Allchin: Anti-Virus Software Is Lacking

By David Coursey  |  Posted 2005-04-29

Allchin: Anti-Virus Software Is Lacking

Jim Allchin, group vice president of Microsofts Platforms Group, says todays anti-virus software isnt doing the job and shouldnt be the first line of defense against malicious software. During a wide-ranging interview at the WinHEC conference this week in Seattle, Allchin said hes noted a rise in the incidence of small attacks—perhaps targeted at only a few hundred computers—that anti-virus software doesnt catch.

Microsoft has tested computers infected with such malware and found it undetectable by current anti-virus software, including its own (not yet in commercial release). Further, because the attacks are so limited, the virus signatures may never be reported to anti-virus laboratories and thus never added to anti-virus applications.

Such attacks may be directed against specific companies with an economic motive and can have serious, long-term consequences. Allchin said protecting systems against these "undetectable" threats is a key part of Microsofts security strategy.

One way to do this is with systems better able to monitor themselves for suspicious activity. Another is to further reduce the "threat surface" available for criminals to exploit; Allchin did not elaborate on ways to reduce the threat.

I asked if the goal was to make anti-virus software—which has become quite an industry—unnecessary.

"No, but wed like to see it be more of an option" for customers, rather than a requirement, Allchin said.

A more challenging problem is presented by social-engineering attacks (phishing, for example), Allchin told me. The problem being that if customers want to follow a link contained in an e-mail, its almost impossible—and not even a good idea in many instances—to stop them.

We agreed, however, that e-mail and Web site authentication would be important steps in protecting users, though I got the idea that Allchin has other protection schemes in mind but isnt ready to discuss them.

On a security-related topic that concerns me more than most people, Allchin assured me that despite the globalized nature of Microsofts business, adequate protections were in place to ensure that no malicious code can be written into its software. I wont go into this in detail, except to say Allchin was willing to discuss how the companys code is protected in enough detail to allay my concerns about terrorists or others gaining access to it.

Allchin also responded to jabs Microsoft has been taking lately from Apple, which is set to introduce its new "Tiger" operating system on Friday.

Next page: Is Tiger a copycat?

Page Two

Allchin accused Apple of attending Microsoft events, learning the companys plans, and then implementing them first "because Apple can do quicker turns than we can." At WinHEC, Microsoft showed a metadata search capability, including "live" search folders, similar to the Spotlight feature Apple has built into Tiger.

I wont get into the fact that Microsoft, which has doubtless taken many ideas from Apple over the years, is complaining about Apple taking a few of its own. I think the issue for Allchin is good manners, which doesnt include Apple taunting Microsoft over the Longhorn-like features built into Tiger.

Is Apple copying Longhorn, or is it the other way around? Click here to read Mary Jo Foleys column.

Because it doesnt manufacture its own hardware and has a much larger constituency to deal with, Microsoft can be outmaneuvered by a smaller competitor. Allchin believes metasearching was a Microsoft idea and takes exception to Apples claim of technological superiority based on being able to ship the feature first.

The main reason we got together, however, was because of a column I wrote recently talking about how little many customers actually know about Longhorn, other than the fact that it promises to provide important security fixes.

Allchin repeated that the goals for Longhorn at this point were quality, timetable and features, meaning that features that cant reach the quality required and make the planned ship date(s) will be discarded.

Right now, Allchin said its not in his interest to describe Longhorn in too much detail. This is partially in response to Apple poaching features Microsoft has publicly described, but it also reflects the still-in-flux nature of the Longhorn feature set.

Microsoft still feels the sting from having to remove significant features from Longhorn in order to meet even a delayed shipping schedule. However, Allchin promised that public beta testing would reveal all about Longhorn well before the "holiday 2006" release of the Longhorn desktop client. The server version is due in 2007.

Allchin said WinHEC was intended as a launch for 64-bit computing, not as a Longhorn event. Only a few Longhorn features were shown during the Bill Gates keynote (available for viewing online at the Microsoft Web site)—just enough to show the new OS wont just be a glorified Service Pack.

Click here to read more about the launch of the Windows 64-bit client and server software.

As for new processors, "64-bit is inevitable," Allchin said, citing its low cost to implement in hardware and the significant performance benefits it offers. The mission of this WinHEC, he said, was convincing hardware OEMs to begin writing 64-bit drivers now, so that the transition from 32- to 64-bit hardware can occur quickly.

Contributing editor David Coursey has spent two decades writing about hardware, software and communications for business customers.

Check out eWEEK.coms for Microsoft and Windows news, views and analysis.

Rocket Fuel