Windows Vista: Defense in depth

Wow, you describe a specific situation and suddenly people extrapolate something completely different!  During a recent discussion with journalists about the release to manufacturing for Windows Vista, I made a comment about how attacks on the Internet are getting more and more sophisticated, and some of the security features in Windows Vista really help our customers. This somehow morphed into people thinking I said customers shouldn’t use antivirus software with Windows Vista. When the articles and blogs started appearing, I asked the PR folks to send me a copy of the transcript of the call so I could read it over and see if I said something I didn’t mean. After reading the transcript, I could certainly see that what I said wasn’t as clear as it could have been, and I’m sorry for that. However, it is also clear from the transcript that I didn’t say that users shouldn’t run antivirus software with Windows Vista! In fact, later in the call, I explicitly made this point again, because I had realized I wasn’t as clear as I should have been. It’s important for me that our customers are using the appropriate security solutions for the right situations, whether that’s security functionality integrated in the operating systems, or add-on products.

The point I had been trying to make (albeit unclearly) is that Windows Vista includes new security features that can dramatically help improve our customers’ security for certain situations. I was asked a question about how I rated the protection provided by Windows XP with Service Pack 2 and whether or not it was still effective. I ended up telling a story about how the machine my seven-year-old son uses has no antivirus software installed because it runs in a very locked down configuration, which includes only being able to visit websites on an approved list (approved through the parental controls feature in Windows Vista). He also has no access to email or instant messaging and he doesn’t run as an administrator of the machine. In fact, parental controls in Windows Vista requires that the user you apply controls to is not running as an administrator. Email, phishing, and other social engineering attacks are definitely among the most prevalent attacks that home users experience today, and his machine has been locked down in these regards.

My point in bringing up this extreme example was really meant to emphasize that importance of defense-in-depth measures we put in Windows Vista—both the number of defenses and their combined effectiveness.

Now, the comments have unfortunately been cited out of context implying that I said Windows Vista users shouldn’t use antivirus. I want to be clear, most users will use some form of antivirus software, and that will be appropriate for their scenarios. In fact, Windows Security Center, a great feature in Windows Vista, specifically encourages the use of antivirus software.

We’re continuing to make the best operating system we can, and I’m very proud of it. I think we’ve made some great changes in Windows Vista on the security front, and I know our customers will benefit.

jim

Tags: , , ,

Comments

  1. Gabriel
    Posted on: November 11, 2006 at 9:28AM  

    Don't worry about the tabloids and pundits. Their whole existence relies on simplifications and distortions. I read them because they're funny and sometimes instructive but I know better than to take their headlines seriously. Look at how they jumped over Bill Gates' use of the word "castration." I think everyone understood the point he was trying to make and yet they rushed to ridicule him for simply trying to speak accurately.

  2. AnXa
    Posted on: November 11, 2006 at 12:13PM  

    Hi Jim!

    Althought I don't trust Windows Vista in terms of security as much as I trust my Gnu/Linux setup I honestly belive you guys have done your best with Vista. And that it is most secure _windows_ ever built. You have couple great innovations built in which however could have been implemented bit better but who cares? I don't as long as it's fine for games and stuff. Responsiveness is everything for me and that's the reason to use Linux as main OS on my computer.

    I hope that Windows will be more responsible and faster even under heavy load.

    Thank you!

  3. Michael_Moor
    Posted on: November 11, 2006 at 2:01PM  

    Hi!

    Congrats to Jim Allchin & team for Vista-RTM.

    -------

    http://www.dl4all.com

  4. jogiba
    Posted on: November 11, 2006 at 3:09PM  

    Jim, alot of critics have a career in anti-Microsoft spin so I would not loose any sleep over it.

    BTW congrats to you and the team on getting Vista RTM out.

  5. Myo Thaw Tun
    Posted on: November 11, 2006 at 9:51PM  

    Thanks Jim,

    I don't use any antivirus software since I start using Vista RC1. Everything seems fine with this issue. Congratulation! to you your great jobs on Windows Vista and Microsoft. Don' go away and bring more innovation works to us.

    Thanks..

    MTT

  6. Caveman
    Posted on: November 11, 2006 at 11:24PM  

    Can anyone answer a question for me... "Will Microsoft release "Browser Shield" so as to even more protection to IE7?"

  7. Gabriel
    Posted on: November 12, 2006 at 7:20AM  

    Ars Technica eviscerates those who tried to twist your words.

    http://arstechnica.com/news.ars/post/20061111-8199.html

  8. cesarebalena
    Posted on: November 12, 2006 at 1:49PM  

    Hi Jim,

    that's quite normal really when you work with journalists that are there for different reasons... instead of listen and understand Vista improvements !

    Cesare

  9. tombowie
    Posted on: November 12, 2006 at 7:17PM  

    After "testing" RC1 for a while now, I have to say that Microsoft seem to have gone to great lengths to make Vista more secure.  

    However, as I am running with "administrator" privileges have I inherently made my system less secure?  Or do the combination of Windows Defender, User Account Control, and a revised kernel effectively secure my machine from nasties?  To be safer still, I am running Avast! Antivirus Home.

    What a dream it would be to be able to run Windows without any third-party security software... i certainly do not envy Microsoft with their security efforts ;)  

    Vista RC1 is solid enough to use on a daily basis (very few niggles on the public beta), so i suppose it's gonna be up to Joe Public to decide what he/she thinks when it is released... personally, i like what i've seen so far!  

    I know this is a Microsoft blog, but I really feel that they could learn a thing or two by seriously studying Linux security and "copying" some of the ways it does things... my day-to-day O/S is Ubuntu at the moment, no viruses, no spyware, no problems, just "works".

    I would not, however, inflict linux on anyone who doesn't have a penchant for learning more than they'd perhaps like about the internals/configuration, and who aren't prepared for the possibility of hardware driver problems...  in this respect, and for most PC users, Windows rules the roost and will continue to do so for the foreseeable future.

  10. Antaris
    Posted on: November 13, 2006 at 4:24AM  

    Jim,

    I have been running Windows XP for over 4 years now (got it when I turned 18 with my new (now VERY OLD) computer).  I have never had an antivirus solution installed (probably just down to arogance), but at the same time, I can't remember ever having a problem with virus/trojans etc.  Sure I have had spyware problems, but thats nothing Windows Defender cant sort.  The point I am trying to make is that in my 4 years of unprotectedness, I have never had a serious problem, and I believe that is due to the fact that I am just very aware of the potential problems that face the average user and I just take steps to ensure that I don't run into these problems in the first place.  Your average user wont do this, they will open malicious attachments, they will visit adult sites and no doubt get plagued with diallers etc, but the security fundamentals built into the core operating systems should be sufficient to counteract any malicious actions along your vectors.  That said, the average user should definately invest into some worthy malware protection.  I am considering finally installed some AV, and I think my choice will be NOD32 or Avast! simply because I don't want any pesky under-performing AV solutions ruining my kernel!

    Peace out!

  • Page:
  • 1
  • 2
  • 3

Trackbacks

  1. Posted by: Dena: Vista Ready on November 10, 2006 at 6:10PM

    Jim has just posted a response to all those bloggers and "media" who have posted that Jim said that people

  2. Posted by: Michael Howard's Web Log on November 11, 2006 at 2:20PM

    When I read the interview " Allchin Suggests Vista Won't Need Antivirus " with Jim Allchin I shuddered,

  3. Posted by: Donna's SecurityFlash on November 11, 2006 at 11:43PM

    There was a news about Mr. Jim Allchin's interview is misunderstood. BTW, Mr. Allchin r espond to it

  4. Posted by: Kurbli on November 12, 2006 at 5:16AM

    Korábban írtam Jim Allchin félreérthető nyilatkozatáról, úgy tűnik, hogy az elmélkedés a mondottakról/leírtakról

  5. Posted by: Harry Waldron - My IT Forums Blog on November 12, 2006 at 12:26PM

    Jim Allchin's recent comments on the enhanced security found in Vista were misinterpreted during a telephone

  6. Posted by: Harry Waldron - Microsoft MVP Blog on November 12, 2006 at 12:27PM

    Jim Allchin's recent comments on the enhanced security found in Vista were misinterpreted during a telephone

  7. Posted by: Microsoft News Tracker on November 12, 2006 at 5:25PM

    Allchin Suggests Vista Won’t Need Antivirus During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yeste..

  8. Posted by: SSiTE News on November 13, 2006 at 4:25AM

    Ever since Microsoft Vista chief Jim Allchin talked about his son not using anti-virus in a recent teleconference with journalists, the world has been abuzz with claims Vista won’t need AV software. Now Jim Allchin has clarified his statements on the

  9. Posted by: Security Incite: Analysis on Information Security on November 13, 2006 at 9:46AM

    November 13, 2006 - #155 Good Morning: Happy Monday to you. Ready to get back into the fray? I am, after a great weekend with the twins. But I was certainly happy when the boss came back into town. They were pretty well behaved and we even braved th

  10. Posted by: Security Curve Weblog on November 13, 2006 at 11:34AM

    Have you seen the ads for the "Truth in Software Commission" hearings over at BigFix. If you haven't seen it, I highly recommend checking it out. Their satirical content is absolutely hilarious and it's very much worth the trip (trust me, it's

  11. Posted by: OpsanBlog on November 15, 2006 at 9:17AM
  12. Posted by: SAGE Wisdom Journal on November 15, 2006 at 10:03AM

    Latest news on Windows Vista include questions over antivirus and the released v

  13. Posted by: WebLog de Stéphane PAPP [MSFT] on December 23, 2006 at 3:30AM

    Nos amis suisses ont développé un site en français sur l’utilisation d’ordinateurs connectés à Internet.

  14. Posted by: Satisfy Me on April 21, 2007 at 12:18PM

    It has been a busy week, and between catching up at work and a backlog of email, sick kids and just about

Recent Posts

Tags

View more
© Copyright 2009 Microsoft Corporation. All Rights Reserved.   |   Privacy Statement