Slashdot Mirror
Windows Chief Suggests Vista Won't Need Antivirus
LadyDarth writes "During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yesterday, told a reporter that the system's new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed."
Run a program which sends out mass mails, or communicates with a server or does other actions then malicious people will write malicious code.
Just because a virus cannot harm the operating system does not mean it is harmless.
liqbase
Average user won't need Vista.
Who plans on bookmarking this story so they can laugh heartily at it again in a year?
Game! - Where the stick is mightier than the sword!
Sure... and I'm comfortable driving a car with no airbags! Doesn't mean that everyone doesn't want an airbag!
---
Programming is like sex... Make one mistake and support it the rest of your life.
no, stop, you're killing me, ahhahahahahahhahahhahahhahahhahhahhha
Never had a problem. Of course, I use Firefox, a NAT, and don't visit porn sites or use P2P, which pretty much cuts my attack vectors to zero. Haven't had any AdWare in, hmm, 4 years or so either. I have AdAware installed on my computer but haven't bothered running it in about 2 years since it never picks up anything.
Now I'm using IE7 as my main browser (quiet!) and don't anticipate any problems with it, either. Heck, its *more* paranoid than FF is some of the time (it will quibble about http refresh redirects to executables, for example).
Help poke pirates in the eyepatch, arr.
i've been trying it out, and vista works for me, naked on the internet, without a single problem. in fact i would go so far as to say that V1AGRA HOOD1A GR0W Y0UR PEN1S L0W M0RTGAGE RATES L0SE WE1GHT MEET BARELY LEGAL TEENS SEE HARDC0RE SHEMALE ACTION
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
That only took... what... 15-odd years. Seeing will be believing.
....when they announced that Windows 2000 would never have a Service Pack release. One would never be needed.
(still have no use for XP, btw.)
"We may face a scorched and lifeless earth, but they're accountable to their shareholders first."
as I remember it was something like "you can't possibly write a virus for this operating system". Go get em boys.
How we know is more important than what we know.
Sounds a bit like some unsinkable ship.
To laugh. It always surprises me when someone says "we'll never need this" or "computers will never..." I remember a computer magazine editorial saying we would never store music on Hard Drives, it would take up to much space. These people never seem to think more that a few months or maybe a year into the future.
If you could reason with religious people, there would be no religious people
See, if you don't run av, then when you get infected, you'll have to reload vi$ta (which they only let you do once). Then, you'll have to buy another copy of said OS.
Brilliant marketing $cheme
Windows Vista severly limits access to raw packet sending to non-priviledged apps, meaning that packet forging is much more difficult. Although the zombies that are sending seemingly alright content (at the protocol level) aren't affected, those that are doing the SYN/ACK DDOS floods will be.
wow... haven't heard that one before.... No, really. I haven't.
;)
No system is immune to viruses. All it takes is a stupid user to allow it, and we all know there's no shortage of that. That's why antivirus products exist for every major OS out there. Even Linux has antivirus apps (though granted, most of them are geared towards Linux boxen running as servers for Windows-based networks).
Oh wait. Technically, if it requires a stupid user's interaction to get in, it's not a virus. It's a trojan. I guess Vista really could be immune to viruses....
If you believe everything you read, you'd better not read. - Japanese proverb
Yea..........and 640K will be plenty of memory..........
And the world will only need 4 computers...................
And no one would ever need a computer at home..............
Sheesh......where do they come up with this stuff?
"TV, a medium as it is neither rare nor well done." Ernie Kovacs
This man would risk his child's life on a mere belief rather than give him some decent protection!!
Of course a seven-year-old on a locked down computer wont be able to do any harm. Kids that age aren't into the sites (porn, illegal downloads, etc.) that are notorious for viruses and spyware. Not to mention that the kid's using a machine secured by parental controls and is most likely on a limited account. Wake me up when the average teenager can safely use Windows with an administrator account and no extra security software installed.
You'll need to start worrying when he turns 12 or 13. ;)
Take the Apple Challenge: Put a Vista machine one the Net, and IIRC, make sure a telent daemon and web server are also running and give out the admin password. If nobody can crack it, we'll believe you, otherwise STFU.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
I have always wondered why execs make claims like this?? Hey this is so great nothing will ever break it, I dare you to try. Really, do they think it will be virus proof, or is it just better? Just makes me wonder?
Quid Pro Quo, nothing more, nothing less.
A case can be made for running all Windows versions without anti-virus, especially if browsing the Internet routinely as a limited user. Unfortunately, the popular anti-virus products (McAfee, Symantec, Trend Micro) almost never prevent targeted attacks by cyber criminals, so one is tempted to avoid the performance hit and potential system destabilisation that comes from using these products and just rely on common sense, good backups, encryption of sensitive data, and acting all the time as if a keylogger might be installed on your system. I still use an anti-virus product personally, but I do not regard it as a reliable means of preventing infection.
NATIVE ANTIVIRUS
Seriously, isn't this what third party antivirus vendors have been whining about?
He probably would have thought the lifeboats on the Titanic only got in the way too.
I do understand the sentiment. His son is young enough, that as long as he has a decent firewall, and decent parental control software, (i.e. disallowing email and IM,) he should be fine.
But it's still an irresponsible thing to make as a blanket statement.
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
From TFA, it sounds like you really might not need an antivirus... if you lock it down with the parental tools so you can't download anything at all except from your own approved sites, that covers up a large malware attack vector that an antivirus is suppose to protect. After all, the role of the antivirus now and in the future will be that of a blacklist of known bad software. Everything else an AV does can be obsoleted.
... when a statistically significant percentage of administrators (this includes people who administrate their own home computer) are too ignorant to take precautions against executing unknown code as a superuser.
File under 'M' for 'Manic ranting'
Here's the same guy's promise about their last operating system:
Microsoft has said it has stamped out buffer overflows with the upcoming release of Windows XP. Jim Allchin, vice president, claimed the company has done a complete code review of its operating system and removed all buffers which could overflow.
I'll let somebody else post a list of all the critical updates caused by buffer overflows...
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Coupla key points:
1. He didn't say he let his kid on the Internet without an AV package running.
2. He didn't say "firewall". Speaking of which, ZoneAlarm just grabbed focus and I think I let something connect out to the Internet. I'm running an installer so I'm not gonna freak out, but I certainly hope Vista won't let apps steal focus while you're fracking typing.
3. He also didn't say the kid would be online unsupervised or without parental controls running.
4. It's a safe bet to assume he meant the kid would use IE if he went online, but he didn't actually say it either.
Nothing to see here, move along.
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
I've had two infections on my Windows over the years--Nimda and a video codec trojan. I'm not counting the second boxes that I used to use for experiments--I never put anything important on them, so I tended to just not care, and blow away Windows when they got nasty--that was back in the bad old dialup days when potential damage to others was minimal, and Windows was a lot less secure. I don't know if AV would have stopped Nimda, because I didn't use AV back then. AV didn't stop the trojan. I used to disable AV routinely because it *is* a virus. It used to slow boxes down way too much, and cause all kinds of problems with installers. I always un-do the stupid defaults in Windows and IE, and I try not to be too careless. Nimda is really the only one I can blame on MS, and it was patched ages ago. I would probably disable AV on my current box, but they seem to have gotten better about not hogging resources and/or crashing the box so I just leave it alone.
I wonder if Vista is finally going to display extensions by default. That was always irritating. It would be *nice* if you had to enable active content on a per-site basis by default. It would be better if they just didn't have so much active content out there. Would I "just trust" a Vista box? No way. But would I run it without AV if there was none pre-installed? Yes, in a heartbeat--but I would still be very careful about how I conducted myself on the web, and I would still want to go through all the settings to make sure there was nothing stupid in there. And I would *still* be checking up on processes and registry keys from time-to-time.
But anyway, XP without AV is not a big deal--if you know what you're doing. Unfortunately, that's a big if. Nevermind 7 year olds. It's the 57 year olds that you have to worry about.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
What he actually meant to say was that it won't need any antivirus...for the first 10 minutes. That's almost a two-fold increase from XP!
Anyone else think the comments just weren't rendering right before they turned off ABP and saw ads?
The main attack vectors these days seem to center on "drive by downloads" or pop ups that trick you into downloading executables ("WARNING! Your PC is infested with SPYWARE - CLICK HERE to remove"). Most Antivirus software is unbelievably pathetic when it comes to identifying/dealing with spyware. I've seen dozens of clients who have so much spyware, it can take 30 minutes or more to boot up and then spend more time closing all the popped-up windows. FF and it appears IE7 as well will hopefully go a long way to closing this attack. Now we just need to wait for everyone with win95,98,ME, NT, etc. to upgrade.
... doesn't need to be walked if you don't mind it using your house as a toilet.
That is all.
Anybody else thinking that we'll have Vista viruses that mutate and adapt to the ASLR of a particular system within a year or two? I mean, seriously, what is it with software companies (or rather, security companies) and this apparent hubris that "our product is bullet-proof"? I mean, haven't we seen enough security systems and copy protections go down in smoke, even when people were convinced that "it can't be cracked"? Give me a break...
...in certain circumstances. Hell, I haven't had a positive virus under XP for years. I'm running avast right now, but I'm contemplating just removing it completely. The only reason I haven't is because I occasionally get emails from relatives such as "click on this funny card!" containing links to god knows where.
IIRC the only times I ever did get viruses were downloading porn or cracks. Sandbox what you can download (which at least they said they did in vista, who knows if it will be effective) and that eliminates most vectors, other than relative spam mail.
Ha ha!
</VOICE>
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
If you think about it, it's not the OS that needs an anti-virus program; it's the user(s). I have been working in Windows since the 3.1 days, and I have never gotten a virus. And I have never once installed anti-virus software. The average user is just ignorant and sometimes a bit lacking in common sense. These users need virus protection, but technically the OS itself doesn't. They only need to educate themselves and be a bit more careful.
There is nothing inherently safe about liberty. That's why so many people died protecting it.
did I mention how
oh wait, this is
605413? Yes, it's a prime.
Without Administrator access, a virus can at best mess around with his son's account. Easy enough to fix by killing and recreating the account. This is actually true of XP as well (and OSX/Linux, obviously), but Vista is the first MS OS to handle Standard User in a straightforward way.
And with UAC, since Administrators don't even run with full token by default, 3rd party applications will quickly move away from assuming Admin access (a huge problem with running XP as limited -- apps blow up).
My kids have been using Linux "with no antivirus" since before they could type (they started with things like tuxpaint and gcompris)
Windows is finally catching up?!!
455fe10422ca29c4933f95052b792ab2
I don't believe he was saying "Vista can't get viruses", but rather UAC (user account control) stops code from executing, thus making him feel safe that even his son could surf the web (with UAC on) without obtaining a virus blindly. I think the biggest weakness with past Windows have been uninformed users thinking that clicking "yes" in dialog boxes to execute an unknown program or script is a witty thing to do. I believe UAC tries to solve this, and most "average" users will be too lazy to turn it off (or won't know how), while advanced users can simply surf responsibly with it off.
Ed: . . . . So would u let your child sleep in the bed with a 46 year old man that has been accused of child molestation?
M. Jackson: Yes, I would
The parallels are scary . . . .
Since when does being a Socialist mean 'someone who has a different opinion than me'?
Saying your "phone ran out of batteries" is like saying your "car ran out of gas tanks".
... and when his son becomes thirteen he will actually connect the computer to the network. ;)
I contend that no OS ever needs AV software. They need backup, and smart operators. AV has never pro-actively detected something, only slowed normal usage of my PC.
This reminds me of a Douglas Adams quote:
"The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair."
BTW, Vista Is Still The Anti-OS.
That said, a disturbing quote to me from the article was, "His [Allchin's son] machine is locked down with parental controls, he can't download things unless it's to the places that I've said that he could do, and I'm feeling totally confident about that," he [Allchin] added. "That is quite a statement. I couldn't say that in Windows XP SP2.""
It's not disturbing they/he claim the security in Vista, it's disturbing I've been around long enough it's an old tape. Every single new Windows, every single new version, every single new service pack brings the old saw "this time ${WindowsVersin} is really secure and stable". I guess I'm tired of saying "told you so", when it's not. (Oooops, I did it again.)
Prediction (not too hard...): Vista will be riddled with stability and security issues.
... you'd think they might have learned to underpromise and overdeliver, for once. Unfortunately, the MS propaganda machine is going at it as usual.
Let's see, 50 million lines of code, a new IP stack, horrid complexity -- I'm taking bets on when the first service pack is needed, and when the first worm hits.
A side bet -- how many vulnerabilities did the black hats find in Vista, and then didn't report them to MS.
After the hype dies down, it might be time to short Microsoft again.
It's Linux, damnit! Pay no attention to renaming attempts by self-aggrandizing blowhards.
A virus spreads because of applications running on a large population of machines share the same security hole. Bearing in mind the sheer number of different Linux distros there are, running different kernels, desktops and daemon applications, there really are very few applications that are common to a lot of machines that would also be capable of propogating a virus.
Additionally, the tendency for users to run programs at root level on Linux machines is much less than users running programs with administrator priveliges on Windows - this is because the security model on Linux is much simpler, without complexities of things like the registry, such that the only files a normal user can damage (on a properly configured Linux system) are their own ones.
Before I am accused of being a fanboy, the vulnerabilities in Linux (or any UNIX-like OS) are from buffer overflow attacks that cause a running daemon to drop to a (root) shell prompt allowing access to the system. However, these types of attacks are very directed against specific machines because they only work against specific versions of, say, FTP or Telnet on the system. Nowadays, of course, the tendency is to avoid using these daemons on the public internet anyway, instead opting to use secure services like SSH, SFTP & SCP.
I work in OS security and whether you run Windows or UNIX, you can never view any system as being completely secure or invulnerable to viruses. But being aware of what those vulnerabilities are likely to be means that you are more likely to defend against those attacks when they occur.
Gentoo Linux - another day, another USE flag.
I hate Antivirus products. They consume huge amounts of computing power, slow my computer down, and cause no end of frustration when installing legitimate network applications. In other words, the cost and overhead they impose is far greater than anything I've ever had to endure from viruses that I don't get anyway, because I'm not a complete idiot. I only log in as adminstrator when necessary. I keep up with patches and security updates. I keep my data, the only unique and irreplacable thing on my computer, backed up. I don't click on every idiotic funny ha ha attachment going around. I don't install software utilities from The People's Glorious Republic of Aziberjanistan.
I suppose if you're dumb enough to think you need an Antivirus program, you probably do.
I have car insurance because the insurance companies lobbyists convince the lawmakers to make it the law
>>Sig under construction
Had the AV software makers had user interests in their minds, most of the virii could've been prevented through simple and succinct prompts which would warn idiot users as to what they were about to do. In other words, if the AV makers wanted to make honest living they would've incorporated an "educational" component to their bloatware. However, being for-profit endeavors, they simply turned in reactive repositories of past threats, as that warranted continuous cash-flow. SP2 in that respect was three times the AV software any of these ever were. I, for one, am very glad to see these blood-sucking fuckers go...
OTOH, there are those who do have a moral agenda, i.e. AVG anti-virus suite which has always been and continues to be free and is ironically the least bloated of them all...
Zealotry aside (FWIW, I am a Linux advocate although I use all three platforms mentioned here), the businesses are not "scared" to use Linux and/or OSX, they don't want to due to a simple reason that APIs in Linux and surprisingly enough OSX are moving targets which constantly break stuff left and right. Granted, this is not accross the board, but it is prominent enough to affect the overall product and warrant a significant rise in TCO. Case in point, I purchased an $800 OSX software 1 month ago. Upon installing it, it turned out to be a PowerPC-only application which surprisingly ran quite well under Rossetta in 10.4.7 (especially considering that it was altivec optimized). Then came the 10.4.8 and suddenly my application icon was crossed out saying this application is not supported. So, now I either have to wait for the original software makers to release an update (which they've been promising for some time but nothing has shipped yet and there is a lingering suspicion that in the end I'll have to pay for it), or use my new software as an $800 paperweight... Either way, I am losing in productivity and/or money.
Now if you consider how many times did the Apple platform switch in the recent years and how much overhead has that generated for the Apple third-party software manufacturers, not to mention how many API changes have taken place since 10.0, you'll quickly realize that Apple platform is almost as "enthusiast" as Linux. OTOH, whether you like it or not, XP in 2006 can run software made in 1995 without any problems whatsoever. All this means that businesses can get more mileage from their custom solutions and hence the market share disparity...
Its hard to say who the faulted party is entirely. Apple does change APIs and vendors use APIs they are told not to. Regardless, its a big problem. Most adobe products that are say 2 versions behind do not install properly on OS 10.4.x and require a patch to even install. When they are installed, there are issues with the programs ranging from permissions changes to severe breaking of the apps. When companies have to upgrade constantly or sit on old hardware as long as possible it benefits neither the company nor apple. This is a defect in OS X that needs to be addressed. Microsoft breaks apps, but you usually get a few windows releases in between and Microsoft is on a much longer upgrade cycle.
Point releases should NOT break api compatibility. If the code is that different change the major version number. I feel the linux kernel, gnome and several other open source projects break this rule all the time. Apple breaks this rule too... and no i don't just mean the linux 2.6 kernel is so different it should be called 3.0. I mean 2.6.8 is quite different than 2.6.18 and therefore should be 2.8 (odd are test versions right?) With apple, 10.4 has broken kernel module compatibility twice. This in turn broke the evil netware prosoft client i had to support in my last job and several other things like drivers for usb soundcards, etc. I've got a $300 emagic usb sound card that no longer works in OSX because apple broke the api and they bought the company so I can't ever get a driver update. Microsoft sucks, but they rarely go this far. XP SP2 was close on some fronts.
MidnightBSD: The BSD for Everyone
Point releases should NOT break api compatibility And in the couple years I've been coding almost exclusively for OS X, they haven't.
Oh sure... they've nuked some of the deprecated ones (Apple keeps deprecated APIs for a little over two years, or one major release of the OS, for the most part), and they've changed some of the undocumented ones. But no developers should depend on undocumented APIs, and if you're given a warning two years in advance, you should have time to fix your dependence on deprecated APIs.
The real litigious bastards...