See your link here
Allchin would let his son surf without AV, so what?
14 comments- IT TOPICS:Desktop Applications, Development, Emerging Technology, Hardware, Operating Systems, Security, Software, Windows & Microsoft
Jim Allchin said that he'd let his son surf the Internet using Vista (and I assume IE7) without having antivirus installed on the computer, which he has to do anyways since there's absolutely no antivirus available for Vista yet. Several sources are saying that he's suggesting Vista won't need antivirus, but that's a sensationalist headline just to get attention. What Allchin's really saying is that he's taken enough compensating controls on his son's computer so that this one particular computer can safely surf the net. Of course, if you look at those controls, you'll realize most people would never configure their computers so safely.
Let's start at the top, or maybe the bottom, with the OS: Vista. I'll give Microsoft credit where credit's due, they've created their "most secure operating system yet" with Vista. But that's the same line of logic we heard with XP. It was true then, and it's true now, but that still doesn't mean that it's going to remain that way. I'd say that their Address Space Layout Randomizaton sounds like a great idea, but until some specialists in memory space utilization, and some hackers for that matter, have had a chance to bang against it, I'm going to withhold judgment. Right now one big advantage Vista has is the simple fact that no one's had the years to hammer on it we've had with XP and a major vulnerability could be found at any time. Vulnerabilities will be found, that's unavoidable with a piece of software as complex as an OS, the only questions are when and how severe will they be.
Allchin's son has to be using Internet Explorer 7, even though he didn't explicitly say so. IE7 is a huge jump in security over IE6, especially when coupled with Vista. If nothing else the sandboxing capabilities of IE7 make it a much harder nut for viruses to crack, but we're already starting to see some of those cracks form. He's also used all of the parental controls and lock down features available in IE7 and Vista to make sure that his son can't download anything he doesn't explicitly allow. These are great features to use on a child's computer, I use similar techniques on my own children's computer. But it has two weaknesses that make it something the average user will never do: it requires configuration and it requires understanding. Most end users don't have the time to enable extra features and even if they do, they'll disable them the first time they run into problems. If they don't, when they call their tech support, disabling those features will probably be some of the first instructions they receive . Many users can't even figure out how to put a router with a firewall in place on their networks, which I'm certain Jim Allchin has, if he doesn't have several layers of them.
I think Vista can be run securely without antivirus, but to suggest that the average user can do this is foolish. Jim Allchin is a security professional who's taken the time and energy to lock down his son's computer and put enough compensating controls in place that he doesn't believe he needs antivirus. But these are steps well beyond the average users understanding. And without understanding those controls, and more importantly what will nullify those controls, a user isn't going to be able to remain safe on the Internet without antivirus. They might be safe for six months or a year, but as Vista reaches market penetration, the virus creators are going to find the chinks in it's armor and antivirus will be needed as another layer of your defense in depth. Yes, Allchin let's his son run without antivirus, but that doesn't mean anyone using Vista can do the same.
Print
Email this
Digg this
