The argument between Sophos and Microsoft over the security of Windows Vista took another turn on Tuesday when Microsoft co-president Jim Allchin stepped in to try and calm things down.
The dispute was started at the end of November when security software vendor Sophos published its "top 10 threats" for the coming year, and included three potential threats to Vista — the internet worms labelled Stratio-Zip, Netsky-D and MyDoom-O.
According to Sophos, while companies running wholly Microsoft environments — Vista with other Microsoft software on top — would be secure, companies running third-party software would be vulnerable. Most organisations fall into that category, such as companies choosing to run IBM/Lotus Notes, instead of Microsoft Exchange.
Allchin argued in a blog posting on Tuesday that this is untrue, and that Vista can live happily alongside the right third-party security products. If individuals and organisations use their Vista or third-party security tools correctly, there is no reason for there to be any issues, he said.
Sophos's claims were made on the day that Microsoft launched its business versions of Vista, and they put the software giant on the back foot.
"Microsoft is aware of a report by Sophos that claims variants of existing malware may affect users running Windows Vista," the company had said in a statement published a few days after Sophos comments. "Based on our initial investigation, Microsoft can confirm that these variants do not take advantage of a security vulnerability, rather they rely on social engineering to infect a user's system."
In the comments he made on his blog on Tuesday, Allchin underlines the message that poor security practice is an issue, but maintains that third-party software is not at fault. He went to some lengths to emphasise that it is safe to use third-party security software with Vista.
Allchin used the example of his seven-year-old son and the steps Allchin has taken to protect him from threats when he is using the internet. He outlined a three-step approach arguing that first you should "stay current with the latest security updates (and in this case I urge you to use the recommended defaults included in Windows Vista)".
Secondly, "use a firewall", which can be Vista’s own or, "use a third-party solution that you can buy".
Finally, Allchin said, "use anti-malware software", and went on to recommend using a combination of Windows Defender "and an add-on antivirus software program such as Windows Live OneCare or one of the many great products available from third parties, such as Sophos."
