which it said that Windows 7 was vulnerable to 8 our of 10 of the most common viruses. Microsoft has responded to these test results, which are a classic case of “scare ‘m and they’ll fall in line”.
It’s something politicians are very good at. They will create a threat or a problem, for which onlythey have the solution. Security vendors use this tactic all the time as well, and these Sophos test results are a clear example of that.
Sophos provides no description of the test whatsoever; the only thing they state is that they used a clean, default copy of Windows 7, with no antivirus software installed. They then leave methodology for what it is, and jump directly to the results: 8 out of 10 common viruses work on Windows 7.
What they don’t tell you, however, is how the viruses got on the machine in the first place. Did the users have to perform any action? Did they just connect the machine to the internet and let it get infected all by itself? The latter would be pretty bad, of course, and is reminiscent of the days of Windows XP.
From the wording of the blog post, as well as the lack of details on how the test was performed, it becomes clear that Sophos simply “installed” the viruses to see if they would run. You can hardly call that any sort of a test – as we all know, there’s no patch for the meatsack sitting between the chair and the monitor. Just as much as those Mac viruses which require user action to work are no indication whatsoever that the Mac is insecure, this test proves absolutely nothing either.
Microsoft seems to agree that this is a classic case of a security vendor trying to use sensationalism to sell its own products, but the Redmond company does state that users should always be running antivirus software on their machines. While I’m not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7,” writes Paul Cooke on the Windows Security Blog.
Cooke further points to Internet Explorer 8’s SmartScreen filter, which the Sophos test obviously disregarded by installing the malware manually. “The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware,” Cooke explains, “The SmartScreen Filter will notify you when you attempt to download software that is unsafe – which the SophosLabs methodology totally bypassed in doing their test.”
If there is one type of company which I dislike even more than your average company like Microsoft or Google, it definitely has to be security vendors. They make products that cripple computers, and then try to sell these products by coming up with these pointless tests that prove nothing.
Scare ‘m and they’ll fall in line. Works all the time.