In a recent study by PCTools, Windows Vista was found to be far more vulnerable to malware than Windows 2000. These tests were run on both server and client editions of the operating system and the following statistics were provided: Windows Vista was found to allow 639 threats per thousand computers while Windows 2000 only was allowing 586.
Based on these statistics 64% of Vista users are in danger, however; only 59% of Windows 2000 users are in danger. These numbers seem damaging to Microsoft considering that Vista has been marketed as the most secure version of Windows to date. However, after a bit of examination, these statistics are not quite as blunt as they seem.
The 5% difference between the two operating systems is not a large margin. Also Dennis Kudin points out that software such as Internet Explorer 7 will not run on Windows 2000. Internet Explorer 7 provides security that requires newer service packs that Windows 2000 simply cannot run. This provides a whole new target for Vista that Windows 2000 does not have. Windows Vista provides the UAC (User Access Control) system to stop processes from being administrators without permission. Most Windows 2000 users ran under administrator by default, which would allow malware to be more effective.
Microsoft’s director of project management security, Austin Wilson, commented on his blog that Vista was tested fully and stated “We study the malware space very carefully and publish our results twice a year in the Security Intelligence Report. This report is compiled from statistics on malware infections based on over 450 million executions of the Malicious Software Removal Tool (MSRT) every month. Microsoft is a member of AMTSO (Anti Malware Testing Standards Organization) and its charter includes defining test methodology so that there is a minimum quality bar to all testing of this type.“
It seems that PC Tools may have been rather hasty in their claim, however; with all the “added security features” and testing that Vista has undergone a 64% infection rate seems to be a bit high. Even with the security provided by UAC and Vista’s built in security, Austin Wilson recommends, and rightfully so, that users still run firewall and anti-virus software.