There have been a lot of claims by various media outlets in the last couple of days that a so called proof-of-concept virus was the first piece of malicious software targeted specifically towards Windows Vista. Now, while Microsoft seemed to have originally been planning to include Monad with Vista, it never has been included in any (public) Longhorn build, and will not even be included in the RTM build of Vista, according to InfoWorld:

"In an interview Friday, Microsoft Director of Product Management Eric Berg said Monad will not be included in the first commercial version of Windows Vista, expected in the second half of 2006. But the product is expected to be included in Windows over the next "three to five years," he said. "Our intention is to synchronize it with both client and server operating systems."

I was certainly not surprised that hackers are already experimenting with Vista, and I don't think Microsoft was either. Whether or not this about-face is related to the "virus" uproar, I, for one, am glad that Monad will not be part of Vista by default, although I hope it will be available as an add-on product. For the vast majority of users, Monad would be an unused component of the system, existing only to be a security liability. After all, how many average Windows XP users do you think ever use the Command Prompt? Probably not very many. And how many average users would need or want to manipulate .NET objects in a command shell? Zero. So I think the exclusion of Monad from Vista fits well with Microsoft's new "secure by default" mantra, without significantly reducing the usefulness of Vista to the typical user.

I do want to clarify that these security liabilities are going to be a natural side effect of installing any command shell that's even remotely useful. The fact that creating these viruses for Monad was possible does not necessarily mean that Monad will have serious security issues (although it likely does in the current beta form). You still have to get malicious code on your system in the first place to be at risk, and a system with Monad doesn't present any additional opportunities for that distribution to happen than a default Vista installation would. And once malicious code is present on a system, it can do plenty of damage, with or without the aid of Monad.

I did some initial experimentation with Monad yesterday, and I think it's a powerful tool. I'm definitely looking forward to its final release, and I hope that Vista power users will be able to install it, even if it is not included in the retail bits.