Machines running the beleaguered operating system are more likely to suffer from malware attacks than either Windows 2000 and Windows 2003, new research suggests.
An analysis of threat data collected over a six month period by security software developer PC Tools suggests that despite a bottom-up code rewrite and the uber-annoying User Account Control feature, Vista isn't doing as good a job as some of its predecessors in keeping hackers at bay. By PC Tools' calculations, based on analysis of 1.4 million computers which accessed its online ThreatFire community, 639 unique threats were found for each 1,000 Vista machines. For Windows 2000, the figure was 586, while for Windows 2003, it was 478.
"Since its launch, Microsoft has flagged the increased level of protection Vista provides as one of the key reasons why consumers should upgrade from Windows XP to Vista," PC Tools CEO Simon Clausen said in a release announcing the findings. "If Microsoft's forecasts for the operating system are correct and Vista's market share increases significantly, we could expect infection rates to increase further on Vista," said Clausen.
Microsoft can at least draw some comfort from the fact that Vista outperformed XP, which racked up a massive 1,021 unique threats per 1,000 computers. However, despite Clausen's comments, XP is not showing any signs of going away soon, remaining the only realistic option for Microsoft to get a foothold in the growing market for cheap and compact notebooks such as the ASUS EeePC
A large part of the problem may be because of how Microsoft has chosen to implement security alerts within Vista itself. Because Vista normally requires all applications to run in standard mode without administrative privileges, numerous programs, including many coded by Microsoft itself as a native part of the operating system, require user confirmation every time they're launched. In theory, this should alert PC owners of any backdoor attempts to install malware. In practice, many users either tune out those notifications and blindly accept them all, or switch the entire UAC infrastructure off.
Microsoft itself believes that the problem can be overcome by making consumers more aware of the difference. "We really need to improve user education," IT pro evangelist Michael Kleef told APC in a recent interview on the topic. Our five cents worth? Telling people that they need to adjust their behaviour is never going to be as effective as writing software that remains secure without nagging them every time they try and fix their WiFi connection.