The "Defense-in-depth" (defense-in-depth) system in Windows 7

Source: Internet
Author: User
Keywords Antivirus software security defense execution is

http://www.aliyun.com/zixun/aggregation/11208.html ">microsoft says Windows 7 is the safest windows ever, but antivirus vendors retort  What is the truth in every word? In fact, the truth may not exist, the news is sometimes only "angle" problem ... SophosLabs said last week that they installed Windows 7 on a bare metal and configured it based on user Account Control (UAC) system presets, but did not install antivirus software, and then import 10 virus samples, and found that 8 viruses could attack windows 7 vulnerabilities.

SophosLabs Security Advisor Chester Wisniewski said UAC did intercept one of the virus samples, regardless, as he warned earlier, the UAC preset configuration of Windows 7 failed to protect PCs from virus threats, windows 7 is not as safe as Microsoft claims. Wisniewski that Windows 7 was as disappointing as the previous operating system. But is it really so?

Yes, bad things happen.

First of all, as long as there is a risk of "execution", you must be careful when executing the procedure. Although Microsoft's security director said: "If the user executes an unknown program on the computer, the bad things happen." "But there is a dilemma: we buy a computer to execute the program, is to download the download that is to play a variety of known unknown interesting things, that is, do not want to be limited not to be made." What's the fun of using a computer if we don't run as long as it's an unknown program?

My view is: Users can "try to" do something to improve the problem, such as "unknown procedures do not run it", "the company's computer please according to the provisions of the use of", "computers have to install anti-virus software", one more effort on a more than one point of protection, so. The current computer world is like a tropical rainforest, filled with snakes, arrows, and piranhas-and instead of complaining, save yourself.

Microsoft security Director believes that it is too arbitrary to use a computer to execute a virus and then say that Windows 7 is unsafe. On this point, I have to say that I have really seen users indiscriminately disorderly press, disorderly implementation of a pass, you poison no poison useful useless, first point two to say. So Shophos's test-albeit crude, somewhat arbitrary-is not impossible. However, Microsoft security Director also agreed that Windows would have needed antivirus software, and that even Microsoft itself provided a free solution for users to use.

So, no matter what they argue, everyone remembers the conclusion: running Windows must install antivirus software--whether it's more secure windows or not. However, this is nothing to disappoint, life is like this.

"Defense in Depth" in Windows 7

The Microsoft Security Director mentions an interesting concept: Defense-in-depth (defense-in-depth) philosophy, what is this?

This is the so-called "siege defense principle." You have to step from the inside out, each link to strengthen defense, in order to more effectively resist the enemy.

To keep the land safe, you have to build walls, cities, outside the city to establish a sentry, send patrol members, if possible, the best people in the city outside the settlement, life, if so, even if there is a foreign invasion (enemy invasion is unavoidable), your defense will not be breached. Shophos the company that Windows 7 is not more secure, it seems to me like "Windows 7 is still possible to be hacked", but this is actually a reasonable conclusion (which city is always safe, never be breached?).

Microsoft's security director said that Windows 7 could have been compromised by a virus, so Windows 7 would have needed antivirus software. But Windows 7 does harden every aspect of Windows, trying to make Windows 7 "less vulnerable". He took some steps:

UAC features
Windows Core Protection
Windows Services Hardening
Random address space Choreography (ASLR)
Data Execution Protection (DEP)

These things are simple, "try to make Windows more stable from the inside Out", which is "defense in depth." Microsoft's security director is saying: Does anyone say windows is invincible? So Windows needs antivirus software is justified ah! If you don't install antivirus software, it's scary! So even Microsoft, also provides antivirus software to customers!

Do you have a clear idea?

However, this is only my personal "interpretation", does not represent the official view.

Some viruses say they're antivirus software.

On the implementation of the "unknown program" This matter, I have seen a miracle, can be said to give you a reference.

Friend father's computer, installed an anti-virus software, no brand name, called Antivirus, cool! One day said the computer slowed down, I brought a look ... Deeply disturbed by this nameless anti-virus software--in fact, this anti-virus software is a Trojan horse software!

I ask a friend: Why install this anti-virus software? No factory unlicensed, how strange?

Friends said: My father a day on the internet, suspected poisoning, see the Web page has written anti-virus software can be installed to be able to antivirus, point to the software installed.

I can only say that 99% of this thing is a virus or a Trojan horse. But the friend's father is not a computer expert, just a general user, to this kind of thing a little concept not how to do?

The average company will use the so-called "policy Editor", all the "behaviors" and "pathways" that can cause viral infections are blocked: USB ports prohibit reading and writing; use "front table columns" To list all software that is allowed to execute, not a list of viruses ... And the game--none of it! Computer does not install CD-ROM machine, of course, to install anti-virus software, but also "prohibit the installation or removal of any preset programs." After all this has been done, your computer should be much safer, call ...

As for the general people, there is no MIS staff to help you lock the computer, layers of checks ... At least, I suggest you install a set of anti-virus software you have heard!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.