Windows Vista more secure than XP, says security company

Computerworld - Microsoft Corp.'s Windows Vista is 37% more secure than its Windows XP ancestor, a security vendor claimed today, a rate it hinted was disappointing.

Using different data collection techniques, Microsoft has recently asserted that Vista is 60% more secure than XP.

For every 1,000 machines running Vista, security company PC Tools counted 639 unique threats over a six-month period, said Michael Greene, the firm's vice president of product strategy, on Friday. "A threat is actually when [malicious code] has penetrated the machine," Greene said. "The malware has to be on the machine to be counted by our ThreatFire community."

Vista's number is lower than the one for Windows XP. Users of PC Tool's ThreatFire behavioral-based anti-malware software who run the nearly seven-year-old XP reported 1,021 unique threats per 1,000 machines in the same six-month period.

"We wanted to find out how bulletproof Vista was," said Greene, noting that Microsoft has claimed Vista is significantly more secure than its predecessors. "The answer is that it is more secure than XP, but not so secure that you can give up on antivirus and other security software."

Ironically, the even older Windows 2000 is much more secure, by PC Tools' statistics, than Windows XP or Vista. ThreatFire users reported just 586 unique incidents of penetrated PCs per 1,000 machines during the six-month span.

But Greene essentially dismissed that number, or at least direct comparisons with XP or Vista. "It's a matter of what people are using as desktop machines," he said, adding that since ThreatFire targets consumers and Windows 2000 is rarely run as a desktop client outside of businesses, the unique threat per 1,000 doesn't necessarily mean that the old operating system was more secure.

Overall, Greene was disappointed in the stats for Windows. "I didn't think the situation would be this bad in general," he said, adding that Microsoft's claims that Vista is substantially more secure than XP doesn't jibe with the ThreatFire numbers.

"I don't think Vista is really any more secure than XP," he said. "People still need to practice safe computing and need to have good security software, and keep their machines patched and up to date."

Microsoft, however, has recently claimed that Vista is more secure than XP, and by a greater margin than what Greene and PC Tools allege. According to data collected during cleansing operations of the Malicious Software Removal Tool (MSRT) -- software that Microsoft updates monthly and feeds automatically to most Windows users -- 60% fewer Vista machines were infected by a recognizable piece of malware than PCs running XP during the second half of 2007.

Microsoft summarized its MSRT data in a security report published about three weeks ago. The report's key findings, as well as the full report, can be downloaded from Microsoft's site.

Read more about security in Computerworld's Security Knowledge Center.