Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

Here's a quick summary for those who missed Chester's blog. During a test SophosLabs conducted, they subjected Windows 7 to "10 unique [malware] samples that arrived in the SophosLabs feed." They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that "Windows 7 disappointed just like earlier versions of Windows." Chester's final conclusion? "You still need to run anti-virus on Windows 7." Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don't need to do that. I'm a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don't knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user's PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe - which the SophosLabs methodology totally bypassed in doing their test.

So while I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7.  This is why we've made our Microsoft Security Essentials offering available for free to customers. But it's also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.

Remember this hilarious video called “A Brief History of the Web” I blogged about in March? The video has won the Best Online Video (standalone) at the OMMA Awards. Very cool! You can see the full list of winners here. If you haven’t seen the “History of the Web” video already, you should ;-)

Now that Windows 7 is available, are you looking for some security baseline recommendations from the experts? Then here’s another timely release from the Microsoft Solution Accelerators team! Today, new security baselines for Windows® 7 and Windows® Internet Explorer® 8 are available for download.

Over the past few months, the Solution Accelerators team collaborated with Microsoft security experts, multiple government agencies worldwide, and a large community of IT security professionals to develop and test these new security baselines.All of these baselines are free for you to use.

In case you are not familiar with all of the security baselines available for Microsoft products, they ship as part of the Security Compliance Management Toolkit (SCMT) Series. The SCMT helps you to plan, deploy, and monitor security baselines for Windows® operating systems, Internet Explorer, and 2007 Microsoft® Office applications. It contains background information about compliance, and planning advice about how to automate security compliance. It also refers you to other tools and guidance that you can use to establish and deploy a security baseline, and then monitor and maintain compliance with your established configuration.

Where do you start?

At a high level, security compliance consists of four basic steps:

1. Plan how to meet security baseline requirements.
2. Deploy security baseline configurations.
3. Monitor security baseline configurations.
4. Remediate security baseline configurations.

The tools, guidance, and recommendations in the SCMT help you through each step of this process and give you the support to make key decisions about security baseline settings for your specific environment.

Here’s what you get:

• Security guide – The toolkits include new and updated security guides for Windows 7, Windows Vista, Windows XP, Windows Server 2008, Windows Server 2003 SP2, Microsoft Office 2007 SP1, and Internet Explorer 8. The guidance provides you with best practices and automated tools to help you plan and deploy your security baselines.
• Attack Surface Reference workbook – A resource that lists the changes introduced as server roles are installed on computers running Windows Server 2003 and Windows Server 2008.
• Security Baseline Settings workbook – A resource that lists all of the prescribed settings for each of the preconfigured security baselines that the guides recommend.
• Security Baseline XML – XML files that allow you to consume the data defined in the security baseline settings workbooks.
• GPOAccelerator tool – A tool that you can use to create all of the Group Policy objects (GPOs) you need to deploy your chosen security configuration. This release also supports creating security configurations on computers not joined to a domain.
• Baseline Compliance Management Overview – The overview discusses best practices on how to monitor security baselines for Windows operating systems, Office applications, and Internet Explorer 8.
• DCM Configuration Pack User Guide – A step-by-step prescriptive user guide about how to use Configurations Packs with the DCM feature in Configuration Manager 2007 R2.
• DCM Configuration Packs – Configuration Packs that provide prescriptive security information, which you can use to check the compliance of systems in your environment.

What should you do next?

• Learn more about the Security Compliance Management Toolkit Series.
• Download the Security Compliance Management Toolkit Series.
• Find other Windows 7 Solution Accelerators here: Windows Desktop Solution Accelerators.
• The Solution Accelerators team is developing a new tool called the Security Compliance Manager. It will help you manage your security and compliance process for the most widely used Microsoft technologies. Join the Beta review program and provide your feedback on the features you want most.
• Get all the step by step guides, whitepapers, how to’s and screen casts on deploying and managing Windows 7 in your environment from the Springboard Series on TechNet.

Gartner Symposium/ITxpo 2009, the industry's largest and most important annual gathering of CIOs and their senior IT leaders is taking place this week in Orlando, Florida.

During this year’s event, which will focus on how business technology can help customers return to growth by balancing cost optimization and risk mitigation, Microsoft will be helping customers to understand how they can realize the benefits of Windows 7 through the following activities and sessions:

Windows 7 Early Adopter Customer Panel: Tuesday, October 20th, 2009   12:30PM - 1:30PM ET (Moderated by Michael A. Silver - Gartner)

A panel of Windows 7 early adopters will discuss Windows 7 planning, deployment tips and rollout plans. During the panel, attendees will share their experience on planning for a successful deployment and the immediate results they received deploying Windows 7. Featured Gartner Research VP & Distinguished Analyst Michael Silver will facilitate the panel discussion. Please visit Gartner.com for a replay of this webcast on October 22nd.

Windows 7 Unplugged-- Tips From Microsoft's CIO Office: Tuesday, October 20th, 2009 2:00Pm - 2:20PM ET (Rick Merrifield - Microsoft)

In this interactive session, the Chief Architect in Microsoft’s IT department will share insider tips on how to plan, pilot and rollout Windows 7. Learn how your organization can benefit from applying the Windows Optimized Desktop to increase end user productivity, enhance security and reduce costs by automating IT management.

Windows Optimized Desktop-- Windows 7 and Microsoft Desktop Optimization Pack: Wednesday, October 21st  3:30PM -4:30pm ET (Gavriella Schuster - Microsoft)

The Windows Optimized Desktop is designed to help with today’s imminent IT challenges while ensuring your future success. Come learn how Microsoft Windows 7 and the Microsoft Desktop Optimization Pack 2009 R2 together provide better user productivity, stronger data protection, security and PC management and automation improvements that can help you  save costs and improve IT efficiency.

Mastermind Keynote with Stephen Elop, President, Microsoft Business Division Thursday,  October 22nd 11:00am - 11:45am (Moderated by Neil MacDonald and Brian Gammage - Gartner)

Gartner analysts Neil MacDonald and Brian Gammage will moderate an interview with Stephen on a variety of topics top of mind for Symposium attendees. As president of the Microsoft Business Division, Stephen oversees the Information Worker, Microsoft Business Solutions and Unified Communications Groups here at Microsoft and is a member of the company's senior leadership team that sets overall strategy and direction for the company.

Windows 7 Hand On Labs— Monday, October 19th - Thursday,  October 22nd Various times (Various presenters)

30 minute, proctor led, interactive sessions where attendees can experience the following features of Windows 7: Windows 7 UI features, Internet Explorer 8 & Web Slices, Problem Steps Recorder, Med-V (using Internet Explorer to launch a Med-V web site), and using BitLocker which will include a 1GB key drive to activate BitLocker as a giveaway, with pre-loaded content including the current product guide and the Microsoft Optimized Desktop datasheet.

Today, we are announcing that we are extending the Browser for the Better Campaign with Internet Explorer 8. We will continue to help fight hunger by donating 8 meals for every download of Internet Explorer 8 throughout the month of September. September is Hunger Action Month.

We want to encourage our customers to upgrade to a modern and secure browser – so we are doubling donations for people who switch from Internet Explorer 6 to Internet Explorer 8 through this campaign. If you move from Internet Explorer 6 to Internet Explorer 8, we will donate 16 meals to help fight hunger!

For more information, see this press release from Feeding America.

Today, socially engineered malware threats are on the rise and are heavily impacting the way people use the Internet - making it a consumer and industry issue.

A new study released today from NSS Labs shows that Internet Explorer 8 is the #1 browser in malware protection and also the #1 browser in phishing protection. The independent test results showed that Internet Explorer 8 blocks 3 times more malware threats than Firefox 3 and 10 times more malware threats than Google Chrome 2.

Given how Internet Explorer 8 performs against these socially engineered malware and phishing threats and the ongoing threat that cybercriminals pose against Internet users today, this is another good reason for consumers to upgrade to a modern browser and move on from earlier versions like Internet Explorer 6 where security issues were not then what they are today.

For more information on this new NSS Labs study and how Internet Explorer 8 continues to help keep people protected while browsing the web – see this blog post from the Internet Explorer Team on the IEBlog.