Windows Vista may be "dramatically more secure" (http://news.bbc.co.uk/2/hi/technology/6316253.stm) than Windows XP but Internet Explorer is destined to remain Windows' Achilles' heel.

Attacks on browsers will continue their inexorable ascent during the next 12 months, despite changes designed to lock out hackers and thwart remote attacks.

A new security report from IBM Internet Security Systems (ISS) blames the increase on the "exploit as a service industry" where material is being increasingly sold using a traditional channel model. Also, half of websites that carry material designed to infect browsers are capable of camouflaging their attack.

The most popular exploit last year was the MS04-013 (http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx) critical vulnerability that hit versions of Windows dating back to Windows NT and was disclosed in 2004. It is unclear if MS-ITS can still be found in Windows Vista.

ISS's report makes even more troubling reading because Microsoft has given Windows Vista a clean bill of health and it has also taken responsibility for ensuring security with an architecture that shuts out experienced security partners.

That's going to be a problem as ISS notes that even tried and tested security specialists have faced increased difficulty detecting and solving malicious code. Malware has became harder to spot as viruses, rootkits and spyware increasingly blur the lines by borrowing each other's characteristics.

"Categories typically used by the security industry to differentiate standalone protection products will be much less relevant in 2007," ISS said. ®

Related stories

MS releases emergency cursor bug fix (4 April 2007)
http://www.theregister.co.uk/2007/04/04/ms_cursor_bug_patch/
MS plans emergency update to fix blinking cursor bug (2 April 2007)
http://www.theregister.co.uk/2007/04/02/ms_cursor_bug_fix/
Exploit for latest Windows vuln already animated (30 March 2007)
http://www.theregister.co.uk/2007/03/30/animated_cursor_vuln/
Vista DRM broken already? (31 January 2007)
http://www.theregister.co.uk/2007/01/31/vista_drm_hacked/
Vista raises the bar for flaw finders (31 January 2007)
http://www.theregister.co.uk/2007/01/31/vista_flaw_finders/
Vista: long-term burn, not short-term sizzle (31 January 2007)
http://www.theregister.co.uk/2007/01/31/vista_sales/
Allchin backs away from Vista anti-virus claims (13 November 2006)
http://www.theregister.co.uk/2006/11/13/allchin_vista_antivirus_confusion/
Security firm punctures Vista's Patchguard (27 October 2006)
http://www.theregister.co.uk/2006/10/27/patchguard_row_analysis/
McAfee dismisses Microsoft's security overtures (18 October 2006)
http://www.theregister.co.uk/2006/10/18/vista_securityinfo_not_enough/
Microsoft enters the anti-virus bear-pit (9 October 2006)
http://www.theregister.co.uk/2006/10/09/av_market_analysis/
Share the Vista vision, Microsoft tells security rivals (3 October 2006)
http://www.theregister.co.uk/2006/10/03/mcafee_windows_vista_security_risk/
Symantec: Vista probably 'less stable' than XP (19 July 2006)
http://www.theregister.co.uk/2006/07/19/vista_security_analysis/