SAN FRANCISCO, CA — Based on additional research, security software vendor PC Tools has restated its controversial contention, first voiced in early May, that Microsoft’s Windows Vista operating system remains significantly vulnerable to online threats. Microsoft immediately denied the original claims upon their publication and produced contradictory data.Based on threats detected and blocked within the company’s ThreatFire security software user base, PC Tools was able to determine a breakdown of threat types and severity.
“PC Tools maintains that Vista is not immune from online threats,” the company’s chief executive officer, Simon Clausen, noted in a prepared statement. “Further research and analysis has confirmed our contention that additional third-party protection is absolutely necessary for all Windows Vista users.”
According to PC Tools researchers, further analysis of the supplementary raw data confirmed approximately 121,000 pieces of malware were detected between November 2007 and May 2008 on approximately 58,000 unique Vista machines in the ThreatFire community. Each of the Vista machines had at least one piece of malware actively running on its system. By extrapolation, PC Tools made the bold statement that as many as 27-percent of all PCs running Vista have been compromised.
Additional investigation of the data also identified the types of malware detected on the Vista-based machines: 17-percent of all threats were Trojans, 5-percent were worms, 3-percent were spyware and 2-percent comprised viruses.
“Online threats such as Trojans, worms and spyware have the potential to seriously impact consumer privacy and security online,” Clausen said. “These threats can cause substantial damage by acting as backdoors for hackers to access personal and confidential information from the PC or for the PC to become integrated into a botnet and be used for malicious purposes.”
He also said the anti-virus industry remains split in its evaluation of PC Tools’ research.
“It is important to highlight that all systems used in the research pool were at the very least running PC Tools’ ThreatFire and that because the technology is behavioral-based, the data refers to threats that actually executed and triggered our behavioral detection on the client machines,” he noted.
Furthermore, in response to contradictory research data produced by Microsoft’s Malicious Software Removal Tool, Clausen said the MSRT is not a comprehensive anti-virus scanner, but a malware removal tool for a limited range of “specific, prevalent malicious software.”
“The Microsoft MSRT checks for a significantly smaller, specific range of malware than ThreatFire and other third-party products,” he said. “It is therefore not surprising that the percentage of infections detected by the Microsoft MSRT is significantly smaller than what ThreatFire has detected.
“It is also equally important to note that we regard the implementation of Microsoft’s [User Account Control] ineffective in providing protection against malware for two reasons. Firstly, UAC alerts are shown too frequently for non-malware, and therefore users are either simply ignoring the alerts and permitting all actions or turning the UAC off. One might argue that showing recurrent alerts for routine actions trains users to ignore the alert information and unknowingly let threats penetrate the system.
“Secondly, because the UAC is limited in the number of activities it monitors, malware can also penetrate the operating system by evading detection,” Clausen said.
