Has Microsoft’s Vista Chief gone mad?
By Alex Zaharov-Reutt
The head of Microsoft’s Windows Vista project, Jim Allchin, told reporters that he let his seven year old son run Vista without anti-virus software, although he did set up Vista’s parental controls to ensure he didn’t go to sites he shouldn’t be visiting, especially ones that could contain spyware. The news has ricocheted around the globe, with Mac users gloating that Allchin is just dreaming. Others might think he’s mad, but I’ve run XP without anti-virus for months earlier this year, and I didn’t get infected. Why did I do it, and why no infections?
It seems like a world gone mad. There I was advising Mac users to run Internet Security software (including a firewall and anti-virus) just recently (and being slammed for doing so), but the funny thing is that I went for a few months early this year without anti-virus software on my XP system with no ill effects, although my firewall and anti-spyware software was definitely switched on and in full effect. Am I mad too?
Well, while some Mac websites definitely think so, there’s a reason why I decided to run my system without anti-virus for a time.
Something screwed my anti-virus software up – it was the free AVG at the time, and it didn’t matter whether I uninstalled it, re-installed it or tried using a different anti-virus program – I just couldn’t get the anti-virus to work or update itself. Something was stuck, and it was a weird one, and there appeared to be no ill-effects to the rest of my system.
From memory, I tried doing a system restore, but for whatever reason it didn’t work. Faced with the need to do work every day, and re-install my system (which would take time), I had a choice. Take the re-installation plunge, or try an experiment seemingly only possibly on a Mac – run my system without anti-virus.
Now let’s make something very clear. Anti-virus, and Internet Security software (which generally means a firewall, anti-virus, anti-spyware and other protective software) is very important, and you should run it – PC, Mac, Linux or whatever it is you’re running.
I’m certainly running such an Internet Security program now on my Vista installation – the beta version of Trend Micro PC-Cillin that’s been specifically designed to work with Vista RC1.
But when I was using my XP system, with a firewall switched on, and all the virus protection measures built-in to Outlook to stop your standard mass mailing viruses/worms, and the spyware protection inside of IE6 SP2, along with still regular use of anti-spyware programs such as Windows Defender (in beta at the time), SpyBot and AdAware, and no running anti-virus software, I didn’t get infected. Not once.
Indeed, I haven’t been infected by a virus for years – not since (from memory) the Melissa virus from years ago, when an email popped into my inbox from a very, very trusted friend. The email said ‘take a look at this’.
Foolishly, I did, and despite having anti-virus on my system at the time, this particular virus hadn’t yet made it into the anti-virus definitions of the particular anti-virus program I was using at the time.
And so, like my friend, who had also been infected with his system spewing out infected emails to his entire address book, I was infected too.
I quickly realised what was going on, and emailed everyone in my address book to warn them of the problem, and to apologise for having sent them out a virus, and what to do if they had opened the attachment that was in the email. It’s not just Google and Apple that can make this error, eh?
Of course, I’ve never been fooled by this again, nor has any other social engineering trick worked on me to date. That’s because for experienced IT users, it’s easy to tell when an email contains a virus.
Obviously the everyday computer user can be easily fooled by the social engineering tricks that virus writers use to get you to open that attachment in an email, and that’s why we need an anti-virus program on our computers, to help protect us from ourselves.
But when my anti-virus on XP went kaput, I relied on my skill in seeing obvious and not so obvious email viruses and simply not opening them (or the attachments within them), I stayed away from websites that could contain malware (and was being protected by IE6 SP2, Windows Defender and manual scans with Spybot and AdAware) and guess what? Nothing happened. For months.
For those wondering if I was indeed infected without knowing it, well, besides the fact no emails were being sent out of my system in droves or other obvious signs of virus infection, the Trend Micro HouseCall online anti-virus scanning and removal system did indeed work on my system, and every now and then I’d check it to see what the score was.
It detected cookies here and there, but never any viruses or other malware.
Eventually, I decided it was time to do a complete re-installation, and of course once I’d taken this step, AVG re-installed itself perfectly and all was working again. Eventually I switched to Zone Alarm Internet Security 6.5 , and until I took the Vista RC1 plunge, it was my security system of choice, and one I’d happily recommend to anyone.
What would have happened had I opened one of the attachments in one of those social engineering emails? I’m sure I’d have been infected in a flash.
But with an acute awareness of how they worked, and the fact that Outlook itself stops a lot of these viruses from being accessible (although not all), and the other protective software I used, I was able to run my system without anti-virus installed.
So anyone running Vista, XP or anything else should definitely get an Internet Security program on their computers.
Do not do what Jim Allchin did with his son, or what I did with Windows XP. Even Allchin states that security threats are ongoing and that new threats will emerge in the future, even if he thinks Vista is the most secure Microsoft operating system ever.
After all, that’s what he said about Windows XP, and we know how that turned out.
Related:
Entry was posted
on Saturday, November 11th, 2006 at 11:51 pm
under
Read more entries by Alex Zaharov-Reutt.
Stumble It!
June 13th, 2009
I dont realy understand the big deal. I have been running XP without ANY Anti-Virus-Malware-Spyware or Firewall-Software for about 2 years now.
I am behind a router (standard DSL-Router) with some nececarry ports forwarded.
I use my PC daily and for hours on end. I browse alot and I download alot.
Guess what? No virus in all of the 2 years. A streak only broken by 1 infection earlier this year (easily removed by booting in safe mode and deleting the responsible file in the system32 folder). And well, it was my own fault and I should have known better.
And thats the key. People click on everything that blinks (in itself this CAN NOT cause an infection, unless you are using InternetExplorer) and when offered some dodgy “Super Codec” or “Free-All-in-One-Wonder-Tool” click on “download” (which, in itself, CAN NOT cause an infection) and THAN douple click that dodgy file..
If people would think before they act and if in doubt would use an on-demand virus scanner or even just google the fricking file name, no one would get infected. (unless they go online directly without a router or use [a not even updated] MS Internet Explorer [on dodgy porn sites etc].
A one hour crash-course in “Thread-Recognition”
for all Internet Users would make the whole Anti-Something buisness obsolete.
June 13th, 2009
Sorry, of course I ment “threat-recognition”.
Thread-recognition crash-courses is something forum owners should look into. Might cut down on the overall thread count with the same question drasticly.
PS: And sorry for the likely load of tippos. Not a native english speaker and a bit tired and lazy right now…