Windows is hyper-secure. Just ask Microsoft.
But if you ask people outside Redmond, like Beau Butler, who demonstrated a massive hole in Microsoft's Windows security last week, things aren't so rosy, as The Register reports.
Microsoft knows about the flaw and spent the Thanksgiving holiday trying to fix the error, as reported in The Sydney Morning Herald:
The flaw is an old one, first exposed and apparently fixed more than five years ago. But it appears Microsoft's fix was only partially effective. [GASP!]
The problem affects all versions of Windows, including the company's most recent release, Vista software ["rewritten from the ground up"]. However, it does not affect every Windows computer....It depends on how it is configured.
Apparently, Microsoft fixed the problem in 1999 (for those who applied the patch) for domain names ending in ".com," but left everything else exposed. So maybe many US domains are fine, but for everyone else:
By exploiting the design flaw a lone miscreant could take control of vast numbers of home or office PCs around the world in a single attack. They could read data, steal passwords and monitor internet use or use them to distribute spam or viruses.
How comforting. It's great to know that Microsoft controls the security for most of the world's computers.
With that said, let's be clear: no one company or project is going to be perfect on security. The problem with Microsoft is that so much depends on it getting this right. That's too much to ask of any one company, which is why a community approach (with someone(s) ultimately taking buck-stops-here responsibility) to security is better for users than relying on any one company.