Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

Here's a quick summary for those who missed Chester's blog. During a test SophosLabs conducted, they subjected Windows 7 to "10 unique [malware] samples that arrived in the SophosLabs feed." They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that "Windows 7 disappointed just like earlier versions of Windows." Chester's final conclusion? "You still need to run anti-virus on Windows 7." Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don't need to do that. I'm a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don't knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user's PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe - which the SophosLabs methodology totally bypassed in doing their test.

So while I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7.  This is why we've made our Microsoft Security Essentials offering available for free to customers. But it's also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.

Since the inception of network operating systems, the men and women who are responsible for administering and managing them have wanted an easy way to do so. Networks have gone through a natural evolution from peer-to-peer networks to directory-based networks. Directory-based networks have become the preferred type of network because they can ease an administrator’s workload. To address the needs of organizations, the Institute of Electrical and Electronics Engineers (IEEE) developed a set of recommendations that defined how a directory service should address the needs of administrators and efficiently allow management of network resources. These recommendations, known as the X.500 recommendations, were originally envisioned to include a large centralized directory that would encompass the entire world, divided by geopolitical boundaries. Even though X.500 was written to handle a very large amount of data, designers reviewing the drafts of these recommendations saw merit in the directory and soon the recommendations were adopted by several companies, including the two best known, Novell and Microsoft.

Active Directory is Microsoft’s version of the X.500 recommendations. Battles rage between directory services camps, each one touting its directory service as the most efficient one. Because some of the directory services, such as Novell Directory Services (NDS) and eDirectory, have been around longer than Active Directory, those that are familiar with NDS will attack Active Directory. Their attacks are usually focused on the idea that Active Directory does not perform functions the same way that NDS does.

When it is all said and done, companies that develop X.500-based directory services can interpret the recommendations and implement them to fit their design needs. Microsoft interpreted and employed the X.500 recommendations to effectively manage a Windows-based network. Novell did the same for a Novell-based network, and the two for years have been at odds over which is more efficient. All that notwithstanding, Microsoft has enjoyed great success with Active Directory. It has been adopted by thousands of organizations and will more than likely continue to be used for many years to come.

Source of Information : Sybex Mastering Active Directory for Windows Server 2008