A report from PC Tools last week claimed that Windows Vista was, in fact, more susceptible to malware than Windows 2000, an operating system Microsoft released almost a decade ago, and well before its Trustworthy Computing initiative:

Leading security software vendor, PC Tools, today released research confirming that the widely debated Windows Vista is still a long way from having immunity to online threats and that additional protection is essential.

"Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date. However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight year old Windows 2000 operating system, and only 37% more secure than Windows XP," said Simon Clausen, Chief Executive Officer, PC Tools.

PC Tools cautions that because Vista has a smaller market share than its predecessor, targeted attacks are less frequent. However, once Vista’s market-share increases, it is likely to become a more lucrative platform for attack.

Sensational. Widely reported.

Too bad it's all baloney.

Windows Vista and Malware

Recently there have been some questions raised about the susceptibility of Windows Vista to malware – specifically, that it’s more susceptible to malware than Windows 2000. I’d like to show why we reject that claim. We study the malware space very carefully and publish our results twice a year in the Security Intelligence Report. This report is compiled from statistics on malware infections based on over 450 million executions of the Malicious Software Removal Tool (MSRT) every month. Microsoft is a member of AMTSO (Anti Malware Testing Standards Organization) and its charter includes defining test methodology so that there is a minimum quality bar to all testing of this type.

Our results published in the April 2008 version of the Security Intelligence Report show that Windows Vista is significantly less susceptible to malware than older operating systems. In fact, from June – December 2007, using proportionate numbers, the MSRT found and cleaned malware from 60.5% fewer Windows Vista-based computers than from computers running Windows XP with Service Pack 2 installed. How about Windows 2000? Using proportionate numbers, MSRT found and cleaned malware from 44% fewer Windows Vista-based computers than Windows 2000 SP4 computers and 77% fewer than from computers running Windows 2000 SP3. Note that the Windows 2000 numbers include both Windows 2000 client AND server versions, while the Windows XP numbers of course are only clients. Servers tend to be less likely to get infected with malware.

This one is so obvious I'm embarrassed to even post this. Anyone who really believes that Windows 2000 is more secure than Windows Vista is--sorry--an idiot. There's just no kind way to say it.