Windows Vista by itself is immune to existing Windows malware, but third party email applications could compromise the operating system's security, Microsoft's co-president for the platform and services division charged in a blog posting.
The Windows chief responded to a study that security vendor Sophos published late November. The firm tried to infect a system running Vista with the ten most prevalent viruses of November 2006, and found that three of those were able to penetrate the operating system's defenses.
The study raised eyebrows because Microsoft typically touts Windows Vista security features as one of the software's top benefits.
Following the publication of the report, Microsoft tried replicating the Sophos study and found that none of the viruses was able to infect a bare system that only runs applications that are bundled with the operating system, including the Microsoft Mail application.
Systems running Outlook or another outside email client that supports Microsoft's Attachment Manager feature could fall victim to the Mydoom-O virus, provided that the online pest was sent in a .zip archive file. The user would then have to manually extract and execute its contents.
The Attachment Manager application programming interface (API) was first introduced as part of Windows XP service pack 2. It allows offers to scan attachments for email client and warns users against potentially unsafe file formats such as executables.
Email clients that lack support for the API can still introduce Trojans and other malware to Windows Vista without warning.
Allchin stressed however that users should still expect vulnerabilities to pop up in Windows Vista.
"I have […] stated that [Vista] is neither foolproof nor perfect; no software from anyone I have seen is," he wrote.
He cautioned users not to open suspicious email attachments and recommended that they deploy a firewall as well as anti virus software.
Microsoft blames Vista insecurity on third party applications
By Tom Sanders on Dec 21, 2006 9:14AM