14 DAY TRIAL // While Microsoft has never went so far out on a limb as to claim that Windows Vista was a "sea of tranquility" in the threat environment, Apple on the other hand had no issues doing it, the company did introduce its latest operating system as the most secure of its Windows iterations to date. Bringing to the table an increased arrays of mitigations including User Account Control, Internet Explorer 7 Protect Mode, address space layout randomization, Kernel Patch protection, driver signing etc., at the end of its first year on the market Vista managed to come out on top of Windows XP in terms of security.
"Infection rates observed by the MSRT are significantly lower among Windows Vista and Windows XP SP2 systems than among older Windows operating systems. The MSRT has cleaned malware from 60 percent fewer computers running Windows Vista than from computers running Windows XP SP2, and 91.5 percent less malware than from computers running Windows XP without any service pack installed", Microsoft revealed in the Security Intelligence Report for the first six months of 2007.
The statistics have been delivered as proof that Vista is indeed an evolution compared to XP. But at the same time, as the Redmond company will increasingly bulletproof the operating system through the close integration of the Secure Development Lifecycle into the building process of the platform, the threat environment will focus on alternative attack vectors. And in this context, third-party applications designed to run on top of Vista provide an excellent avenue for attack. Citing data centralized by the Personal Software Inspector, Jakob Balle, Secunia IT Development Manager, revealed that 20% of applications were insecure.
"More than 20% of all applications installed on users PC's have known security flaws but the user have yet to install the patch provided by the vendor of product. The 1 in 5 ratio/20% is based on the first scan of more than 14,500,000 actual applications installed on end-user computers. It is not a number taken out of thin air nor generated by a marketing department. On the 18th of December we launched a new, revised, and much improved version of the free Secunia PSI, which makes it much easier for both novice and expert users to patch their computers", Balle explained.