Windows Vista: Defense in depth

Wow, you describe a specific situation and suddenly people extrapolate something completely different!  During a recent discussion with journalists about the release to manufacturing for Windows Vista, I made a comment about how attacks on the Internet are getting more and more sophisticated, and some of the security features in Windows Vista really help our customers. This somehow morphed into people thinking I said customers shouldn’t use antivirus software with Windows Vista. When the articles and blogs started appearing, I asked the PR folks to send me a copy of the transcript of the call so I could read it over and see if I said something I didn’t mean. After reading the transcript, I could certainly see that what I said wasn’t as clear as it could have been, and I’m sorry for that. However, it is also clear from the transcript that I didn’t say that users shouldn’t run antivirus software with Windows Vista! In fact, later in the call, I explicitly made this point again, because I had realized I wasn’t as clear as I should have been. It’s important for me that our customers are using the appropriate security solutions for the right situations, whether that’s security functionality integrated in the operating systems, or add-on products.

The point I had been trying to make (albeit unclearly) is that Windows Vista includes new security features that can dramatically help improve our customers’ security for certain situations. I was asked a question about how I rated the protection provided by Windows XP with Service Pack 2 and whether or not it was still effective. I ended up telling a story about how the machine my seven-year-old son uses has no antivirus software installed because it runs in a very locked down configuration, which includes only being able to visit websites on an approved list (approved through the parental controls feature in Windows Vista). He also has no access to email or instant messaging and he doesn’t run as an administrator of the machine. In fact, parental controls in Windows Vista requires that the user you apply controls to is not running as an administrator. Email, phishing, and other social engineering attacks are definitely among the most prevalent attacks that home users experience today, and his machine has been locked down in these regards.

My point in bringing up this extreme example was really meant to emphasize that importance of defense-in-depth measures we put in Windows Vista—both the number of defenses and their combined effectiveness.

Now, the comments have unfortunately been cited out of context implying that I said Windows Vista users shouldn’t use antivirus. I want to be clear, most users will use some form of antivirus software, and that will be appropriate for their scenarios. In fact, Windows Security Center, a great feature in Windows Vista, specifically encourages the use of antivirus software.

We’re continuing to make the best operating system we can, and I’m very proud of it. I think we’ve made some great changes in Windows Vista on the security front, and I know our customers will benefit.

jim

Tags: , , ,

Comments

  1. arneske
    Posted on: November 13, 2006 at 9:49AM  

    A pure delight to get Vista insight directly from "the horse's mouth". I'm having problems reading white text on black, though. Could you reconsider the color choice? Thanks, Arne

  2. Mitch074
    Posted on: November 13, 2006 at 11:19AM  

    You could read it more easily if you weren't using Internet Explorer (any version, 7 included) by using this neat thing called alternate CSS stylesheets (used by Firefox, Opera, Safari etc. and in existence since 1999) and choosing Page Style > No style.

    No wonder, since this wonderful blog made in XHTML 1.0 Strict still uses incorrect HTML 3.2 syntax (bold tags, not closing self-contained tags such as <br />) and all.

    Try to render it with a correct XML mimetype, and see it throw up errors all over the place. Nice (almost) table-less design though.

    Maybe by 2010 will Windows reach *nix security levels... Yes, a security level where you can still give direct hardware access to some processes, and not an 'all or nothing' kind of access.

    Yes, I'm talking about OpenGL and EAX.

  3. AllenJensen
    Posted on: December 07, 2006 at 9:11AM  

    Jim, given the "defense-in-depth measures ... put in Windows Vista—both the number of defenses and their combined effectiveness", where do you and others reading this blog believe the AV vendors should focus their efforts?  What should I look for in an AV product to cover the gaps?

  4. SirKronan
    Posted on: December 08, 2006 at 12:14PM  

    Am I the only one that is extremely annoyed by some of Vista's security measures?  Even when I'm in administrator mode, I have to grant permission TWO TIMES to run an installer EXE file.  This is ridiculous.  Even programs I have been running for days still prompt me for permission, like Firefox.  Is there anyway to permanently trust an application so it NEVER asks permission?  Especially when I'm in administrator mode!!  When I am logged in as an administrator and I double click an executable it's because I WANT TO RUN IT.  I don't want to be asked two more times for permission.  This is incredibly cumbersome, and it makes Vista very discouraging.  

    I have AVG free antivirus for Windows Vista (I'm opposed to trial editions like Windows One Care) and it only starts with my computer about 50% of the time.  And every time it tries do download updates my computer asks me permission again.  I have already granted AVG access in my firewall.  I shouldn't have to give permission every single time it tries to update.  Microsoft, if you're listening, please find a way to make program installs, updates, and running programs in general less bothersome to use.  When I'm in administrator mode, just about every click I make is one I want to click.  I don't have any executables I am going to run which will damage my system because I'm very careful what I install and download onto my computer, and I shouldn't have to give trusted applications permission to run or download updates EVERY time, sometimes twice.  If there's someway to disable this that I don't know of, please let me know.

  5. Nick White
    Posted on: December 13, 2006 at 1:56PM  

    Hey AllenJensen:  you'll want to visit this page for a list of Windows Vista-compatible AV products: http://www.microsoft.com/athome/security/update/windowsvistaRC1AV.mspx.

  6. ryuzvjqwkpg
    Posted on: November 03, 2008 at 5:29AM  

    lb6xy6  <a href="hblowbizhvdo.com/.../a>, [url=http://yicdozxepwsz.com/]yicdozxepwsz[/url], [link=http://upejxmdofbxb.com/]upejxmdofbxb[/link], http://malmhbbsjasw.com/

  7. jimrkorwis
    Posted on: November 03, 2008 at 12:54PM  

    O2jbHX  <a href="qlqxjaadddrh.com/.../a>, [url=http://uacnzifuneee.com/]uacnzifuneee[/url], [link=http://qwtujtlpzqum.com/]qwtujtlpzqum[/link], http://xwfreakpsfrb.com/

  8. ravindra106
    Posted on: August 27, 2009 at 7:53AM  

    congratulations jimall its a good news.

  • Page:
  • 1
  • 2
  • 3

Trackbacks

  1. Posted by: Dena: Vista Ready on November 10, 2006 at 6:10PM

    Jim has just posted a response to all those bloggers and "media" who have posted that Jim said that people

  2. Posted by: Michael Howard's Web Log on November 11, 2006 at 2:20PM

    When I read the interview " Allchin Suggests Vista Won't Need Antivirus " with Jim Allchin I shuddered,

  3. Posted by: Donna's SecurityFlash on November 11, 2006 at 11:43PM

    There was a news about Mr. Jim Allchin's interview is misunderstood. BTW, Mr. Allchin r espond to it

  4. Posted by: Kurbli on November 12, 2006 at 5:16AM

    Korábban írtam Jim Allchin félreérthető nyilatkozatáról, úgy tűnik, hogy az elmélkedés a mondottakról/leírtakról

  5. Posted by: Harry Waldron - My IT Forums Blog on November 12, 2006 at 12:26PM

    Jim Allchin's recent comments on the enhanced security found in Vista were misinterpreted during a telephone

  6. Posted by: Harry Waldron - Microsoft MVP Blog on November 12, 2006 at 12:27PM

    Jim Allchin's recent comments on the enhanced security found in Vista were misinterpreted during a telephone

  7. Posted by: Microsoft News Tracker on November 12, 2006 at 5:25PM

    Allchin Suggests Vista Won&#8217;t Need Antivirus During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yeste..

  8. Posted by: SSiTE News on November 13, 2006 at 4:25AM

    Ever since Microsoft Vista chief Jim Allchin talked about his son not using anti-virus in a recent teleconference with journalists, the world has been abuzz with claims Vista won’t need AV software. Now Jim Allchin has clarified his statements on the

  9. Posted by: Security Incite: Analysis on Information Security on November 13, 2006 at 9:46AM

    November 13, 2006 - #155 Good Morning: Happy Monday to you. Ready to get back into the fray? I am, after a great weekend with the twins. But I was certainly happy when the boss came back into town. They were pretty well behaved and we even braved th

  10. Posted by: Security Curve Weblog on November 13, 2006 at 11:34AM

    Have you seen the ads for the &quot;Truth in Software Commission&quot; hearings over at BigFix. If you haven't seen it, I highly recommend checking it out. Their satirical content is absolutely hilarious and it's very much worth the trip (trust me, it's

  11. Posted by: OpsanBlog on November 15, 2006 at 9:17AM
  12. Posted by: SAGE Wisdom Journal on November 15, 2006 at 10:03AM

    Latest news on Windows Vista include questions over antivirus and the released v

  13. Posted by: WebLog de Stéphane PAPP [MSFT] on December 23, 2006 at 3:30AM

    Nos amis suisses ont développé un site en français sur l’utilisation d’ordinateurs connectés à Internet.

  14. Posted by: Satisfy Me on April 21, 2007 at 12:18PM

    It has been a busy week, and between catching up at work and a backlog of email, sick kids and just about

Recent Posts

Tags

View more
© Copyright 2009 Microsoft Corporation. All Rights Reserved.   |   Privacy Statement