Vista Security Debate Continues with Follow-Up Study

Security software vendor PC Tools on Friday fired the latest salvo in the argument over whether Windows Vista is as secure as Microsoft says it is.

The Sydney, Australia-based company even went so far as to release early on Friday morning what it called "additional research" to support its contention that Vista "is still a long way from immunity to online threats."

"PC Tools maintain[s] that Vista is not immune from online threats," wrote Simon Clausen, chief executive of PC Tools, in an e-mail statement to on Friday. "Further research and analysis has confirmed our contention that additional third-party protection, even if it isn't our products, is absolutely necessary for all Windows Vista users."

These latest comments from Clausen -- as well as those made on Wednesday by PC Tools Vice President Michael Greene -- are a direct response to a Windows Vista Security blog posting by Microsoft staffer Austin Wilson that purported to debunk PC Tools' findings.

For its part, PC Tools is now claiming that further examination of its raw data and research methods indicate that 121,000 pieces of malware were detected on about 58,000 Vista machines (this is according to data obtained by downloading the malware count from the company's ThreatFire malware detection program). Moreover, the follow-up study found that these same Vista computers "had at least one piece of malware actively running on their system."

As for the types of malware detected on Vista-based machines, PC Tools said 17 percent of all the threats were Trojans, 5 percent were worms, 3 percent were spyware and 2 percent were various viruses.

In the study's summary, PC Tools contended that Microsoft's Malicious Software Removal Tool "is not a comprehensive anti-virus scanner" in that it sweeps away malware only for "a limited range of 'specific, prevalent malicious software.'"

The company is also not too keen on Redmond's assertion this week that its conclusions were not only inaccurate but were also not an indication of increased vulnerabilities in Vista; rather, in the words of Microsoft evangelist and TechNet blogger Michael Kleef, they were merely an indication of "poor user behavior."

"The number of virus infections found by a virus vendor does not necessarily equal poor security," wrote Kleef in a blog post. "If I, despite all prompting and consent behavior, choose to go to a (probably dodgy) Web site, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code, then I'm hosed. I'm now at the mercy of whatever code I've chosen to run."

PC Tools' Clausen countered in his e-mail that "because the technology we use to detect and identify malware is behavioral-based, the data refers to threats that actually executed and triggered our behavioral detection on the client machine."

Kleef wrote further: "It's not like the application developer community didn't know about writing for least privilege. We made it pretty clear over a number of years not to write to protected parts of the OS." Like many Microsoft security personnel, Kleef invoked Vista's User Account Control (UAC) component as a safeguard against most attacks.

Clausen said he had an answer for that, too: UAC's frequent intrusion alerts tend to compel users to ignore the alert information and unwittingly let threats slip through.

"UAC is limited in the number of activities it monitors because malware can also penetrate the operating system by evading detection," Clausen added.

While the banter between Vista security detractors and Microsoft continues, IT pros can find solace in shoring up their firewalls and also patching vulnerabilities that best fit the risk profile of their individual enterprise.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

  • Microsoft FastTrack Support Extended to Microsoft 365 Defender Solutions

    The Microsoft FastTrack support program has been extended to Microsoft 365 Defender products for certain qualified subscribers, Microsoft indicated this week.

  • Microsoft 365 File-Size Support Expanding to 250GB

    Microsoft 365 users will be getting expanded file-size support, allowing files to be shared that are 250GB maximum in size, per a Microsoft announcement this week.

comments powered by Disqus