Microsoft hits back at Sophos for false claims on Windows 7

Last month, i.e. on October 22nd 2009, a test was conducted at Sophos Labs on Microsoft’s new operating system – Windows 7. The test was carried out to check if Windows 7 really matched its claims about the OS being more secured for virus, spyware and malware. Sophos claimed that the User Account Control (UAC) feature of Windows 7 bypassed 8 viruses out of the 10 that were tested. Further, it claimed that Windows 7 UAC’s default configuration is not effective at protecting a PC from modern malwares. You still need to run an anti-virus on Windows 7.

I was just waiting for something to happen from Microsoft end and after a long wait, yes it did happen. In a blog posting recently, Paul Cooke, Director of Windows Enterprise Client Security at Microsoft stated that the Sophos claim was deceptive and bogus. Further he adds that, “This test shows that most people don’t knowingly have and run known malware on their system. Malware typically makes it onto a system through other avenues like the browser or email program. So while I absolutely agree that anti-virus software is essential to protecting your PC, there are other defenses as well.” “I do agree that you still need to run anti-virus software on Windows 7,” Cooke noted, “but it is equally important to keep all of your software up-to-date through automatic updates, such as through Windows Update service.”

Now to the main point – I absolutely agree with what Paul Cooke has to say in terms of securing your PC. Being in the IT industry since 20 years now and moreover having given consultancy in Infrastructure Security to number of organizations, I’ve only seen that 40% to 50% of the problems faced by an organization are due to un-patched system, pirated software and out-of-date anti-virus signatures. In fact, when we install Windows Vista or Windows 7 on a PC, the operating system keeps on alerting via its Windows Security system if Automatic Updates are not configured or if the PC is missing an anti-virus solution. If that is the case, the question is – when and where did Microsoft claim that the new version of their Operating System Windows 7 does not require an anti-virus? If you know the answer to this, I would like to hear back from you.

  1. Hello Vishal,

    Thank you so much…. 🙂

    Adding domain to the Accepted Domain list in Exchange 2010 It is working…

    But i have to get 1 more Live IP it’s not working through publishing exchange server in ISA.

    I think it’s not working because my virtual machine 3 has live IP but modem configuration is like is modem IP & is my virtual machine 3 IP & if I publish my exchange server its like

     New mailserver publishing rule =
     server to server communication: SMTP, NNTP
     SMTP, Secure SMTP & NNTP
     Server ip address =
     Network listener ip = (External) but it should be live IP eg (

    Am I right?

    1. Hi,
      I think the network listener IP should be live ip else external requests will not identify ( &

      1. Have you tried forwarding all traffic from your modem to your internal IP address on the External Adapter of ISA?

  2. Hello Vishal,

    There are some problems like my AD server name is full name is

    So when i create new user in mailbox it’s like,,

    but i want that like is not my domain my domain name is like i wan to run this exchange in so do i have to uninstall AD and exchange 2010? And then create it again by name like ( ??

    so many canfusan don’t know how to make DNS entry for the same.

    In DNS >>

    NS = IP =

    Host A = IP =

    MX = 10

    If i want to access it from out side then what will be my mail server address ? i know i can’t access using or

    Can u please assist me if you want more info i will tell you.

    1. Hi,

      There is no need to remove AD and Exchange. Do this:

      – Add your company domain to the Accepted Domain list in Exchange and set it to Authoritative Domain.

      – You can then go to the account’s mailbox and remove the Automatic Update Email Address Based on Recipient Policy check box. Once done, add a new SMTP address with the format of “” and make it Primary.

      That’s it. You should now be able to send and receive emails on your company’s domain name. Moreover, I would recommend setting a New Email Address Policy in Exchange 2007 to automate this task for you whenever a new mailbox is created.

  3. Hello Vishal,

    Thanks for your quick reply. 😉

    I think 3rd one will be fine I have never done that before but let me try.

    I will post again when I make this thing running.

    Again thanks.

    Have a great day ahead.

  4. Hello,

    It’s really nice blog 😀

    All the Exchange server & ISA server post’s are great.

    I have installed Exchange server 2010 x64 on server 2008 ENT SP2 x64.

    But problem is I am not able to make my exchange Live. Its working fine in my local lab on all local IP address I want to do that globally.
    My internet setup is like bellow.

    Server 2003 ent sp2 x86 –> I have installed Vmware server 2.0 & then created 3 virtual machine.

    LAN setup in my VMWARE server.

    (Local LAN) NIC1 =

    (INTERNET 1) NIC2 =

    (INTERNET 2) NIC3 =

    (INTERNET 3) NIC4 =

    * NIC4 Internet connection is having static IP address.

    virtual machine 1
    Server 2003 ent sp2 x86
    ISA server 2006
    NIC 1 =
    NIC 2 =

    virtual machine 2
    Server 2003 ent sp2 x86
    ISA server 2006
    NIC 1 =
    NIC 2 =

    virtual machine 3
    Server 2003 ent sp2 x86
    ISA server 2006
    NIC 1 =
    NIC 2 =

    So what should I do in my mail server DNS to point my all MX records to
    Virtual machine 3 (NIC 2 =
    My mail server local IP is

    If you have any solution let me know

    Also I have to create 3 ISA servers 2006 because I have three internet gateways. Do you have any solution for the same?

    1. Hi Darshan,

      Thanks for the comments. Glad that you like the posts and contents.

      For your setup, there are three options that I can think of as of now:

      [1] Get Live IP’s from your service provider/ISP and assign them to the Virtual Machines. Once you have a live IP assigned, you will be able to point your MX records to the same. This will allow you to send and receive emails directly on your exchange server. One thing to keep in mind here is that since all emails will be delivered directly, I strongly recommend an Anti-Virus and SPAM filtering solution at the SMTP Gateway level. Moreover, you will also need to monitor your Live IP to ensure that it is not listed in any of the DNS BlackLists.

      [2] You can keep running your exchange server on the internal IP address and use something like EFS or POP3 Connector to download emails from a catch-all account.

      [3] Publish your exchange server from an ISA server which has a Live IP address. Create rules for publishing Exchange services and one rule for SMTP delivery from Exchange to External. This is the best solution since you will not be exposing your Mail Server directly to the Internet.

      Hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like