Web reports claiming that the first Windows Vista virus has surfaced are misleading.

On Thursday a report on the F-Secure Web site claimed the "first Vista virus" had been found. According to the posting, an Austrian virus writer had published five proof-of-concept viruses that, in theory, could target Microsoft's scripting shell, code-named Monad, and also known as "MSH."

But Monad is not expected to be part of Vista when it ships and was not included in the Vista Beta 1 bits distributed by the company late last month.

"These potential viruses do not affect Windows Vista or any other version of Windows if 'Monad' has not been installed on the system. We have not yet announced a specific delivery vehicle for "Monad" in the Microsoft Windows operating system," said a spokeswoman for Microsoft's security team.

"At this time, these reports pose no risk for Microsoft customers," the spokeswoman added. "The techniques described in these reports require the user to first load and run malicious software on their computer. The viruses do not attempt to exploit a software vulnerability and do not encompass a new method of attack."

Until fairly recently, Microsoft was widely expected to make Monad part of the next version of Windows. But Microsoft decided earlier this year not to include Monad in either the Windows Vista client, due to ship in 2006, or Longhorn Server, due to ship in 2007. Microsoft officials have not elaborated on the reasons for the decision to cut Monad from the next releases of Windows.

Microsoft made Monad Beta 1 available in June as a separate download. And Microsoft included the Monad Beta 1 bits in the Beta 1 release of the WinFX software development kit, which the company released to testers recently.

Monad, which is Microsoft's alternative to the scripting shell environments that are part of Linux and Unix, is expected to debut as part of Exchange Server 12 when that product ships next year. It is unlikely to be incorporated into Windows until Longhorn Server R2, expected around 2009, ships.

Lee Holmes, a developer on the Monad team, had more to say on the extent to which Monad is vulnerable, via his blog.

"The fact that MSH is used as the execution vehicle (for the newly identified viruses) is really a side-note, as it does not exploit any vulnerabilities in Monad. The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do.

"To combat this, Monad has three features to help: not installing a shell association by default, configurable execution policies (along with digitally signing scripts,) and not running scripts from the current directory," Lee added.