Vista Security Debate Continues with Follow-Up Study
Security software vendor PC Tools on Friday fired the latest salvo in the argument
over whether Windows Vista is as secure as Microsoft says it is.
The Sydney, Australia-based company even went so far as to release
early on Friday morning what it called "additional research" to support
its contention that Vista "is still a long way from immunity to online
"PC Tools maintain[s] that Vista is not immune from online threats,"
wrote Simon Clausen, chief executive of PC Tools, in an e-mail statement to
Redmondmag.com on Friday. "Further research and analysis has confirmed
our contention that additional third-party protection, even if it isn't our
products, is absolutely necessary for all Windows Vista users."
These latest comments from Clausen -- as well as those made
on Wednesday by PC Tools Vice President Michael Greene -- are a direct response
to a Windows Vista Security blog
posting by Microsoft staffer Austin Wilson that purported to debunk PC Tools'
For its part, PC Tools is now claiming that further examination of its raw data
and research methods indicate that 121,000 pieces of malware were detected on
about 58,000 Vista machines (this is according to data obtained by downloading
the malware count from the company's ThreatFire malware detection program).
Moreover, the follow-up study found that these same Vista computers "had
at least one piece of malware actively running on their system."
As for the types of malware detected on Vista-based machines, PC Tools said
17 percent of all the threats were Trojans, 5 percent were worms, 3 percent
were spyware and 2 percent were various viruses.
In the study's summary, PC Tools contended that Microsoft's Malicious Software
Removal Tool "is not a comprehensive anti-virus scanner" in that it sweeps away malware only for "a limited range of 'specific, prevalent
The company is also not too keen on Redmond's assertion this week that its
conclusions were not only inaccurate but were also not an indication of increased
vulnerabilities in Vista; rather, in the words of Microsoft evangelist and TechNet
blogger Michael Kleef, they were merely an indication of "poor user behavior."
"The number of virus infections found by a virus vendor does not necessarily
equal poor security," wrote Kleef in a blog
post. "If I, despite all prompting and consent behavior, choose to
go to a (probably dodgy) Web site, accept the ActiveX control prompts to download
(probably dodgy) code and I actually choose to execute that code, then I'm hosed.
I'm now at the mercy of whatever code I've chosen to run."
PC Tools' Clausen countered in his e-mail that "because the technology
we use to detect and identify malware is behavioral-based, the data refers to
threats that actually executed and triggered our behavioral detection on the
Kleef wrote further: "It's not like the application developer community
didn't know about writing for least privilege. We made it pretty clear over
a number of years not to write to protected parts of the OS." Like many
Microsoft security personnel, Kleef invoked Vista's User Account Control (UAC)
component as a safeguard against most attacks.
Clausen said he had an answer for that, too: UAC's frequent intrusion alerts
tend to compel users to ignore the alert information and unwittingly let threats
"UAC is limited in the number of activities it monitors because malware
can also penetrate the operating system by evading detection," Clausen
While the banter between Vista security detractors and Microsoft continues,
IT pros can find solace in shoring up their firewalls and also patching
vulnerabilities that best fit the risk profile of their individual enterprise.
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.