[ISN] Allchin Suggests Vista Won't Need Antivirus

From: InfoSec News (alerts@private)
Date: Thu Nov 09 2006 - 23:05:26 PST


http://www.betanews.com/article/Allchin_Suggests_Vista_Wont_Need_Antivirus/1163104965

By Scott M. Fulton, III, 
BetaNews
November 9, 2006

During a telephone conference with reporters yesterday, outgoing 
Microsoft co-president Jim Allchin, while touting the new security 
features of Windows Vista, which was released to manufacturing 
yesterday, told a reporter that the system's new lockdown features are 
so capable and thorough that he was comfortable with his own 
seven-year-old son using Vista without antivirus software installed.

Allchin's statement came in response to a question about his relative 
level of confidence that Vista would be more secure than Windows XP SP2. 
In response, he noted there were key security features added to Vista 
which could not be added to Windows XP SP2 even though, he said, his 
people apparently tried to do so.

Two such features -- namely Vista's new parental controls, and Address 
Space Layout Randomization (ASLR), which renders the object code of the 
system kernel in memory differently each time to thwart the designs of 
malicious code -- render his son's Vista machine comfortable enough for 
him to use, even though production-quality anti-virus software for the 
unit has yet to be completed.

"I would say that Windows XP SP2 did an amazing job, and I'm proud of 
what we did there. But you have to understand, we learned a lot during 
Windows XP SP2, and there were things that we couldn't put in that 
product," explained Allchin.

"I'll give you an example: It's my favorite feature within Windows 
Vista, it's called ASLR (Address Space [Layout] Randomization). What it 
does is, each Windows Vista machine is slightly different than every 
other Windows Vista machine. So even if there is a remote exploit on one 
machine, and a worm tries to jump from one machine to another, the 
probability of that actually succeeding is very small. And I wanted to 
do this in Windows XP SP2, but we couldn't figure out how to do it. So 
then a smart guy here came up with a solution, so we put it in Windows 
Vista."

After summarizing that past statement, Allchin continued, "Please don't 
misunderstand me: This is an escalating situation. The hackers are 
getting smarter, there's more at stake, and so there's just no way for 
us to say that some perfection has been achieved. But I can say, knowing 
what I know now, I feel very confident."

"I'll give you an example: My son, seven years old, runs Windows Vista, 
and, honestly, he doesn't have an antivirus system on his machine. His 
machine is locked down with parental controls, he can't download things 
unless it's to the places that I've said that he could do, and I'm 
feeling totally confident about that," he added. "That is quite a 
statement. I couldn't say that in Windows XP SP2."

Allchin led up to that comment after having recalled the company's 
Defense-in-Depth program, which emerged in 2004 as a way to assist 
software in defending specifically against viruses, but which evolved 
into a comprehensive anti-malware campaign.

As a result of Defense-in-Depth, Allchin told the reporter, Service Pack 
2 of Windows XP made it substantially more difficult for malware to get 
to the kernel.

"So we've just put up one barrier after another," he said, "so that the 
end result is, in the percentages, when I look at the number of 
bulletins that we've produced over a period of time for Windows XP SP2, 
and I look at what I would expect to take place in terms of, not just 
the number, but probably more important, the severity for Windows Vista, 
we have been doing measurements of that all along, and it's my opinion 
that the severity of the bulletins will be less, as well as the number 
will be less.

"That's to be proven, so we will see about that. But I need to say the 
following: Windows Vista is something that will have issues in security, 
because the bar is being raised over time," Allchin continued. "But in 
my opinion, it is the most secure system that's available, and it's 
certainly the most secure system that we've shipped. So I feel very 
confident that customers are far better off by using Windows Vista than 
they are with anything that we've released before."

ASLR would apparently have been a component of Defense-in-Depth, based 
on Allchin's comments, had it been compatible with the existing 
architecture of Windows XP. In fact, ASLR may help substantiate the need 
for such features as PatchGuard, which is designed to draw a kind of 
"moat" around the kernel of the operating system, rendering it 
inaccessible accept through authenticated communications.

But the evolution of the Defense-in-Depth program, he implied, may have 
evolved its implementation in Vista beyond the need for the generation 
of antivirus protection that was its original impetus.

Copyright 1998-2006 BetaNews, Inc. All Rights Reserved.


_________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Thu Nov 09 2006 - 23:17:50 PST