Microsoft looks for 'protection' money

[Chosonman]

Microsoft looks for 'protection' money

So Microsoft is going into the Anti Virus and security business now. They will start a service in which customers will have to pay a subscription fee to have their computers protected from malicious attacks. Anyone else besides me see the problem with this? On one hand they make the product (Windows OS) that needs the protection at the same time they are offering to charge for services that will protect you from flaws in that product. Gates really needs to get his hands out of the cookie jar on this one.

 

[stash]

These services don't protect you from flaws in the product. The free monthly security updates do that.

AV software essentially protects users from themselves.

 

[spherrod]

Originally posted by: stash
These services don't protect you from flaws in the product. The free monthly security updates do that.

AV software essentially protects users from themselves.

Agreed, sure the Microsoft bashers will see it differently though

 

[scottws]

Well, hopefully they do a better job than that POS Symantec software. In any case it's fine with me so long as I have the option to uninstall it and use another AV product. If it's sort of stuck there like so much preinstalled Microsoft stuff is, then that will irk me.

 

[spyordie007]

This is old news anyways, there has been talk of a Microsoft AV product for years.

 

[sourceninja]

Originally posted by: stash
These services don't protect you from flaws in the product. The free monthly security updates do that.

AV software essentially protects users from themselves.

Thtas true to some extent, but what about when there are known unpatched flaws in a browser or email client and MS doesnt' patch them. Then you need an antivirus to protect you (especially if you are not in the crowd that knows about security holes).

I'd say its a conflict of interest. Although I really dont see many people using it over free antivirus apps like antivir or avast.

 

[networkman]

/conspiracy mode on

Please.. almost everyone knows it's the companies selling the antivirus software that are creating the majority of the new viruses out there! How else do you explain the exponential growth of viruses, spyware and malware? It's not just kids messing around for the fun of it; it's the antivirus software companies creating their problems to keep themselves in business.

Think of it like what Microsoft did with Windows 95 and Windows NT, keeping the two groups seperate during development. One department writes and/or exploits existing virus code and the other department "solves" the problem. 😛

/conspiracy mode off

 

[Tarrant64]

Chosoman, you are all over this anti-MS stuff today huh?

Did you switch mobo's or something? 🙂

 

[kamper]

I personally think it would be fitting for microsoft to offer this for free. If you offer an operating system, it should be as secure as possible without any extra addons required. However, they aren't required to give it away and so whatever the markets decide as far as purchasing this has to be considered fair.

The other interesting thing, of course, if they start giving it away, maybe even integrating in right into the os, then the fanboys (as well as others who can raise a mighty legal objection) will start screaming bloody murder about anticompetitive tactics.

All in all, I take this news with indifference.

But, Chosonman, I don't see why you had to bother bringing this up. You use linux so it shouldn't even matter to you, right?

 

[kamper]

Originally posted by: stash
These services don't protect you from flaws in the product. The free monthly security updates do that.

AV software essentially protects users from themselves.

Well, that only holds if patches are always out and completely deployed before exploits. I think most people rely on antivirus software to do more than just cover for their own mistakes.

 

[stash]

Well, that only holds if patches are always out and completely deployed before exploits. I think most people rely on antivirus software to do more than just cover for their own mistakes.

And when was the last self-propagating worm? Two years ago? AV would provide dubious protection against such an exploit anyway.

Most malware problems stems from the dancing pigs theory...people will always click on something pretty, cool, or pornographic. This is not a problem that will ever be fully resolved technically. But AV is the best defense against it. I see no conflict of interest here, just recognition of a market opportunity.

 

[kamper]

Originally posted by: stash

Well, that only holds if patches are always out and completely deployed before exploits. I think most people rely on antivirus software to do more than just cover for their own mistakes.

And when was the last self-propagating worm? Two years ago? AV would provide dubious protection against such an exploit anyway.

Most malware problems stems from the dancing pigs theory...people will always click on something pretty, cool, or pornographic. This is not a problem that will ever be fully resolved technically. But AV is the best defense against it. I see no conflict of interest here, just recognition of a market opportunity.

What does self-propagation have to do with it? Are you saying that it's been two years since windows was penetrated via any patchable flaw (at least for something that antivirus could help with)? You're basically saying that if you're smart, you don't need av softwares.

 

[Smilin]

Originally posted by: kamper

Originally posted by: stash
These services don't protect you from flaws in the product. The free monthly security updates do that.

AV software essentially protects users from themselves.

Well, that only holds if patches are always out and completely deployed before exploits. I think most people rely on antivirus software to do more than just cover for their own mistakes.

The last two big outbreaks (blaster, sasser) both had security updates available before the outbreak but virus definitions didn't catch up until after.

It's not possible to write a virus signature before the virus itself is written. It IS possible to write a patch before an exploit is.

And again just to be clear: MOST of the big viruses out there target the exploit of the monkey sitting at the keyboard that is stupid enough to click a link or an executable while logged on as an admin.

Why is it bad for one company to write antivirus but not another? Besides, aren't you running Linux anyway? Would you be griping if RedHat or Novell also wrote antivirus?

 

[stash]

Are you saying that it's been two years since windows was penetrated via any patchable flaw

Two years since a flaw was hit by an exploit that didn't require user interaction, yes.

You're basically saying that if you're smart, you don't need av softwares.

Yes.

 

[Matthias99]

Originally posted by: Smilin
It's not possible to write a virus signature before the virus itself is written. It IS possible to write a patch before an exploit is.

Well... you can do some stuff in terms of blocking 'virus-like' behavior (for instance, modifying the network stack or trying to modify critical system files), and using heuristics to identify possible viruses that have not yet been classified. But generally, yes, an antivirus program only protects you reliably from identified threats.

You can only write a patch (which is not always trivial) once the problem is identified and understood, and then there is always the risk that the patch does not fully resolve the problem or that it subtly introduces another bug or security hole.

MS is sort of in a catch-22 here; people bash them for not being secure enough (to the point where you almost have to use a third-party AV program for reliable security), but if they try to integrate AV software into the OS, people will start in with "ZOMG M$ is destroying the AV software market!!!1!1!!11"

 

[Smilin]

heuristics, yea there is that.

BillG wasn't joking about the whole security initiative. Built in firewalls, security center, automatic updates, anti-spyware, anti-virus. It's not a bad thing but yes, MS will of course catch crap for it. Especially from people who don't use Windows at all like the original poster here. It's not possible for MS to do anything right in some people's eyes.

 

[MysticLlama]

Originally posted by: stash

You're basically saying that if you're smart, you don't need av softwares.

Yes.

Double-quoted.... I haven't run AV software on any of my home machines for probably 5 years now.

I occasionally install one before I'm about to do a format and run a scan for curiosity and never come up with anything but the odd cookie.

If you don't click on random things, don't download hacks for games, don't spend time on filesharing networks, etc. there really isn't nearly as much to worry about as people claim.

 

[kamper]

Originally posted by: Smilin
It's not possible to write a virus signature before the virus itself is written. It IS possible to write a patch before an exploit is.

True. On the other hand, patches come out less frequently (once a month normally) and people are generally more willing to accept virus definitions without question than patches. That's neither here nor there, though. You are correct in theory.

Why is it bad for one company to write antivirus but not another?

I never said that. I specifically stated that microsoft was, imo, free to sell their av software. All I'm arguing about is whether or not av is only useful to counter user stupidity. I'm not expecting agreement from anybody anyways, as the whole security debate is far too full of spin and I'm not enough of a security expert to know one way or the other.

Besides, aren't you running Linux anyway? Would you be griping if RedHat or Novell also wrote antivirus?

My only linux install is debian, currently sitting on a harddrive that's not plugged in. If I find time I might fire it up again at some point to play with xen, but I'd rather try it with netbsd (gotta work up some courage first though 😛). Anyways, if RH or Novell started writing av, I'd expect them to include it in their products by default (or at least as a no-hassle option). RH, as far as I know doesn't even sell software so that's not a very good comparison.

If they wanted to make it a seperate purchasable product, I'd 1) wonder why they're in the open source busines and 2) think badly of them for not taking more responsibility for the basic security of their operating systems. Security isn't an optional add-on and software that isn't as secure as possible shouldn't be purchased.

If we ever get to the sad day where not having av simply isn't an option (apparently we haven't reached that day with windows), then I don't want to see a bolt-on. I want to see it integrated so people understand that it's not optional.

 

[smack Down]

Originally posted by: Matthias99

Originally posted by: Smilin
It's not possible to write a virus signature before the virus itself is written. It IS possible to write a patch before an exploit is.

Well... you can do some stuff in terms of blocking 'virus-like' behavior (for instance, modifying the network stack or trying to modify critical system files), and using heuristics to identify possible viruses that have not yet been classified. But generally, yes, an antivirus program only protects you reliably from identified threats.

You can only write a patch (which is not always trivial) once the problem is identified and understood, and then there is always the risk that the patch does not fully resolve the problem or that it subtly introduces another bug or security hole.

MS is sort of in a catch-22 here; people bash them for not being secure enough (to the point where you almost have to use a third-party AV program for reliable security), but if they try to integrate AV software into the OS, people will start in with "ZOMG M$ is destroying the AV software market!!!1!1!!11"

Well they could always make windows secure enough that anti-viris software isn't needed.

 

[spyordie007]

Originally posted by: smack Down

Originally posted by: Matthias99

Originally posted by: Smilin
It's not possible to write a virus signature before the virus itself is written. It IS possible to write a patch before an exploit is.

Well... you can do some stuff in terms of blocking 'virus-like' behavior (for instance, modifying the network stack or trying to modify critical system files), and using heuristics to identify possible viruses that have not yet been classified. But generally, yes, an antivirus program only protects you reliably from identified threats.

You can only write a patch (which is not always trivial) once the problem is identified and understood, and then there is always the risk that the patch does not fully resolve the problem or that it subtly introduces another bug or security hole.

MS is sort of in a catch-22 here; people bash them for not being secure enough (to the point where you almost have to use a third-party AV program for reliable security), but if they try to integrate AV software into the OS, people will start in with "ZOMG M$ is destroying the AV software market!!!1!1!!11"

Well they could always make windows secure enough that anti-viris software isn't needed.

If you run windows as a guest account that's pretty much the case.

However if you have rights to alter the system in any way (for example installing software) AV software provides a mechanism that says "wait, you shouldnt be doing this".

 

[PingSpike]

Actually, it shouldn't really upset the balance much if microsoft charges for this stuff. There's already plenty of players in the market, and if you don't like the price you can always look elsewhere.

 

[NogginBoink]

Originally posted by: smack Down

Originally posted by: Matthias99

Originally posted by: Smilin
It's not possible to write a virus signature before the virus itself is written. It IS possible to write a patch before an exploit is.

Well... you can do some stuff in terms of blocking 'virus-like' behavior (for instance, modifying the network stack or trying to modify critical system files), and using heuristics to identify possible viruses that have not yet been classified. But generally, yes, an antivirus program only protects you reliably from identified threats.

You can only write a patch (which is not always trivial) once the problem is identified and understood, and then there is always the risk that the patch does not fully resolve the problem or that it subtly introduces another bug or security hole.

MS is sort of in a catch-22 here; people bash them for not being secure enough (to the point where you almost have to use a third-party AV program for reliable security), but if they try to integrate AV software into the OS, people will start in with "ZOMG M$ is destroying the AV software market!!!1!1!!11"

Well they could always make windows secure enough that anti-viris software isn't needed.

There's no way to patch a short between the ears.

If the user clicks the email attachment 'click here to see the dancing pigs,' and the dancing pigs executable trashes the system, the problem isn't with the operating system.

 

[RebateMonger]

Two weeks ago, I attended an all-day Microsoft seminar on their new mail security products, including the Antivirus tool.

It has an interesting attribute: You can program it to use multiple data engines for its scanning. Up to eight. Each from a different AV company.

There's speculation that one reason Microsoft CAN'T "give away" the AV product is the worries about Anti-Trust lawsuits. Look at how Microsoft had to create a separate "N" version of Windows, that doesn't contain Media Player. There were similar lawsuits over Internet Explorer a few years ago. If Microsoft doesn't leave openings for competition, they end up in court fighting "Monopoly" allegations.

If Microsoft's AV product is effective and appropriately priced, I'll probably encourage my clients to use it. It's a PAIN to manage many servers, each of which has a totally different AV product installed, with different procedures and different licensing requirements.

But I'm not that hopeful. Microsoft took ten years to come up with a good backup system for NT, I'm not all that impressed by their Anti-Spyware, and they have the worst Anti-Spam solution on the market (in Outlook and in Exchange IMF).

 

[kamper]

Originally posted by: NogginBoink
If the user clicks the email attachment 'click here to see the dancing pigs,' and the dancing pigs executable trashes the system, the problem isn't with the operating system.

Yes, this is easily preventable. In order to trash your system you should have to be running with certain administrative privileges and I think we all realize by now that this is not acceptable for people that click for dancing pigs.

Nobody's quite solved the problem of malware trashing a user's home directory, but there are steps that can be taken. First of all, don't execute any programs stored in the home directory: the user cannot introduce new malware because they cannot put stuff outside their home dir. Then, put restrictions on what normal programs can do, in case they get owned. The mail reader can only write to a config dir to store it's emails and such, plus one more accessible place so the user can save attachments.

That doesn't yet solve the hassle of generating appropriate policies for unknown 3rd party apps, but it at least gives you a framework to start dealing with them. I've been reading up on systrace, from OpenBSD. Very cool possibilities there, much more than just restricting access to file systems.

So this means that your average dumb user can barely modify their own system. I'd call that a good thing, it's probably too complex for them anyways. Anybody that actually needs to install their own software should be experienced enough not to click for dancing monkeys, or at least to understand that they shouldn't have to supply an administrative password to see them.

In summary, there is still a lot of room for operating system designers to protect non-technical people from themselves.

 

[smack Down]

Originally posted by: RebateMonger
Two weeks ago, I attended an all-day Microsoft seminar on their new mail security products, including the Antivirus tool.

It has an interesting attribute: You can program it to use multiple data engines for its scanning. Up to eight. Each from a different AV company.

There's speculation that one reason Microsoft CAN'T "give away" the AV product is the worries about Anti-Trust lawsuits. Look at how Microsoft had to create a separate "N" version of Windows, that doesn't contain Media Player. There were similar lawsuits over Internet Explorer a few years ago. If Microsoft doesn't leave openings for competition, they end up in court fighting "Monopoly" allegations.

If Microsoft's AV product is effective and appropriately priced, I'll probably encourage my clients to use it. It's a PAIN to manage many servers, each of which has a totally different AV product installed, with different procedures and different licensing requirements.

But I'm not that hopeful. Microsoft took ten years to come up with a good backup system for NT, I'm not all that impressed by their Anti-Spyware, and they have the worst Anti-Spam solution on the market (in Outlook and in Exchange IMF).

Microsoft can give away AV with out anti-trust worries. MS can't bundle the application with windows with out getting sued. If they bundle the software they will get sued even if it requires a fee.