An experiment conducted by the security company Sophos revealed that the User Account Control (UAC) feature built into Windows 7 is not enough to provide ample protection by itself and the aid of an anti-virus program is still needed.

In the recent experiment it basically shows how Windows 7 is still vulnerable to various types of viruses. Particularly, out-of-the-box Windows 7 PCs are still vulnerable to eight out of ten viruses. In the Sophos experiment, Windows 7 with UAC (User Account Control), a much improved Windows security feature over then one that Microsoft first introduced with Vista, in default configuration and no anti-virus package installed was tested against ten badware samples resulting in only 2 infections failing to work on Windows 7.

In the test, each malware was run as if a user had been tricked to launch a file attachment or had visited a malicious site and been picked in by a drive-by attack following a silent download. The test confirms that the enhanced UAC features built into Windows 7 are not enough and that anti-virus software is a relevant add-on to Windows PCs. Chester Wisniewski, a senior security adviser at Sophos PLC said that, “Unfortunately, despite Microsoft’s claims, Windows 7 disappointed just like earlier versions of Windows.”

Seven of these badware pieces ran while two failed to work on Windows 7 computers regardless of whether UAC protection ran or not. Only one malware piece produced a UAC prompt that would in another way have affected the PC, a strain of autorun malware, named Autorun-ATK by Sophos. Two Trojans, a variant of Bredo (a banking trojan), were unsuccessful to work on Windows 7 PCs. Still, a variant of the dangerous Zbot Trojan, similar to a scareware package, slipped through the net infecting Windows 7 PCs used in the experiment. In this test it did not matter if Windows UAC was running.

UAC prompts users for their agreement before enabling a task such as in the case of an installation of an application to run or a device driver to take place. In trying to squash users’ complaints and criticism about the constant infiltrations with regards to Windows 7, Microsoft changed UAC to make it less intrusive than that of in Windows Vista. The new UAC in Windows 7 is suppose to prompt notifications less frequently in Windows 7 thus making it more “likable” but this could have serious repercussions. According to Chester Wisniewski, Sophos PLC senior security advisor, that wasn’t a good idea. Wisniewski went on to say, “We wanted to know if UAC was going to be effective in Windows 7,” he said. “So we grabbed the next 10 [malware] samples that came in and tried them out.”

As we can see, Windows 7 is still vulnerable to viruses. Whether or not Windows 7 will prove to be the “safer choice” in the real world has yet to be determined. Only time will tell as computer users run it through it’s real-world paces. Either way, users should make sure to take the necessary precautions that they are accustomed too with older versions of Windows. In other words, it is still recommended that Windows 7 users install a reputable anti-virus or anti-spyware application in an effort to stay proactive in protecting their system from infections.