Allchin Suggests Vista Won't Need Antivirus
During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yesterday, told a reporter that the system's new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.
Allchin's statement came in response to a question about his relative level of confidence that Vista would be more secure than Windows XP SP2. In response, he noted there were key security features added to Vista which could not be added to Windows XP SP2 even though, he said, his people apparently tried to do so.
Two such features -- namely Vista's new parental controls, and Address Space Layout Randomization (ASLR), which renders the object code of the system kernel in memory differently each time to thwart the designs of malicious code -- render his son's Vista machine comfortable enough for him to use, even though production-quality anti-virus software for the unit has yet to be completed.
"I would say that Windows XP SP2 did an amazing job, and I'm proud of what we did there. But you have to understand, we learned a lot during Windows XP SP2, and there were things that we couldn't put in that product," explained Allchin.
"I'll give you an example: It's my favorite feature within Windows Vista, it's called ASLR (Address Space [Layout] Randomization). What it does is, each Windows Vista machine is slightly different than every other Windows Vista machine. So even if there is a remote exploit on one machine, and a worm tries to jump from one machine to another, the probability of that actually succeeding is very small. And I wanted to do this in Windows XP SP2, but we couldn't figure out how to do it. So then a smart guy here came up with a solution, so we put it in Windows Vista."
After summarizing that past statement, Allchin continued, "Please don't misunderstand me: This is an escalating situation. The hackers are getting smarter, there's more at stake, and so there's just no way for us to say that some perfection has been achieved. But I can say, knowing what I know now, I feel very confident."
"I'll give you an example: My son, seven years old, runs Windows Vista, and, honestly, he doesn't have an antivirus system on his machine. His machine is locked down with parental controls, he can't download things unless it's to the places that I've said that he could do, and I'm feeling totally confident about that," he added. "That is quite a statement. I couldn't say that in Windows XP SP2."
Allchin led up to that comment after having recalled the company's Defense-in-Depth program, which emerged in 2004 as a way to assist software in defending specifically against viruses, but which evolved into a comprehensive anti-malware campaign.
As a result of Defense-in-Depth, Allchin told the reporter, Service Pack 2 of Windows XP made it substantially more difficult for malware to get to the kernel.
"So we've just put up one barrier after another," he said, "so that the end result is, in the percentages, when I look at the number of bulletins that we've produced over a period of time for Windows XP SP2, and I look at what I would expect to take place in terms of, not just the number, but probably more important, the severity for Windows Vista, we have been doing measurements of that all along, and it's my opinion that the severity of the bulletins will be less, as well as the number will be less.
"That's to be proven, so we will see about that. But I need to say the following: Windows Vista is something that will have issues in security, because the bar is being raised over time," Allchin continued. "But in my opinion, it is the most secure system that's available, and it's certainly the most secure system that we've shipped. So I feel very confident that customers are far better off by using Windows Vista than they are with anything that we've released before."
ASLR would apparently have been a component of Defense-in-Depth, based on Allchin's comments, had it been compatible with the existing architecture of Windows XP. In fact, ASLR may help substantiate the need for such features as PatchGuard, which is designed to draw a kind of "moat" around the kernel of the operating system, rendering it inaccessible accept through authenticated communications.
But the evolution of the Defense-in-Depth program, he implied, may have evolved its implementation in Vista beyond the need for the generation of antivirus protection that was its original impetus.