In late March, when security researchers stumbled upon drive-by download attacks exploiting yet another serious Windows hole, they had an eye-opening surprise: The vulnerability--caused by the way Windows handled animated cursor (.ani) files--didn"t affect just Windows XP. It also hit Vista, Microsoft"s new security-centric operating system. Security experts still proclaim Vista a major improvement over previous Windows versions, and readily say that its important new safety features--including an improved firewall, a "Protected Mode" for Internet Explorer, and User Account Control--make it much more resistant to the most common forms of spyware and malware.
However, this latest flaw (now fixed) is a major black eye for Microsoft; along with two other critical security patches issued for Vista in its first three months on shelves, the problem has tarnished Vista"s security sheen (see "Vista"s Vulnerabilities" for details). The new OS may be safer, but its users must still be on their guard.