• Windows 7 Wallpapers
• Vista Wallpapers
• Windows Wallpapers

Michael Howard, who serves as the public voice for security in Redmond's software creation procedures, said he isn't thrilled about the MSRC's (Microsoft Security Response Center) conservative approach to rating the severity of vulnerabilities and made the argument that an "important" flaw in Vista should be downgraded because of things like UAC, /GS, /SafeSEH, ASLR.

These mitigations are not available in any other version of Windows.

"The MSRC folks are, understandably, very conservative and would rather err on the side of people deploying updates rather than trying to downgrade bug severity. So don't be surprised if you see a bug that's, say, Important on Windows XP and Important on Windows Vista, even if Windows Vista has a few more defenses and mitigations in place," Howard said in a blog entry that offered some predictions on how Vista will hold up to security scrutiny.

Microsoft's severity rating system is straightforward. For example, if a flaw can be exploited to allow the propagation of an Internet worm without user action, it will carry a "critical" rating even if defense-in-depth mitigations mean it's not wormable on Windows XP SP2 or Windows Vista.

This, in Howard's mind, will not provide an accurate measure of Vista's resilience if vulnerability counts and severity ratings are used as the criteria.

Still, despite some early hiccups, he remains confident that Vista is "the most secure Windows we have released."

"[T]hat translates into the only thing that really interests me: customers are more protected when using Windows Vista than any prior version of Windows," he added.