Software giant Microsoft has claimed user "complacency" is to blame for malware infections, and denied that its Vista operating system is less secure than Windows 2000.
The claim that Vista is less secure than Windows 2000 was made last week by security vendor PC Tools, which said that over the past six months Vista had suffered 639 unique threats, whereas Windows 2000 has suffered 586. PC Tools's research was conducted by collecting data from customers using its ThreatFire behavioural detection software.
"Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date," said Simon Clausen, the chief executive of PC Tools last week. "However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight-year-old Windows 2000 operating system, and only 37 percent more secure than Windows XP," Clausen said.
However, Microsoft strongly hit back at the claims, blaming users for executing malicious code on their machines. On Tuesday, Technet blogger and Microsoft evangelist Michael Kleef said the number of infections found by PC Tools was an indication of poor user behaviour.
"The number of virus infections found by a virus vendor does not necessarily equal poor security," wrote Kleef in a blog post. "In many cases it equals poor user behaviour. If I, despite all prompting and consent behaviour, choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code then I'm hosed."
Kleef claimed the number of infections was not purely the operating system's fault, but said that "in some cases it's the user and their lack of knowledge and their implicit 'it-won't-happen-to-me' complacency" that causes them to get infected.
Kleef's comments followed on from a blog post on Friday by Austin Wilson, the director of Windows Client Security Product Management, which also denied that Vista was less secure than Windows 2000. Wilson said results collected from over 450 million uses of Microsoft's Malicious Software Removal Tool (MSRT) and published in Microsoft's most recent Security Intelligence Report show Vista is more secure than Windows 2000.
"Our results published in the April 2008 version of the Security Intelligence Report show that Windows Vista is significantly less susceptible to malware than older operating systems," wrote Wilson in the blog post. "Using proportionate numbers, MSRT found and cleaned malware from 44 percent fewer Windows Vista-based computers than Windows 2000 SP4 computers and 77 percent fewer than from computers running Windows 2000 SP3."
Talkback
They have said this about every version since 3.0. ActiveX has been a security hole since it's inception, and the fact that it is used in web sites is NOT the user's fault. Typically Micro$oft's own study found just the reverse.
Whom do you trust?
Java