Malware writers and security developers are in a perpetual face-off, but only one side has the upper hand. The release of Windows Vista at the end of January will do nothing to shift the advantage in the favor of the security developers. Moreover, according to Tim Eades, senior vice-president of sales at security company Sana Security, malware writers have gone to extensive efforts to transition their code to Windows Vista, while the security industry is lagging behind in this aspect.

Following similar initiatives from Symantec and Sophos, Sana Security is approximating that no less than 38% of the existing malicious code has been ported on Vista. Symantec and Sophos both confirmed that a portion of the current malware is compatible with Windows Vista.

And, in fact, so did Microsoft. Through the voice of Jim Allchin, Microsoft admitted that existing instances of malware are compatible with the operating system. However, Allchin passed the blame to third party applications integrated with Vista and to social engineering, for the operating system's exposure.

However, Eades also added that delivering security solutions compatible with Windows Vista is problematic. That is in fact not the case. Microsoft recently announced that all the major security developers have lined up to offer full support for Vista prior to the operating system's general availability.

The fact that Windows Vista is vulnerable is nothing new, although the percentage presented by Sana Security is, as it is marking the evolution of the threat environment. Although Vista shares the same codebase with Windows Server, this does not make the operating system immune to malware.