Microsoft yesterday responded to last week’s claims its new operating system (OS) is vulnerable to three of the current top-ten malware threats.

The vendor admitted defences could be bypassed when Stratio-Zip, Netsky-D and MyDoom-O accessed the Vista OS via a third-party web email client. But it said this was not an inherent flaw in the system, arguing other OSs were just as susceptible to user-dependent interaction to execute such malicious code.

In a statement, it said: "Microsoft is aware of a report by Sophos that claims variants of existing malware may affect users running Windows Vista. Based on our initial investigation, Microsoft can confirm that these variants do not take advantage of a security vulnerability, rather they rely on social engineering to infect a user's system.”

Sophos, the security company that highlighted the security vulnerability after testing Vista, admitted that web-based cyber crime was a more likely route of attack than email. But as a consequence the new Microsoft Vista web browser, Internet Explorer 7 would be a major target for hackers, it said.