Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest.

Here's a quick summary for those who missed Chester's blog. During a test SophosLabs conducted, they subjected Windows 7 to "10 unique [malware] samples that arrived in the SophosLabs feed." They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that "Windows 7 disappointed just like earlier versions of Windows." Chester's final conclusion? "You still need to run anti-virus on Windows 7." Well, we agree: users of any computer, on any platform, should run anti-virus software, including those running Windows 7.

Clearly, the findings of this unofficial test are by no means conclusive, and several members of the press have picked apart the findings, so I don't need to do that. I'm a firm believer that if you run unknown code on your machine, bad things can happen. This test shows just that; however, most people don't knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.

Let me recap some of the Windows 7 security basics. Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware. This includes features like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) to name just a few. The result, Windows 7 retains and refines the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released.

Beyond the core security of Windows 7, we have also done a lot of work with Windows 7 to make it harder for malware to reach a user's PCs in the first place. One of my favorite new features is the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter was built upon the phishing protection in Internet Explorer 7 and (among other new benefits) adds protection from malware. The SmartScreen Filter will notify you when you attempt to download software that is unsafe - which the SophosLabs methodology totally bypassed in doing their test.

So while I'm not a fan of companies sensationalizing findings about Windows 7 in order to sell more of their own software, I nevertheless agree with them that you still need to run anti-virus software on Windows 7.  This is why we've made our Microsoft Security Essentials offering available for free to customers. But it's also equally important to keep all of your software up to date through automatic updates, such as through the Windows Update service. By configuring your computers to download and install updates automatically you will help ensure that you have the highest level of protection against malware and other vulnerabilities.

Volume seven of the Microsoft Security Intelligence Report (SIRv7) - part of Microsoft's  commitment to providing an unparalleled level of security intelligence to help keep individuals and organizations better informed and to maximize security investments - was released today and there are a couple of tidbits in the report that caught my attention that I thought I would pass on. As a reminder, the SIR is published by Microsoft twice per year and looks at the data and trends observed in the first and second halves of each calendar year.

The first thing that struck me while reading through the report is that for the first time, the SIR shares some high-level security best practices from countries that have consistently exhibited low malware infection. For example, Japan, Austria and Germany's infection rates remained relatively low during the first half of this year.

So how do these regions keep their customers and resources safe from cyber threats?  Japan's infection rates remain relatively low is due in large part to collaborations like the Cyber Clean Center. The Cyber Clean Center is a cooperative project between ISPs, major security vendors and Japanese government agencies aimed at educating users on how to keep their PCs infection free. Austria has implemented strict IT enforcement guidelines to lower piracy rates and this, along with strong ISP relationships and fast Internet lines, has helped ensure the ecosystem is kept up to date with security patches. Germany has also leveraged collaboration efforts with its CERT and ISP communities to help identify and raise awareness of botnet infections and, in some cases, quarantine infected computers.

The other thing that stood out to me was the graph below. This graph shows the effectiveness of automatic updating and shows what happened to the trojan downloader family Win32/Renos once Microsoft released a signature update for Windows Defender via Windows Update and Microsoft Update. Within three days, enough computers had received the new signature update to reduce the error reports from 1.2 million per day to less than 100,000 per day worldwide! To me this shows how important it is for users and organizations to utilize automatic updates to help prevent the spread of malware! 

The report also underscores some of the trends that we have seen from previous versions of the report: for example, the infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP. It also tells me that the higher the service pack levels of an OS, the lower the infection rate. Once again, these items help point out that you need to keep your software up-to-date. With Windows 7 now available it might be a good time to look at upgrading your OS!

Take a look at the full report at http://www.microsoft.com/sir and use the information to help protect yourself, your networks, and your users.

Now that Windows 7 is available, are you looking for some security baseline recommendations from the experts? Then here’s another timely release from the Microsoft Solution Accelerators team! Today, new security baselines for Windows® 7 and Windows® Internet Explorer® 8 are available for download.

Over the past few months, the Solution Accelerators team collaborated with Microsoft security experts, multiple government agencies worldwide, and a large community of IT security professionals to develop and test these new security baselines.All of these baselines are free for you to use.

In case you are not familiar with all of the security baselines available for Microsoft products, they ship as part of the Security Compliance Management Toolkit (SCMT) Series. The SCMT helps you to plan, deploy, and monitor security baselines for Windows® operating systems, Internet Explorer, and 2007 Microsoft® Office applications. It contains background information about compliance, and planning advice about how to automate security compliance. It also refers you to other tools and guidance that you can use to establish and deploy a security baseline, and then monitor and maintain compliance with your established configuration.

Where do you start?

At a high level, security compliance consists of four basic steps:

1. Plan how to meet security baseline requirements.
2. Deploy security baseline configurations.
3. Monitor security baseline configurations.
4. Remediate security baseline configurations.

The tools, guidance, and recommendations in the SCMT help you through each step of this process and give you the support to make key decisions about security baseline settings for your specific environment.

Here’s what you get:

• Security guide – The toolkits include new and updated security guides for Windows 7, Windows Vista, Windows XP, Windows Server 2008, Windows Server 2003 SP2, Microsoft Office 2007 SP1, and Internet Explorer 8. The guidance provides you with best practices and automated tools to help you plan and deploy your security baselines.
• Attack Surface Reference workbook – A resource that lists the changes introduced as server roles are installed on computers running Windows Server 2003 and Windows Server 2008.
• Security Baseline Settings workbook – A resource that lists all of the prescribed settings for each of the preconfigured security baselines that the guides recommend.
• Security Baseline XML – XML files that allow you to consume the data defined in the security baseline settings workbooks.
• GPOAccelerator tool – A tool that you can use to create all of the Group Policy objects (GPOs) you need to deploy your chosen security configuration. This release also supports creating security configurations on computers not joined to a domain.
• Baseline Compliance Management Overview – The overview discusses best practices on how to monitor security baselines for Windows operating systems, Office applications, and Internet Explorer 8.
• DCM Configuration Pack User Guide – A step-by-step prescriptive user guide about how to use Configurations Packs with the DCM feature in Configuration Manager 2007 R2.
• DCM Configuration Packs – Configuration Packs that provide prescriptive security information, which you can use to check the compliance of systems in your environment.

What should you do next?

• Learn more about the Security Compliance Management Toolkit Series.
• Download the Security Compliance Management Toolkit Series.
• Find other Windows 7 Solution Accelerators here: Windows Desktop Solution Accelerators.
• The Solution Accelerators team is developing a new tool called the Security Compliance Manager. It will help you manage your security and compliance process for the most widely used Microsoft technologies. Join the Beta review program and provide your feedback on the features you want most.
• Get all the step by step guides, whitepapers, how to’s and screen casts on deploying and managing Windows 7 in your environment from the Springboard Series on TechNet.

Many of you may be on the market for a new Windows 7 PC. Our partners are delivering new PCs we think you will love and just in time for the holidays! Below are hot and slick looking Windows 7 PCs in categories we think will be big for holiday 2009.

Please note that many of the PCs with features mentioned below are just one of many configurations these PCs come with. Many of these PCs can be configured and customized to your liking.

All-in-one PCs:

• Sony VAIO L Series: Features a Quad Core processor, 24” widescreen touch display, discrete graphics, lots of memory and storage.
• Dell Studio One 19: Features a Quad Core processor, lots of storage, a Blu-ray combo drive and an 18.5" multitouch HD widescreen display.
• HP TouchSmart 300z Series: Features discrete graphics, an optional built-in TV tuner and a 20" multitouch widescreen display.

Ultra-thin PCs:

• Acer Aspire 4810T: Offers a 14" screen, good battery life, and weighs only 2.4 lbs.
• Dell Adamo 13: Features a slick looking aluminum chassis, 13.4" edge-to-edge HD display, ultra-slim .65" profile, Bluetooth and optional Mobile Broadband.
• Toshiba Satellite T135: Features a 13.3" HD widescreen display, full size keyboard, 1.5" profile and weighs 4.7 lbs.

Touch PCs:

• Lenovo ThinkPad T400smt: A lightweight Laptop PC with a 14.1" multitouch display, integrated webcam, and dual-channel digital microphone.
• Toshiba Satellite M500: Features a lightweight, 14.1" touch screen and specializes in mobility. Note that not all M500 models feature Windows Touch however.

Netbook PCs:

• HP Mini 110 by Studio Tord Boontje: Features both style and mobility with its 10.1" HD widescreen – and just 2.35 lbs.
• Toshiba mini NB205: Weighs 3 lbs., has 3G Mobile Broadband and good battery life.
• Lenovo IdeaPad S10-2: Features a multitouch pad, and a 10.1" LED backlit screen.

But wait! There’s more! Here are some other great PCs that really show off some of things customers do on their PCs everyday (yes, some people game every day):

Great Gaming PCs:

• Falcon NW Fragbox: A portable desktop PC with a Quad Core processor, discrete graphics, lots memory and storage.
• Alienware M17x: Features Dual GPUs, a Quad Core processor and 12GB of DDR3 memory (that’s a lot of memory!).
• Asus G51Vx: A 15" gaming laptop PC featuring NVIDIA graphics with dedicated 1GB of memory, and a backlit gaming keyboard.

More Multimedia PCs:

• Dell Studio XPS 16: Features premium ATI graphics, optional Intel Core i7 processor configuration, and your choice of either a 15.6" LED or 16" RGBLED seamless display.
• HP Pavilion dv8t: Features an 18.4" HD widescreen, Blu-ray drive, TV tuner, and premium sound system with subwoofer and Dolby audio.
• Toshiba Satellite A505: Features discrete graphics (certain configurations), a dual-core CPU, and premium surround sound speakers, and a HD 16" screen.
• Lenovo IdeaPad Y650: A very stylish, thin, and light notebook at only 1 inch thick and weighing only 5.6 lbs.

All Around Great Everyday PCs:

• Dell Studio XPS 13: Features a 13.3" edge-to-edge display, backlit keyboard and NVIDIA graphics.
• Toshiba Satellite U500: Versatility, power and style and touch capable. A 13.3” mobile do-it-all machine.

Work from Anywhere (Mobility):

• HP Pavilion dm3: Features a 13.3” ultra wide screen display and NVIDIA graphics, under 4 lbs. and 1 inch thin with great battery life.
• Lenovo ThinkPad X200T: Features a lightweight form factor, Intel Core 2 Duo processor, and is a Tablet PC (great for taking notes during meetings!).

Safeguard Your Work:

• Lenovo ThinkPad X301: Features GPS, Bluetooth and Unified wireless capabilities.
• HP ProBook 5310: Features a 13.3” HD LED display with integrated mobile broadband and a thin and lightweight design.

We are also making it easier for customers to choose which Windows PC is right for them with an updated version of Windows PC Scout (previously known as Windows Laptop Scout).

Windows PC Scout has been completely updated with new PCs and new ways of helping customers better identify the PC they want based on their needs. Essentially Windows PC Scout “Simplifies your search” for the right PC. There are a couple of ways Windows PC Scout will help you find the PC you want:

• Laptop 101: Educates you on Laptop PCs.
• Usage: Discover how certain Laptop PCs are used for specific needs.
• Recommend: Match your needs with quality-checked Laptop PCs by Microsoft. Windows PC Scout provides clear recommendations on Windows PCs at a variety of price points.
• Buy: Once you’ve found a PC, Windows PC Scout makes it easy to click through to purchase the right PC for them through major retailers, the online Microsoft Store or PC manufacturer websites.

If you’re looking for a new Windows 7 PC – give Windows PC Scout a spin!

As you can see, there is such an amazing variety of Windows 7 PCs for you to choose!