My PC's year of living dangerously online

Jim Allchin, the departing boss of Windows development at Microsoft, accidentally caused a stir when he was reported as saying that Vista did not need antivirus software. He said no such thing, in fact, and Microsoft's official policy is: "We strongly recommend that you install and use an up-to-date antivirus product." That's my view, too. But I confess it's a case of 'do as I say', rather than 'do as I do'.

It is true that Vista is much more secure than Windows XP SP2. The extra security features include the removal of the standard administrator account, randomised code loading, new parental controls, sandboxing the IE7 browser, the hardening of Windows Services and, in high-end versions, BitLocker drive encryption.

However, two things are going on here. The first is that Microsoft is working to try to make its code more secure, which is hard. The second is that Microsoft is trying to protect users from themselves, which is much harder. It's already been shown that even if you encrypt and password-protect viruses (to stop them being identified and removed by email filters), Windows XP users will still run attachments and infect their PCs manually. As author and security expert Mark Minasi says, security is mainly a carbon problem rather than a silicon problem.