Hostages to fortune

Jim Allchin, Microsoft VP, quoted on Good Morning Silicon Valley, talking about Vista.

In my opinion, it is the most secure system that’s available, and it’s certainly the most secure system that we’ve shipped. So I feel very confident that customers are far better off by using Windows Vista than they are with anything that we’ve released before.”

Earlier, he had said that he was so confident in the operating system’s security measures that he believes there’s no need for Vista users to run any third-party antivirus software.

Stay tuned.

LATER… Bill Thompson has written an insightful column about this. Excerpt:

Vista will ship with Kernel Patch Protection – also called PatchGuard – which checks to see if the core has been altered in any way. This should make it a lot harder for viruses, trojans, rootkits and other types of malicious software, or malware, to install.

PatchGuard will be backed up by support for the Trusted Platform Module, a hardware component built into many new computers that gives the operating system a way to store and use secured information.

The new approach should make life more difficult for malware writers, but it is also going to get in the way of legitimate security software vendors such as Symantec, which has already pointed out that its anti-virus programs rely on being able to modify the Windows kernel, something which will no longer be allowed.

Microsoft’s response is to argue that “kernel patching”, as the process is called, is not needed and that the standard security tools are all that are required.

It may be right, but it’s hard to tell because we don’t actually know much about what is going on inside the Vista kernel. Microsoft, like many other commercial software developers, prefers to keep such details secret.

“If severe flaws are discovered in Vista”, Bill concludes, “and there already signs that the lockdown is far from perfect, then users may well wonder why they have put their faith in the ‘benign dictator’ approach to security.”