Windows 7 security ‘still has room for improvement’
Windows 7 security looks encouraging, but there are a couple of areas that a Sophos expert is particularly concerned about.
Previously in Vista, a user would be confronted with a red shield and pop-up alerting them if they were not carrying anti-virus. However, Wisniewski said that in Windows 7 it only showed a flag and a "tiny" red X to indicate something is wrong, with no pop-up.
He said: "Considering immediately on first login, Microsoft provides a dire warning about ensuring you have anti-virus protection, I find this a step backwards."
"Why have they regressed?," Wisniewski wondered.
He also said that extension hiding', where file extensions such as .EXE were hidden by default on Windows, needed to "go away". Wisniewski said that malware authors could take advantage of it, by as F-Secure describes it: "creating malicious files with double-extensions".
Despite the criticisms, Wisniewski was generally positive about Microsoft's attitude to Windows 7 security.
He said the Windows Biometric Framework' was a "step forward", which gave Windows 7 users alternatives to passwords when it came to authenticating themselves. However, this will only support fingerprint readers at launch.
Wisniewski praised Bitlocker To Go', which will give Windows 7 users the ability to encrypt removable storage such as USB sticks, and also the way it allowed older systems such as Windows XP and Vista the ability to access them.
Wisniewski was also encouraged by User Access Control, which focused on removing annoying prompts for non-Microsoft published applications.
He said: "This should better mirror the Mac OS X and Ubuntu Linux experience, providing the user with an opportunity to read and understand actions asking for approval, rather than clicking 'yes' to get rid of the nagware."
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now