*********************************

Vista (and XP, and 2K) can protect themselves quite nicely, thank-you, without the security blanket-wielding protection racketeers of the 1990s.

*********************************

Errrm.... I don't think so. Anyone without a third party Anti-Virus product on a 2000 or XP machine (I don't know about Vista cos I've steered a million miles clear of it) who is connected to the internet will be infected quite quickly; especially with a non-tech-savvy user. Windows does very very little to protect itself against a well-written virus - as proven by people up and down the country who have caught them.

The death of anti-virus will come when they write OSs which either detect and suppress suspicious process behaviour directly without "definition files", and which make it nigh-on impossible for a privileged process to run unless it SHOULD be running.

Even Linux gets the odd virus - and that has addressed the second point quite well.

Microsoft failed to secure Vista SP1 in a recent independant test.

http://www.channelregister.co.uk/2008/03/29/ubuntu_left_standing/

Not many people or companies in the USA ever use, or even plan on using, Vista, so this news does not really "send any shock waves".

- Mike S.

California, USA

How do you know your clients don't have a virus if they don't use AV software? If it was so obvious there wouldn't be such a problem with huge bot-nets.

I'm partly with you. My ePO server tells me that of the 4000 odd PCs I support, we get only a handful of infections, the vast majority of which are twerps who've followed links that any Nimrod should have realised were to malicious websites. And it's almost all on PCs where we haven't been able to wean users off having admin access to their PCs (for complicated political rather than technical reasons). When NetWare login scripts were our main configuration method, we found we had to let users have admin rights, and we got regular issues with viruses sweeping through the organisation. Since we got AD and SMS to manage things we've demoted end users to ordinary users and killed that stone dead. I actually think that spyware and adware, and inbetween conware like WinFixer and WinAntiVirus are a far worse issue than viruses and trojans proper these days.

50 users.....

Wow.

That's actually not what I'd call a very big network to be honest.....

5 yrs ago the company I was working with issued a new PC build with Admin rights turned off. Good firewalling, IDS, reasonable T & A, good server patching etc etc. We still picked up viruses from time to time but we were using AV so we got by ok. Chief cause? Consultants and vendors plugging in unprotected laptops at remote offices...

To challenge the effectiveness of some of the leading AV suppliers is right and proper (and I'm feeling quite smug at the minute for buying a Vista machine at home and choosing Kasperski.

To say that you can get by without AV is irresponsible. If you're not measuring it, how on Earth can you manage it?

All very well unless you host your own mail server, or wish to use another providers mail server. I'd be willing to accept that port 25 is blocked by default if there was a simple way to get the ISP to unblock it.

Yes, I did mean block by default, with a measure of competence to be ascertained before it's switched back on, I was specifically thinking about dynamic IPs which are not too useful if you're running your own mail or web server.

As for those blocked by default, what i meant was that the vast majority of domestic users should be constrained to using either their public webmail (eg, hotmail, yahoo) provider's or their ISP's SMTP servers.

I may well have used the same words as another person; but I wrote those words myself and did not "quote" anyone. I likely said the same thing because it's the right thing to say - I stand by every word. If you don't run AV software and you have dumb users connected to the internet, you will get a virus, full stop. The only difference is, as someone above points out, that without AV software you won't KNOW you have a virus.

I think that as a computer professional you have to avoid using your own soapbox beliefs to drive your policy at work; and you have a responsibility to your business customers to give them the best protection possible. Your professional responsibility should outway your desire to take unnecessary risks every time; and I think that your attitude is the worst possible kind of complacency and irresponsibility with your customer's business.

What is really interesting to me is that recently my Vista Home Edition has started telling me that I am not virus protected even though I use one of the above products and it works fine.

Honesty is always to be welcomed,

W

It is, but if a user really wants to install something malicious how can the OS prevent them? If you double click on a file called "hot-pics-of-paris-I_AM_A_TROJAN_AND_WILL_RAPE_YOUR_SYSTEM.exe" that they've received from "Robert" from Hotmail and then click through the UAC, why should the OS not do what the program tells it to? The big difference between XP and Vista as I see it is, run the installer on a net connected XP box and you'll end up compromised within minutes. Run the Vista installer while connected to the net and you can go about your business quite happily without worry unless you do something stupid. As to the performance difference. If you get a PC that has a halfway decent spec (and that doesn't mean "shop at Dell for their latest special offer") Vista OUTPERFORMS XP. @Ash, Flash exploit, learn more about computers before posting random tripe. If I write a program that opens up a port and lets people connect to that port and execute code on the system via a few simple telnet commands, and I actually use a few ugly hacks because the OS doesn't want me to do it, but my program has a legitimate function, is it the fault of the OS when a user installs my software and then gets attacked by random twats? If the exploit is in 3rd party software then it isn't an MS mistake. You can try to prevent it as much as possible, but if someone is determined that they know best (as is typical with legacy solutions) they'll find a way to do it, even if it means making it easier to compromise the system. Scenario is the same, complexity is increased.

Personally, right now, I don't think it's necessary for someone who is experienced to use an AV product, but it's highly advisable. Everyone makes mistakes and if you can increase your chances of keeping your system clean, you might as well do it, especially when the free solutions are pretty good. I use AVG at home, but I want to try out Nod32. I do a scan every few days and I scan anything I download from a less than reliable source. It's like the gun analogy, I'd rather have one and not need it than need it and not have one (I'm not advocating guns, that's another debate).

The point Gordon making about not needing AV should be taking in context with his position that users are users, not administrators. I run my customers networks this way too, and incidents of "issues" (whether virus, trojan, malware, whatever) with workstations are much lower on the networks where users != administrators than those where they are. Like Gordon, I've had networks run without AV for years without infection, and problems only arising from specific users being elevated to administrators (usually without our involvement). Detection of viral presence does _not_ need anti-virus software (only for identification and removal of specific viruses) - their existence is always revealed by their activity (usually in attempts to send out large quantities of email through non-authorised means). Even the numptiest users notice if their workstations are not behaving "normally" (which did surprise me).

With regard to ISPs blocking port 25, that I would support. Home broadband users do _not_ need to be able to transmit anonymous SMTP all over the internet.

For those who complain that "home users need to get to our corporate SMTP server", there are approved methods for dealing with this (Outlook Anywhere [RPC over HTTPS] for those using Exchange, Authenticated SMTP [TCP/587], and VPN) - use 'em!

users != administrators is the vital point here. Nothing made more difference to the issue here than that one thing. The amount of successfully installed Malware I'm finding on our Windows domain with users as just users is minimal to non-existent.

This is why UAC is a selling point to me on Vista; it makes it a lot easier for *no-one* to have to *run* as an administrator, and even if someone decides they will anyway, they still get prompted before that administrator token is used.

Now if some of the developers out there who have never moved on from NT4* could get their head around the fact that their software has to run for standard users...

*I've lost count of the number of stupid apps which try to write into the Program Files directory when they run...

To those running no anti-virus software, I wonder if your boss will see things the same way if you actually get a destructive virus loose in the company? Yes, they've fallen out of fashion these days, but are you really comfortable gambling your job on nobody creating one again? There are plenty of 0-day privilage escallation vulnerabilities on both 2000 and XP, assuming you're being hit by none of them is brave to say the least. I wonder how many tracking / keylogging programs you have on those computers right now.

Oh, and Steve, if you think Anti-virus software can remove a virus once installed you have some serious waking up to do.

I've experienced modern viruses: I've found and removed three in the last 12 months that weren't spotted by either Sophos, Norton or Avast. Good viruses nowdays are small, discrete, and will run quite happily in safe mode. They take a good amount of skill and a fair bit of luck to remove but the only way to be sure a compromised computer is safe is to wipe it completely and start again.

There's only one reason to run Vista in my book ... those playing Liniage 2 on private servers need Vista to stop the game from searching the hosts file for a redirect and proclaiming, "You hack!" before killing the client. Yay, Vista, protect the private gamer :-)

Kaspersky failed in past VB100 tests too