The standards for a fair analysis of this question are more complicated than many would have you believe: Vista doesnt have to be perfect in order to hold up well. As even Microsoft will tell you, if you actually listen to what the company says, nothings perfect, and a big part of hardening a product against attack is to be prepared for when a failure occurs.
This is why you keep hearing from Microsoft about "Defense in Depth." The idea is that a failure in one form of protection can be mitigated by other protections. And these protections dont stop with what is provided in Windows Vista. Any reasonable person, business or consumer, will add further security software to Windows Vista.
There is a widespread consensus in the security industry that Vista is a more secure Windows and, for what its worth, the most secure version of Windows ever. Of course, theyll tell you thats not enough, and of course theyre right.
But the situation is an uncomfortable one for security companies: even though its indisputable, as I just said above, that you need to get modern anti-virus/host intrusion detection and prevention software for a PC running Vista, to the extent that Vista has better defenses in other regards, it could diminish demand for their products. We know that people let their licenses lapse and that they respond to things going badly. If things do turn out generally smoother with Vista, then people will let licenses lapse—and they will be more likely to get away with it.
Another variable is that Microsoft included Windows Defender, an anti-spyware program and updates for it, with Vista. Even if its a bad anti-spyware program, as competitors generally claim (wow, whod have thought theyd say that?) youre better off with it than with no malware protection.
Security vendors are obviously irritated at Microsofts entry into the business. You can buy desktop and server security products and services directly from the company. I havent tested either, but while the independent test results Ive seen for Microsofts consumer solution, Windows Live OneCare, dont look impressive, its enterprise solution, Forefront, (which uses multiple scanning engines) fares much better. The established security biggies feel threatened.
Of course, Microsoft was unable for legal reasons (or was the company just unwilling?) to include OneCare or a similar product with Vista itself, and OEMs control all the real promotion of add-on security products.