Windows Vista Is Immune to Existing Malware

Jim Allchin, Microsoft Co-President, Platform and Services Division has revealed that Windows Vista operating system is immune to the malicious code currently in existence. But let me clarify this statement. And in order to do so, I must point you to this article that exemplifies the first malware for Windows Vista.

On 29 November 2006, security company Sophos has publishes a list with a ranking of the top ten malware threats from that month. You are able to see a graphic of that report in the image at the bottom of the article. Here are the malware instances that have made it to Sophos's top ten, in descendant order: W32/Stratio-Zip, W32/Netsky-P, W32/Bagle-Zip, W32/Zafi-B, W32/Netsky-D, W32/Nyxem-D, W32/MyDoom-O, W32/Mytob-C, W32/Sality-AA and W32/Zafi-D.

On that occasion - that preceded the official business launch of Windows Vista by just a single day - Sophos had tested these malware items on Windows Vista and reported that: "Sophos experts note that on the launch date of Microsoft's Windows Vista operating system, three of the top ten - including Stratio-Zip - are capable of bypassing the operating system's security defences and infecting users' PCs. The Vista-resistant malware - W32/Stratio-Zip, W32/Netsky-D and W32/MyDoom-O - comprise 39.7% of all malware currently circulating."

Jim Allchin contradicted Sophos, revealing that none of the ten malware examples mentioned by the security company have even the slightest impact on Windows Vista: "I asked the team to go look at the technical facts behind the story, and that started in the lab. We began by observing first-hand how these various forms of malware affect a Windows Vista system using a machine that was configured with the default settings and without any additional security software. What we found was that if you are using only the software in Windows Vista (e.g., Windows Mail and no add-on security software), then you are immune to all ten of the malware threats that Sophos cited."

However, Allchin revealed that, in scenarios where third-party software is introduced in the operating system, Windows Vista is only immune to eight of the ten malware threats: "If you are using Microsoft Outlook or a third-party email client that blocks execution of known executable formats, then a user running Windows Vista is not vulnerable to eight of the ten malware threats. In the case of the ninth piece of malware, Bagle-Zip, the malware is able to run because it uses the .ZIP file format which some mail programs do not block. In the case of the tenth piece of malware, Mydoom-O, the malware is sometimes able to run because it randomly chooses the file type to which to distribute its payload and sometimes that file type is an executable inside a .ZIP file, which some mail programs do not block."

In the cases where Windows Vista can be compromised by Bagle-Zip and Mydoom-O, Allchin explained that the fault lies within the e-mail application and not in the operating system: "In both cases, this is a function of the e-mail software, not Windows Vista. That said, even when a user receives a mail infected with Bagle-Zip or Mydoom-O in the .ZIP file format, in order for the malware to affect the system, the user must first explicitly open the .ZIP file and then explicitly run the executable file that's contained inside the .ZIP file -- there is no way for this to happen without two steps of user action. If you happen run a third-party email client that does not block known executable formats, then you may also be vulnerable to Netsky-D."