Home / News & Blogs

Microsoft blames users for Vista infections

Tom Espiner ZDNet.co.uk | May 16, 2008 7:17 AM PDT

Summary

In countering claims Vista is less secure than Windows 2000, Microsoft has said the 'complacency' of users is to blame for infection rates

Topics

Secure, Infection, PC Tools, Microsoft Windows Vista, Microsoft Corp., Michael Kleef, Microsoft Windows, Microsoft Windows 2000, Microsoft Windows Vista (Longhorn), Operating Systems, Software, Tom Espiner ZDNet.co.uk, security, Vista, malware, infections, Windows 2000, threats, Microsoft
Microsoft has claimed user "complacency" is to blame for malware infections, and denied that its Vista operating system is less secure than Windows 2000.

The claim that Vista is less secure than Windows 2000 was made last week by security vendor PC Tools, which said that over the past six months Vista had suffered 639 unique threats, whereas Windows 2000 has suffered 586. PC Tools's research was conducted by collecting data from customers using its ThreatFire behavioral detection software.

"Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date," said Simon Clausen, the chief executive of PC Tools last week.

"However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight-year-old Windows 2000 operating system, and only 37 percent more secure than Windows XP," Clausen said.

However, Microsoft strongly hit back at the claims, blaming users for executing malicious code on their machines. On Tuesday, Technet blogger and Microsoft evangelist Michael Kleef said the number of infections found by PC Tools was an indication of poor user behavior.

"The number of virus infections found by a virus vendor does not necessarily equal poor security," wrote Kleef in a blog post. "In many cases it equals poor user behavior. If I, despite all prompting and consent behavior, choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code then I'm hosed."

Kleef claimed the number of infections was not purely the operating system's fault, but said that "in some cases it's the user and their lack of knowledge and their implicit 'it-won't-happen-to-me' complacency" that causes them to get infected.

Kleef's comments followed on from a blog post on Friday by Austin Wilson, the director of Windows Client Security Product Management, which also denied that Vista was less secure than Windows 2000. Wilson said results collected from over 450 million uses of Microsoft's Malicious Software Removal Tool (MSRT) and published in Microsoft's most recent Security Intelligence Report show Vista is more secure than Windows 2000.

"Our results published in the April 2008 version of the Security Intelligence Report show that Windows Vista is significantly less susceptible to malware than older operating systems," wrote Wilson in the blog post. "Using proportionate numbers, MSRT found and cleaned malware from 44 percent fewer Windows Vista-based computers than Windows 2000 SP4 computers and 77 percent fewer than from computers running Windows 2000 SP3."

Talkback Most Recent of 207 Talkback(s)

  • yes, yes. yes
    Just blame everything on the users. Its like if Honda came out and said: "Well our car is the safest we ever build, but since so many people drive and crash it, the car safety rating went down."

    Just another reason to switch to Mac OSX. Apple would never blame its users on something so crucial.
    ZDNet Gravatar
    exxtraz
    16th May 2008
  • You are 100% right
    Apple would never blame its users on something so crucial.

    No, they would simply deny that that the security hole existed at all! Apple seems to be more a fan of:

    1. Putting out the only OS to get owned within 2 minutes using nothing more than what comes on the OS X install disc.

    2. Lying about the color capability of their monitors.

    3. Bricking the phones of those who dare unlock them.

    4. Stealthily installing Safari on Windows computers.

    5. Shipping products with malware targeting Windows.

    6. Putting Mac resellers out of business by withholding stock when they want to open an Apple Store in the area.

    7. Using non replaceable batteries that die within months and then refusing to do anything about it until their customers launch a class action suit about it.

    8. Deny that their clear Cube cases ever crack and instead calling the long crack like lines "a side effect of the injection mold process".

    etc. etc. etc. happy
    ZDNet Gravatar
    NonZealot
    16th May 2008
  • Mostly true but...
    ...still oughtweighed by the fact that I've been running OS X since 10.0.0 with no protection at all against viruses and spyware and have not had had any problems (haven't ever had to reload my OS either). Like the credit card ad says - Priceless!
    ZDNet Gravatar
    gfeier
    16th May 2008
  • I've had the same experience with Windows and Linux
    Running Windows since 3.1 without any anti-malware on my home PC and have not had any problems either. Running Linux on my home server and on my media PC without any anti-malware and again, haven't had any problems.

    Like the credit card ad says - Priceless!

    You said it! Macs are expensive! I got the same trouble free experience at half the price. Yay me! happy
    ZDNet Gravatar
    NonZealot
    16th May 2008
  • I see that you , like L.D. have finally embraced LINUX ,,,
    Since when zealot ?
    ZDNet Gravatar
    AdventTech67
    16th May 2008
  • Not exactly...
    When I ordered my original Mac Pro, it was less expensive than any available PC with a similar configuration.
    ZDNet Gravatar
    gfeier
    18th May 2008
  • Same here
    Except, it has been an XP PC on my home network running without AV or antimalware for over two years with no indications of viruses or malware. No weird processes running and restarting, no pop-ups, and performance seems roughly as good as it did when I built the system, so I have to assume it is clean.

    I believe that Win98 could be run unprotected indefinitely and not become infected if the user knows what risks to avoid, so there seems to be some truth to the notion that an OS is only as secure as the user allows it to be. The important thing to remember in an enterprise environment is to lock these suckers down to protect the users from themselves. The user is the weakest link in the security chain.
    ZDNet Gravatar
    Your Mom 2.0
    22nd May 2008
  • Sounds like my experience with Windows.
    AS a matter of fact the first thing I did when I got this new PC was remove the A/V software. Been running A/V free since day one back in 1990.
    ZDNet Gravatar
    ye
    16th May 2008
  • I assume it was not connected...
    to the Internet... happy

    This is from my experience at work:
    I opened HP machine, I connected it to the corporate LAN, I went to Microsoft site to get latest updates... Guess what? wink

    RIGHT - it was infected. Right out of the box.

    You can lol as much as you wish. The story continues - I opened another box with Windows, booted it, connected to the corporate LAN, went to MS for updates... Guess what? wink

    RIGHT - it was infected.

    Neither of machines stand longer than 10 minutes connected to the Internet. Do not blame me - my family gaming Windows machines (3 - for every family member) at home are not infected, I know how to protect them. happy

    What I am saying - your mileage may vary if you are using firewall in router/DSL/Cable modem.

    It was my XPerience (SP1)... sad

    Why I am writing - because it was SO UNBELIEVABLE! happy
    ZDNet Gravatar
    Solid Water
    16th May 2008
  • Both examples are almost four years old and...
    ...show your ineptitude wrt Windows. With the release of SP2 back in the summer of 2004 this is no longer a situation. You must have been using pre-SP2 media. Use media that has SP2 integrated or make your own (a recent article by AKH of ZDnet shows you how to do it easily).

    If that's too much trouble build the system disconnected from the network. Once done enable the firewall, go obtain your updates.

    Can't be bothered to do either? Fine...but don't blame Microsoft for your laziness.

    Oh, and the answer to your lame question (like we've never heard it before) is: Yes, it was connected to the Internet.
    ZDNet Gravatar
    ye
    17th May 2008
  • Better still, use Linux
    Then you won't have to worry about any of this garbage.
    ZDNet Gravatar
    hasta la Vista, bah-bie
    20th May 2008
  • since day one of Vista
    Also no Virus protection, no infections, no spyware, no reloading of the OS. Still running like the energizer bunny. wink

    Guess that kills your argument.... /boggle
    ZDNet Gravatar
    Khyron
    19th May 2008
  • Corporate America?s rejection of Vista
    http://www.msnbc.msn.com/id/24596745/from/ET/

    Corporate America?s rejection of Vista
    Many companies delay or denounce Microsoft?s flagship product

    By Aaron Ricadela
    updated 11:34 a.m. ET, Tues., May. 13, 2008

    General Motors may take a detour around Vista, the latest computer operating system from Microsoft. The automaker has encountered so many speed bumps getting Vista to work on its machines that it may just wait for the next version of Windows, due in 2010 or 2011.

    Looks like the Energizer Bunny tripped up.
    ZDNet Gravatar
    Ole Man
    19th May 2008
  • Try this...
    Indulge in high risk online activity like the kind discussed in the article:

    "choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code"

    Now, despite the fact that we all know nobody bothers to create any significant amount of malware for OSX, there have been reports from time to time of potential risks in OSX and Safari. But the risks to OSX and Safari typically come by way of the afore mentioned reckless online behaviour; and rightly so, Apple enthusiasts laugh in the face of people who suggest that OSX is at any kind of serious risk itself if potential vulnerabilities have to use social engineering and reckless online behaviour to get malicious code on the system. We also all know there is no way yet known to stop malicious code from executing on any system or OS if the user invites it in and hits "execute", and then promptly ignores all warnings.

    So lay off the poorly thought out claim that safe online usage of an Apple computer, or a Linux box compares in any way to some self destructive jackass using Vista to explore questionable websites to download and purposely install infected files and then run them while ignoring warnings.

    I can say with all confidence, that if Apple sold enough computers to matter in the real world there would not only be some hackers who would take an interest and create some nasty viral material for OSX, there would also be at that point just enough of the population actually using Apples that there would be some Apple using idiots who would install the viruses just the same as the Vista using idiots now do.
    ZDNet Gravatar
    Cayble
    19th May 2008
  • This Dude is a SERIOUS Windows Junkie
    Feel free to ignore his post
    ZDNet Gravatar
    swbobcat
    19th May 2008
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity