Microsoft's efforts to make good on its promise made with the Bill Gates memo were noticeable with the release of Windows Vista in 2006, ostensibly delayed so the company could slip some security improvements into Windows Server 2003. While many security holes were plugged in Vista, hackers wrote new malware that still managed to cause trouble, such as the Storm worm that created the Storm botnet from millions of PCs and the Zeus trojan that steals banking information.
The security enhancements in Windows Vista are too numerous to list, but User Account Control (UAC) was foremost among them. It allowed people to use their PCs with fewer privileges by default and thus minimizing damage from malware making unauthorized changes. Microsoft also included anti-spyware in Windows, added a phishing filter to Internet Explorer 7 and disabled ActiveX controls by default. Another new security feature, BitLocker full-disk encryption, was found by researchers (along with Apple's FileVault) to be vulnerable to a cold boot attack, however.