Reply to: How prone is Windows7 to viruses and malware out of the box?

I never got any problems on MyCo PC.... but the Home PC was always crawling with Tulip....

Then when I upgraded and passed old MyCO PC down the line....... Yep! Crawling within days........

The Drewsterettes always deny "Going to dodgy sites", "Downloading Tulip" etc etc.......

But if ever you glance over their shoulder they seem to be attracted to the Red flags "Site Advisor" provides!

I guess in Teen Speak - "Don't touch this site - its a Virus/Trojan Heaven" means "Click here!"

In nearly 15 years of being online, I've been infected maybe 3 times - once before the firewall was installed on clean install of XP - and two via other users getting tricked. My AV software has prevented maybe 6 attempts. So it does seem that sensible habits reduce the risk of infection.

XP SP2 was a huge leap forward, and was the primary reason why Vista was delayed so long. Microsoft instituted company-wide training in secure development techniques, and shifted most of their developers onto XP SP2 to get it as secure as possible. Basically, it was a better investment to get a properly secure version of their existing OS than to get a new, more secure OS out of the door.

The improvements made - not just in software, but in development practices and experience for their staff - meant that they were able to make Vista even more secure, and Windows 7 is again an improvement.

Of course there will always be security holes, but anything from a fully-patched XP SP2 upwards ought to be able to manage to keep itself up to date with the latest security fixes before it gets attacked, unlike the bad old days.

I found the incidence of viruses declined at about the same rate as my libido. Not sure why.

Some services have to / by default / by stupidity run as administrator- search for sql & dcom worms. First thing you do in SQL server is limit them where you can.

Internet explorer doesn't have to it did in XP but in Vista and 7 it doesn't. XP via IE will get infected easily if you go to the right sites and have your security set to low (which was the default - improved in IE7 & 8 . The same sites on 7 will prompt you for an administrator password so it massively decreases the chance. Most of the machines I manage don't have the user set as administrator and we hardly get any virus infections, it still happens though.

This guy explains it well

Aaron Margosis' "Non-Admin" and App-Compat WebLog : RunAs with Explorer


Services in XP ran as administrator in 7 they are restricted where possible.

so no you will never have a completely secure OS because people make mistakes but you cut down the attack vector and chances of a privileged application or service being infected. Search for least privilege for more info.

Anti virus software is here for a few years more.

As far as UAC goes, that would mean I'd know if something nasty was trying to happen... I'm thinking more about things getting in without me knowing at all, even with AV it sounds like this is now a pretty difficult problem for the virus writers?

Is it fair to say that these days, the majority of vulnerabilities are not in Windows, but through browsers opening a hole past the OS security? I know they're not totally separate...

Anyway my question is, will AV software end up obsolete? Is it possible to make an OS which is secure while still actually useful? I certainly don't buy that *nix is magically secure; it might be more secure but if people started targeting a specific Linux distro (or MacOS), they'd find ways in, right? I actually wonder how long before Apple gets these problems as their popularity grows... it'd be like when South America was first explored, absolute carnage, if things got out there!

The security stuff should make it a lot more difficult (XP was equally protected, it's just that most people didn't use it). However it doesn't prevent a legitimate looking install from also installing something bad, so common sense is required as always.

I also ran XP for years without antivirus, and without getting anything nasty.

Most virii seem to need some sort of user action, either clicking a link or opening a file.
By not being a spaz it's quite easy to avoid getting an infection.

The only 2 times I've had a virus on a PC is due to opening a file without bothering to think first

Windows 7 security is completely redesigned so most things run as a user level.

To install anything you need to elevate much like UNIX. M$ OS evolved differently they put the flower baskets out first and fitted locks later. Customers seemed to like that and voted with their wallets. UNIX needs to make more attractive flower baskets.

Much more difficult to infect windows 7 but its possible (Even AV applications have been attacked directly by a virus) so an AV is advisable.