Microsoft hits back at Vista security critics

Software giant Microsoft has claimed user "complacency" is to blame for malware infections, and denied that its Vista operating system is less secure than Windows 2000.

The claim that Vista is less secure than Windows 2000 was made last week by security vendor PC Tools, which said that over the past six months Vista had suffered 639 unique threats, whereas Windows 2000 has suffered 586. PC Tools's research was conducted by collecting data from customers using its ThreatFire behavioural detection software.

Vista: all the coverage...

1. Windows Vista SP1 finally a go

2. Microsoft slashes Windows Vista price tag

3. Microsoft: 'These programs won't work after Vista SP1…' 4. Some to get Vista SP1 this week

5. Vista SP1 finally ready for manufacture

6. Do US businesses want Vista at last?

7. Microsoft refreshes Vista SP1

8. Don't put Vista in schools, says education agency

9. Details of Vista SP1 revealed

10. Vista: Piracy rates half the level of XP, says Microsoft

Simon Clausen, the chief executive of PC Tools last week, said: "Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date. However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight-year-old Windows 2000 operating system, and only 37 percent more secure than Windows XP."

However, Technet blogger and Microsoft evangelist, Michael Kleef, hit back at the claims blaming users for executing malicious code on their machines, and said the number of infections found by PC Tools was an indication of poor user behaviour.

Kleef wrote in a blog post: "The number of virus infections found by a virus vendor does not necessarily equal poor security. In many cases it equals poor user behaviour. If I, despite all prompting and consent behaviour, choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code then I'm hosed."

Kleef claimed the number of infections was not purely the operating system's fault, but said that "in some cases it's the user and their lack of knowledge and their implicit 'it-won't-happen-to-me' complacency" that causes them to get infected.

Kleef's comments followed on from a blog post by Austin Wilson, the director of Windows Client Security Product Management, which also denied that Vista was less secure than Windows 2000. Wilson said results collected from more than 450 million uses of Microsoft's Malicious Software Removal Tool (MSRT) and published in Microsoft's most recent Security Intelligence Report show Vista is more secure than Windows 2000.

Wilson wrote in the blog post: "Our results published in the April 2008 version of the Security Intelligence Report show that Windows Vista is significantly less susceptible to malware than older operating systems. Using proportionate numbers, MSRT found and cleaned malware from 44 per cent fewer Windows Vista-based computers than Windows 2000 SP4 computers and 77 per cent fewer than from computers running Windows 2000 SP3."

Original article: Microsoft blames users for Vista infections from ZDNet UK