Microsoft: Virus target won't be in Vista

New shell targeted by a virus writer won't be part of the next client Windows, Microsoft says, after reports that the OS is under threat.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
3 min read
A new scripting tool targeted by a virus writer will not be part of Windows Vista, the next Windows client release, Microsoft announced Friday.

Instead, the software maker is looking at possibly delivering the command-line shell tool, code-named Monad, as part of its next major server operating system release, a Microsoft representative said. That release, code-named Longhorn Server, is due in 2007.

"Monad will not be included in the final version of Windows Vista," Stephen Toulouse, a program manager in Microsoft's security group, said in a blog posting. "So these potential viruses do not affect Windows Vista."

Microsoft is responding to the online publication of five examples of malicious code that target Monad. The tool was initially intended to be included in Vista. When news of the exploits came out, it triggered reports that they would be the first viruses for Windows Vista.

With the announcement, Microsoft is making it clear that the Monad viruses will not affect the client version of the operating system update, formerly known as Longhorn.

Monad, also known as MSH, is the replacement for the simple command shell in the current versions of Windows. A command shell lets users enter text-based commands, as in the predecessor to Windows, DOS. Monad has much more functionality, similar to shells in competing products, such as Bash in Unix.

Monad is available to testers, but is not part of the first Vista beta, released last week, Microsoft said Thursday. However, at the time, the company left open the possibility that it would be included in later test versions of Vista, saying that it had no further details on a specific delivery vehicle for the command line shell in Windows. Friday's announcement ended any confusion over Monad's inclusion in Vista.

Taking stock
Toulouse's posting follows comments from a Microsoft developer in another blog posting on Thursday criticizing security company F-Secure's claims of a possible first Windows Vista virus. "It's a misleading title, as it's an issue that affects any vehicle for any executable code on any operating system," wrote Lee Holmes, who works on the team building Monad.

"The fact that MSH is used as the execution vehicle is really a side-note, as it does not exploit any vulnerabilities in Monad," Holmes wrote. "The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do."

Toulouse gave no details on why Monad won't be part of Vista. He did say that the new shell is "being considered for the Windows operating system platform for the next three to five years."

While it is now clear that the new command line shell won't ship as part of Vista, it is still unclear how the technology will be delivered. Microsoft representatives have said Monad would first ship as a feature of Exchange 12, the next release of Microsoft's e-mail server, due in the second half of 2006.

In a TechNet Web chat for developers and technology professionals in December, Microsoft representatives said Monad will support Windows Server 2003, Windows XP and Longhorn, which then was the code name for both the client and server versions. Microsoft could release Monad as an operating system update or downloadable add-on.