We launched Windows Vista for Businesses End of November and for the public just a little bit more than one month ago - and now, it started, what had to be expected. The press, the analysts, and the community discuss about the security of Windows Vista, which is a great thing. There are - however - a few things I cannot understand and it might well be that you can help me:
I understand that it is in the core interest of security software vendors to give the impression that Windows Vista is flawed and needs a lot of additional work (aka tools, software) to protect. This leads to the the question: Is Windows Vista resilient against all Viruses, Worms, Bots, Trojan? Sure not! Nobody ever claimed it to be. Is Windows Vista more resilient against Virus attacks? But for sure! Does Windows Vista need additional software to be protected? Well, look back: We always said, in order to protect a system you need 1) a firewall 2) Software Updates and 3) An Anti-Virus software which is updated. This has not changed with Windows Vista.
The second point that strikes me, is the discussion about vulnerabilities. Everybody waits for Windows Vista bulletins in order to use this as a proof point that Windows Vista is not secure. This is nonsense. It is absolutely clear that there will be vulnerabilities in Windows Vista. Nobody ever made a different statement. But we are convinced that there will be significantly less critical and important vulnerabilities in Windows Vista - which has to be proved first, I have to admit.
Before we launched, I said that I was expecting the first 0day on Windows Vista to be published within the first few weeks. Not because the OS is flawed but because somebody has it ready and will publish it the moment we launch to show that we again did not get it. Well, we are now three months down the line and have not seen any :-)