Shout It From The Rooftops: Vista's More Secure

In a Wednesday blog post, Austin Wilson, director of Windows Client Security Product Management at Microsoft, said features like User Account Control and stronger security in Internet Explorer 7 have contributed to Vista's solid security track record.

In its first year on the market, Vista had far fewer fixed and unfixed security vulnerabilities than did Windows XP in its first year: 36 fixed/30 unfixed for Windows Vista vs. 68 fixed/54 unfixed for Windows XP, according to Wilson.

"I think that it's fair to say that Windows Vista is proving to be the most secure version of the Windows to date," Wilson wrote.

In Vista's first year, Microsoft issued patches on 9 separate occasions, compared to 26 occasions during XP's first year, wrote Wilson. In addition, there were three different months in the past year when Microsoft issued patches for XP but didn't issue any for Vista, Wilson wrote.

The combination of Internet Explorer 7 running on Vista protects users' personal information, thwarts phishing attempts, and improves the security of Web transactions by virtue of IE7's support for Extended Validation SSL Certificates, wrote Wilson.

Ric Lollar, a network administrator at Acropolis Technology Group, Wood River, Ill., has cleaned "hundreds and hundreds of malware, spyware and Trojan infections" from PCs over the past year, but not a from single Vista machine.

"I'm very impressed with Vista's built-in ability to ward off browser hijacks, changes to system files and processes and other infections," said Lollar.

User Account Control, which reduces application privileges from administrative to standard levels, has been instrumental in helping Vista fend off certain types of malware that have plagued earlier versions of Windows, wrote Wilson.

However, UAC has been widely criticized for being too active and for interfering with the normal functioning of the OS. But despite its lackluster image, UAC does make people aware of what trouble they could potentially be getting into, says Scott Cayouette, president of IPW Networks in Pompano Beach, Fla.

"UAC doesn't take away the problem of people being impatient and clicking on things, but alerts don't come up that often, and unless you change something, you're rarely going to see it," said Cauyouette.

Of the 23 security bulletins Microsoft has released for Vista thus far, 12 have described a lower impact for users that aren't operating with administrative privileges, which Wilson cites as proof that UAC is having the desired effect.

"This is a great illustration of the importance of User Account Control and why we included it in the product," Wilson wrote.