Experts claim Vista security not fit for purpose

Security firm Webroot Software has attacked Microsoft over "numerous security flaws" which it claims to have uncovered in Windows Vista.

Webroot said that it has evidence of potentially ineffective blocking capabilities in Windows Defender, and weak antivirus capabilities in the default anti-spyware and antivirus components of Vista and Windows Live OneCare.

Gerhard Eschelbeck, senior vice president of engineering at Webroot, said " We want to make sure that users understand Vista's limitations, and warn them that Microsoft's default malware blocking application and antivirus programs may not fully protect them."

The company claims that Windows Defender failed to block 84 per cent of a testing sample-set that included 15 of the most common variations of existing spyware and malware.

In evaluating its ability to block spyware and malware before it has infected a user's machine, Webroot's Threat Research Team found that Windows Defender's performance was not in keeping with many third-party security applications.

Adware, potentially unwanted programs, system monitors, key-loggers and Trojans were able to reside on the testing environment undetected by Windows Vista.

One item of malware was able to install under administrator privileges, and run and capture keystrokes without any adaptation from its Windows XP operating environment.

Windows Defender did not detect the installation or the running application, Eschelbeck said.

Microsoft currently issues spyware definition updates for Windows Defender every seven to 10 days.

But Webroot said that its Threat Research Team identifies 3,000 new traces of spyware and other unwanted applications in a single month on average, and issues spyware definition updates on an hourly or daily basis as needed.

In addition, Webroot complained that antivirus protection is not free for Windows Vista users. They must purchase the Microsoft Live OneCare suite for $49.95 for antivirus protection.

"We understand that Microsoft's main goal is to provide a new operating system that generally improves users' computing environments, and we genuinely feel that Windows Vista accomplishes this," said Eschelbeck.

"However, as a company that serves on the frontline in the battle against spyware and cyber-crime, we feel strongly that, in order to provide the best protection for internet users, security must be their top and only priority.

"We hope that, by providing information on possible security weaknesses in Windows Vista, users will be able to make informed decisions about their computing security needs."