Windows Chief Suggests Vista Won't Need Antivirus

LadyDarth writes "During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yesterday, told a reporter that the system's new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed."

So that makes it...

[aliscool]

As capable as my IMac I guess.
Good job Microsoft. Only a year or more after Apple.

right...

[quickpick]

that's like the annoying kid who's just asking to get his butt kicked in Bully...uh oh is that Jack Thompson??

windows? no antivirus?

hahaha ho ho ho that's rich

i bet he still belives in santa claus

Re:windows? no antivirus?

i bet he still belives in santa claus

Wait... what are you trying to say here? Of course we all believe in Santa Claus.

Re:windows? no antivirus?

[Ruff_ilb]

I doubt that's true.

After all, who needs Santa when you have PONIES?!!!!!1111

Re:windows? no antivirus?

[w1ll0w]

There's....no....Santa....Claus. Thanks for ruining my life;).

If users can...

[LiquidCoooled]

Run a program which sends out mass mails, or communicates with a server or does other actions then malicious people will write malicious code.
Just because a virus cannot harm the operating system does not mean it is harmless.

Re:If users can...

[indifferent+children]

Run a program which sends out mass mails...

You've stumbled across their secret plan. Vista won't run programs. 99.9% of Windows problems have been traced to 'users' running 'programs'.

Re:If users can...

[walt-sjc]

To be honest, most AV software sucks anyway. It's bloated, slows the machine down, and doesn't handle zero-day viruses. AV software is great at closing the barn door after the cows already got out. Considering that so many attacks immediatly disable AV software, just what good is it?

AV software works fairly well on email servers to stop that vector, but a decent (non-windows) firewall and keeping up with patches is really all that is needed.

Re:If users can...

[msobkow]

On a related note, I found that the IE 7 update for Windows XP or one of the .NET updates over the months left the security sandbox rather open. Both signed and unsigned Authenticode was granted execution rights for Internet connections. I see that as comparable to the risk of someone deploying a damaging ActiveX component, and locked it down as best I could.

For now most of the options are set to prompt. If the prompts get annoying, I'll consider changing the configs.

DRM-enabled operating systems can still run malicious code. Signed or unsigned, a Trojan is a Trojan.

Also reported:

[Spazntwich]

Average user won't need Vista.

Re:Also reported:

[jlynd]

average user will GET vista... when they buy that shiny new PC.

Re:Also reported:

[NoisySplatter]

"640K ought to be enough for anybody." Perhaps we should stop guessing about what the average user needs?

Re:Also reported:

[BronsCon]

Which is why it won't need antivirus, if the line from MS about Linux and MacOS not needing antivirus because nobody bothers with them due to their small marketshare turns out not to be complete BS. If nobody runs Vista, nobody will write a Vista virus, right?

Or are hackers just like all other humans, just like electricity, water, wind and pretty much everything else and take the path of least resistance? "I want my virus to work, so I'll code it for the weakest platform."

Re:Also reported:

[w3weasel]

The average user doesnt need windows. Whichever version you care to discuss. But they have it because its the ubiquitous option. Market saturation of Vista will take about 2 years to hit that magic 20% mark, but once that happens, most businesses, homes and institutions will upgrade too... not because they 'need' it, but because its what everyone uses (and XP wont be sold any longer, and they are too scared to try Linux or OSX).

Re:Also reported:

[jgreen1024]

I'm not too scared of Linux, I just don't have time for it. After reading the last 100 or so Slashdot articles where someone commented "Just switch to Linux, everything will be good" I decided to have another go at it. I installed it on a Thinkpad T41. And it was great. And then I needed wireless to work. The distro was kind enough to include MadWiFi drivers that worked out of the box without me having to do anything, but I could only use open networks or static WEP. I needed WPA2 with 802.1x, and authentication with MS-CHAPv2. Guess how many hoops I have to jump through if I want that capability on Linux? How many programs do I need to compile, and how many config files do I need to tweak? Now guess how many with Windows? Quite honestly, I didn't get any further than that because without a secure wireless connection, a laptop is not that useful to me. I do have to give kudos to Evolution and OpenOffice - they have both come a long way since the last time I saw them. Making Evolution work with Exchange servers - brilliant! Until some Linux distro can match the usability level of Windows, yes, people will remain scared of it. The second you tell someone they need to open a shell and edit some file in /etc that contains cryptic contents - in order to play with some functionality that Windows has built-in already with a point-and-drool interface - it is over. Sorry.

Hindsight being 20/20...

[Mad+Merlin]

Who plans on bookmarking this story so they can laugh heartily at it again in a year?

Re:Hindsight being 20/20...

[SYFer]

Heh. The name "Jim Allchin" will probably live on for years as a bullet point in Powerpoint slides, lists pinned to the sides of office cublicles, coffee mugs at security companies and in unwanted e-mail forwards with subject headers like "Yep, they really DID say it!" Ah, the hubris!

Re:Hindsight being 20/20...

[hansg]

  Who plans on bookmarking this story so they can laugh heartily at it again in a year?

Don't need to. Just wait for it to be duped...

/Hans

Re:Hindsight being 20/20...

[cmdr_klarg]

I'm laughing at it now!

Re:Hindsight being 20/20...

[lazytiger]

Who plans on bookmarking this story so they can laugh heartily at it again in a year?

Don't worry, I'm sure /. will have a dupe by then.

no antivirus?

[Quasar1999]

Sure... and I'm comfortable driving a car with no airbags! Doesn't mean that everyone doesn't want an airbag!

Re:no antivirus?

[TheRealBurKaZoiD]

I think your analysis is full of hot air.

Re:no antivirus?

[vandit2k6]

I love your quote (signature thingy)!!!

Re:no antivirus?

Antivirus is NOT like an airbag. An airbag is not seen and unnoticed until you need it. A computer analogy would be a virtual environment for each application, like the "protected mode" of operation on 386 and better processors! WOW! ALL modern OSes, including windows, have these airbags. Mac OS Classic or DOS did NOT have an airbag. Windows 3.1 had a crappy foam airbag.

An antivirus program, on the other hand, is like a giant ball and chain attached to your car. It prevents your car from running at optimal speed. It makes any "accidents" less prone to killing you and your computer. The cost is that a bicycle will pass you, or a 386 running Linux will be more responsive than the latest processor running Norton or other anti-virus super ball&chain.

What Vista does has been done in other OSes for a long time. They finally default to user running in non-admin mode!! WOW! That prevents virtually all current Windows viruses from functioning properly. A car analogy would be that the driver is a robot and you are only a passanger. No matter what you do, including being drunk, is not likely to crash your car. The ball&chain approach of anti-virus software is no longer needed because you are no longer the driver swirving all over the road like a granny discovering Google.

bahahahahahhahahahahahahahhahahahah

[Bin_jammin]

no, stop, you're killing me, ahhahahahahahhahahhahahhahahhahhahhha

I've used XP SP2 without AV for years

[patio11]

Never had a problem. Of course, I use Firefox, a NAT, and don't visit porn sites or use P2P, which pretty much cuts my attack vectors to zero. Haven't had any AdWare in, hmm, 4 years or so either. I have AdAware installed on my computer but haven't bothered running it in about 2 years since it never picks up anything.

Now I'm using IE7 as my main browser (quiet!) and don't anticipate any problems with it, either. Heck, its *more* paranoid than FF is some of the time (it will quibble about http refresh redirects to executables, for example).

Re:I've used XP SP2 without AV for years

I have AdAware installed on my computer but haven't bothered running it in about 2 years since it never picks up anything.

If you haven't used it in 2 years, how do you know it never picks anything up? To re-phrase... It doesn't pick anything up because it hasn't been run in 2 years...! The db must be 2 years out of date too...

Re:I've used XP SP2 without AV for years

[jlynd]

Same here, I guess only using your computer for WoW has its advantages... /cry in the corner

Re:I've used XP SP2 without AV for years

[the_unknown_soldier]

I have that experience as well... Any mildly technical user of windows can avoid viruses. I haven't run virus checking ever since SP2 came out. The truth is that most viruses are executed because of user stupidity.

firefox + nat=no anti virus not needed

You're crazy for using ie7 though.. you can still run activex, its not safe.

Re:I've used XP SP2 without AV for years

[clymere]

Just because you haven't had a problem doesn't mean you're not one for someone else. If you havent run scans, how do you know you're not infected?

Re:I've used XP SP2 without AV for years

I will assume that you stopped surfing porn about 4 years ago. Congrats.

Re: I've used XP SP2 without AV for years

[rHBa]

I haven't had a virus/adware for >3 years and I do use P2P. I think using XP SP2 (if you have to use windoze)/Firefox/Thunderbird and not clicking on every attachment/download I get without checking:

1. file extension,
2. trusted source

is the key.

P.S I just noticed that 'Firefox' and 'Thunderbird' aren't in the FF2 English dictionary!

Never mind, the solution is quite intuitive really, just highlight the 'misspelled' word, right click and select 'add to dictionary'. Sweet...

Re:I've used XP SP2 without AV for years

It's alot harder to confirm the presents of a virus without checking first.

Re:I've used XP SP2 without AV for years

[redhatkingpin]

No offense, but your reasoning is flawed. You're not an average user and thus you are able to differentiate between what could be spyware and what couldn't. When Joe Shmoe is presented with a pop-up asking if they want to install some cool new anti-spyware program (which is really just spyware in disguise), of course he'll click yes.

I work in my college's IT department and 95% of our problems are machines that are so infected with spyware and other crap that they barely run. As part of our pro-active approach to keeping student computers running, we remove all P2P programs, run Adaware, Spybot, Windows Defender, and eWido on their computers, and then their AV software. If their AV software is expired then we remove it and install Sophos, which we have a site license for. Despite all of this, it's not uncommon to get machines back multiple times because someone installed some program again and all the spyware is back.

And now, there have problems with default installs from certain manufacturers containing spyware.

Oh, and I have mentioned that almost all student computers are running XP SP2 (we will upgrade their computers to SP2 if they don't have it) and that our firewall blocks most common ports for attacks? Yes, we recommed Firefox, but it's not a total solution -- it has it's own problems and it doesn't solve issues with users deciding they really want to play a game and if they need to install some unknown software to do that, so be it.

What Vista might really benefit from is having used-based process and memory usage limits like the BSDs. Set the limits to be managed by an adaptive algorithm designed to distinguish normal activity from uncommon behavior (E.g., running a crazy number of threads for a single application, making a large number of connections to different machines, etc.) and allow the limit to be completely disabled / manually set for individual programs and as a whole. Also, although XP does include system recovery and the install media has a repair installation option, it would be nice if Vista tracked file changes like OS X and Linux and then intelligently traced those changes so that the system can be checked against install media and restored easily. Best of all, Vista should be able to completely prevent any program from messing with system folders or system processes. Even drivers and the like should be stored outside the system folders and should only be able to interact with the kernel through a protected interface... just as viruses spyware shouldn't be able to screw up the system neither should botched Symantec Internet Security installs.

Re:I've used XP SP2 without AV for years

[N1AK]

Now you may well be right, and this isn't meant as a insult.... BUT

Why are people constantly claiming that they don't get viruses and spyware, and at the same time don't bother using AV and/or Spyware.

If you haven't used anti-spyware in two years, how can you possibly know you haven't had spyware in the last four years? Making statements like that just makes you look ignorant or uninformed.

Re:I've used XP SP2 without AV for years

[boer]

Ok, but how do you determine you are not infected with common malware is you are not using any detectors? Modern malware are using more and more rootkit techniques so you cannot trust Task Manager or "dir" that much anymore.

Re:I've used XP SP2 without AV for years

[hweimer]

Now I'm using IE7 as my main browser (quiet!) and don't anticipate any problems with it, either.

Except if you access a site that exploits the current 0day vulnerability.

Re:I've used XP SP2 without AV for years

[ocbwilg]

Never had a problem. Of course, I use Firefox, a NAT, and don't visit porn sites or use P2P, which pretty much cuts my attack vectors to zero. Haven't had any AdWare in, hmm, 4 years or so either. I have AdAware installed on my computer but haven't bothered running it in about 2 years since it never picks up anything.

You ought to try it just to see what it picks up. My Windows XP SP2 machine is kept fully patched, I use Firefox, sit behind a NAT/Firewall, then have a software firewall running on the PC itself, plus antivirus and anti-spyware software. But on a scan this weekend it still discovered a keylogger. Most likely it was something that my wife brought in via an email from one of her friends or something, but it just goes to show you that you can never be too careful.

Re:I've used XP SP2 without AV for years

[damsa]

don't visit porn sites or use P2P

Then what do you use the internet for?

Re:I've used XP SP2 without AV for years

Never had a problem. Of course, I use Firefox, a NAT, and don't visit porn sites or use P2P, which pretty much cuts my attack vectors to zero. Haven't had any AdWare in, hmm, 4 years or so either. I have AdAware installed on my computer but haven't bothered running it in about 2 years since it never picks up anything.

Exactly. Windows is a business OS.

I can only assume that all the people here that complain about windows security are hard core (kiddie, beastiality etc.) porn hounds, warez and mp3 thiefs and teen sex chat addicts.

Want to keep your windows box free of viruses? Use it for work. Simple rules to follow:

1) No html email - text only, have some sense about attachments.
2) No porn sites
3) No warez sites
4) No IM software, ICQ in particular (and no goddamn free MSN smileys... of all the asinine crap...)
5) No P2P software
6) Use a properly configured router (RTFM)
7) Keep your OS up to date

Try using windows for what it is intended - work. (I acknowledge the major concessions to the huge gaming market of course, but the newer consoles are good enough to put an end to that soon)

There is no such thing as a free lunch, if you want free full version software, hard core porn or other crap not related to productive and legal work, then expect the lowlifes sending it to you to send a little something extra as well.

I'm sure Jim Allchin is comfortable with his own seven-year-old son using Vista without antivirus software installed, because he has taught him some basic values.

Stop complaining that windows cannot account for your depraved porn, warez and teen sex chat habits. That is not what it is for.

Re:I've used XP SP2 without AV for years

[Mulielo]

I haven't run virus checking ever since SP2 came out.

Then how do you know you don't have virus's or anything?
I've been running XP Pro x64 for almost a year, and for a while I couldn't find antivirus that would run on it. I thought I was doing alright though, I didn't notice any spyware or viruses. I run firefox, and I'm an IT pro, so like you said, I know how to avoid such things.

I trusted myself, but I didn't trust MS, so I kept looking for an antivirus program, and when I finally found one (Avast!) it picked up 2 viruses and about 30 pieces of spyware.

I still check around every now and then to see if there's a new AV program for x64 that might be a little more thorough....

Re:I've used XP SP2 without AV for years

[ProfanityHead]

Hmm, agree with all except ICQ, over the years I've seen fewer exploits for it than the other messengers.

Re:I've used XP SP2 without AV for years

[MECC]

Try using windows for what it is intended - work.

Viruses are found at 'work only' environments as well. About the only way to keep windows - work or not - free of malware is never to do anything new with it. If all you need are a bunch of people typing form letters, doing data entry, or answering phones, why are you even using windows workstations at all - why don't you have farms of citrix terms, X terms, or dumb terminals?

Also, as any programmer knows codebases mature with time, and as new as vista is its going to be significantly riddled with buffer overflows, permission snafus, and failed memory protection issues for some time to come. Most of windows problems come from sloppy programming and poor QA from MS - period.

Blaming all your problems on porn is reserved for preachers and politicians.

Re:I've used XP SP2 without AV for years

[Lisandro]

I have AdAware installed on my computer but haven't bothered running it in about 2 years since it never picks up anything.

Gee, that's normal. I find AdAware picks up less and less spyware with each new release. SpyBot is still ok though.

Re:I've used XP SP2 without AV for years

[instantkamera]

thats 'cause no one uses it...

Re:I've used XP SP2 without AV for years

Never had a problem.

How do you know?

Re:I've used XP SP2 without AV for years

Never had a problem.

Or your PC has been sending out millions of spam emails but you've been clueless because nothing unexpected shows up in process list and your PC isn't crashing or behaving badly as far as you can tell.

How many of the litterally millions of infected spam zombies out there do you think are on PCs who's owners "Never had a problem" with viruses? I wonder how many of them tell Mac and Linux users they are crazy for suggesting that Windows security is a bit... lax.

Re:I've used XP SP2 without AV for years

[vtcodger]

***Now I'm using IE7 as my main browser (quiet!) and don't anticipate any problems with it, either.***

Reminds me of a progress review many decades ago at a large defense contractor who shall remain nameless. The project in question was the development of a large phased array radar, and the topic was the steps that had been taken to alleviate the erratic performance from the very large and very expensive computer used to drive the radar. The problem had been traced to another project in the same facility that occasionally fired up its radar and emitted enough EMI to scramble the data in the first project's computer's circuits. The solution was mostly not to run the computer when the radar was being tested.

A USAF officer waved his hand and asked if just maybe there might be an interference problem when the computer was deployed in a room just behind it's own multimegawatt radar antenna.

"We don't anticipate a problem" said the guy from Nameless.

"Did you anticipate a problem with the other project here?" asked the officer.

"Well ... ehrrr ... no"

Just sayin. Failure to anticipate a problem doesn't mean there won't be any

BTW, I haven't seen a virus on this Win95 system ever. Doesn't prove that viruses don't exist. Or that Windows 95 is secure..

Re:I've used XP SP2 without AV for years

So if you don't have an antivirus, and don't run AdAware, how do you expect you'd know that your personal info is being sent to a server in Russia, or that your machine is sending a few thousand spams a day?

My ex-flatmate was running SP2 on her laptop, NATed and firewalled (by yours truly), didn't do porn, and when I installed and ran AdAware for the hell of it, it was like a christmas tree.

Re:I've used XP SP2 without AV for years

[Gr8Apes]

1) No html email - text only, have some sense about attachments.
2) No porn sites
3) No warez sites
4) No IM software, ICQ in particular (and no goddamn free MSN smileys... of all the asinine crap...)
5) No P2P software
6) Use a properly configured router (RTFM)
7) Keep your OS up to date

1) doesn't matter, use a smart email program (ie, not Outlook)
2) don't use IE, turn off all Java/Javascript functionality, set security to high, set cache to '0' and cookies to session only
3) see #2
4) Don't use MSN, AIM, or Yahoo!. Use a third party IM client.
5) Use a "good" P2P client. Azereus seems fine. What you download is another story. Linux distros? No problem.
6) Absolutely! No inbound connections, all outbound NAT'd is a good first step.
7) Not necessary if you do the above. All automatic inbound vectors are stopped, and most browsing vectors are also stopped. That's 90+% of the issues. Stupidity for clicking trojans etc are unstoppable, unless you just don't allow people to click.

Re: I've used XP SP2 without AV for years

[Tim+C]

I just noticed that 'Firefox' and 'Thunderbird' aren't in the FF2 English dictionary!

No; they're not words, they're names. Slashdot isn't in it either. I'd be upset if they *were* in there, personally.

the solution is quite intuitive really

Now, I'm no MS fanboi, and I'm not about to claim that they invented it, but that's the way that's been done in Word for as long as I've been using it. I can't think of any other way you'd seriously want to do it, given that you can't left-click for it.

Re:I've used XP SP2 without AV for years

[Anonymous+Brave+Guy]

Slashdot, dude. Where have you been?

Re:I've used XP SP2 without AV for years

[955301]

Get a girlfriend and let her use your computer. In less than two days you will have a trojan horse. One bed and breakfast site with a guestbook and it's all over my friend. Here's a piece of software to run before your first date:

http://www.runtime.org/dixml.htm

Re:I've used XP SP2 without AV for years

[R_Growler]

...and don't visit porn sites or use P2P

Oh, there you are!

The abominable Snowman, Nessie and Santa Claus was just here looking for you. Supposedly there was some conference you were requested to attend in Neverneverland.

Anyways, Give them a call! And give our regards to Windows Security if you see it while you are there.

Rgds,

-RG.

Re:I've used XP SP2 without AV for years

[vgaphil]

If you don't have AV software how do you know you don't have a virus? Do you analyze every process on your machine? I don't surf pr0n and I don't use P2P and my laptop has been infected. Your statemnet is like saying "I don't go the doctor, I've never been sick".

Re:I've used XP SP2 without AV for years

[LWATCDR]

"Stupidity for clicking Trojans etc are unstoppable, unless you just don't allow people to click."
Simple don't use Windows.
There is something to be said for security through obscurity. Windows is targeted because it is so common. There is something to be said for not making yourself a target.
Even better don't use Intel. Run BSD on a Mips system or OpenVMS on an Alpha and you will have very little to worry about :)

Re:I've used XP SP2 without AV for years

[Gr8Apes]

But if everybody did that...

Re:I've used XP SP2 without AV for years

[db32]

THANK YOU! I hate that "I've never had a problem" crap. Its like saying "I never had a problem with AIDS" after years of sleeping around without protection. Just because you don't know are infected doesn't mean your not infected. The era of user irritating viruses is all but gone. Most of the noticable stuff is from the few that are overzealous about spreading. Infections have become profitable, and its not just about laughing at an irritated user, its about spam, its about blackmail, its about DDoS attacks.

Re:I've used XP SP2 without AV for years

[LWATCDR]

Then I would break out my old Amiga.
Actually if everybody tried to pick something that wasn't like everyone else it might still work out.
A virus that infected BSD on a Sparc wouldn't infect BSD on Mips unless you had universal binary viruses!

All joking aside that really is the problem. We almost have a computing monoculture. Sort of like what happened in Ireland when the potato crops failed.
With only one type of ISA and OS then there is a huge benefit in finding and exploiting any weakness.

Re:I've used XP SP2 without AV for years

[knorthern+knight]

> 2) No porn sites
> 3) No warez sites
    [...deletia...]
> Stop complaining that windows cannot account for your depraved porn, warez and teen sex chat habits. That is not what it is for.

It must be nice to be as perfect as you. You never make typos like "wwwpainewebber.com" (see http://www.phillipsnizer.com/library/cases/lib_cas e108.cfm) or "hotmial.com". I suppose that's because you type in the IP address rather than the URL, in order to protect yourself against against "pharming", when your ISP's Windows-based DNS server gets its cache poisoned. Even properly typing http://slashdot.org/ would take you to a drive-by-download site in that situation.

Oh yeah, did I mention that most mainstream commercial websites use 3rd parties to serve banner ads, and those 3rd parties can be infected? See http://www.theregister.co.uk/2004/11/21/register_a dserver_attack/ for an example. For that matter, one of NIMDA's attack vectors consisted of compromising webpages generated by a Microsoft product, and attaching attack code to those webpages.

Re:I've used XP SP2 without AV for years

[Dan100]

I, too, have never used AV with XP SP2. My computer runs 24/7. If my machine is sending out millions of spam e-mails, it must be very clever code as my laptop's fans never start, CPU usage averages around 4% and there's no network activity on my router beyond my own. Or could it be that the old anti-Microsoft FUD just isn't true? Once in a blue moon I do run a Spybot S&D scan out of curiousity. Never caught a thing.

i have to concur

[circletimessquare]

i've been trying it out, and vista works for me, naked on the internet, without a single problem. in fact i would go so far as to say that V1AGRA HOOD1A GR0W Y0UR PEN1S L0W M0RTGAGE RATES L0SE WE1GHT MEET BARELY LEGAL TEENS SEE HARDC0RE SHEMALE ACTION

Re:i have to concur

"V1AGRA HOOD1A GR0W Y0UR PEN1S L0W M0RTGAGE RATES L0SE WE1GHT MEET BARELY LEGAL TEENS SEE HARDC0RE SHEMALE ACTION"

Children, drunken men and The Internet always speak the truth.

Re:i have to concur

[tehcyder]

and vista works for me, naked on the internet, without a single problem.

That's kind of ambiguous, if you know what I mean. And I'm sure that you do.

Re:i have to concur

[soundonsound]

I don't know how ambiguous that is really. I did an informal survey of about 100 websites, and as far as I can tell, everyone is naked on the internet. Especially if they're 18 year old female coeds.

LIghtening fast

[luchaugh]

That only took... what... 15-odd years. Seeing will be believing.

I remember....

[Bing+Tsher+E]

....when they announced that Windows 2000 would never have a Service Pack release. One would never be needed.

(still have no use for XP, btw.)

Jeez..

[FunWithKnives]

After summarizing that past statement, Allchin continued, "Please don't misunderstand me: This is an escalating situation. The hackers are getting smarter, there's more at stake, and so there's just no way for us to say that some perfection has been achieved. But I can say, knowing what I know now, I feel very confident."

If you RTFA, and then go back and read the title of this post, it's quite apparent that it's sensationalist and stupid. Of course Allchin thinks that this version of Windows will be the "Most Secure Evar". He works at Microsoft. Taking what he said out of context is just childish. But really, I suppose I shouldn't expect any less.

Re:Jeez..

[smithcl8]

Working at Microsoft doesn't force him to "believe" that Vista is more secure. I fully believe that each version of Windows gets better, regardless of what folks on /. think about it. Windows XP is more secure than Windows 2000, though both have had a few issues. However, would you uninstall either to go back to Windows 98? People tend to quickly forget the bugginess of the older versions and jump on the "Oh, but XP is insecure!" bandwagon.

Let's be honest. How many of the patches do normal users really "need" to install? Sure, there's a proof of concept here or there that will cause a patch to be generated, but if you have AV loaded, be careful in regards to downloading trashware, and use Firefox instead of IE, most users will never need to load a patch.

Re:Jeez..

[QuietLagoon]

Allchin says stupid things. For example, here he says that Windows XP would not be vulnerable to buffer overflow attacks.

We used new source automation tools that removes any potential buffer overflow attacks.

News articles detailing Windows XP buffer overflow attacks are abundant.

Re:Jeez..

[AnotherDaveB]

this version of Windows will be the "Most Secure Evar".

As I recall they billed XP the same way, and in the middle of their "most secure ever" ad/launch campaign, the FBI (I think on prime time TV) warned USA computer users of the terrible security vulnerability of XP's plug and play facility which should be disabled before it caused the computer to morph into a flesh eating zombie (or words to that effect :-) ).

Re:Jeez..

[compro01]

just to clarify, that's universal plug-and-play, which doesn't really have anything to do with "normal" plug-and-play. it would be more appropriately called "network plug-and-play" or something.

AFAIK, there has never been any kind of security problem with the normal, local, plug-and-play.

Re:Jeez..

[epine]

No matter how much I dislike the opposing camp, I try to listen for any germ of sanity as much as I can. Not wise to become glib about the historical weakness of your foe. From time to time, history rewrites itself. The road to oblivion is paved with those who laughed longest. On the other hand, of all the idiotic spokesmanship that comes out of Microsoft, Allchin is far and away the reigning champ of two-faced self-interest. I flipped the bozo-bit on Allchin a very long time ago. That said, it's not impossible to architect a software system to a fairly high default security level out of the box, sans firewire. Bear in mind this is the *first time* in Microsoft's corporate history that they have seriously bent themselves toward the task. However, the burden of their prior practice can not be overstated, so we are looking several service patches into the future, at least, before this initiative consolodates, for whatever it's ultimately worth.

Let's pause to reflect a moment on our fallen comrades who laughed longest:

Bloat: Microsoft operating systems will expand (forever) as a fast as disk storage technology.

Blue screen: Microsoft will never produce an OS that doesn't blue screen daily.

Re:Jeez..

I remember when Windows ME came out and Allchin said it was the version of Windows his mom deserved.

He must not like his mom.

Reminds me of what they said about Win95.

[QuantumG]

as I remember it was something like "you can't possibly write a virus for this operating system". Go get em boys.

Re:Reminds me of what they said about Win95.

[silverkniveshotmail.]

Reminds me of what they said about Win95.

Actually, the _only_ people whom will notice the change are the low-level programmers, no one else. And today only viruses are done in low-level, nothing else. Sure I know what you are saying, we'll infect the new Window .EXE files! :-)

Microsoft already thought about that, and took steps to stop us, all Window .EXEs have a CRC checksum, any modification will be easily noticed! Also secondly, how are we going to infect this new radical .EXE format? We cannot append anything on the back! Huh? Yes, its true, you cannot append the .EXEs file like viruses have been doing in the DOS format! And overwriting will not allow the file to execute again, and trigger the CRC checksum.

The reason we cannot append ourselves to Window .EXEs are because at the end of every .EXEs we have resources, which have to be located there! What are resources? Its them funny BITMAPs, Dialogue Boxes, Buttons, and Icons, Windows has become famous for! These resources are never loaded with the execution of the file, but loaded when needed by windows!

Titanic

[fizzix]

Sounds a bit like some unsinkable ship.

Re:Titanic

[indifferent+children]

Sounds a bit like some unsinkable ship.

Can't you just see Balmer standing in the bow: "I'm king of the world!" Of course, the iceberg this ship hits will have penguins on it.

My first thought was...

[Brad1138]

To laugh. It always surprises me when someone says "we'll never need this" or "computers will never..." I remember a computer magazine editorial saying we would never store music on Hard Drives, it would take up to much space. These people never seem to think more that a few months or maybe a year into the future.

Re:My first thought was...

[Walpurgiss]

Parent post reminds me of some quotes from Bill Gates himself. "Nobody will ever need more than 640k RAM!" -- Bill Gates, 1981 "Windows 95 needs at least 8 MB RAM." -- Bill Gates, 1996

Re:My first thought was...

[r3m0t]

HA HA HA
http://en.wikiquote.org/wiki/Bill_Gates#Misattribu tions

all a ploy to make more $

See, if you don't run av, then when you get infected, you'll have to reload vi$ta (which they only let you do once). Then, you'll have to buy another copy of said OS.

Brilliant marketing $cheme

Re:all a ploy to make more $

haha, I get it, the $ looks like an s. It must have taken quite some self-control not to add the full Micro$haft Vi$ta, LUNIX FTW spiel

Re:all a ploy to make more $

Someone has had his head up his ass for the last 10 days. Vista can be reinstalled indefinitely now, as long as it's only on one machine at a time.

Re:all a ploy to make more $

Wow, you're the freaking King of Komedy with all those $ in place of S's. No one ever thought to do that before you.

Re:all a ploy to make more $

[gingepaul]

they changed that, same licensing terms as XP, same machine you can reinstall as much as you like, change the MOBO and you have to call em, but they will allow it.

@LiquidCoooled, about zombies

[Toveling]

Windows Vista severly limits access to raw packet sending to non-priviledged apps, meaning that packet forging is much more difficult. Although the zombies that are sending seemingly alright content (at the protocol level) aren't affected, those that are doing the SYN/ACK DDOS floods will be.

Re:@LiquidCoooled, about zombies

So? XP did this since SP2.

Re:@LiquidCoooled, about zombies

When you can hop on IRC and rent a 10,000 node botnet for next to nothing you don't need IP spoofing capabilities to DDoS most hosts off the net. Sure you know who the zombies are, but working across jurisdictions / ISPs and users that don't care to get them shut down is impossible. The days of centralised command and control servers are coming to an end too, many new botnets are fully distributed.

I'm Glad It Will

[mpapet]

I'll have plenty of work babysitting those desktops.

vuja de

[KillerBob]

wow... haven't heard that one before.... No, really. I haven't.

No system is immune to viruses. All it takes is a stupid user to allow it, and we all know there's no shortage of that. That's why antivirus products exist for every major OS out there. Even Linux has antivirus apps (though granted, most of them are geared towards Linux boxen running as servers for Windows-based networks).

Oh wait. Technically, if it requires a stupid user's interaction to get in, it's not a virus. It's a trojan. I guess Vista really could be immune to viruses.... ;)

Re:vuja de

>> if it requires a stupid user's interaction to get in, it's not a virus. It's a trojan

Wrong.

Trojan : activated by user, do not replicate
Virus : activated by user, replicates
Worm : not activated by user, replicates

Re:vuja de

[Creepy]

Actually, neither of you is wrong for Trojans, but your definition of Virus is incorrect, since viruses can propagate over network drives and diskettes (which is not activated by the user), a common problem at businesses and schools and also the original way viruses got spread.

A Trojan is an application masquerading as another application. It can contain any payload but usually refers to a malicious payload (much like its namesake, the Trojan Horse). A Trojan is therefore not a virus and also does not self-replicate and is activated by a user.

A Virus refers to self-replicating code. Many viruses also contain a payload, but this is not really the virus itself. Some of the more malicious viruses will e-mail Trojans of themselves, while others may be entirely benign.

A worm essentially refers to a program that self-replicates over a network, but worms with a payload of viruses and/or Trojans are usually just called worms.

and the other category (though rare) - the timebomb
A timebomb (or bomb) is a program that is tacked onto another program, usually manually. It has no self-propagation. When it "detonates" after a prescribed number of launches or time period, it does something malicious, including wiping drives, installing viruses, or running zombies.

Hmm, and where have we heard this before

[rimcrazy]

Yea..........and 640K will be plenty of memory..........
And the world will only need 4 computers...................
And no one would ever need a computer at home..............

Sheesh......where do they come up with this stuff?

re: Hmm, and where have we heard this before

[LiquidCoooled]

rimcrazy
Yea..........and 640K will be plenty of memory..........
And the world will only need 4 computers...................
And no one would ever need a computer at home..............

Sheesh......where do they come up with this stuff?

A new one:

We will never have more than 16777215 comments.............

Re: Hmm, and where have we heard this before

[WilliamSChips]

Actually, they did extend the comment numbers--they just forgot to extend the number of their parents.

Re:Hmm, and where have we heard this before

[mqduck]

I'm sorry, but saying "it's so safe I let my kid compute without antivirus software" will never be a cliché along the lines of "640K should be enough for anybody" or however those went.

Typical fundie...

[RetlawST]

This man would risk his child's life on a mere belief rather than give him some decent protection!!

Re:Typical fundie...

[indifferent+children]

This man would risk his child's life on a mere belief rather than give him some decent protection!!

To be fair, I wouldn't be entirely comfortable giving condoms to a 7 year-old.

Duh

[ewl1217]

Of course a seven-year-old on a locked down computer wont be able to do any harm. Kids that age aren't into the sites (porn, illegal downloads, etc.) that are notorious for viruses and spyware. Not to mention that the kid's using a machine secured by parental controls and is most likely on a limited account. Wake me up when the average teenager can safely use Windows with an administrator account and no extra security software installed.

Re:Duh

Yeah, and wake me up when the average adult can use any Linux distro as root without any problems.

Come on!

Re:Duh

[Daoenti]

Wake me up when a seventeen year old boy isn't into porn.

Although I do agree with you on the locked down computer. It may also be a case of who's son it is, my gut feeling is a Microsoft co-president may have taught his son a little bit about what to do and not to do on a computer, but that's just a guess.

I still can't get my 13 year old daughter to stop downloading crap ("but my friend sent me this link and said it was really cool") even after telling her 'this is why your computer is so slow' for the 50th time ("but said it was safe in the IM I got from her"). No amount of 'teaching' seems to help, lock down is really the only thing left to do. There's a reason she has her own computer, so as to not afflict ours with her download everything mentality.

Re:Duh

Time to wake up AC. The average adult CAN run a Linux distro as root without any problems with Viruses, trojans or worms right now. It's somewhat dumb to do since new threats come out regularly but there is almost no danger running as root right now. (Assuming you don't do something really stupid like rm -rf / but that isn't an external threat.)

Re:Duh

[rhiafaery]

Yeah, at that age they just aren't capable of making those kinds of decisions. My son is 13, and he has his own computer set up on a wireless network in his room. There has never been anything malicious on it because one, there is CyberSitter installed on it (best investment I ever made, especially as far as the time limit goes.), and two, he only has access to a restricted account, so he cannot install ANYTHING on the computer...period. Also, there is no IM software installed, as I feel there is no need for that yet. He chats with friends on the game Runescape or on the phone, and as far as I am concerned that is enough for his age. Viruses are the last thing I worry about on his computer. I wish more parents took their job seriously and actually pay attention to what their children need at certain ages, versus what "everyone else" is doing.

Re:Duh

[PitaBred]

Rather than pay attention to what everyone else is doing? So he'll be a complete n00b at real life when he goes to college?

Re:Duh

[rhiafaery]

Well, I never said he wouldn't be able to do those things before college, for heaven's sake. I said I don't feel those things are necessary at 13. Just like I don't think playing video games on a school night is productive, especially if the school grades are not presenty at acceptable levels. As children age, they are able to do more things, and mentally ready for those responsibilities. It's pretty silly to assume that something I won't allow my 13-year-old to do would hold the same for an 18-year-old, or even a 16-year-old, for that matter, thereby unleashing him out onto the world as a "n00b." I am pretty damn sure he knows a lot more about computers than most kids his age, and you don't need endless IM, MySpace, or any other ridiculous fad that rolls along to do that. *rolls eyes*.

Re:Duh

Wake me up when the average teenager can safely use Windows with an administrator account and no extra security software installed.

You are underestimating the average teenager. The real test is that teenager's grandparents.

@Toveling

[LiquidCoooled]

Aren't most Syn/Ack floods just damned impatient users swamping a site after news breaks that its "under attack"?
We are the main vehicle of a ddos ;)

Wait until he gets older...

[Arakageeta]

You'll need to start worrying when he turns 12 or 13. ;)

Re:Wait until he gets older...

I suppose that by time his son turns 15, MSN will have features like "sexual predator detection", "slut detection" and a parental-warning AI that combines to makes sure his son doesn't need sex education or condoms...

Re:Wait until he gets older...

[TheVelvetFlamebait]

Jeez, you started late!

Take the Apple Challenge

[Fujisawa+Sensei]

Take the Apple Challenge: Put a Vista machine one the Net, and IIRC, make sure a telent daemon and web server are also running and give out the admin password. If nobody can crack it, we'll believe you, otherwise STFU.

Re: Take the Apple Challenge

[westlake]

Take the Apple Challenge: Put a Vista machine one the Net, and IIRC, make sure a telent daemon and web server are also running and give out the admin password. If nobody can crack it, we'll believe you, otherwise STFU.

and this relevant to the parent whose kids are running Vista because...?

when you open services on the client side that users don't need and hand out administrative passwords like little bags of M&Ms --- the problem ain't with the OS.

Re:Take the Apple Challenge

wait, wait, wait, wait. Your post doesn't make sense, provide the root/admin password and open up telnet and try to crack it? You do realize that no matter what OS your using that is c:\telnet host . ..login:administrator .... password:password.
 
This is the Mac Sec Challenge http://db.tidbits.com/article/01107
Which contains
  % telnet challenge.comvista.com
  telnet> Connection refused.
in the article, telnet was not open, just WWW and the account username wasn't the root or admin, it was a user for the web page.
 
The fact that this is modded with a score of 5 goes to show how Mac biased Slashdot is.
 
But OTOH, I would put AV on Vista mostly due to the fact that I don't know what pages my family are browsing on. My own Windows PC ran for over 5 years on the net with no AV and just my own lockdowns and it worked out just fine. But silly users tend to click things I wouldn't, especially kids...so I would still have to disagree with the MS guys statement.

Re:Take the Apple Challenge

there have been many "crack a mac" challenges over the past 10 years.

By default Telnet disallows root logins, to having telent and root PW gets you nothing until you actually access the box.

Why do execs say things like this?

[jsheedy]

I have always wondered why execs make claims like this?? Hey this is so great nothing will ever break it, I dare you to try. Really, do they think it will be virus proof, or is it just better? Just makes me wonder?

Anti-virus software

[Mostly+a+lurker]

A case can be made for running all Windows versions without anti-virus, especially if browsing the Internet routinely as a limited user. Unfortunately, the popular anti-virus products (McAfee, Symantec, Trend Micro) almost never prevent targeted attacks by cyber criminals, so one is tempted to avoid the performance hit and potential system destabilisation that comes from using these products and just rely on common sense, good backups, encryption of sensitive data, and acting all the time as if a keylogger might be installed on your system. I still use an anti-virus product personally, but I do not regard it as a reliable means of preventing infection.

Re:Anti-virus software

So would your name be Knuth?

^_-

[Longrifle]

ouch thats gonna backfire owww

Well gosh...

[IANAAC]

Let's just call the new "lockdown features" what they really are:

NATIVE ANTIVIRUS

Seriously, isn't this what third party antivirus vendors have been whining about?

Re:Well gosh...

[kalirion]

I'm not sure what this "Lockdown" is, but if it completely cuts off all internet/network access, then it could be pretty damn safe. Unless the virus was downloaded before the lockdown was activated.

School

[archcommus]

Doesn't matter whether I could or not as my university probably won't agree with Allchin. But personally, yeah I'm sure I and many others would be fine without AV software on Vista.

sounds familiar

[DarthTator]

He probably would have thought the lifeboats on the Titanic only got in the way too.

And I though Allchin had at least half a brain...

[Anonymous+Freak]

I do understand the sentiment. His son is young enough, that as long as he has a decent firewall, and decent parental control software, (i.e. disallowing email and IM,) he should be fine.

But it's still an irresponsible thing to make as a blanket statement.

Okay... so perhaps it isn't that crazy...

[RootWind]

From TFA, it sounds like you really might not need an antivirus... if you lock it down with the parental tools so you can't download anything at all except from your own approved sites, that covers up a large malware attack vector that an antivirus is suppose to protect. After all, the role of the antivirus now and in the future will be that of a blacklist of known bad software. Everything else an AV does can be obsoleted.

Any OS can be virus-ridden...

[mark-t]

... when a statistically significant percentage of administrators (this includes people who administrate their own home computer) are too ignorant to take precautions against executing unknown code as a superuser.

The door has been opened!

[Andrewlightstar]

The door has been opened and now every hacker and virus writer will be working on proving those words wrong.

And XP has no buffer overflows...

[bill_mcgonigle]

Here's the same guy's promise about their last operating system:

Microsoft has said it has stamped out buffer overflows with the upcoming release of Windows XP. Jim Allchin, vice president, claimed the company has done a complete code review of its operating system and removed all buffers which could overflow.

I'll let somebody else post a list of all the critical updates caused by buffer overflows...

Re:And XP has no buffer overflows...

[zbeba]

To be fair, he never claimed they removed *all* buffer which could overflow, only the ones they _found_ "in an automated way".

That said, since he's "outgoing" and with a comfortable financial situation, I doubt he much cares. Perhaps in his spare time he can lounge by the pool and read something enlightening.

Re:And XP has no buffer overflows...

[bill_mcgonigle]

I wish I could find a direct quote from his speech at the Intel Developers Conference, but the news article reported about that speech said, "removed all buffers which could overflow", not "removed all buffers that which could overflow that an automated scanning tool can figure out". The eweek interview you linked to (thanks) says, "We have gone through all code and, in an automated way, found places where there could be buffer overflow, and those have been removed in Windows XP," which doesn't contain any weasel words either. If he doubted the completeness of his automated scanning tool he didn't let on to it.

popular anti-virus products and non admin

[Joe+The+Dragon]

popular home anti-virus products (McAfee, Symantec, Trend Micro) also don't work non admin users

yeah, big whoop

[Maserati]

Coupla key points:

1. He didn't say he let his kid on the Internet without an AV package running.

2. He didn't say "firewall". Speaking of which, ZoneAlarm just grabbed focus and I think I let something connect out to the Internet. I'm running an installer so I'm not gonna freak out, but I certainly hope Vista won't let apps steal focus while you're fracking typing.

3. He also didn't say the kid would be online unsupervised or without parental controls running.

4. It's a safe bet to assume he meant the kid would use IE if he went online, but he didn't actually say it either.

Nothing to see here, move along.

Re:yeah, big whoop

[spyrochaete]

I certainly hope Vista won't let apps steal focus while you're fracking typing.

Actually, Vista is pretty smart about security dialogs not stealing focus. If you've used Vista or seen screenshots you'll know that some administrative functions are marked with a windows shield icon. When you click one of those administrative buttons a security prompt appears on the taskbar. When you click the taskbar to open that prompt the entire screen turns grey except that prompt. It stays that way until you make your decision, and if you choose to go through with the task you are prompted for administrator credentials (or if you are on as admin it just accepts your click).

I was really impressed at the way Vista halts powerful administrative tasks until the user okays it, and I love how the security dialogs look so unique and important. No one can say whether third party security apps will conform to this standard, but Microsoft did circulate a UI design best-practises paper to coax developers into keeping the user experience universally uniform.

No One Would Ever...

[Scarletdown]

I remember a computer magazine editorial saying we would never store music on Hard Drives, it would take up to much space.

Likewise, I also seem to recall that when hard drives were finally becoming affordable, people were claiming that the chances of actually filling up a 20 or 40MB drive were almost nil.

Re:No One Would Ever...

[r3m0t]

Well, they were almost nil at the time. Back when people stored data in text documents. What was your point again?

Re:No One Would Ever...

[Paolo+DF]

You are right! And I can tell you, that my Atari Mega4 STE has got a 20 MB hard disk and it is not full yet. (Yes, it is a working computer doing some basic stuff (browsing, doc writing, ...)

HAHAHAHHAHAHHHAA!

Thanks for the laugh Slashdot.

Sure, that's conceivable

...the system's new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.

Perhaps he was referring to that great lockdown feature that lets you physically diconnect the PC from the network. Sure it's new; it used to be the other way round before.

What else is new?

[istartedi]

I've had two infections on my Windows over the years--Nimda and a video codec trojan. I'm not counting the second boxes that I used to use for experiments--I never put anything important on them, so I tended to just not care, and blow away Windows when they got nasty--that was back in the bad old dialup days when potential damage to others was minimal, and Windows was a lot less secure. I don't know if AV would have stopped Nimda, because I didn't use AV back then. AV didn't stop the trojan. I used to disable AV routinely because it *is* a virus. It used to slow boxes down way too much, and cause all kinds of problems with installers. I always un-do the stupid defaults in Windows and IE, and I try not to be too careless. Nimda is really the only one I can blame on MS, and it was patched ages ago. I would probably disable AV on my current box, but they seem to have gotten better about not hogging resources and/or crashing the box so I just leave it alone.

I wonder if Vista is finally going to display extensions by default. That was always irritating. It would be *nice* if you had to enable active content on a per-site basis by default. It would be better if they just didn't have so much active content out there. Would I "just trust" a Vista box? No way. But would I run it without AV if there was none pre-installed? Yes, in a heartbeat--but I would still be very careful about how I conducted myself on the web, and I would still want to go through all the settings to make sure there was nothing stupid in there. And I would *still* be checking up on processes and registry keys from time-to-time.

But anyway, XP without AV is not a big deal--if you know what you're doing. Unfortunately, that's a big if. Nevermind 7 year olds. It's the 57 year olds that you have to worry about.

Re:What else is new?

[almostmanda]

I know this could still change, but the Vista RC2 handles extensions the same way XP does--hidden until you tell it to show them.

Re:What else is new?

[r3m0t]

"I wonder if Vista is finally going to display extensions by default."

'fraid not. (I would have heard about that by now...)

Why do you care? You shouldn't need to set up a user account very often. It hardly takes any effort to flip that bit.

I havent Laughed so HARD in Years

[skelator2821]

Ha Ha Ha Ha Ha Ha Hahahahahahahahahahaahaahahaahahahahahahahahahahah ahahahahahahahahahhahahahahahahahahahah.. Whew Ohh now my stomach hurts...

Yeah, we don't *need* clothes either

[Tablizer]

but you go first....

Hot Air

[amavida]

From exec types i ephemeral

What's the big deal?

[WK1]

No operating system has ever needed an antivirus. I don't recommend using Windows, but I have used it in the past, and although I ran antivirus software, I never needed it. It never picked up anything but false positives.

Now that I'm using linux, I have clamav installed. I rarely scan, and I never find anything.

Antivirus is an EXTRA precaution that sits behind the front lines. It also is never 100% reliable.

What he meant:

[Enoxice]

What he actually meant to say was that it won't need any antivirus...for the first 10 minutes. That's almost a two-fold increase from XP!

Re:What he meant:

[Crayon+Kid]

AND, since Vista install faster than XP, it means it might actually make it through a full install before getting infected! Yey!

Re:What he meant:

[Lewrker]

Considering the fact that an unprotected Windows XP system gets infected with blaster within a couple of seconds after being connected to the internet that would be a 10000% security increase.

ROFLMFAO - n/t

n/t

It's not the viruses you need to worry about...

[NeumannCons]

Viruses, these days, are not what you need to worry about.

The main attack vectors these days seem to center on "drive by downloads" or pop ups that trick you into downloading executables ("WARNING! Your PC is infested with SPYWARE - CLICK HERE to remove"). Most Antivirus software is unbelievably pathetic when it comes to identifying/dealing with spyware. I've seen dozens of clients who have so much spyware, it can take 30 minutes or more to boot up and then spend more time closing all the popped-up windows. FF and it appears IE7 as well will hopefully go a long way to closing this attack. Now we just need to wait for everyone with win95,98,ME, NT, etc. to upgrade.

And my dog...

[frank_adrian314159]

... doesn't need to be walked if you don't mind it using your house as a toilet.

Coming soon to a virus near you?

[QuantaStarFire]

"I'll give you an example: It's my favorite feature within Windows Vista, it's called ASLR (Address Space [Layout] Randomization). What it does is, each Windows Vista machine is slightly different than every other Windows Vista machine. So even if there is a remote exploit on one machine, and a worm tries to jump from one machine to another, the probability of that actually succeeding is very small."

Anybody else thinking that we'll have Vista viruses that mutate and adapt to the ASLR of a particular system within a year or two? I mean, seriously, what is it with software companies (or rather, security companies) and this apparent hubris that "our product is bullet-proof"? I mean, haven't we seen enough security systems and copy protections go down in smoke, even when people were convinced that "it can't be cracked"? Give me a break...

And he likely is right...

[Nightspirit]

...in certain circumstances. Hell, I haven't had a positive virus under XP for years. I'm running avast right now, but I'm contemplating just removing it completely. The only reason I haven't is because I occasionally get emails from relatives such as "click on this funny card!" containing links to god knows where.

IIRC the only times I ever did get viruses were downloading porn or cracks. Sandbox what you can download (which at least they said they did in vista, who knows if it will be effective) and that eliminates most vectors, other than relative spam mail.

Bye The Way

[wildman6801]

AND PIGS FLY?

*/ Note: hope you don't mind a little bit of a shout! Sorry Slashdot /*

ObSimpsons

[Amazing+Quantum+Man]

Ha ha!
</VOICE>

*Outgoing* Microsoft co-president?

[JoeWalsh]

Sounds like somebody's trying to set his previous employer up the bomb.

It's not the OS that needs antivirus...

[h4rdc0d3]

If you think about it, it's not the OS that needs an anti-virus program; it's the user(s). I have been working in Windows since the 3.1 days, and I have never gotten a virus. And I have never once installed anti-virus software. The average user is just ignorant and sometimes a bit lacking in common sense. These users need virus protection, but technically the OS itself doesn't. They only need to educate themselves and be a bit more careful.

Re:It's not the OS that needs antivirus...

[Joe+The+Dragon]

What you say is only half true as there are holes in windows that can let a virus be installed without the user telling the system to install it.

Canonical names are great, but there's one WRONG..

http://www.vx1.co.uk/neworder.asp?ProductGroupId=3 3

He is correct

[flyingfsck]

I haven't experienced issues with Windows viruses in years. The trouble is spyware, adware, trojans, junkware and crapware...

RMS Vista

[kitzilla]

RMS Vista: "Even God himself could not sink her!"

4 words (or letters)...

*ROFL*

Big Boldfaced Lie

[HermMunster]

We already know that systems can become infected under Vista. There was a big long write-up of someone installing all sort of malware under Vista via iexplore. There's no question that what Allchin is saying is in direct response to the outcry that there's no compelling reason upgrade and that the security in Vista is really a minor feature. Maybe he's doing it to up his stock value so he can get out from under Microsoft with a big windfall in stock.

He's out-going employee so he may feel he can lie all the wants. When the time comes a lot of people will be very disappointed in Microsoft and they'll also already have been duped.

I wonder if Microsoft can be brought to court early for such fraudulent claims, maybe even to the point halting Vista's release. Making such false claims are akin to fraud. To let that out to encourage sales is to make those sales based on fraud.

7?

[tezbobobo]

Try 13 - 7yos don't search porn

DEP

[Wilson_6500]

Yeah, well, if their "lockdowns" operate anything like DEP, which seems to do little good aside from crashing random programs now and then...

Can be done with w2k already

[daniel23]

Sure thing, where is the news?

I'm running w2k here with 6 years history of not a single trojan, worm, virus etc. infection. (Before that it was NT4, w95, w31, DOS, cpm+, together 21 years of computing w/o malware infections).
I scan my system for malware about once/quarter, with a number of different scanners. But no "protective shield" scanner running all the time.
Oh, and I don't do windows update, I ran w2kSP2 until iTunes forced me to update to SP4. SP3 had an evil EULA, that's why.

I let my kids run their boxen under a similar setup, w/o problems, and I believe almost anyone could do the same.

All it takes is
- no outlook
- no MSIE
- a linux firewall/gateway protecting the lan
- wlan connects to the foreign side of the firewall and tunnels in via openVPN
- clamAV/Amavis and postgrey on the mail server with some basic restrictions about file types of attachments

This is exactly why....

[Sergeant+Beavis]

Microsoft needs to have drug testing.

duh?

[Razed+By+TV]

Duh, of course the computer is safe in the hands of a child, the operating system hasn't even been released yet. I wouldn't bet on that security through obscurity once the OS becomes mainstream.

Misleading title

What he said was that the lockdown features were so tight that he was happy to let his 7-year-old son use the computer without an AV installed. In other words, he was confident that his son wouldn't be able to install any software.

He did not say that regular users, who want to be able to install programs, should not use an AV. Nor did he say he was so sure the system had no holes that it wouldn't require a firewall.

In other words, yet another pointless anti-MS story posted on Slashdot, that basically hurts Slashdot's credibility more than it does Microsoft's. Nothing new there. Gone are the days when Slashdot actually had any news, or any stuff that mattered.

vist does not need antivirus

[Stanneh]

like earth does not need gravity.

Non-Believer?

[Scarletdown]

Wait... what are you trying to say here? Of course we all believe in Santa Claus.

Wasn't he picked up by the cops last year on a 1492, for not believing in Columbus?

He's right you know

[syousef]

With Vista being so DRM ridden and such a hog you'll never want to use it. Therefore you'll never do anything with it, and never have data to protect on it. Hell if you try to type in anything more than a couple of characters, the UI will prevent you from doing so with "security popups". The new secret weapon is MS Clippy Nazi (tm) which will come up with phrases like "I'm sorry but you appear to be entering a credit card number. Zis vil not be tolerated." and "I refuse to accept responsibility for your data" and "You entered that data over 4 weeks ago. Please call Microsoft support to reactivate your data".

Problem solved. No need for Antivirus.

Thought Experiment

[rlp]

Step 1 - PC running newly installed vanilla Vista is connected directly to the Internet via cable modem. No third party firewalls / AV software, no hardware router / firewall.

Step 2 - seven year old kid uses it for Web surfing for two hours.

Step 3 - Mr. Allchin uses the PC to access his brokerage / bank accounts.

Well DUH! We were already told this about Vista...

"system's new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed."

Not because the lockdown feature stops any virus from getting on, but because he can't get McAfee or Norton to work right on Vista without a hack!

The emperors new clothes...

There will be no such system that will not be attacked any means electronically... unless it is not connected to an network or turned on.

Quick! Before it's too late!

[nobodynoone]

Buy stock in Symantec!

Here fixed the Media Spin

[lumber_13]

Here http://abcnews.go.com/Technology/ZDM/story?id=2639 246 Fixed for you. Its called Media Spin. Allchin also addressed concerns that Vista would be inherently insecure. The OS has already suffered so-called "pen" or penetration testing during its development, and is the first product to go through Microsoft's secure development lifecycle program, he said. "Thousands" of applications have been tested against the software. Allchin's own son uses a prerelease version of Vista without any antivirus software, Allchin said, although he advised customers not to do the same.

monological discussions

[daniel23]

did I mention how /.'s new discussion system now reminds me of my wife, like, we're having a discussion and there is no way for me to successfully launch a reply.

oh wait, this is /. after all. A wife is, ehmm, ... well, - just forget it.

If his son is not an Admin on the box, why not?

[dioscaido]

Without Administrator access, a virus can at best mess around with his son's account. Easy enough to fix by killing and recreating the account. This is actually true of XP as well (and OSX/Linux, obviously), but Vista is the first MS OS to handle Standard User in a straightforward way.

And with UAC, since Administrators don't even run with full token by default, 3rd party applications will quickly move away from assuming Admin access (a huge problem with running XP as limited -- apps blow up).

yay for him....

[zcat_NZ]

My kids have been using Linux "with no antivirus" since before they could type (they started with things like tuxpaint and gcompris)

Windows is finally catching up?!!

Re:yay for him....

[J.+J.+Ramsey]

My kids have been using Linux "with no antivirus" since before they could type (they started with things like tuxpaint and gcompris)

Windows is finally catching up?!!

I think Allchin is implying exactly that.

Off the grid - it's mostly safe.

[binaryspiral]

Sure, go right ahead and don't install AntiVirus or any protection what so ever. As long as the machine stays off the 'net, you should be mostly safe.

Re:Off the grid - it's mostly safe.

awesome

I absolutely agree!

[Eric+Damron]

I also feel completely comfortable letting his seven year old child run vista on his computer without anti virus software!

what if you get a lemon?

[binarybum]

"Address Space [Layout] Randomization). What it does is, each Windows Vista machine is slightly different than every other Windows Vista machine"

  Sweet. now my computer can crash in ways yours can't even dream of.

Re:what if you get a lemon?

[moro_666]

Sounds like something that *BSD people did years ago, what's next news ? "netcraft confirms it, windows is dying" ?

  I bet this actually breaks tons of applications just "by the way", so upgrading to vista will be a hell to people, especially developers who are used to continious behaviour etc.

  And has "autorun" of cd-s finally been removed ? Was sony's trick a lesson learnt ?

What an idiot.

What an idiotic statement to make. He basically said that it is impossible to get a virus while running Vista which sure sounds like a challenge to all virus writers abroad. There WILL be viruses for Vista, I don't care how secure it is just like there would be viruses for Linux if it were the mainstream OS. Maybe the damage will be more contained or the malware will be easier to detect, but one should never underestimate the cleverness of a basement dwelling greasy haired hacker.

Translation:

[xactuary]

Bring 'em on!

ASLR

[Joebert]

A
Sorry
Last
Resort

Tag, you're it!

[zigziggityzoo]

For once, the tagging system is 100% accurate!

I don't see what the problem is.

[loftwyr]

His son's computer isn't hooked to the Internet, and only plays store bought games aimed at 7 year olds.

Viruses shouldn't be a problem for him. Now, mind you if it gets hooked to the internet for 30 seconds, all bets are off... :)

Context

[lilfields]

I don't believe he was saying "Vista can't get viruses", but rather UAC (user account control) stops code from executing, thus making him feel safe that even his son could surf the web (with UAC on) without obtaining a virus blindly. I think the biggest weakness with past Windows have been uninformed users thinking that clicking "yes" in dialog boxes to execute an unknown program or script is a witty thing to do. I believe UAC tries to solve this, and most "average" users will be too lazy to turn it off (or won't know how), while advanced users can simply surf responsibly with it off.

Re:Context

[hey0you0guy]

Last time somebody left UAC in control, the earth was overrun by zombies and demons from another dimension. Hopefully Vista's UAC won't be as evil

In other news

[Chonnawonga]

In other news, the successor to Vista will not require hardware.

Slashdot: alledged news to waste your fucking time

Who cares what Vista has going for it? Who cares if it's a total piece of crap? It's still going out the door on every Dell and HP box sold. That's why they make the money. That's why it will continue to be everywhere; that's why doofuses like Dvorak think it's "popular".

Slashdot: Free News that's Worth It.

Antivirus

[able1234au]

With some vulnerabilities, you can have a worm can infect you merely by having a computer connected to the internet. SQL/Slammer just required that you have the SQL code on your computer and have not patched the known vulnerability. A vulnerability that there was a patch released for six months earlier. Many users had no idea they had the SQL code installed and were vulnerable. Their choice of browser, whether they visited porn sites etc did not affect their vulnerability. For Jim Allchin to make this statement he needs to be guaranteeing there will be no bugs in Vista. I'm sure he won't be guaranteeing that. Given that many viruses don't need a system bug, or even to get into the kernel, i don't see how a bug free vista would even guarantee to be virus free. Perhaps he is confused about why Unix, Linux and Mac OS X do not get many viruses. That is more about the virus writers choosing to not target them. If the virus writers DID choose to target them there would be just as many viruses for those systems. There is a lot of talk about Windows being more vulnerable to viruses. It is not necessarily more vulnerable, though there are ways it could be less vulnerable. The real driver is the hackers and what they choose to go after.

This reminds me of Ed Bradley's interview of MJ

[228e2]

Ed: . . . . So would u let your child sleep in the bed with a 46 year old man that has been accused of child molestation?
M. Jackson: Yes, I would

The parallels are scary . . . .

freaky

[urban_warrior]

If you type linux 3 times fast with the lights off, windows will blue screen!

I agree......

[Robowally]

I don't visit porn sites or other dodgy sites. My wife and I both run XP with no anti-virus s/w (have for years) with no known problems.

Famous Last Words

[the+eric+conspiracy]

I have a some thoughts on this one:

1. Care to put your money where your mouth is? Like refund the price of Vista if my copy gets infected? That should be fair.
2. Care to share what you are smoking? Sounds really kickin'
3. LOL
4. Famous last words - like we aren't ever going to need more than 640K of RAM or the Internet is a passing fad like CB radio.
5. ROTFL

Vista doesn't need AV

and you don't need 640k either.... Oh wait, vista can't run in 640K, doh ;)

same type of thing spoken about for Windows ME

When Windows ME came along, the system restore features were touted as if your little kid can play on your computer and not mess it up. Heck no.

Bet he's not running VISTA HOME version, mssucks

After I found how lobotomized XP HOME version was I'm really pissed
off at MS. Hmm, let's take out all the security and sell it as the
HOME version, for christ sake, just goes to show to what length MS will
go to screw you over. How many versions will VISTA have? Home, 3rd World
version, Media version, umpteen server versions. Ughhh, bend over for
VISTA, here it comes!

secure! fast! perfect!

[wall0159]

And here I've been criticising Windows all this time.

Well... time to sell my iBook, remove Linux from my PC, and buy a copy of Vista. I'll be set for life!

Oh yeah?

[proxy318]

Windows Chief Suggests Vista Won't Need Antivirus

That's funny, the virus writers said the same thing. Hmmm.

in related news...

[3seas]

they are using a genitically modified version of aids to fight aids......

I hope Novell keeps a condom on its Linux development with MS.

Amazing!

[jozeph78]

You mean, a computer which only runs programs I intended to run? What a novel idea.

Wow! I could bask in that irony all day. =)

Re:Amazing!

[UnxMully]

If I had any mod points to give, you'd get them

No, seriously,

[Go4Linux]

... and when his son becomes thirteen he will actually connect the computer to the network. ;)

Re:No, seriously,

[JasonBee]

Maybe he had the internet downloaded to a floppy and his son was browsing that.

IMHO

[nickheart]

I contend that no OS ever needs AV software. They need backup, and smart operators. AV has never pro-actively detected something, only slowed normal usage of my PC.

hmmm, yeah, ummm

[dlasley]

sorry, but i'm still going to make sure all the workstations in the office that aren't mine (i.e. the MicroWinTelExplorer ones) have whatever CA comes up with to "shield" them from the everyday variants and nuisance payloads. the guy's in marketing as a product chief - i think we all know better than to believe any statement from marketing at face value. usually it's face value with considerable depreciation and heavy exposure to inflationary pressures.

someone stop spiking his triple-splenda extra hot venti chai latte, ok? silly twits

Uh oh...

[shut_up_man]

This reminds me of a Douglas Adams quote:

"The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair."

Re:Uh oh...

[llamaxing]

An once again, another quote from Adams:
"Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so."

Um hum, eh heh, okey dokey...

[GFree]

Hmm...

I might be able to get away with not using AV if I have enough faith in my router's NAT + my own browsing habits, but I sure as shit wouldn't recommend the average Joe be without AV. Hope his words of comform don't come back to bite him in the ass.

A Note to Dearist Jimmy

Deariest Jimmy,

A word to my Dearest Jimmy.

You are wrong!

Toodles!

PS Perhaps in your next job, what ever that my be and I don't wish ill tidings on your new handlers, you will finally learn a "higher Level Programming Language" called "BASIC."

can you see it now?

[v1]

Program launch detected! minesweeper.exe is an application. Please enter your administrator password to launch."

Windows is already bad that way. I've lost count of the number of programs that cannot be run by anyone except an admin. And it's all but impossible to find an app you can install without logging out and logging back in as an admin. Windows badly needs to find a happy medium between security and usability.

disturbing...

[yagu]

BTW, Vista Is Still The Anti-OS.

That said, a disturbing quote to me from the article was, "His [Allchin's son] machine is locked down with parental controls, he can't download things unless it's to the places that I've said that he could do, and I'm feeling totally confident about that," he [Allchin] added. "That is quite a statement. I couldn't say that in Windows XP SP2.""

It's not disturbing they/he claim the security in Vista, it's disturbing I've been around long enough it's an old tape. Every single new Windows, every single new version, every single new service pack brings the old saw "this time ${WindowsVersin} is really secure and stable". I guess I'm tired of saying "told you so", when it's not. (Oooops, I did it again.)

Prediction (not too hard...): Vista will be riddled with stability and security issues.

No problems with Win2k

Never had a problem. Of course, I use Firefox, a NAT, and don't visit porn sites or use P2P, which pretty much cuts my attack vectors to zero. Haven't had any AdWare in, hmm, 4 years or so either. I have AdAware installed on my computer but haven't bothered running it in about 2 years since it never picks up anything.

I never had any problems either. I use Firefox, a NAT and I do visit porn sites and use Torrents. I have AdAware and Spybot and HiJackThis on my system for years. Since I started using Firefox I have never had a computer Virus. I do run an AVG sweep every day, but have never had a scan come back with anything on it. In fact the only virus I have seen on my computer was something in the Java Cache that AVG found the day I installed it, and Norton never did find.

I have been using Firefox and AVG for, I believe, 4 years now.

Porn sites are not bad anymore. The people running porn sites don't want you to get anything from their sites as they want you as a repeat customer, ad revenue and all. That small percentage of idiots out there running fake porn sites ruin it for everyone.

No AV software

[rs79]

Vista doesn't need anti-virus software? Gee, just like 98.

Great plan. Release a malware magnet like XP then release 98 again saying it's an upgrade.

Clever.

Wait a minute...

[blindseer]

Did he just say that Windows XP is broken? Why would I want to buy from him again if I got stuck with a broken product the first time around? It doesn't give much in consumer confidence if their answer for a flawed product is to buy the next one that they promise is not broken, which is what they said the last time.

Aren't there laws against this? I mean if my car has flaw in its brakes the company that made it is usually required to fix it by law. If not then at least the manufacturer feels compelled to fix it to assure that they can continue to sell since a poor product tends to sit on store shelves.

I guess I live in a dream world where most everything is a commodity, where standards prevail, and where competition drives excellence.

We know what to do

[OriginalArlen]

No doubt those of us who get dragged into providing unpaid technical support for family & friends, yet who want to do the right thing to help make the world a better place, know exactly what to do. We cannot deny the fruits of our superiour intellect to the world for the greater good ,and we have a duty to make sure we help people out. Sooo... spread this rumour as hard and as fast as you can. By this time next year Windows will have been banned by every government in the world. MUAH!!hahahaha.

pow wow

[TwinGears]

One Cheif flew over the cockoo's nest, and they all followed...

Vista - 1) a pleasing view, especially when seen through a long, narrow opening. Makes you wonder who's getting screwed next 2) a mental view of an imagined future event or situation like, putting toast and jam in the 5 1/4 floppy bay.

Makes me think about looking over the license, and making sure you buy the hardware and return the OS. Pay the Open Source people, not M$. ;)

Congratulations

[bryz]

They've done it.

They've finally made an operating system that is free of security holes, immune to viruses, and resistant to malware.

I didn't think it could be done, but apparently all it took Microsoft was about 6 years.

Where have I heard this before

[SnapperHead]

OH YA! Now, I remeber. NTFS partitions won't need to be defragged, thats why we don't include a defrag tool. This is gonna slap them in the face very quickly, and I can't wait.

Heard it before.

[4105]

NTFS is such an efficient file system it will not need defragmentation.

Catch up

[Ticklemonster]

Yay, they caught up with linux. Maybe.

May I just say

Mwa-Ha-ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha
*cough*
Ahhh, that felt good :)

Lirty Dies

[grolaw]

To quote the Capitol Steps.

Or, perhaps Vista comes complete with a built-in Root Kit making any other malware unnecessary. It's a feature!
Brought to you by Sony-Bertelsman and Microsoft . . .

Money Back Guarantee...

so, where do i get my money back if it doesn't work...

oh... that's right.

there is no money back guarantee.

more hot air coming from msft...

move along, nothing to see here...

Marketingese Translation

[Some+Guy+22]

Marketingese: Vista won't need antivirus.

English: Vista won't be ABLE to run antivirus.

On the internet? Raw?

[dilvish_the_damned]

It hasent even been playtested to a reasonable degree. He is either foolish or lieing. On the other hand maybe he was making a slighted comment towards the effectiveness of the current anti-virus solutions...
Or maybe he has been relegated to "Used Car" salesmen status. Either way I would not want to make a big deal about this, or in response he might actually do it, it would not be fair to the kid.

Users define the (in)security of a system

I've been using my home computer(s) to connect to the internet for well over a decade and I have never been a regular user of anti-virus software. I have gotten bitten by it precisely once, when I caught sasser while running windows 2000 on dialup (and I was able to disinfect myself by hand).

I don't leave all my default servicing running. I don't, usually, let my bare ass hang out on the internet, I try to stay behind a firewall or a NAT box. When I do run a server it's apache / mysql (even on windows), and I turn off / don't install all the external administration crap (ssh is more than good enough). I don't run random files I find on, or that are sent to me over, the internet. I keep my systems patched. Etc.

It's not that difficult to avoid viruses and worms today, it just requires a little discipline and critical thinking.

A year?

Why wait a year? A dupe should be up within a few days.

Absolute truth

[Propaganda13]

He never said that the computer would be connected to the internet. You don't have to lie, you just have to know what to say.

Bookmarked for Future ownage!

[Private.Tucker]

Never say never. XP was supposed to be more secure (just read the screens as it installs).
The only way you can honestly say ANY OS can be locked down from a Virus is if you take away the internet and don't allow someone with a disc the ability to install one.

It's all about user base. Vista will be preinstalled on new OEM machines, and that alone will have a large user base of mostly non-tech-junky people. Prime grounds for virus/virii and malware.

Gentlemen, start your lawyers.

Watch as Symantec sues their anti-antitrust ass.

Symantec needs to protect its marketshare. Since they gutted and fricasseed their entire product line, AV is the only thing still making them money. And the bloat fits right in with Windows; most users can't even tell who's slowing down who!

(sigh) I miss Peter... /pine /pine

MS said win95 wouldn't run viruses too

[wolverine1999]

That's what they said years ago too as win95 was supposed to be *completely* different. Guess what, they were wrong.

Only one thing to do then.

[sketchman]

Let's just hope this guy is never in charge of NASA. I can hear it now.

"Our astronauts can hold their breath for so long, I just don't think we need onboard O2 tanks."

But the computer isn't hooked up!

[mveloso]

Yep, his 7 year old will use it...as an Encarta station. Without an Internet hookup, the PC is perfectly safe...with any Microsoft OS.

With Microsoft's lousy security record ...

[mr_death]

... you'd think they might have learned to underpromise and overdeliver, for once. Unfortunately, the MS propaganda machine is going at it as usual.

Let's see, 50 million lines of code, a new IP stack, horrid complexity -- I'm taking bets on when the first service pack is needed, and when the first worm hits.

A side bet -- how many vulnerabilities did the black hats find in Vista, and then didn't report them to MS.

After the hype dies down, it might be time to short Microsoft again.

Re:With Microsoft's lousy security record ...

[Clever7Devil]

I'm betting the first worm is already out there, on someone's harddrive, waiting for the day Vista ships Public.

It's always going to be the same:

The only way your computer is secure is dissembled in a lead box.

Re:With Microsoft's lousy security record ...

[mr_death]

Hey, maybe that's what Allchin meant -- his kid uses Vista without antivirus, because he keeps it off the net.

While there is no absolute security, you can get far closer to it with sensible development practices. When something is designed for security on day one, developers aren't cowboy coders, PMs aren't cramming every possible feature into it, and the code is battle tested, then you have a much more secure system. Unfortunately, Microsoft practices are the exact opposite.

Smart...

[Hydroksyde]

I consider antivirus to be a scam. When badness is infinite and goodness is finite, which does it make more sense to enumerate? Certainly not the bad. And under previous versions of windows the user ran with administrator priveleges, meaning any program had total control of the computer, and hence total control of any antivirus software that happened to be running on the computer. Security is not improved by adding trusted components (see the The Definition of Trust). This applies to any software you add.

Windows Chief Suggests Vista Won't Need Antivirus?

[crusher-1]

Vista won't need an Antivirus program??? Sure, whatever the "Windows Chief" says. If this is the case then I expect solid gold frogs to start shooting out my arse any moment now.

What a moron!

Hackfest

[siLoOfMisfortune]

Vista's sourcecode is public information not to mention the kernel structure. Nuff said.

Any important data on that machine?

[Lonewolf666]

I guess that Jim Allchin's little kid does not have any data on his machine that are irreplaceable or worth stealing. Maybe a few game saves.
If Jim Allchin said he runs his own computer on Vista without antivirus software, it would be more convincing ;-)

I dont doubt him

[Joker1980]

Ive been running XP for years without an anti virus, never had a problem but then again i don't go opening random things on a whim. Having said that i would never run windows without a firewall and no the XP SP2 firewall doesent count.

Same here: with Windows 98

[Zoxed]

> told a reporter that the system's new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.

Big deal: my kids (8 and 10) use a PC with vanilla Windows 98 installed, no firewall, no anti-virus. It runs their CD-ROM programs fine. And a few other games etc.

Never had a single piece of malware. It's easy: just do not connect it to the internet :-)

isn't that normal?

[Kirth]

Well, I tought it was perfectly normal that an operating system does not need an antivirus unless its completely fucked up.

Welcome Microsoft, if whats Allchin said is true, then you've just produced the first Windows which is not an utter screw-up.

O RLY?

[chrisxkelley]

Sounds like something dvorak would rave about.
Nothing to see here, move along.

obvious explanations..

The computer he gave his son is not connected to the internet. And probably it's a cheapo-model without floppy or CD-ROM-drives. Possibly even with only few backmounted USB-ports, and computer is fastened to the table backside against the wall. For extra protection, daddio might've even removed fuses from the kids room.

The 10 Minute virus test

Here's something interesting I found out:

Install Windows 2000 Professional on to a computer. connect to the internet and download Windows Service Pack 4. When this has finished downloading, download a fire wall program.

Give or take the amount of time it takes to make a cup of tea....your machine has already got a virus!

happened to me!

I did the above but was virus infected before I could firewall or A/V the machine. I start to start again from scratch using tools off a free cd coz an unpatched W2K machine gets infected too quickly!

No anty-virus, eh?

[NineSisters]

Is it a challenge?

Look, my seven-year-old son is using it!

... he was comfortable with his own seven-year-old son using Vista without antivirus software installed.

Sounds familiar

Re:Look, my seven-year-old son is using it!

[UnxMully]

Nice.

Anti-Virus...

[AnXa]

Windows Vista will need Anti-Virus software eventually when it gets older. Maybe first year might pay off without one, but when security is broken flood will follow.

Almost as Arrogant as the Linux Fanboys

[RAMMS+EIN]

``[Jim Allchin is] comfortable with his own seven-year-old son using Vista without antivirus software installed.''

That's almost as arrogant as the Linux fanboys who claim or believe that Linux is immune to viruses. Almost, because Vista at least has some buffer overflow protection measures (ASLR).

Re:Almost as Arrogant as the Linux Fanboys

[pandrijeczko]

For your information, Linux *is* pretty immune to viruses.

A virus spreads because of applications running on a large population of machines share the same security hole. Bearing in mind the sheer number of different Linux distros there are, running different kernels, desktops and daemon applications, there really are very few applications that are common to a lot of machines that would also be capable of propogating a virus.

Additionally, the tendency for users to run programs at root level on Linux machines is much less than users running programs with administrator priveliges on Windows - this is because the security model on Linux is much simpler, without complexities of things like the registry, such that the only files a normal user can damage (on a properly configured Linux system) are their own ones.

Before I am accused of being a fanboy, the vulnerabilities in Linux (or any UNIX-like OS) are from buffer overflow attacks that cause a running daemon to drop to a (root) shell prompt allowing access to the system. However, these types of attacks are very directed against specific machines because they only work against specific versions of, say, FTP or Telnet on the system. Nowadays, of course, the tendency is to avoid using these daemons on the public internet anyway, instead opting to use secure services like SSH, SFTP & SCP.

I work in OS security and whether you run Windows or UNIX, you can never view any system as being completely secure or invulnerable to viruses. But being aware of what those vulnerabilities are likely to be means that you are more likely to defend against those attacks when they occur.

Re:Almost as Arrogant as the Linux Fanboys

[deepestblue]

A virus spreads because of applications running on a large population of machines share the same security hole. Bearing in mind the sheer number of different Linux distros there are, running different kernels, desktops and daemon applications, there really are very few applications that are common to a lot of machines that would also be capable of propogating a virus.

You mean Linux is secure by obscurity? We all know how secure that is.

Additionally, the tendency for users to run programs at root level on Linux machines is much less than users running programs with administrator priveliges on Windows - this is because the security model on Linux is much simpler, without complexities of things like the registry,

Heard of SELinux policies? ACLs in Linux? The days of rwx are long gone.

such that the only files a normal user can damage (on a properly configured Linux system) are their own ones.

Um, say what? I don't *care* if the OS gets damaged, so long as my files are clean. If you're going to tell me that /usr/ is intact, but my files are all gone, my reaction won't be pretty.

Before I am accused of being a fanboy, the vulnerabilities in Linux (or any UNIX-like OS) are from buffer overflow attacks that cause a running daemon to drop to a (root) shell prompt allowing access to the system. However, these types of attacks are very directed against specific machines because they only work against specific versions of, say, FTP or Telnet on the system. Nowadays, of course, the tendency is to avoid using these daemons on the public internet anyway, instead opting to use secure services like SSH, SFTP & SCP.

What rubbish. What makes you think SSH & friends are immune from buffer overruns? You claim to "work" in OS security. Are you the nightly security guard for an OS company?

Re:Almost as Arrogant as the Linux Fanboys

[nostrad]

Linux is already using ASLR as well: http://en.wikipedia.org/wiki/Address_Space_Layout_ Randomization#Implementations.
So we still get to be the same fanboys as we've always been and go on claim that we are more or less immune to viruses ;).

Seriously though I'd say it really isn't ASLR, NX or whatever technical means you use to prevent attacks that are important. More so it is the mentality in a desktop OS that matters. Windows from the beginning has been designed to trust everything and that has shown as many applications require administrator access when it really would not be required. With MS realizing this and moving to a more secure philosophy it will increasingly require developers to become less lazy and actually think a little.

Re:Almost as Arrogant as the Linux Fanboys

[RAMMS+EIN]

``Linux is already using ASLR as well''

Some distros, yes. But on most distros, it's still off by default, AFAIK.

``Seriously though I'd say it really isn't ASLR, NX or whatever technical means you use to prevent attacks that are important. More so it is the mentality in a desktop OS that matters.''

Vista enabling ALSR by default, and Linux distros having it disabled by default says a lot about their mentality. ALSR makes exploiting buffer overflows much more difficult. It's a proactive measure; it protects you against vulnerabilities that have not yet been found. The existence of buffer overflows is pretty much a given with the amount of software written in unsafe languages. Microsoft apparently decided to protect against these bugs, whereas most Linux distros are ignoring the problem, or, at best, patching vulnerabilities after they are found.

``Windows from the beginning has been designed to trust everything and that has shown as many applications require administrator access when it really would not be required.''

Packages/package managers on GNU/Linux often do the same.

Re:Almost as Arrogant as the Linux Fanboys

[pandrijeczko]

You mean Linux is secure by obscurity? We all know how secure that is.

No, I don't. You're taking that interpretation on my comments.

Don't be an idiot. Surely common sense tells you that the less commonalities there are in a population of computers, the less chances they have of spreading a virus. Yes, call it obscurity if you like, but get used to it?

Heard of SELinux policies? ACLs in Linux? The days of rwx are long gone.

Rubbish. It entirely depends on what you're expecting a Linux machine to do. Since we're talking about viruses, we're probably talking about desktop machines and for general desktop usage, rwx and a few sticky bit settings together with intelligent user and group administration will do most things. Again, get used to it, it's a fact.

Um, say what? I don't *care* if the OS gets damaged, so long as my files are clean. If you're going to tell me that /usr/ is intact, but my files are all gone, my reaction won't be pretty.

How about you take the time to *read* my comment properly. If you run as an administrator on any OS, any virus or trojan you pick up while using that OS can potentially damage any file on the system; if you are a normal user, the virus or trojan will only affect your files. From a sysadmin perspective, it's far better for the second case to happen - because a good sysadmin has backups of your files to hopefully give you back most of what you lost. If you *seriously* believe that it's better to have a trashed computer rather than a few user files to recover, then I suggest you go and by yourself "The ABC Guide To System Administration For Absolute Dummies".

What rubbish. What makes you think SSH & friends are immune from buffer overruns? You claim to "work" in OS security.

Did I *SAY* SSH was immune? Or do you have some kind of malfunctioning telepathic ability that incorrecty read my mind? Any daemon can be potentially buffer overflowed; however, those that use clear text communications and weak authentication are also at risk from dictionary attacks, network sniffing, etc.

Are you the nightly security guard for an OS company?

Oh, whatever... all I'll say is that I earn enough to live a happy enough life such that I don't have a need to go around nitpicking everyone else's use of language on Slashdot.

That's the problem with people like you - very good at finding grammatical errors but have absolutely no knowledge of any substance. Or are so up Bill Gates ass as to find it completely impossible to partake in a rational argument - and they say *LINUX ZEALOTS* are bad...

Famous last words

[jm1234567890]

They surely will be

They must have...

[Teppic_52]

got the acpi drivers right, so they can turn the nic off.

(still have no use for XP, btw.)

[Threni]

Bing Tsher E (943915):

> ....when they announced that Windows 2000 would never have a Service Pack release. One would never
> be needed.
> (still have no use for XP, btw.)

No IE7 for you, then. Windows 2000 is now in "extended support"...

Monoculture

[zeromorph]

I think the whole problem will be again this monoculture, now not only in respect to the OS bt also in respect to virus protection.

The whole security stuff of Vista might even be the best evah, experience tells us that sooner or later it will be cracked and then it's the one that secures the vast majority of all computers. If you have several different protection systems the result would be much less severe.

Monoculture in the OS sector is already bad enough, this will make it worse.

RE:Monoculture

[Shados]

Yeah, that is a good point. In the software sector, no matter what, complex software, sooner or later get cracked in a way or another. So in itself, being "less popular" is, so to speak, the best form of protection, as silly as it sounds. The world will really benifit when one day the OS sector is 50/50, or 33/33/33 or something... it will mitigate damage a bit, when damage ends up happening.

Raw sockets in XP

[DrBoumBoum]

This raw socket access thing has been an ongoing battle for years, with MS initially laughing the idea away and then changing their mind about it http://www.grc.com/dos/intro.htm, but this was done in XP SP2 if I understand well.

Obvious claim!

[VincenzoRomano]

Vista Won't Need Antivirus

Because it won't even boot!

Is it April already?

[dmdb]

whoa, what happened to christmas? didn't realise it was april fools day already!

I use also Windows and I use no virus scanner

[einar2]

Hello dear fellow geeks,

I do not want to frighten your feeble hearts but I am using Windows since years and (nearly) never had a virus scanner installed. Once a year I scan my harddisk from a CD boot disk and so far I never ever had a virus. I once also installed an anti virus software to scan the HD and again, no virus found.

How do I do it? I do not react on every exe file with a pavlovian doubleclick reaction. My everyday account has no admin rights. I have a linux firewall in the cellar. Easy.

What do I get: The CPU cycles for me and not for some virus scanner in the background.

regards,

einar

lol more on XP definitive quote

[Quote]Jon Collins, head of research at Sundial Consultancy, questioned the wisdom of such a definite statement by Microsoft. "It is a surprisingly definite announcement, similar to saying that the company has tested 100 per cent of its code," he said.[/quote]

lol tru that!

worried

It's not his son i'm worried about, it's the man himself!

Windows Chief taunts virus writers, a second time

[DenialX]

...and your mother smells of elder-berrys!

If you consider Vista being another virus...

[IceRa]

...to be spread, Jim Allchin just applied common logic.

No seriously, all previous versions of Windows needed anti-virus software and even certain addidional tools to do some basic OS tasks which Windows wasn't capable to do out of the box - so why should Vista be the gerat exception??

Ice

in related news

[AlgorithMan]

in related news: oceania is allied with eurasia and at war with eastasian and always has been

Why is everybody laughing?

[alexhard]

I have been using XP since they came out without any antivirus or firewall solutions and I have been perfectly fine..unless you use IE6 to go to very murky files and download strange files, you should have no problem at all..

Re:Why is everybody laughing?

[fwarren]

The problem is, most people can't seem to figure out what files are murky.

Wow!!! My 70 year old aunt just sent me the "Girls Gone Wild" Screensaver. That is so l33t, I have got to run it rignt now!!!!!!

Rices Theorem

[AlgorithMan]

Rices Theorem: any non-trivial semantic question about turing-machines is undecidable

- programs are turing machines
- "is it harmful?" is a semantic question
- not all programs are harmful, but some are (meaning the question is not trivial)

this implies that there can't possibly ever be a program that correctly determines for all programs whether it is harmful or not!

maybe microsofts marketing department should ask someone who knows what he's talking about, before they start proclaiming ridiculous nonsense

This just in

[tbone1]

Satan forms luge team. Film at 11.

I think

[dotspeaks]

Its a challenge!!!???

Not just his account

[RAMMS+EIN]

In-Reply-To: 16791028

``Without Administrator access, a virus can at best mess around with his son's account.''

Not true. Non-admin users are allowed to use the network (access websites, send email, etc.) and use local services. Using the network, they can affect other people's account. Using local services, they may be able to affect other accounts on the same machine (especially if local services contain privilege escalation vulnerabilities).

Even if a virus can really only mess with one user acocunt, you should be concerned. The user's account contains that user's data, like email, documents, and possibly sensitive information about themselves and others. If the virus can cause that information to vanish, change, or become known to the wrong people, that's bad enough.

Re:Not just his account

[argent]

Even if Internet Explorer is reunning in a restricted account separated from the user, a virus can (a) use the infected application as a beachhead (as you note), and (b) attack resources the user owns on the web, including web passwords.

Re: XP Malware problems are real, but don't panic

[TaoPhoenix]

I got into the habit of running without installed AV for years because they misbehaved against my odd Satellite ISP I used to use. I tried to be sensible with Zone Alarm (you need that outbound notice!), and external virus scans.

Something did wander onto my system a couple of weeks ago. It's showing up as something that redirects IE searches (it survived upgrading to IE7!), but it lets FireFox searches through. (I joke that I could use the nudge.) Also, a few websites load oddly.

MS pushed so hard to "get it out the door" that Vista is going to be their usual SandPaperWare. While a few experts have some of the beta copies, watch for the flood of info to roll in about February 15. I'm designing a Screener/DarkBox setup, and I think I'm going to be settling on Linux as a screener, with the XP DarkBox only online long enough to grab the live content it needs.

Vista architecture is going cause a general programmer scramble. I'm preparing a dual system to let that situation have a couple of years to resolve itself.

Well, sure!

[brennanw]

I use XP without antivirus software, too.

Of course, the only thing I do with it is play computer games... I use Kubuntu for everything else. ... ...

His 7 year old son uses Kubuntu!

What security?

[XereX]

I know I wont be deploying Vista without antivirus, but, i think the only feasable way you would deploy Vista AV Free would be if your users did not have the Admin password. (we all know it is windows, and will be prone to exploits without the password anyways) But my point is simple. the average user (who deploys their own copy) has the admin password... People are so used to typing their password for anything and everything, the average joe end user WILL type their password to let a virus install itself. therefore we WILL need AV Software in Vista, even if it is the first piece of software to be exploit free....

Antivirus is a cure worse than the disease

I hate Antivirus products. They consume huge amounts of computing power, slow my computer down, and cause no end of frustration when installing legitimate network applications. In other words, the cost and overhead they impose is far greater than anything I've ever had to endure from viruses that I don't get anyway, because I'm not a complete idiot. I only log in as adminstrator when necessary. I keep up with patches and security updates. I keep my data, the only unique and irreplacable thing on my computer, backed up. I don't click on every idiotic funny ha ha attachment going around. I don't install software utilities from The People's Glorious Republic of Aziberjanistan.

I suppose if you're dumb enough to think you need an Antivirus program, you probably do.

Re:Antivirus is a cure worse than the disease

[rbochan]

...because I'm not a complete idiot. I only log in as adminstrator when necessary. I keep up with patches and security updates. I keep my data, the only unique and irreplacable thing on my computer, backed up. I don't click on every idiotic funny ha ha attachment going around.

And you, sir, are not the "average joe" computer user... not by a long shot. Hell, the fact that you've posted to slashdot proves that.
The "complete idiots" that you refer to aren't you, but they also aren't idiots. They're doctors, lawyers, sisters, sons, husbands, mothers, etc. who have lives other than sitting in front of a computer all the time and figuring out how it all works; who have been told by Microsoft and all the "high tech" tv shows and news snippets they've seen that they were basically buying an appliance. Unfortunately for them, a computer has never been, nor will be just an appliance.

I suppose if you're dumb enough to think you need an Antivirus program, you probably do.

As such an obvious "people person", do you wear a seatbelt?

Re:Antivirus is a cure worse than the disease

Good for you Dilbert.

I suppose if you're dumb enough to think everyone in the world should be as (apparantly) enlightened as you then you're right.

Re:Antivirus is a cure worse than the disease

[Stradivarius]

As such an obvious "people person", do you wear a seatbelt?

The seatbelt analogy doesn't fit very well. Even the safest of drivers have a sizable risk of getting into an accident because other less-safe drivers share the road with them. Unless this guy is sharing his PC with someone with less-safe computing practices, he doesn't have a comparable risk of spyware/virus infection.

Which is not to say there's no risk - even the safest of computer users can get hit with some 0-day exploit in Windows or the like, unless they leave their machine physically and permanently disconnected from the Net. But like anything else, it's a tradeoff. Do you want that incremental increase in safety at the expense of antivirus subscription fees and computational slowdown? Some people will, some people won't. It's a matter of risk tolerance and the cost/benefit ratio.

And you, sir, are not the "average joe" computer user

And that's exactly why AV programs should let you specify what level of understanding or risk aversion you have. Provide a "Typical User" and "Expert User" selection, with a "Typical User" default setting. There are few things more aggravating than someone or something continually assuming you're an ignoramus despite any and all evidence to the contrary.

Norton's been driving me nuts because I disabled some of its options to save my (pretty old) computer some performance. Every time I log in Norton nags me with this dire warning about "items affecting my status"; those items being the things I told it not to do. I'm very well aware of what I did and the implications, and don't need the app to be my nanny. I'm sure lots of people do want the nanny, and Norton should give it to them. But there's no need to apply that extreme risk aversion to everyone. It's been enough to make me seriously consider uninstalling Norton entirely.

Re:Antivirus is a cure worse than the disease

[Fafnir43]

It all becomes clear...

Most virus scanners are not outrageous bloatware. Norton is an exception to this rule. Most virus scanners do not nag you if you ask them not to. Norton is an exception to this rule. Most virus scanners may be uninstalled quickly and easily, leaving no traces behind in the registry. Norton is a serious exception to this rule. Most virus scanners have automatic daily updates, significantly reducing the impact of zero-day vulnerabilities. Norton is an exception to this rule. In short, most virus scanners do not suck donkey cock. Norton is an exception to this rule. Norton is also totally inept at actually detecting viruses. And it costs lots of money.

Seriously, try any other virus scanner. Try AVG (what I use when I boot to Windows), try Avast, try AntiVir, try anything. All the programs I listed above are totally free for personal use, with free updates. Get away from Norton, and I guarantee your views on virus scanners will change. You can have a reasonable protection against zero-day exploits without massive slowdowns and nagging.

Hope that helps!

Re:Antivirus is a cure worse than the disease

[kosmosik]

Well I need AV. I don't really belive in AV active/shields and so on. But I do need AV program to run it AFTER some clueless users do something stupid to clean their machines.

> I suppose if you're dumb enough to think you
> need an Antivirus program, you probably do.

I suppose people who need AV programs are just not computer literates and run Windows ;). But that does not make them dumb. With your logic you are dumb. Because when you are for example sick you need to go to the doctor. Too dumb to manage it yourself? You are dumb then?

No.

It is just that people vary in what they are good in. Welcome to reality.

Re:no antivirus? No SEATBELTS!

[mikelieman]

You don't HAVE to wear your seatbelt, but WHEN you crash, you're gonna get really banged up.

And if you're SURE you're NEVER going to crash, WHY do you have INSURANCE???

Wow!

[BCW2]

What is this guy smoking and why isn't he sharing? No matter what they claim it is still a M$ product and will be full of holes like all the others.

Windows is perfectly secure in it's native environment, pluged into a power outlet and a printer. If you connect to the internet you have no security.

So...

[kbox]

It will be a lot like Liunx. Except with Linux it is true and with vista not installing AV would be the dumbest thing you could do.. Apart from that, It's a lot like Linux.

Re:no antivirus? No SEATBELTS!

And if you're SURE you're NEVER going to crash, WHY do you have INSURANCE???

...because it's required by law for just about every state in the us

Unhackable

[gzerphey]

Isn't this the same as posting to Slashdot that "Our website is unhackable." Even if its true, its just something you don't say!!!!!!

The headline is misleading

[sorak]

The headline implies that Windows is claiming their system is immune to virus, while this guy is saying that he can trust his son to use Vista without an antivirus. The second claim may be true, if they can get rid of buffer overflow errors and lock down the environment for non-admin users enough so that they are incapable of affecting their settings and important files and folders such as C:\Windows.

The first statement can never be true, however, because most people are the Admins of their PC, and they will install anything, if a pop-up window asks them to.

And MY First Response was...

[TheVelvetFlamebait]

...these kind of people will never need to think more than a year into the future?

shush

[DrSkwid]

"Windows is a business OS"

So what is XP Home ?

Oh, btw in case you weren't paying attention these last two months :

Hackers Use Wikipedia As Virus Vector - Saturday Nov 4 2006

Hacked Ad Seen on MySpace Served Spyware to a Million - Wed, 04 Oct 2006

Internet Explorer

[argent]

I'de be happy letting a 7 year old use Windows 2000 without antivirus. IF it was firewalled AND Internet Explorer and any other application that uses the HTML control was disabled.

No, not just hidden inside a "restricted" account. Completely disabled.

Windows with no AV?

[fpp666]

[nelsonMuntz]HA HA![/nelsonMuntz]

Cheers!

HAHAHA!!

[fury88]

OMG, that is the funniest thing I have read in a long time. Sure, I'd be comfortable with a 7 year old using a PC. How many 7 year olds do you know that browse porn or download illegal music? HAHAHAH!

Cut out of context

He also said that he didn't recommend doing so in the same conference call. This story is shit.

This guy has balls...

[cnerd2025]

I'd trust my 7-year-old son to run Windows with no AV if and only if he had the computer abilities of Terri Schiavo.

Of course it's true

[Casualposter]

With Vista no one will need virus protection because (1) third party antivirus will not work due to interface issues (2) Mircrosoft is in the Antivirus Software business now and their much better protection is built in, and (3) because the frustrated folks will switch to Mac or Linux.

I can't see why this would be any more realistic than anything Balmer has to say.

Re:Of course it's true

It's all fun and games until someone leaks the code.

Re:no antivirus? No SEATBELTS!

[pixelite]

I have car insurance because the insurance companies lobbyists convince the lawmakers to make it the law

What he really meant was....

[suman28]

Ofcourse you don't need anti-virus...so long as it is not connected to the internet. Plug in the network cable and ten GOD help us all.

famous last words...

[polyp2000]

And they said Titanic was unsinkable.

Nick ...

Been on windows for a long time

[thePowerOfGrayskull]

And I've "gotten away" without using antivirus for years. Three simple things:

1. I don't use Internet Explorer.
2. I don't use any MS email products
3. I don't download and run anything from an untrusted source. (Including unexpected email attachments)

Amazing how effective a little common sense can be.

Ok, I've read the article now

[Opportunist]

And there are, in my opinion, only two possible reasons why this guy can spew so much misinformation: Either he's from marketing and has to say it, or he really is suffering from heavy delusions.

And with both kinds of people I refuse to argue.

I believe him -

[DavidHumus]

he can afford to throw away a PC when it becomes overrun by malware and buy a new one every few months.

Or maybe he's just a bad dad.

IT: Windows Chief Suggests ...

[webdog314]

What he doesn't mention is that the computer was never turned on.

misunderstanding!

If you start out on the assumption that a virus will (by definition) degrade performance in some way, maybe he's right -- will it be possible to right software that will make Vista even less efficient?

I think what he's saying is that viruses will only improve Vista...

someone write this one down...

[p51d007]

Computers don't need more than 640k of ram Vista won't need an antivirus software

a year? A YEAR?!?!

[1800maxim]

I'm coming back February 1st 2007!

Wait... on another thought, make it afternoon of January 30th.

if true then...

[1800maxim]

don't visit porn sites

You must be new here.

Look at that friggin huge iceberg......

[allenwarren]

I guess they should just change the name Vista to Titantic and be done with it....It is going to sink anyways....

who invented ASLR ..

[rs232]

"It's my favorite feature within Windows Vista, it's called ASLR (Address Space [Layout] Randomization) .. a smart guy here came up with a solution, so we put it in Windows Vista.", Jim Allchin.

A smart guy at MS never did come up with the solution it's been around on other systems at least five years before Vista and it isn't totally secure. Software can never provide total security. Such protections belong in hardware, in the memory management unit.

"in my opinion, it is the most secure system that's available", Jim Allchin.

I think he means the most secure version of Windows.

"We have .. found .. buffer overflow, and those have been removed in Windows XP", Jim Allchin Feb 2002

Attribution Nazi

[virg_mattes]

I agree that even the forward-thinking can sometimes fail to think forward, but if you're going to put quotes around an attributed statement then you must be sure you quote exactly. The problem is that the actual quote can't ever be pinned down, so it's not proper to attribute it to him as a direct quote. See this link for more information.

That said, I think Mr. Allchin is treading dangerous ground. Even with lockdowns, exploits are a moving target, and when users can get infected by a malicious banner ad found on a popular commercial site it's bad karma to say that you can be confident that nothing will ever get in. Running AV software is a pain, but it does have the advantage that the company stays up to date on new threats so they might build in an update that fixes a problem you've never encountered before it starts attacking you.

Virg

Re:no antivirus? No SEATBELTS!

[grahamlee]

Over here in the Cradle of Civilisation (well, the UK...) it's mandatory to have vehicle insurance covering third party claims. I think that if the government is going to mandate something, there should be a state "no frills, no profit" version available otherwise prices go out of control. I just finished paying off my motorbike, and the payments on the insurance cost me more than the payments on the vehicle itself did.

Amen!

[Agram]

Had the AV software makers had user interests in their minds, most of the virii could've been prevented through simple and succinct prompts which would warn idiot users as to what they were about to do. In other words, if the AV makers wanted to make honest living they would've incorporated an "educational" component to their bloatware. However, being for-profit endeavors, they simply turned in reactive repositories of past threats, as that warranted continuous cash-flow. SP2 in that respect was three times the AV software any of these ever were. I, for one, am very glad to see these blood-sucking fuckers go...

OTOH, there are those who do have a moral agenda, i.e. AVG anti-virus suite which has always been and continues to be free and is ironically the least bloated of them all...

Yeah, because this guy is a technical wizard

[octaene]

And do we really believe that and Microsoft co-president (outgoing or otherwise) has the technical wherewithal to really understand what he's saying?

It's the truth!

[Ziwcam]

and don't visit porn sites or use P2P

That's how he can feel comfortable letting his 7 year old use the computer without antivirus. Just wait until that kid is a few years older. He'll be getting on so many porn and file sharing sites, the viruses (virii?) will be breeding new viruses on his computer.

Kids that age aren't worried about boobies, they just want to play Dora (or Transformers, or whatever the hell else is out there)

Re:no antivirus? No SEATBELTS!

Mods must be on crack... that's the most truthful explanation I've seen...

Actually, I think RMS

[blueZ3]

would like us to call it GNU/Vista :-)

Re:no antivirus? No SEATBELTS!

[jesdynf]

Why do I have insurance? Because filthy bastards purchased laws to make buy insurance.

Re:Also reported

[Agram]

Zealotry aside (FWIW, I am a Linux advocate although I use all three platforms mentioned here), the businesses are not "scared" to use Linux and/or OSX, they don't want to due to a simple reason that APIs in Linux and surprisingly enough OSX are moving targets which constantly break stuff left and right. Granted, this is not accross the board, but it is prominent enough to affect the overall product and warrant a significant rise in TCO. Case in point, I purchased an $800 OSX software 1 month ago. Upon installing it, it turned out to be a PowerPC-only application which surprisingly ran quite well under Rossetta in 10.4.7 (especially considering that it was altivec optimized). Then came the 10.4.8 and suddenly my application icon was crossed out saying this application is not supported. So, now I either have to wait for the original software makers to release an update (which they've been promising for some time but nothing has shipped yet and there is a lingering suspicion that in the end I'll have to pay for it), or use my new software as an $800 paperweight... Either way, I am losing in productivity and/or money.

Now if you consider how many times did the Apple platform switch in the recent years and how much overhead has that generated for the Apple third-party software manufacturers, not to mention how many API changes have taken place since 10.0, you'll quickly realize that Apple platform is almost as "enthusiast" as Linux. OTOH, whether you like it or not, XP in 2006 can run software made in 1995 without any problems whatsoever. All this means that businesses can get more mileage from their custom solutions and hence the market share disparity...

a staggering inversion

in a satiric reversal due to DRM it will be the owners and users who write trojans and their like to actually get access to everything on "their" machines whilst the once malicious intruder will be left out.

Make something idiot proof...

[dmacdonald]

...and nature will build a better idiot. Can't wait to see how many times this story is linked in the next 12 months.

heh

[Giggles+Of+Doom]

HAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAH! Wow, thats the best laugh I've had in a long time. Hehe, oh MS, you're so silly.

AV's "cure" is worse than the disease

[slartibart]

Most viruses these days aren't really interested in destroying your data. The only negative effect is that they consume resources and slow down your computer.
But not half as much as AV scans do! Your computer is useless for several hours while AV sifts through every single byte on your hard drive. Oh and those "live" scans? Watch out for race conditions! Any other software that monitors filesystem changes (such as google desktop) will set your computer to "perma thrash".
I'd rather have a virus.
Ok, i'm not a "typical" user. But i disable AV on almost every computer I use. I've gotten an infection here and there, but it's easy enough for me to identify the offending process, look up how to disinfect, and remove it. And yeah, i know you can stop the race condition I mentioned by telling Google Desktop to skip the AV program's files. My point is that AV produces the exact same symptoms of the disease it claims to cure.

bets on

Bets on how long before the first zombie vista machine is identified?

Re:no antivirus? No SEATBELTS!

[JourneymanMereel]

Troll? You've gotta be kidding. In the state of Michigan, requirement number one to getting a license plate for your care is insurance. Try driving w/out a plate, and see how far you can go. And we're not the only state with no fault insurance.

Re:Also reported

[laffer1]

Its hard to say who the faulted party is entirely. Apple does change APIs and vendors use APIs they are told not to. Regardless, its a big problem. Most adobe products that are say 2 versions behind do not install properly on OS 10.4.x and require a patch to even install. When they are installed, there are issues with the programs ranging from permissions changes to severe breaking of the apps. When companies have to upgrade constantly or sit on old hardware as long as possible it benefits neither the company nor apple. This is a defect in OS X that needs to be addressed. Microsoft breaks apps, but you usually get a few windows releases in between and Microsoft is on a much longer upgrade cycle.

Point releases should NOT break api compatibility. If the code is that different change the major version number. I feel the linux kernel, gnome and several other open source projects break this rule all the time. Apple breaks this rule too... and no i don't just mean the linux 2.6 kernel is so different it should be called 3.0. I mean 2.6.8 is quite different than 2.6.18 and therefore should be 2.8 (odd are test versions right?) With apple, 10.4 has broken kernel module compatibility twice. This in turn broke the evil netware prosoft client i had to support in my last job and several other things like drivers for usb soundcards, etc. I've got a $300 emagic usb sound card that no longer works in OSX because apple broke the api and they bought the company so I can't ever get a driver update. Microsoft sucks, but they rarely go this far. XP SP2 was close on some fronts.

Re:Also reported

[drinkypoo]

whether you like it or not, XP in 2006 can run software made in 1995 without any problems whatsoever.

I've been regularly running Software from 1991 on Windows XP with no problems. The game doesn't use the RTC but it does have a speed slider and with it run all the way down, I can play POP2 at proper speed on this Core Duo laptop. This is a DOS game that ostensibly does graphics through access to video memory - I can't see any way it could operate at a reasonable speed using BIOS calls :P If that's not backwards compatibility, I don't know what is :)

Well, actually, I can think of something; the AS/400 (whatever they're called now, I always forget the xSeries names) is currently based on a PowerPC or POWER chip or something, but it uses a bytecode interpreter between the OS and the iron, and it can run the same bytecode that platform has always run.

Re:no antivirus? No SEATBELTS!

[drinkypoo]

At least in California, you can put a $10,000 bond down in the safekeeping of the department of motor vehicles, and then you are not required to have liability insurance. Of course, the people who can't afford insurance don't have $10,000 lying around either.

Let the butt kicking begin!

[InsaneProcessor]

The real virus righters haven't started their work or release their wares yet. Who would be harmed it they did it before now? That would be self defeating. The real damage seeker will wait until the OS is mainstream and millions of copies were in use and in critical systems use. Then they would unleash their nasty viruses, worms and malware becuase then, it will do the most harm. To them M$ (and it's users) are the enemy. They won't show their hand until it really can become a serious problem.

We will know how broken Vista is when Vista is mainstream and not before.

Re:Let the butt kicking begin!

[Chode2235]

Hopefully Microsoft was able to write their wrongs and put out a good product that will stand up to the attacks of hackers.

Vista is unsinkable?

[Rogerborg]

Whoa, iceberg.

Re:Also reported

[maztuhblastah]

Point releases should NOT break api compatibility And in the couple years I've been coding almost exclusively for OS X, they haven't.

Oh sure... they've nuked some of the deprecated ones (Apple keeps deprecated APIs for a little over two years, or one major release of the OS, for the most part), and they've changed some of the undocumented ones. But no developers should depend on undocumented APIs, and if you're given a warning two years in advance, you should have time to fix your dependence on deprecated APIs.

Tell that to my friend who got Zlob

[Solr_Flare]

Awhile back my friend and former roommate decided he was willing to be a test guinea pig and use Windows Vista as his main OS. He's you're typical Average Joe computer user. He knows a little bit just because he uses computers a lot, but he doesn't really know any in depth advanced stuff.

About a week ago I got a call from him saying that his computer was really hosed and he needed my help to try and fix it. Turns out he had gotten infected with Zlob and 5 other viruses along with about 200 spyware infections. All this while using the supposed "secure" IE7, Windows Vista, Trend Micro Anti Virus for Vista, and having the system setup to auto update, virus scan, etc on a regular basis.

Not only did he still get infected, he had even worse problems because, thanks to compatability issues, a number of the spyware/software installed by his virus infections corrupted the system files themselves. To make matters worse, a number of cleaning utilities I have been using for years either won't work in Vista at all, or won't work in Safe mode due to compatability layer problems.

In the end, I managed to force a system restore during a 10 second window between Windows Explorer crashing, and rolled back the system to before the system files got hosed. From there I was able to clean out any trace of the viruses, etc. In short, while Vista is certainly more secure, and the automated systems great for your average Joe user to keep their system in better shape, Vista can still get viruses just like XP. And, in some cases the infections may be worse than XP when suddenly a relatively harmless XP virus/spyware causes major damage to Vista due to compatability differences.

Allchin never actually said that

[JPriest]

He said his sons system with locked down parental controls (He can't download and run anything) does not have AV installed and he feels comfortable with that. Given the problems with AV software, I can't really disagree.

Re:Also reported

[Skuld-Chan]

OTOH, whether you like it or not, XP in 2006 can run software made in 1995 without any problems whatsoever. All this means that businesses can get more mileage from their custom solutions and hence the market share disparity...

I beg to differ. Windows XP happens to run things like Microsoft Word 6 and FrameMaker 5 - both of which are Windows 3.1 apps. I found that I can even run the Windows file manager from Windows 2 and 3 on XP just fine.

Also when I worked at an accounting support company a lot of the poorly written apps I had to support were Windows 3.1 based and were running just fine on XP and 2000.

Crappy Marketing Scheme

[bostons1337]

Ya right, I give it 6 months before we see a slashdot story about viruses attacking vista.

Dead snake oil salesmen walking...

[Kazoo+the+Clown]

The concept of antivirus software is inherently flawed. Antivirus software can never keep up with the latest virus. There are far better ways of protecting a system than detecting known virus signatures.

Execution protection, user permission controls and good firewalling are far more effective methods of defending against such attacks. All of these things are built into Vista, and in fact are most of what is new that is in Vista-- showing Microsoft "gets it" at least regarding this sort of security. Even on XP, all of these things are available except useful user permission controls.

Even before this latest Vista flak, Symantec and McAfee have been going into FUD PR mode in order to save their market-- their latest conflict of interest due to the fact that they are mostly out of business if the above facts about effective virus protection gets out. They're dead men walking, having painted themselves into a corner and now they're whining about it. Pathetic.

Redhat deal finally understood

[plankrwf]

So that's what the Microsoft/Novell deal was all about ;-0 (http://australianit.news.com.au/articles/0,7204,2 0733515%5E27318%5E%5Enbv%5E15306-15321,00.html) Roel

Re:Also reported

I don't mean to disagree with your main point, but I do have some sofware titles from the MS Windows '95 and '98 era that won't run on my XP box.

UAC

I don't believe he was saying "Vista can't get viruses", but rather UAC (user account control) stops code from executing, thus making him feel safe that even his son could surf the web (with UAC on) without obtaining a virus blindly.

UAC won't prevent the user from running or installing anything - "standard" users can install things for themselves. They just can't change global system settings. So the malware will only run when the user is logged on (which is approximately: all the time). I don't see how any of this prevents viruses or other attacks due to bugs (eg. buffer overflows) in the system. If the OS becomes corrupted, the game is over, as always. Also note that people don't need to surf to "porn sites" - they just need to surf to places like MySpace or Yahoo, where the malware is hosted on infected pages, ad streams, etc.

We have bad news Jim

[sentientbrendan]

your son's (computer) is already dead.

NOOOOooooo

Use AVG, not Norton/McAffee

Seriously. If you think av programs are necessarily huge, bloated, and excessively intrusive to your system, your experience must be based on those two. They are the MS of the AV world: grossly overfeatured bloated buggy destabilising applications. There are far nicer AV packages out there, AVG is compact and efficient, an entirely different proposition. (I mention AVG because I use it and I know it; there are probably others equally good, just not Norton/McAffee)

Re:Also reported

[Gnavpot]

GP:

OTOH, whether you like it or not, XP in 2006 can run software made in 1995 without any problems whatsoever. All this means that businesses can get more mileage from their custom solutions and hence the market share disparity...

P:

I beg to differ. Windows XP happens to run things like Microsoft Word 6 and FrameMaker 5 - both of which are Windows 3.1 apps. I found that I can even run the Windows file manager from Windows 2 and 3 on XP just fine.

"Beg to differ"? I am still waiting for the "differ" part. Shouldn't there be some kind of disagreement when you use that expression?

Hah ! Allchin Recants....

[Guy+G]

On BetaNews, it turns out Allchin has lost some bravado and is now blogging about his new insight.

Computers need antivirus software even with Vista

Jim Allchin has clarified his comments which were mis-interpreted.

Read here

http://windowsvistablog.com/blogs/windowsvista/arc hive/2006/11/10/windows-vista-defense-in-depth.asp x

Jim has stated customers will need antivirus software, even with Vista.

Maybe we shouldn't rattle their cages...hmmm

[GregNorc]

Maybe we shouldn't rattle their cages...

If I was a malicious virus writer, I'd probably start looking for exploits in the Vista beta the second I heard people spouting off it won't need anti-virus. I think we all know how the hacker mentality is.

Sony: Our CDs have uncrackable DRM!
Random Hacker: I cracked it. With a sharpie. And made a post on usenet telling others how to do so.
Sony: *scream*

I'm not saying that virii writers weren't going to attack Vista, but I think now I can say with about 80% certainty there will be a 0day vista exploit being exploited on release day.

unbreakable vista

[partowel]

come one and all

the unsinkable ship called VISTA is set to go.

We don't have lifeboats, fire suppression equipment, medical facilities, etc.

We are indestructible.

*cough* titanic *cough*

MS = Mini s**ts