Vista, Antivirus: What If Allchin's Right?
PERSPECTIVE Let’s start by clearing up the most frequent mis-perception that emerged from our story last Thursday regarding Microsoft co-president Jim Allchin’s comments. As you'll recall last Wednesday, Allchin held a telephone conference to announce Windows Vista’s release to manufacturing.
At that time, he never advised Vista users not to use antivirus software. What he did say was that he was so confident in Vista’s new "Defense-in-Depth" architecture and failsafes that, under limited circumstances, he would allow a family member to run the operating system without active anti-virus software. Thus, he implied that the operating system might not need antivirus software – at the very least, not in similar limited circumstances.
"Wow, you describe a specific situation and suddenly people extrapolate something completely different!" wrote Allchin on the Vista team blog on Friday.
I agree. The "something completely different" was the notion that the president of Microsoft would advise Vista users to turn off their antivirus or otherwise let their guard down. In the dissemination of this story, that’s the impression that some received; and when they reasoned (rightly) that this couldn’t be correct, we were taken to task by some of our readers and a few of our colleagues.
As a result, sources other than BetaNews reported that BetaNews had reported that Allchin had advised Vista users to turn antivirus off. He did not say that, nor did we say he did. However, we did write him over the weekend to make amends over the confusion that did result.
One blog cited our story as a way of saying that Microsoft issued a challenge to malware writers during the conference, daring them to create a Vista virus. That, too, never happened, nor did we ever say it did.
What Jim Allchin did suggest was that Vista might not need antivirus, at least in some specific, guarded situations.
Now, while you’re turning that over in your mind, and maybe thinking, "What’s the difference?" I want to focus on an aspect of this story that somehow got missed in all the hubbub over who didn’t say what. Why were so many so quick to condemn the suggestion that an operating system could be capable of evolving beyond the absolute requirement for antivirus software, especially from a third party?
In other words, quite succinctly, what if Allchin's right?
As we have come to know it, a virus by definition must be capable of running undetected, with privileges it should not have been granted, delivering a payload that should not be allowed, and replicating itself for network distribution, relying on user ignorance if user unawareness isn't available.
With the objective of disabling the feasibility of malware at this level, Microsoft has engineered a multitude of features for Windows Vista, which some will be experiencing for the first time in its final form as soon as this Friday. One is User Account Control.
Vista beta users have already seen it, and have already experienced some mild headaches with it. It’s a pest, but it’s a good kind of pest. Specifically, it's a new system that runs all applications with the privileges afforded to the basic (i.e., non-administrator) user. The "Power User," by the way, is gone with Vista and with Windows Server 2003 R2.
When an application is capable of making any changes to the system that could impact its ability to function, Windows shuts down – to coin a phrase, it makes like a hole in your monitor. Network access is shut tight, and all other applications are suspended. The screen goes half-dark, except for a dialog box that asks for the user’s explicit permission to let the program do its job, which the user may refuse.
The point is, you can’t avoid seeing this. Anything that could change your system must identify itself. Now, while you’re thinking that all a virus needs to do is learn to identify itself as "IMPORTANT SYSTEM PROCESS," realize that an application must now be authenticated by the operating system to request the very privilege of invoking this User Account Control stop-the-presses feature. It can't identify itself to you as Word, unless it is Word.
For applications that are of the older era (Windows XP and earlier), Microsoft is working to utilize a feature of virtualization to give them the impression that they’re writing values to the System Registry, or writing files to a folder within the Program Files directory when in fact they're actually writing to virtualized copies running within a safety envelope.
Certainly, a malware writer not wanting to run into the pre-emptive assault of Vista's new defense measures, will try to resort to exploiting the weakest link: support for older architectures. In so doing, he’ll discover that support exists within its own little subdivided reality, that cannot be merged with actual reality without a human user’s explicit permission.
Next: Is Microsoft Obligated to Leave Windows Insecure for Security Vendors?