When Microsoft conspiracy theories spin out of control

When Microsoft conspiracy theories spin out of control

Summary: Take off your tin-foil hats, folks. Microsoft has been so completely burned by security problems with Windows in recent years that there is just no way anyone at the company, on down, would suggest users shut off their firewalls, remove their antivirus software or do anything to further comprise the already delicate security balance in which Windows operates.

SHARE:
TOPICS: Windows
20

Two days ago, Jim Allchin, Microsoft Co-President of Platforms and Services, announced that Microsoft released Windows Vista to manufacturing. In the 48 hours since then, a number of reporters and bloggers have been jumping all over the fact that Allchin admitted during the press conference following the RTM announcement that his seven-year-old son is running Vista on his PC without having an anti-virus program installed.

I've always been one to question Microsoft's motives and double-speak. But it is completely misleading to paint Allchin's acknowledgement that his son -- running a heavily locked-down, parental-control-ridden PC, in non-admin mode (one would pretty safey assume) -- isn't running a Microsoft- and/or third-party-developed AV program means Microsoft is claiming Vista is so solid that it doesn't require AV software.

Did Allchin make a mistake in his attempt to prove that Vista is far more secure than any previous version of Windows, including XP SP2? Yes. He should not have suggested that any users, even those with Windows chiefs as their fathers, can or should forego antivirus software.

But now this story has now taken on a whole other life of its own. One IT professional pinged me on instant messaging this morning, asking me whether I heard "Microsoft is telling Vista users that they no longer need AV software." Another report implied that Allchin dropped the nugget about his son in order to try to stick it to McAfee and Symantec for complaining about PatchGuard. Next thing you know, we'll hear that Allchin doesn't even really have a seven-year-old son and that he fabricated the entire scenario in order to tank the stocks of its competitors, while hopefully buoying Microsoft's own.

Take off your tin-foil hats, folks. Microsoft has been so completely burned by security problems with Windows in recent years that there is just no way anyone at the company, from Chairman Gates -- who, granted, couldn't resist making a castration reference, in regards to Microsoft's security partners/competitors today -- on down, would suggest users shut off their firewalls, remove their AV software or do anything to further compromise the already delicate security balance in which Windows operates.

Update: On Friday, Allchin attempted to put a halt to the interpretations of his comments around Vista and the need for antivirus software in a post to the Vista team blog. "I could certainly see that what I said wasn’t as clear as it could have been, and I’m sorry for that," Allchin blogged. "However, it is also clear from the transcript that I didn’t say that users shouldn’t run antivirus software with Windows Vista!"

 

Topic: Windows

About

Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • MS Bashers are desperate.

    The fact is, they know Vista is a fantastic product and leaves other OSs behind and they just can't stand it.
    No_Ax_to_Grind
    • Talk About An "Us and Them" Attitude Problem

      Me, I'm not desperate by a long shot.

      Mt wife says I have a date again tonight.

      Everyone needs Vista like a bicycle needs a bookstand.

      Meanwhile, No_Axe suddenly sounds a lot like Carey Frisch:

      Luciditay.

      Claritay,

      Serenitay.

      Tranquilitay.

      Vista is so wonderful, you don't even need to turn on your computer!

      Just imagine and see all things, be all things, know all things!

      "Thinking is the best way to travel ..."

      Eh. I prefer reality.
      Cardhu
  • Why the surprise?

    This sort of reminds me of the "indignation" expressed by US congresspersons when the leader of Venezuela dared to call the US president names.

    Apparently, only pundits are allowed to start MS conspiracy theories.

    Carl Rapson
    rapson
  • What's the big problem of not running AV?

    I've run on XP without AV for a long time. From time to time, I run a check with an online scanning service, and there's nothing to report. The whole virus thing is a bit overblown these days, because most email programs block the attachments that could cause problems anyhow. And as for browsing the web, most of the "drive-bys" are caused by going somewhere bad in the first place.

    Simply put, if you run as a non-admin, you really DON'T have much to worry about. Go ahead--check the virus databases online, and track how many operate by attacking HKLM, Windows system directories, Program Files directories, attempt installs, etc. The vast, vast, vast majority all work by those attack methods--and those methods have NO EFFECT when logged in as a standard user. Look up the number of privilege escalation viruses in the wild, and you'll see why running without anti-virus is not the heresy some claim it to be. I'm not suggesting that everyone go out and do that, but there's a lot more hype than substance there.

    Keep in mind that the anti-virus companies WANT people to believe that they're in danger at every turn, and that there's "hundreds of thousands" of viruses in the wild--even though a huge number of those are variants of "parent" viruses. When they "clean up" your machine, they'll report cookies as "malware." Don't bet for a moment that they aren't protecting their turf in all of this.
    blu_vg@...
    • Me too

      I don't know why anyone would express shock at being told you don't need to run AV on XP. I've been doing very well without it for years. My wife does run AV and I also run AV on my work laptop (policy) but neither ever come up with anything... ever... not even once.
      NonZealot
      • Me Three

        No Antivirus for me either! I ran Windows 98 SE until half way through 2005, and I never had a virus. And now, with Windows XP... Still no viruses, and still no antivirus programs either. I even run under Admin mode.
        Simbey
  • George Ou...

    ... said the same thing a few weeks back on one of the blogs. He said his kids don't use a/v because Windows is so secure.

    Nobody seemed to pick up on it.....
    bportlock
    • Can't find the posting on ZDNET, but...

      ... here's George on TechRepublic

      http://techrepublic.com.com/5206-6230-0.html;jsessionid=viipMMQxg78lUYs-5q?forumID=8&threadID=201416&start=0

      [i]"george_ou@...
      09/25/06

      I connect to the Internet and I still don't use AV/AS. The rest of my family runs as standard user though."[/i]
      bportlock
    • Go read the actual blog

      http://blogs.techrepublic.com.com/Ou/?p=234

      I said I hated DESKTOP AV. I did not say don't use AV. I recommended gateway AV.
      http://blogs.zdnet.com/Ou/?p=360
      georgeou
      • George - you may not be able to read this...

        .... it might be blocked by the Ou filters. It said (and I cut'n'paste verbatim)

        [i]"...I still don't use AV/AS. "[/i]

        and then you said

        [i]"I recommended gateway AV."[/i]

        Which means you DO use A/V!

        It's ok yammering on about having a mail filter on a gateway but most home users will not have a mail gateway service. Many will take your bald statement that A/V isn't needed on a PC as gospel. Also, a lot of small business users use POP3 mail direct from the ISP and you'll never persuade them to install a gateway and remove A/V because over the years they've had it beaten into them that you must ALWAYS have A/V and your scan your PC on a regualar basis.

        I just feel that your comments (and Allchin's) can be easily misinterpreted and muddy the waters.

        A/V is an imperfect solution, but removing it would just make things a lot worse.
        bportlock
        • In fairness, recommend does not equal use

          I've recommended many things I don't use personally. Everyone has different wants and needs.

          At home, I use neither desktop AV or gateway filtering of any sort. At work, I would never recommend that setup.
          blu_vg@...
          • Fair enough

            [i]"At home, I use neither desktop AV or gateway filtering of any sort. At work, I would never recommend that setup."[/i]

            But, AFAIK, you are not a technology journalist running a blog. Such a person's advice would, for the casual reader, carry more weight than yours or mine.

            I don't mind George saying that he doesn't use a desktop A/V, but I feel he should be clear that he is not against A/V scanning, he just feels it should be done in a different way. In the blog posting I cut'n'pasted it was just a bald statement.

            For someone like Jim Allchin who is a top, top, Microsoft executive to make such a statement is next to incredible.

            I know a lot of people who hate having to pay for A/V and will seize on any excuse to drop it. To have Microsoft executives and tech journalists say that A/V is not needed on your PC just gives these people the excuse they need not to update or renew their subs.

            When they get infected they'll change their tune and, like many people, they'll close the stable door after the horse has bolted. In the meantime the rest of us will suffer as their bot-controlled PCs spam us to death.
            bportlock
          • One issue with your post

            [i]To have Microsoft executives and tech journalists say that A/V is not needed on your PC just gives these people the excuse they need not to update or renew their subs.

            When they get infected they'll change their tune[/i]

            You state as fact that removing AV will result in them getting infected. Why? As you can see here, many people don't run AV and don't automatically get infected. If you look at the hundreds of zero day exploit stories, you will see they never get followed up with horror stories of infected PCs. Yes, there are millions of bots out there but there is no mention of what version of Windows they are running (Win9X, XP, or soon Vista?), how patched their systems are, how many "free" utilities (with associated malware) these people [b]chose[/b] to install on their PCs. My point is that AV should be the [b]last[/b] security measure you take on your computer because it is by far the least effecient method of securing your PC.

            You are probably right that for some people, running AV is better than not running AV but I think we are better off ensuring they turn on auto-update than to feed the AV machine. Everywhere I look, I see warnings of the impending doom of malware with none of the follow up stories that the impending doom actually happened. With Vista's restricted rights by default and IE7 in a sandbox, I see even less need for AV.
            NonZealot
          • Because

            [i]"You state as fact that removing AV will result in them getting infected. Why? "[/i]

            a) 100% of the people bringing a machine into our workshops due to virus infection have NO anti-virus or an expired a/v.

            b) Small businesses can't afford to have a machine go missing for a day to be "disinfected" and have to pay for our time.

            c) If you get the right kind of virus on enough machines you can wind up on an RBL - I've seen it happen to two customers.

            [i]"I think we are better off ensuring they turn on auto-update than to feed the AV machine."[/i]

            Are you nuts? Given the number of holes in XP and the level of technical non-expertise of most users they need to have the exploits plugged.

            [i]"With Vista's restricted rights by default and IE7 in a sandbox, I see even less need for AV."[/i]

            You might be right - in a year's time! For now IE7 is barely present and for current Windows users Vista is vapourware because they won't see it until their next PC purchase. For the short to medium term, Vista will make no difference at all.
            bportlock
          • And you say Allchin is unclear???

            "For the short to medium term, Vista will make no difference at all."

            That is some of the most obfuscatory logic I've heard. Since people don't have it, that's why Vista isn't more secure? That's like saying strawberry pie doesn't taste good because I've never had one.

            "Given the number of holes in XP and the level of technical non-expertise of most users they need to have the exploits plugged."

            The absolute #1 security step any user can take is to run as a standard user, and only run as admin when they need to install something (and only to install something). Personally, I've not seen a single computer suffer an infection when following this best practice, whereas I have seen infections that made it past anti-malware software. There is no setup or OS that is 100% secure--with or without AV--but running as a non-admin is orders of magnitude more secure than running as admin/root. Privilege escalation exploits do exist, but why would a hacker go to the trouble when they can simply get the user to screw up their system for them?

            It is precisely the "technical non-expertise of most users" that begs for standard user accounts--before it demands anti-virus. In my opinion, it should be considered the first, most important layer of defense, with anti-virus somewhere after that.
            blu_vg@...
          • Listen to the interview for yourself

            Here's where you can hear it: (800) 677-2488.

            Jim never said anything of the sort. People that heard otherwise purposely misinterpret what he said. He said it was for his kid at home in a very controlled environment. And, what most articles thus far have ignored, he purposely went out of his way later to say that he expressly did not endorse not running AV. He never said it was not needed.
            blu_vg@...
          • I'll say it again

            [i]"he purposely went out of his way later to say that he expressly did not endorse not running AV."[/i]

            As I said earlier - I think it is unhelpful to say that you don't run A/V and then to defend yourself by saying 15 minutes later that you think A/V is a good idea. Why not state that [i]"A/V is needed but my configuration is such that I don't need to run it on my desktop PC"[/i]. That way, everything is clear and no-one is misled.

            [i]"Here's where you can hear it: (800) 677-2488."[/i]

            An interesting way to podcast, but I don't think I'll be making a transatlantic cal to listen in! ;-)
            bportlock
          • He said exactly that...

            When he first mentioned the fact that he did not run AV on his son's computer, he did exactly what you said: he mentioned specifically the setup that made that possible--a tightly-controlled configuration. (That's why I was suggesting listening to the interview first-hand, rather than drawing conclusions based on mostly inaccurate information. Too bad they don't have an international version!)

            You're giving the journalists a pass on this, when they clearly do not deserve it. These aren't the "food and movies" section journalists. They cover tech for a living. If they can't understand what Jim was clearly saying the *first* time--non-admin account and only certain approved websites allowed--then they shouldn't be covering tech stories. After hearing it explicitly stated the second time, even if they aren't tech journalists, they have no excuse whatsoever.
            blu_vg@...
  • Is there something wrong with Allchin's config?

    "a heavily locked-down, parental-control-ridden PC, in non-admin mode (one would pretty safey assume)"

    You seem to think there is something wrong with this when this is precisely what people should be doing with their home PCs. A PC with locked down permissions is more secure than a PC with AV but no permissions lock down.
    georgeou
    • Don't know why it is so shocking

      [i]A PC with locked down permissions is more secure than a PC with AV but no permissions lock down.[/i]

      Personally, I don't view malware caught by anti-malware as proof of good security, I view it as proof of failed security.
      NonZealot