Sophos Claim: One-Third Of November's Malware Can Breach VistaSophos Claim: One-Third Of November's Malware Can Breach Vista

As Microsoft touted Windows Vista's improved security at the operating system's U.S. launch on Thursday, a security vendor said that a third of the month's top 10 exploits can successfully infect a Vista-equipped PC.

"Vista's baseline protection is adequate, and the operating system will be great for people who don't have any protection at all, but there will continue to be the need for additional security," says Ron O'Brien, a senior security analyst with Sophos.

Although Vista's integrated e-mail client—dubbed Windows Mail to separate it from the now-defunct Outlook Express—stopped all 10 pieces of malware that made Sophos' November chart, three bypassed Vista's built-in defenses when a third-party e-mail client was used. The trio that managed to hit Vista—Stratio.zip (aka Stration), Netsky.d, and MyDoom.o—accounted for nearly 40% of the malware volume Sophos detected in the month.

"No operating system is 100% secure," says O'Brien. "But hopefully Vista will contribute to the decline in some types of malware."

Sophos' results echo comments made Wednesday by other security analysts, who predicted that new security techniques and technologies in the operating system will prevent some kinds of exploits, but do little to prevent social engineering-style attacks that rely on duping users into visiting Web sites or opening e-mailed file attachments.

"These aren't exploiting a vulnerability," notes O'Brien, but instead user interaction to infect or hijack a PC.

O'Brien says Vista would soon be in hackers' crosshairs. "It won't be long before cybercriminals develop Vista-specific malware or modify current threats to fit the bill," he predicts. "Stratio.zip, for example, remains on the top 10 due to constant, minor alterations to its code that force security systems to re-identify the malware."

Stratio.zip, which held the top spot and accounted for a third of all e-mailed malware in November, replaced the long-running big dog, Netsky.p, a worm that first appeared in 2004. "Netsky.p is proof that there are a large number of unprotected machines out there," says O'Brien. "Even the most basic [antivirus] protection would prevent Netsky from propagating."

Netsky.p, which took second place in Sophos' November top 10, accounted for 15.6% of all malware. Bagle.zip, Zafi.b, and Netsky.d held down the third through fifth spots, respectively.

In other security news Thursday, most of the major antivirus vendors announced that their product lines supported the just-introduced Windows Vista. Symantec and CA, for example, both touted new enterprise software that runs on Vista; the former said it would ship Vista-ready titles in December. Meanwhile, Trend Micro told customers that although it hadn't wrapped up Vista development, betas of its Vista-enabled antivirus title still were available.