Windows co-president Jim Allchin has said that Windows Vista, which met its release to manufacturing milestone earlier this week, is so superior to Window XP on security that he feels safe letting his own son run a PC without anti-virus software.

A prominent security analyst countered that that attitude would be fine as long as everyone using Vista was a seven-year-old.

During the Q&A portion of a telephone briefing with reporters Wednesday, Allchin said he was proud of Windows XP SP2, another operating system effort he led. "[But] there were things that we couldn't put in that product," he said.

"Don't misunderstand me, this is an escalating situation. The hackers are getting smarter, there's more at stake, and so there's just no way for us to say that some perfection has been achieved. But I can say, knowing what I know now, I feel very confident."

So confident, in fact, that his seven-year-old son's Vista PC lacks anti-virus software.

"Honestly, he doesn't have an antivirus system on his machine. His machine is locked down with parental controls, he can't download things unless it's to the places that I've said that he could do, and I'm feeling totally confident about that," Allchin said. "That is quite a statement. I couldn't say that in Windows XP SP2."

"Sure, if everyone treated their employees like seven-year-olds, and locked down their PCs 100 percent, how could a virus load?" said John Pescatore, a Gartner analyst and the research firm's resident security expert, on Friday.

But that's not going to happen. And in the real world, Windows Vista does need anti-virus software.

"As soon as you allow users to load anything, and everyone will allow that in Vista, then you need AV [anti-virus]. For two reasons, one small and one big," said Pescatore. "The small reason is the hope that it will block viruses and worms. But the big reason is so that you run an AV scan once a week and remove viruses before they can cause too much damage."

Another Vista opinion that Allchin put forward on Wednesday got better reception from Pescatore.

"It's my opinion that the severity of the [security] bulletins will be less [in Vista than in XP], as well as the number will be less," predicted Allchin. "That's to be proven, so we'll see about that. Vista will have issues in security because the bar is being raised over time, [but Vista] is the most secure system that's available, and it's certainly the most secure system that we've shipped. So I feel very confident that customers are far better off by using Windows Vista than they are with anything that we've released before."

Pescatore agreed. "Since Windows Server 2003 came out, it has had many fewer vulnerabilities than Windows 2000 Server," he said. "It was their first server OS since they began to take security seriously. Vista is their first desktop OS.

"We expect that Vista will be to Windows XP as Windows Server 2003 was to Windows 2000 Server."

Allchin, who has been with Microsoft since 1990, will retire at the end of January, after Vista ships. Earlier this year, 17-year veteran Steve Sinofsky was appointed to succeed Allchin as the head of the company's Windows division.

Windows Vista will reach corporate volume license customers this month, and consumers on Jan. 30, 2007.