Experts: New Win7 Security Also Brings New Threats

Security firm Sophos tells PC World that two security measures introduced in Windows Vista and expanded in Windows 7 have had a marked effect on levels of infection on computers.

Nevertheless, several online security professionals have reminded users of Windows 7 that while the new operating system (OS) offers enhanced security over its predecessors, it's not invulnerable. They note that human vulnerabilities will always leave people at risk to hackers.

Two New Security Features Mark Improvements

Address Space Layout Randomization (ASLR) partially randomizes the order in which data is stored or processed in a computer's memory, which makes it much harder for hackers to take advantage of security exploits. In comparison, imagine a bank robber was able to unlock the front door of the bank but couldn't be sure where the vault was kept.

A second measure, Data Execution Prevention (DEP), marks some sections of the memory for data storage only. This means that even if a rogue application does gain access to this memory, it may not be able to exploit it and control the computer's behavior. DEP has been credited by Microsoft as severely limiting the effects of the recently patched Internet Explorer bug for users of Vista and Windows 7.

Social Engineering Still A Threat

However, Sophos warns that few, if any, security measures can protect against rogue software which the user is tricked into downloading and running.

This is usually done through so-called social engineering, the practice of playing on human weakness through tricks such as disguising malware as legitimate and useful software, or persuading people to follow a link to an infected webpage by making it appear as if the link comes from a friend. (Source: pcworld.com)

Another security firm, Webroot, says hackers are changing the tactics they use once they are able to infect a computer. While many still aim to steal valuable data or simply wreak havoc for the sake of it, others are now increasingly using the malware to try to sell fake "anti-virus software".

Hackers Block Popular Websites

One tactic that's becoming more widespread is for the malware to alter the settings of the Layered Service Provider (LSP) feature, which is part of Windows' networking. Doing so can mean that if the user attempts to visit a site listed by the hackers (who usually pick popular pages like Facebook or Wikipedia), the browser is re-routed to a bogus page which warns the user their computer is infected. (Source: expertreviews.co.uk)

While this is, of course, technically true; the warning is designed to pressure the user into purchasing the fake security software, thus giving up both their cash and their credit card details.

Experts offer this advice: never download software except from a trusted and credible source, check carefully when a link appears to come from a friend, and only ever use a reliable and established brand of security software.