Fortify: Win7 vulnerability to viruses highlights modern code auditing problems
November 2009 by Fortify Software
A blog report from Sophos that Windows 7, the newly-released Microsoft operating system, is vulnerable to 80 per cent of viruses comes as no surprise says Fortify, the application vulnerability specialist.
"Chester Wisniewski’s observations that, on a clean machine, Win7 became infected with eight out of the ten viruses tested sounds bad, but, in our opinion, this is indicative of the sheer volume of code that goes into operating systems today," said Richard Kirk, Fortify’s European director.
"When you factor in the issue that there are often more than a million lines of code in a typical Windows application, you begin to understand the scale of the problem for software developers," he added.
According to Kirk, the only piece of good news to come out of the Win7 vulnerability reports is that two of the eight pieces of malware loaded in the tests did not run correctly under the new operating system.
And, he went on to say, since there are a range of free-to-use anti-malware applications - as well as a plethora of low-cost pay-for IT security suites available - the problem is not a major one for most Win7 users.
When you realise that most new machines come bundled with some form of IT security software, it’s not such a big deal, Mr Kirk explained.
"The volume of code-auditing and checking that is required for a modern operating system and its applications software is a big deal, however, and one that companies using customised or in-house-developed applications should be aware of," he said.
"This is one of the reasons our company was founded and, as our growing base of clients have discovered,addressing security issues throughout the software development process can save a lot of grief further down the line," he added.