What if Jim Allchin is right about no AV on Vista?

What if Jim Allchin is right about no AV on Vista?

Summary: Scott M. Fulton, III wrote this very thoughtful piece about "Vista, Antivirus: What If Allchin's Right?

SHARE:
TOPICS: Malware
140

Scott M. Fulton, III wrote this very thoughtful piece about "Vista, Antivirus: What If Allchin's Right?"  Fulton was the man responsible for all the flurry recently about Jim Allchin implying that Vista may not need anti-virus because he ran no Anti-Virus software for his son's computer.  Allchin later clarified that he was not talking in general about Vista needing Anti-Virus or not.  running a locked down PC with no Anti-Virus is more effective than running a PC as Administrator with Antivirus.Fulton asks the question if the "technology press" has gotten so jaded that it has lost its ability to think objectively on Microsoft and that it's like "thousands of knee-jerks going on simultaneously".

Even our own Mary Jo Foley was shocked that Allchin would dare run "a heavily locked-down, parental-control-ridden PC, in non-admin mode" as if this was somehow abnormal and that it would be ludicrous to suggest that Vista may not need Anti-Virus software.  My question is, why would we be shocked at running a heavily locked-down configuration for a PC?  Isn't this the default configuration for Vista?  Why change the default configuration of Vista to run in an insecure mode?  Why aren't we MORE SHOCKED that people run Windows, any NT-based version of Windows for that matter in administrator mode?  I've been doing this for years with my family WITHOUT Desktop Anti-Virus and I think you'd have to be insane to let the kids or any novice computer user run as a system administrator.  The fact of the matter is, running a locked down PC with no Anti-Virus is more effective than running a PC as Administrator with Antivirus.

Having the locked down PC also has the wonderful side effect of some actual privacy between family members so that they can't read each other's mail.  Only the administrator (the most knowledgeable adult in the house) would be able to unlock files by taking ownership of files or changing the user passwords.  Furthermore, the only way to prevent children from disabling their Internet filters is running them in a locked down desktop configuration.  Many kids are probably smarter about computer than their parents so they can easily disable Internet filtering software if they're given administrative privileges.

Oh but what about the Administrator running Vista without Anti-Virus?  Administrator accounts in Windows Vista has been downgraded from previous versions of Windows such that it no longer has automatic system access.  In order for an Administrator to perform system-changing tasks, Windows Vista goes in to a special lockdown mode where the entire desktop dims and nothing else on the screen can be clicked until the user gives explicit permissions to change the system.  So if an Administrator is installing software or changing the system configuration, it will be rather obvious that permission to change the system should be given.  But if the Administrator is surfing the web, open up an Office document, or read an email and the Desktop goes dim and asks permission to change the system, it's fairly obvious that something is horribly wrong.  Coupled with other security mechanisms, this should provide more than adequate protection for moderately advanced Administrators.

Fulton continues his article with:

The prospect of my being able to allow my child to use an operating system complete with failsafes, user access controls, parental lockdowns, and malware-foiling architecture -– never mind who invented it first -- designed to the point where, at least for the next few years, I don’t have to rely upon anyone's third-party, performance-degrading, resource-hogging behemoth of a protection system capable of doing more damage than any virus ever dreamed, is a prospect I look forward to with undaunted enthusiasm.

I've been saying for a long time that the resource cost of Desktop Anti-Virus software is too great to justify its use because it makes your PC slower than molasses.  I've even gone further to show examples of how running Desktop Anti-Virus can make your PC even less safe because it's like having a bomb squad diffuse a bomb inside your house standing next to you since there are exploits targeted specifically against plentiful Anti-Virus vulnerabilities.  Furthermore, you're paying good money for software that slashes the performance of your PC four fold.

I can make a good technical case that Anti-Virus running on a locked down PC provides a very dangerous vector that would not have been there without the Anti-Virus software.  For example if a non-administrative without system privileges triggers a virus, that virus cannot infect the system because it lacks the privileges to do so.  But if there was Desktop Anti-Virus running with a vulnerability, any malicious payload that takes advantage of that vulnerability has immediate root access to the system!

Of course some people have taken this to mean that I am saying that people shouldn't be running Anti-Virus when I have said no such thing.  I said people don't need DESKTOP Anti-Virus when other defensive measures are engaged, I never said people should not run Anti-Virus.  I have said over and over again that I favor offloading the job of virus detection to a Gateway device that scans for viruses coming in via HTTP, FTP, and SMTP.  I've even offered cheap hardware and software suggestions and some more robust solutions for an Anti-Virus gateway.  Using a gateway device means you have a single box to update as far as AV definitions are concerned and it protects every single PC in the house!

Does that cover all possible vectors such as sneaker-net via USB or CD?  No it does not.  But having the family run in locked down Desktop is more valuable in terms of security to begin with.  The combination of the locked down desktop and gateway Anti-Virus scanning means you can have your PC scream to its full intended potential while being more secure than you have ever been running Desktop Anti-Virus on a wide-open PC.  The concept is even easier for an IT department to implement since professional Desktop support staff should know how to lock down a computer.  Not everyone will agree with my philosophy on Desktop Anti-Virus and I don't expect them to.  I just want my performance back while maintaining equal or better security than the status quo.

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

140 comments
Log in or register to join the discussion
  • "Shocked"?

    George: You should read my post before trying to paraphrase it (incorrectly).

    I was not shocked that Allchin would allow his son to run Vista without antivirus. I was shocked at the shoddy, ridiculous crop of stories that resulted from the revelation, starting with Fulton's. I objected to the implication in various stories that Allchin said this in order to hurt antivirus software sales.

    I know it helps your click rate to be controversial. But it's more important to be accurate.
    Mary Jo Foley
    • Unfair criticism

      Mary Jo,
      Scott's piece never inferred that he was saying that in order to surpress Anti-virus software sales. Those were made in articles based on our reporting where other reporters decided to add some analysis for controversy's sake.

      I've read Scott's piece over and over again since this has happened, and it just seems that some people, including Robert and Ars, are using the hubbub surrounding this to advance their own profiles.

      Scott did his job in reporting, and he's being unfairly criticized for it. I'm glad to see someone like George actually analyzing what Scott said (and his piece afterwards) rather than saying we put words into Allchin's mouth.

      Allchin said it, and note he hasn't publicly denied our reporting. It's the reporting afterwards based on our story that was making those suggestions.
      Ed Oswald, BetaNews
      • Allchin's actions speak louder than words

        Allchin might be saying he's not recommending no AV for Vista, but his own actions with his son's computer speak louder than words and I completely agree with him. I've been doing the same thing for years.

        You're right, Fulton is being unfairly criticized and his latest piece is very thoughtful and well written.
        georgeou
    • But you're still saying that it would be odd to not run AV

      But you're still saying that it would be odd to not run AV and that's what I'm saying you're shocked at. You're shocked at the idea that someone would suggest that maybe Alchin's configuration for his son is right and that's what I'm shocked at.

      However, I don't see a problem with Fulton's story and I've been DOING no AV for years with a locked down desktop. So I still don't understand why you think it's so odd to prefer a locked down desktop over Desktop Anti-Virus software.
      georgeou
      • George

        Be proactive--get the First Aid Kit and bandages ready! ;)
        D T Schmitz
      • ACK ACK ACK

        Hi George,
        be a good boy, you should acknowledge you made an incorrect paraphasing from Mary Joe's article. The title of your comment is an eliptic and indirect way to do that. But it's expected from a gentleman to accept explicitly own errors. And would be really nice that journalists use to do the same, gentlemen or not.
        Call it paranoia, but the use of AV SW in a PC is something that gives the user the logical sensation of additional security, instead of the fact you showed about opening back-doors.
        Be a good guy, and send a kiss to Mary Jo.

        Best regards,
        Raul
        raul62
        • Mary Jo is still shocked at my reaction

          She is still shocked that anyone would dare interpret Vista may not need AV. I'm still shocked she is shocked. So I do not see errors in my reaction.
          georgeou
          • Error? What error?

            George,

            Many of us can't see any error in your reaction.

            Mary Jo is most likely overreacting... we're all shocked that she's still shocked.
            Justin Carmichael
    • Why would George care about correct paraphrasing?

      He doesn't bother with that in his other blogs, why start now?
      B.O.F.H.
      • Change is bad?

        Last time I checked, you were all for change. Putting people through the headache of converting to IPv6 just so you could shove as many of your computers online with public not private IPs.
        nucrash
        • I have already been on multiprotocol networks.

          Perhaps you have forgotten the George Ou rants about XML? IIRC, there were at least 1/2 dozen blogs related to that.

          As per multi-protocol network support, we have had in the past 20 years (or so) IPv4, IPX/SPX (Novell), NetBEUI/NetBIOS (IBM/Microsoft), and several others. As situations change (from isolated LANs to Internet connectivity (TCP/IP, include VPN's and other subnets) to having people connecting all manner of devices (refrigerators, mobile phones, DVRs, mobile devices, PDAs, etc.) via city wide networks (mostly in Europe, gaining in the US, many in Asia), we are using increasing the services available and what we do with the connectivity (integrated services such as phone, video and connectivity). FYI, I used mixed IPv4/v6 networks back in 1999/2000 with no pain.
          B.O.F.H.
    • Now that is funny..

      Classic, George.
      ju1ce
    • Above it all, huh?

      Gee, are you telling us that you never shift your emphasis or imply by tricks of the reporters trade things that increase your "click rate" by stoking the flames of the zealots, Mary Jo? I find that difficult to believe, because I see it repeatedly in your blogs.

      You do seem to be too self-important to stoop usually to participating in the Talkbacks, so it strikes me as quite revealing that the only time you do so is to pedantically correct another blogger and suggest that he's pandering to his audience anymore than you are.

      I think you could have clarified your position here without being so nasty to George, but then again, maybe you're just being controversial to increase your "click rate."

      My recommendation is to go return to contemplating your navel during your down time from obcessing on Microsoft, and just steer clear of the Talkbacks completely. That way we can pretend a little easier that you might have something approaching an objective opinion on anything Microsoft.
      jcg_z
    • Although I agree you do not appear shocked ...

      ... you did state;

      "Did Allchin make a mistake in his attempt to prove that Vista is far more secure than any previous version of Windows, including XP SP2? Yes. He should not have suggested that any users, even those with Windows chiefs as their fathers, can or should forego antivirus software."

      I fail to see why it is a mistake for Mr. Allchin to state what indeed may be the truth. The fact that he states this is what occurring does not imply he is endorsing it for the masses. In an article where you are touting that too many tech writers are reading too much into his comment you do the same.
      ShadeTree
      • I'm still shocked at her response

        I still find her reaction knee-jerk shocking. Why can't we debate Allchin's configuration at home?
        georgeou
        • Home???

          Perhaps Mary is still angry with you and does not want to discuss anything with you at home...

          (I couldn't resist the play on words...)
          Information_z
    • Let's Look at the Message

      I'm not as impressed with he said / she said as I am with the message itself. Some of us managers and administrators have been preaching that desktop A/V solutions are not entirely necessary.

      Forget for a moment that most desktop A/V applications slow your computer to a drag, if you are a well-educated, conference-attending, best-practices-reading engineer then you'd know that some simple out-of-the-box thinking can result in real security solutions. No administrative privileges, highly limited power users privileges when necessary, gateway filtering, and constant user training are invaluable.

      In contrast, we've been conditioned to believe that we have to stick to desktop A/V applications and that the only way to fix problems is to layer code on top of code. We keep pilling on more and more code and before long, no matter how many cores our processor has, our computers will drag like a 386 on Pong.

      I'm buoyed by blogs like Ou's because it challenges our thinking. Our task as IT leaders is to improve security and performance while not denting the bottom line. We need to be more creative than keeping up the status quo.
      bobhog
    • I suppose

      that was supposed to be clever?
      nECrO_z
    • What a joke

      A lot of hot air about nuffin.
      Seems like you guys need your comfort blanket.
      "What will we do without AV, lets get worked up just like Y2K!"(something that again only effected microsloths)

      Vista is just copying apples O.S., which if you hadn't noticed, doesn't have AV- except of course for those microsloths switching, whom garnish giggles when they don't accept the fact that there is no need for AV.

      They fork out an extra coupla hundred bills for useless software!

      hehe

      gotta love you guys- bout time you relinquished the chains of your bondage.
      hirez
    • Re: Shocked?

      I think the critical line in your blog Mary Jo that implies possible shock on your part that Allchin allowed his son to run Vista without anti virus is the following quote;

      "Did Allchin make a mistake in his attempt to prove that Vista is far more secure than any previous version of Windows, including XP SP2? Yes. He should not have suggested that any users, even those with Windows chiefs as their fathers, can or should forego antivirus software."

      Now admittedly, only you can say if you actually felt 'shocked' about the above situation, but seriously, your precise personal emotional response to the situation is not particularly important because clearly if shocked is not the perfect word to describe what you 'felt' about it it must have been at the very least 'dismay' or 'significant concern' or something very much in the same vein judging by what you have said above.

      What ever your 'exact' personal emotional response to hearing Allchin announcing his sons computer without AV was, the point is by George saying you were shocked about it was at least close enough to indicate that you disliked the idea enough that you felt it was a mistake for Allchin to say such a thing. Perhaps in your mind it never rose to the level of shock for you, but I think we get the idea just fine. Shocked or not, you think it was a mistake for Allchin to say such a thing. And thats the point I got from what George wrote.
      Cayble