After security researchers at Sophos tried to garner cheap headlines with an overly-sensational non-story about how Windows 7 supposedly failed to prevent 80 percent of malware attacks, Microsoft finally fired back. In a blog posting, Paul Cooke, director of Windows Enterprise Client Security at Microsoft, explained that the Sophos claim was, of course, bogus.
"I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software," he wrote. "This test [simply] shows that ... most people don't knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that antivirus software is essential to protecting your PC, there are other defenses as well."
The Sophos test was completely bogus because it threw malware at an unprotected, stock Windows 7 system, one that had no antivirus software installed. Microsoft recommends, as always, that customers install antivirus software, and the company this year made a free solution, Security Essentials, available for Windows 7 (and Vista and XP) users worldwide. Microsoft has never claimed that Windows 7 does not require antivirus.
"I [do] agree with [Sophos] that you still need to run antivirus software on Windows 7," Cooke noted. "But it's also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities."
"Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware," he explains. "The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle and technologies that made Windows Vista the most secure Windows operating system ever released."
The real issue here is that by providing customers with free antivirus, Microsoft is stepping on the toes of security companies, such as Sophos. These companies have created a rich, subscription-based business in which their products stop updating after those subscriptions run out, leaving users vulnerable. Microsoft first tried to create its own low-cost subscription-based security product, OneCare, but then replaced it with a free solution that won't leave customers unprotected.
So all Sophos really brought attention to is the fact that they can't be trusted