Windows Security Blog : Windows 7

Windows 7 Vulnerability Claims

Paul Cooke — Sat, 07 Nov 2009 00:56:00 GMT

Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

Here's a quick summary for those who missed Chester's blog. During a test SophosLabs conducted, they subjected Windows 7 to "10 unique [malware] samples that arrived in the SophosLabs feed." They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that "Windows 7 disappointed just like earlier versions of Windows." Chester's final conclusion? "You still need to run anti-virus on Windows 7." Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don't need to do that. I'm a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don't knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user's PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe - which the SophosLabs methodology totally bypassed in doing their test.

So while I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7. This is why we've made our Microsoft Security Essentials offering available for free to customers. But it's also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.

Mark Russinovich on Windows 7 UAC

Paul Cooke — Tue, 09 Jun 2009 16:00:00 GMT

User Account Control is one of those Windows features that evokes a number of different responses from folks. Most people appreciate the enhanced security UAC offers, but we did hear complaints about the high number of UAC prompts in Windows Vista. This led some customers to turn off UAC, which concerns us from a security perspective. So in Windows 7, we've given a great deal of thought to how we marry enhanced security with ease-of-use. We have written extensively about the changes in UAC for Windows 7 on the Engineering Windows 7 blog (Post 1, Post 2, Post 3, Post 4).

Now, Technical Fellow Mark Russinovich weighs in on UAC with some great insight on the technology and some of our motivations around the decisions we have made. Check out Inside User Account Control now available online from TechNet Magazine.

Upcoming Action Center Changes for Security Vendor Software

Paul Cooke — Wed, 06 May 2009 15:05:00 GMT

We have been working in partnership with our independent software vendor (ISV) community to move the ecosystem to a set of new application programming interfaces (APIs) that many ISVs use to report status to Security Center (integrated within Action Center in Windows 7). The interfaces are used by many antivirus, antispyware, and firewall programs. Te interface changes were introduced in Windows Vista SP1. These new APIs supersede the ones originally shipped in Windows Vista.

From the release of Vista SP1, we jointly established with the security ISVs an 18 month grace period where they could use both the old and the new interfaces. After the 18 month grace period expires, a security application using the older interface will cause the Windows Security Center system tray icon to indicate a warning. In addition, the Security Center control panel will display a "<program name> is on but is reporting its status to Windows Security Center in a format that is no longer supported. Use the program's automatic updating feature, or contact the program manufacturer for an updated version" warning message, a sample screen shot is included below. The grace period begins at the time Vista SP1 is installed on a Windows Vista system. As a result, the grace period will begin expiring in September 2009, 18 months after Windows Vista SP1 was released on the Microsoft Download Center in March 2008.

Through our partner outreach and the Ecosystem Readiness Program, we have been working with the ISVs since October of 2007 to help them get ready for the final transition to this new interface. As a result, we have removed the old API from the Windows 7 RC. Users who are running security software that does not use the newer API will see the "non-compatible" message shown below from the new Action Center, which instructs customers to contact their security software provider.

Although you may receive this "non-compatible" message from your security software, it should continue to work and help protect your system even though it is not able to report its status through the Action Center UI.

If you encounter this message today on Window 7 or in the future on Windows Vista, I encourage you to check with your software vendor to see if they have an updated version of software available. Many of our partners already have products that use the new APIs and the others have committed to having compatible versions by the end of the Windows Vista grace period and for Windows 7. Having the latest, compatible software from your security vendors will help ensure that your system remains protected and that you are accurately informed when your security software is not running properly.

Business Ready Security and Windows 7

Paul Cooke — Fri, 24 Apr 2009 20:45:11 GMT

Here’s the last of the security stories from the RSA show floor. To wrap things up we asked John (JG) Chirapurath (Director, Identity & Security Business Group) to give us a quick rundown on Microsoft Forefront for Business Ready Security and how it fits in with Windows 7.

A Look at Microsoft Forefront

Internet Explorer 8 Security

Paul Cooke — Fri, 24 Apr 2009 20:20:41 GMT

Here is another story from a Microsoft Program Manger discussing their favorite things in Windows 7. This time it is Eric Lawrence (Senior Program Manager on the Internet Explorer Team) to talk about his favorite security features in Internet Explorer 8, the browser that ships in Windows 7.

Eric Lawrence Discusses His Favorite Internet Explorer Security Features

Steve Riley on Windows 7 Security

Paul Cooke — Thu, 23 Apr 2009 00:22:43 GMT

While walking the show floor here at RSA, I ran into Steve Riley, who’s an incredibly passionate and knowledgeable Security Evangelist (or officially “Senior Technical Evangelist”) in Microsoft’s Trustworthy Computing organization. He’s a well respected and sought out speaker on security topics. So I thought it would be great to get Steve’s take on his favorite two security features in Windows 7. Take a look at what Steve has to say about Windows 7 security!

Steve Riley discusses Windows 7 Security Features at RSA

AppLocker: Direct from RSA

Paul Cooke — Wed, 22 Apr 2009 23:59:25 GMT

The buzz at RSA around Windows 7 has been tremendous.

Yesterday, in his keynote, Scott Charney (Corporate VP Trustworthy Computing) talked about AppLocker and how it helps ensure that only known, trusted software is run within an organization’s desktop environment. Shortly after the keynote, I ran into Marcelo Birnbach - a Senior Program Manager in the Windows Security Technologies organization and works on AppLocker - on the expo floor. Since he’s an expert, we thought we would ask him for his perspective on AppLocker in Windows 7.

Marcelo Birnbach talks about Windows 7’s AppLocker Feature

And since Marcelo is originally from Argentina, we also asked him to share his thoughts in Spanish.

Marcelo Birnbach talks about Windows 7’s AppLocker Feature [Spanish Version]

BitLocker on TechNet Radio

Paul Cooke — Fri, 23 Jan 2009 19:00:00 GMT

Not sure how many of you are familiar wtih TechNet Radio, but I did a piece for them the other day that I encourage you to go check out. It's a quick interview on BitLocker Drive Encryption. In it, I get asked about BitLocker not only in Windows Vista, but also around some of the changes we have made in Windows 7. Take a listen to the interview below and trust me, we will have more on the new Windows 7 security features coming shortly...

TechNet Radio - BitLocker Drive Encryption