In a blog posting, Austin Wilson, director of Windows product management security at Microsoft, wrote “we reject” the PC Tools claim that Windows 2000 is more secure than Windows Vista.
“Windows Vista is significantly less susceptible to malware than older operating systems,” he wrote.
He cited the company's recently released Security Intelligence Report, which reported “44 percent fewer Windows Vista-based computers than Windows 2000 SP4 (Service Pack 4) computers and 77 percent fewer than computers running Windows 2000 SP3.”
And in a related post, security blogger Dennis Kudin claimed that any comparison of Vista to Windows 2000 is specious, because most malware strikes through browsers -- and Windows 2000 cannot install the latest version of Internet Explorer (IE).
According to Kudin, “Users of Windows 2000 cannot install IE 7.0. Some of the security work in IE7 relies on operating system functionality in XP SP2+ that is non-trivial to port back to Windows 2000. In other words, there is no version of IE7 for Windows 2000.”
Kudin also claims that “really serious threats, which can lead to complete remote control of a target system by an attacker, should be considered [most dangerous]. As a rule, they are installed on a system kernel level and require administrative privileges. Most Windows 2000 users work as administrators by default, so they are vulnerable to any kind of threats.”