http://www.nzherald.co.nz/windows-7/news/article.cfm?c_id=1502845&objectid=10607265

Windows 7 'vulnerable to 8 out of 10 viruses'
2:07PM Wednesday Nov 04, 2009

Security specialist Sophos warns to get virus protection for your shiny new copy of Windows.
"Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up."

http://blogs.zdnet.com/security/?p=4222&tag=nl.e550

Windows 7, Vista exposed to 'teardrop attack '

Exploit code for a remote reboot flaw in Microsoft’s implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95.

SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality.

http://blogs.msdn.com/aaron_margosis/

The new “LUA bug” of Vista/Win7

It's kind of a 50-50. The vast majority of users were using an admin account before the advent of Vista, but it's not like EVERYBODY was eventually compromised because of that. On the other hand, I always have felt that using a user account with UAC was an improvement that I appreciated. It was just unfortunate that users couldn't become acclimated to it. If I go on 7, I plan to use a user account and UAC with the normal settings, not compromised.

In the end, though, it's still M$'s fault. They knew 10 years ago or more that they were having this permissions problem and couldn't come up with anything until Vista. If they had made what they say is a major security vulnerability a major issue right from the beginning, users today would be acclimated to something like this system and most wouldn't even remember the day when they had to run an admin account to get anything accomplished. But, when you rush everything out and most of your innovation comes from absorbing other companies, I think it's to be expected.

http://blogs.zdnet.com/hardware/?p=4627&tag=nl.e539

Should "Standard User" be the default in Windows 7?

The problem with systems running with these two settings is that it’s possible to use a code-injection vulnerability to silently run code or other applications with administrative privileges behind the user’s back. Even Windows super-guru Mark Russinovich acknowledges that a problem exists

Physical access to a computer isn't just a Windows 7 security issue - it has always been an issue (particularly vulnerable to the "Steal the computer attack")

http://www.governmentsecurity.org/hacking_physical_access

And refer to Law 3 of the oft quoted "10 Immutable Laws of Security"

Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore

Clearly the "security researchers at HITB event" are doing some groundbreaking research (with some more funding they will discover "that opening strange email attachments can result in system problems")

Hmm... might be a problem in corporations. But I can't imagine me not finding out if my friend came over and was being sneaky on my computer with Vbootkit.

If someone were to gain physical access to a Windows 7 PC, he can control the PC - according to security researchers at HITB event.

Link: http://www.cio.com/article/print/490413