Microsoft Officially Announces Anti-Virus Product

Harry Maugans writes "Microsoft has officially announced their entrance into the anti-virus market. By combining anti-virus scans, anti-spyware scans, and firewall protection into a single package, Microsoft thinks they've created something fresh. So fresh they're charging an annual fee of $49.99 per year." From the article: "Microsoft's Windows OneCare Live program will be launched in June and made available online and via retailers for an annual fee of $49.95 on up to three machines. Customers who beta test Windows OneCare Live between April 1 and April 30 get to take advantage of a special $19.95 promotional price. Microsoft's pricing means Windows OneCare subscribers are likely to pay less up front than if they bought traditional anti-virus software like Symantec, for example, whose Norton AntiVirus 2006 protection pack for three PCs lists at $89.99."

Cool

[dfiguero (324827)]

So now they sell you the problem and the fix!

To be fair to Microsoft

[rsilvergun (571051)]

There's plenty of customers who are furious Microsoft isn't providing antivirus software. For them this is the fix. They think mechanically, and don't understand that computers shouldn't need fixing unless the hardware takes a dive. To them, this is maintence that ought to be provided by the manufacture. And besides, there's plenty of viruses that can't be stoped by good security (iloveyou.jpg.exe).

That said, Norton, McCafee, AVG, et. al. can kiss their collective butts good by. It's one thing if they had products Microsoft couldnt' compete with (ala Quicken), but last I check Microsoft Antispyware was one of the beter ones out there.

Re:To be fair to Microsoft

[CastrTroy (595695)]

Anything can be stopped by good security. Especially in the case of iloveyou.jpg.exe. Here's how it goes. First, show the extensions, it is a security hazard not to when the extension controls whether or not the file is executed. Second, Give big warnings the first time you run a new executable, and each time the executable has changed, and even more warnings if the executable has 2 extensions such as .jpg.exe. Each executable should need specific permissions for reading and writing files, including the

Re:To be fair to Microsoft

[Antifuse (651387)]

Even better - do what my girlfriend's company does, and put "I love you" in the "bad words" filter for your mail server, rejecting every single email containing the phrase "I love you" (except if the "I love you" is in the subject, those can go through. Even though the iloveyou virus specifically put "I love you" in the subject). Took us a while to figure out why my messages kept bouncing, it's not like I was calling her a filthy c-word. Best. Security. Evar.

Re:To be fair to Microsoft

[JonTurner (178845)]

>>put "I love you" in the "bad words" filter for your mail server, rejecting every single email containing the phrase "I love you"

Now I've seen it all. Following that line of reasoning, if they'd just filter on the word "virus"...

Re:To be fair to Microsoft

[jonfelder (669529)]

Right, because the user is going to make informed decisions and choose not to run the thing after clicking through a million of these popups everytime they've installed something in the past.

I agree extensions should be shown, and I agree users should by default have non privileged accounts.

However, forcing the user to click through popups and having them add specific permissions to each executable is not the solution. I don't claim to know what the solution is, but I do know that popups and security warnings simply do not work. Only people who know what they are doing know what they mean. Unfortunately this is the same group of people who do not need them.

Maybe we could start with hardware/software that doesn't permit exploitable buffer overflows (we've got that now, we should be using it). In addition Microsoft should not allow untrusted data to be available to the inner workings of the OS via Internet Explorer.

Nothing is going to keep people from running stuff they shouldn't run. However, we can at least attempt to cut down on the things that run as a result of crappy code. Stupid things like the WMF vulnerability and buffer overflows should not even be problems anymore.

Re:To be fair to Microsoft

[clontzman (325677)]

Once the third-party providers go away, the price of OneCare Live will skyrocket just like Office did.

Methinks you should look again. In 1997 (grabbed an old magazine off the shelf), Word 97 cost $337. Office 97 standard cost $499. Today you can get the home edition of Office 2003 for $149 or the standard version for $399. Prices for Office have been trending down, especially for the small business or home user.

Re:To be fair to Microsoft

[Tony Hoyle (11698)]

$149? For the educational edition maybe... you have to be a teacher or student to get that.

Amazon are selling the proper version of office for £311.97 ($499).

Re:Cool

[JonTurner (178845)]

>>So now they sell you the problem and the fix!

It's a "fix" in the sense of a drug addict getting a dose. Doesn't solve the underlying problems, but makes the pain go away for a short while.

Why do you think ...

[LukePieStalker (746993)]

Why do you think they call it virus protection [wikipedia.org]?

Extortion

[duerra (684053)]

Is it wrong for me to feel used and abused at the idea that Microsoft wants to charge for this service? I have seen arguments both ways, but I can't help but feel that charging for such a service amounts to little more than extortion. I mean, it's their operating system, and problems with their code that *often* (but not always) allows for these problems in the first place, so why should I have to pay extra for protection from malware that should have been stopped to begin with?

Now, I know that often times it is the fault of stupid users when spyware, viruses, etc. get loaded onto a system, but for any reasonably computer savvy individual, these things blindside you when you least expect them.

I'm sorry, but anti-trust issues, in my opinion, are nothing more than a mask to use as an excuse for what this really is - extortion intended to nickle and dime consumers that rely on Windows because they can't/won't/don't know how to use anything else. Am I supposed to believe now that Microsoft won't intentionally keep open holes in their systems in order to "persuade" their users into purchasing this service? Somehow, I don't put such evil past them.

Re:Extortion

[Namronorman (901664)]

No I don't think it's wrong for you to feel this way and I think more people would understand if you explained it in more simpler terms. You buy a piece of software, it's buggy, they'll fix their mistakes... but you have to pay for it. The idea of paying for other people's mistakes when they're aware of it and fully capable of fixing it for free just really steams me.

Re:Extortion

[hey! (33014)]

Well, you have to pay for it before hand or afterwards. Businesses don't do anything unless there's a revenue stream for it. If you want better software, you have to pay for it one way or another.

I don't see extortion as the issue; it's not like they have to work to put security holes into their software. All they have to do is follow normal business practices.

The reason Windows is so insecure is that there is no complete competing Win32 implementation. Customers perceive the cost of not using Windows

Re:typical Microsoft bashing

[duerra (684053)]

this is not a case of Windows having a security hole and Microsoft knows about it and charges money for the fix

Maybe not right now, but the very first time I see an AV signature to stop a virus that is exploiting a hole before I see the patch to fix that hole itself (which I guarantee is going to happen - just wait), I better see you and everyone else in the Slashdot world that is ok with this go up in arms.

Re:Extortion

[tsa (15680)]

You know what's the worst part? People will go and think: Hey, this is a Microsoft anti virus program. They know their software best, so it must be the best anti virus program out there. Let's buy it!

Analogy

[Rocketship Underpant (804162)]

Heh, I think it's more like a restaurant offering to sell you their own brand of anti-acid pills or Pepto Bismol with your meal. :)

"Only $4.99, sir, and you'll probably need it considering the ingredients we use."

Re:Analogy

[Catbeller (118204)]

More like a restaurant slipping you arsenic with your meal, then selling you the antidote as an add-on dessert as you lay dying on the tiled floor. A MONTHLY antidote, no less, at an ever-increasing price.

Re:Extortion

[earlshaw03 (854992)]

Why is Microsoft considered evil when they introduce an anti-virus, anti-spyware, and firewall for a fee. This is purely a business decision to protect Microsoft from lawsuits. Lets see her if Microsoft was to include this service for free or intergrate it into Windows Vista, then companies like Symantec, Mcafee, etc would sue the shit out of Microsoft, just like other companies sued Microsoft over intergrating a office suite in Windows. If you want to talk about something evil why don't we talk about the people who write these viruses, spyware, malware, etc. They are the reason we have to have so many security solutions in the first place. Its amazing how much hate there is for Microsoft on /. If you don't like it then quit using it. There are other solutions out there, so if you feel that Microsoft is so evil then quit supporting there products.

Re:Extortion

[duerra (684053)]

Damn right it is purely business - and that's the problem. Suing for bundling everything under the sun with the intention of abusing monopolies is one thing, but bundling (for free), security software to protect the operating system that should be secured in the first place, does not strike me as monopolistic abuse. Using that excuse sure is convenient though, isn't it?

Being afraid of getting sued hasn't really slowed Microsoft down in the past, so why should they start when it comes to the security of their OS? Oh, right - because they can make money on it this time around. What makes you think that Microsoft isn't using tricks and internal-only API's to make their AV product that much better than the competition? Isn't that abusing their monopoly just as well as if they were to provide it for free? What happens when a security hole goes unfixed for a month because Microsoft has gotten lazy, and it's in their best interest not to fix it to begin with anyway, because they stand to profit from OneCare sales if they "test" a patch just a bit longer? Sure, for high-profile exploits they'll fix them right away to save the PR backlash, but they still are ahead in the end.

I don't hate Microsoft. I really don't. I think they have contributed a fuckton to the industry. But this is just plain wrong, and does nothing more than cast doubt into their userbase regarding their credibility.

Re:Extortion

[pllewis (634741)]

Why is Microsoft considered evil when they introduce an anti-virus, anti-spyware, and firewall for a fee. This is purely a business decision to protect Microsoft from lawsuits.

A similar reason you don't let baseball players bet on baseball. They can minipulate the outcome. You have to trust them not to taint the product to sell additional services. The only thing you can trust in business, is that business will do whatever they can to satisfy their shareholders(make money). If this goes through anti-t

Re:Extortion

[supabeast! (84658)]

"Is it wrong for me to feel used and abused at the idea that Microsoft wants to charge for this service?"

Not really - after all, if you just install Microsoft's free updates and secure your computer using methods available online for free, you shouldn't need Microsoft's antivirus services to begin with.

The big purchasers of this product will be corporate and government IT departments looking to save money by buying bulk quantities of Microsoft antivirus as opposed to other products that cost more. It's unlikely that the sleazy side of Microsoft selling antivirus software for its own OS will defer customers, as sleazy business practices have already tainted Symantec and McAffee. Microsoft can afford to undercut every other vendor's pricing and watch them all go under, and as long as the new software isn't bundled with the OS, the DOJ and EU will probably let it be.

Re:Extortion

[Deathlizard (115856)]

I'm sorry, but anti-trust issues, in my opinion, are nothing more than a mask to use as an excuse for what this really is - extortion intended to nickle and dime consumers that rely on Windows because they can't/won't/don't know how to use anything else. Am I supposed to believe now that Microsoft won't intentionally keep open holes in their systems in order to "persuade" their users into purchasing this service? Somehow, I don't put such evil past them.

Do you really believe that Symantec/Mcafee/ETC would just sit back and watch their Primary Cash Cow dissolve if Microsoft decided to incorporate Anti virus natively in Vista? Microsoft would be sued for antitrust before Vista was even released.

Microsoft has only three options here:
- Let the third party handle it (Sarcasm)Since that's worked so well(/Sarcasm)
- bundle it into Vista, which would be the final solution to the problem for good, and then say hello to the judge.
- Sell it as a product, which avoids the Courtroom tour and may or may not be better than the third party and can at least possibly advertise it in vista. But get accused to intentionally allowing holes in your product to sell it in the process.

And No. Fixing the OS is not the final solution (or the problem for that matter). I can guarantee that Vista even with all of it's user restrictions, protections and the like will still have a virus problem, because you can patch the OS until the cows come home, but you can never patch the idiot in front of the keyboard. That idiot will run something bad, which will infect his user account (Which doesn't need Admin/Root/Privs to access and infect BTW. Same goes for you linux and OSX people who think your so safe.), and proceed to DOS everything it sees online and off with SPAM and their's nothing that the idiot is going to do about it until he can't use the computer anymore because it's spamming and DOSsing all day instead of looking at the pretty girls on the interweb.

As for Microsoft adding intentional backdoors to sell Onecare, it's highly unlikely, especially when you could easily go to Mcafee or Symantec for all of your security needs let alone the free apps out there.

Re:Extortion

[duerra (684053)]

The answer is simple: don't buy Windows

For every complex problem, there is a solution that is simple, neat, and wrong.
H. L. Mencken

Surely you can understand that such a simple answer doesn't cover all scenarios and possibilities, and even if it may work for you and me, that answer isn't going to work out quite so well with 90% of the rest of the world.

Re:Right or Wrong...

[mpapet (761907)]

There is at least one viable alternative to windows.

Apple Macs (many people don't feel comfortable unless they pay for it)
Multiple Linux Distros(suse's commercial desktop OS version is my preferred)
Multiple BSDs (freebsd is nice, a little feedback on pcbsd would be welcome)

There are three right there.

I'm not sure why anyone -needs- windows any more. If you tell me your enterprise application needs IE for XYorZ, then that's a specialized legacy problem. For the 80% of desktop users, I'd say they would do j

Re:Right or Wrong...

[rs79 (71822)]

People should keep track of what they spend getting their windows pc unfucked. They might notice that in many cases they spend more in 1, 2 or 3 years so buy a Mac G4 dual off ebay which is more than enough for most people.

Hey Dad, you listening?

re: 3rd. option?

[King_TJ (85913)]

I'm not much of a fan of Microsoft products. In fact, I've switched mostly to Mac OS X over the last few years. But nonetheless, your argument is really little more than a thinly veiled attempt to "flame" Microsoft.

Your "3rd. option" isn't realistically possible at all. The problem is, Windows started out as a layer to run on top of the MS-DOS operating system. Over the years, they kept adding to it and adding to it. Then they branched off another direction (Windows NT) when they realized building on t

Re: 3rd. option?

[Spinlock_1977 (777598)]

I think you're taking "fix" a little too literally. One good fix would be to toss out the new stuff in Vista, leave the secure stuff, and stive for good backwardwards compatiblity. (In fact, I hear they're striving for this already). Then GIVE THE OPERATING SYSTEM AWAY to all licensed windows customers. Admit they fucked up their design decisions along the way and do something helpful for their customers.

This, in my opinion, would be a fix. It would also help fix their diminishing customer good will.

An

Solution for lazy people

[teslar (706653)]

I predict a lot of comments along the lines of

1. Produce crap OS
2. Wait for exploits
3. Make people pay for fixes to the exploits
4. There is no step 4
5. Profit!!!!

But at the end of the day, the exploits are real, regardless of what may cause them and what you're paying for really, is the comfort of hassle-free self-updating protection. Sure, you could get it all for cheaper (as TFA notes, Norton may be more expensive in initial acquisition, but subscription renewals are cheaper - $49.95 for Microsof

Re:Solution for lazy people

[Eggplant62 (120514)]

The only thing people are paying for is Microsoft's laziness to do a proper code audit to clean up their crap OS. That's the lazy component to this whole thing. I find it irritating that they would sell an OS that's insecure, and then charge even more to properly secure it. What a racket!!

Re:Solution for lazy people

[GreyWolf3000 (468618)]

I hate MS as much as the lext geek, but I believe that if MS didn't charge for their AV services, people would accuse them of price gauging Norton and McAfee. As it stands, their pricing makes them competitive with at least Norton.

Even if MS were completely committed to securing the Windows codebase, there would still be plenty of security problems to deal with. I don't blame them for charging for this at all.

Re:Solution for lazy people

[Malor (3658)]

The biggest thing I see is that there is now a fundamental disincentive to ever really 'fix' Windows.

When the AV products aren't from your own company, there's pressure to remove them as competitors. When the AV division is part of your own company, there's not much incentive to put your coworkers out of jobs. And management is unlikely to want to squash an ongoing revenue stream.

Microsoft has desperately wanted the subscription model for many years. This, essentially, is it. They get to charge you fifty bucks a year. If they get a significant chunk of the userbase signed up, that is a HUGE amount of money. They're NOT going to jeopardize this new revenue stream by making the platform fundamentally virus-resistant in any meaningful way.

In fact, they now have a big incentive to make the OS less secure.

Re:Solution for lazy people

[oberondarksoul (723118)]

Yes, the exploits are real. They could be fictitious if Microsoft opted to put the time they've spent on prettying-up Giant's anti-virus on fixing the code. But, of course, there's not as much money in solving their problems than there is in selling a safety net to sit on top of them.

Is it a pig?

[confusion (14388)]

I know there is a lot of concern in the security circles about MS' entry into A/V. First, there are some many ways to get Norton or Mcafee for free or next to it, I don't see that as a big threat. I see the much bigger threat being the potential for MS' A/V program to not be such a freaking enormous, bloated pig, like Norton and Mcafee.

Jerry
http://www.networkstrike.com/ [networkstrike.com]

Big deal

[tbone1 (309237)]

Call me cynical, but when their anti-virus software is based on DirectX, ...

Sounds like protection money to me...

[Eggplant62 (120514)]

Sell a shoddy, insecure operating system prone to virus infection and security compromise, then make your customers pay even more monoey properly secure it.

"Hey Vinnie... put a cap in his guy to shut him up... He knows too much."

MSAV?

[Epaminondas Pantulis (926394)]

So MSAV didn't qualify as antivirus?

So let me get this straight Bill....

[d3ac0n (715594)]

You want me to PAY YOU for protection against the very problems your bad design made possible?

Nice computer you have here

[CaptainZapp (182233)]

Would be a shame if something happens to it...

Fair enough

[spge (783687)]

This is probably the best thing that could happen. The alternative is that Microsoft includes competent anti-virus software for free, which will damage other anti-virus companies, or at least create potential conflicts between the anti-virus software included in Windows and the stuff you will prefer to install.
Of course, the other alternative where Microsoft creates an operating system resistant to the vulnerabilities used by virus writers, belongs to an alternate reality.

annual per year?

[MartinG (52587)]

an annual fee of $49.99 per year.

Oh, an annual fee per year, as opposed to all the other kinds of annual fee.

It always annoys me when people use duplicate unnecessary redundant superfluous words in their sentences.

Not a bargain

[richwiss (876232)]

Symantec rebates make the annual upgrade cost of these products almost (if not exactly) $0.

$49.95 per year for this product doesn't sound like a bargain to me.

Old Auto Industry quote

[db32 (862117)]

I seem to remember that story (dunno if its simply urban legend or not) about Gates chastising the auto industry about how much farther computers have come in the previous years.

Imagine if the auto industry followed the same logic here...Are you willing to pay an extra $50/year to make sure your cars manufacturer fixes any safety issues? I imagine there are some auto industry leaders kicking themselves for not making safety recalls a subscription based service.

Re:Old Auto Industry quote

[amliebsch (724858)]

Bad analogy. We're talking about users running malicious code, not breakdowns or failures. More like, if you pour bleach into your gas tank because someone told you it would turbo-boost your engine, should the manufacturer fix it for free?

So...

[voice_of_all_reason (926702)]

I guess the rest of us don't need Windows Update anymore, right?

Best. Anti-virus. EVAR.

[RyoShin (610051)]

This has the opportunity to really sweep up the anit-virus market.

Using holes first introduced by them, they can identify a virus, protect a user against that virus using OneCare Live, and then dive into their code to see how the virus slipped through, and, two or three weeks later, release a patch to completely stop that virus and any other like it. Since the patch would be available to all users, many would update their system and stop spreading virii, which would cut down on the number of wild virii, which would decrease the work load for the AV service, meaning they can make more profit without changing rates!

They could do more than just make a reactive anti-virus program, they could make a proactive anti-virus program. Within a year or two, they could close up most common security holes in Windows, making their system more lucrative to those trying to decide on an OS.

And, then, they can take what they learn from this, and apply it to Vista, making it a robust and secure OS, rivaling any open source OS! BEST. ANTI-VIRUS. EVAR.

...Whoa, wait... Microsoft is the one making this?

Nevermind. [sigh]

Isn't anybody the least bit outraged?

[AnalogDiehard (199128)]

This is reminiscient of the Bell Co's who sold their telephone listings to telemarketers and then offered their customers options to keep the telemarketers out and charged by the month for those services. They made $$$ on both ends.

M$ has "bundled" IE deep into the OS. IE is the primary channel that viruses and spyware exploit. Why can't they "bundle" the fix in the OS?

What a scam!!!

Re:Protection Fees

[Stevyn (691306)]

And when a new vulnerability comes out they can wait a little longer to patch it for the people who don't pay this fee. Microsoft has been getting too greedy since windows XP came out. Between activation and this, they're gonna turn too many people away to apple or linux.

Re:Cars

[Se7enLC (714730)]

Yeah, they do that. When something was wrong with the car at the time of manufacture, when they find out about it they send you a little card in the mail to get you to come in to get "Warranty Work" done, they charge a fortune!

Oh wait, what's that you say? Warranty repairs are free of charge? Huh, well I'll be damned, you're right! Defective products ARE fixed/replaced free of charge. And it's REQUIRED by state Lemon Laws!

Can we have a Lemon Law for software?

Re:Charges for bug fixing

[amliebsch (724858)]

Afterall, viruses are nothing but exploits which take advantage of the windows bugs.

Everyone so far keeps saying that, but I don't think that's true at all. A virus is executable code that does something malicious. Unless your OS has so little functionality that it is impossible to do something malicious or to run executable code, people will get tricked into running malicious code. In slashdot tradition, the car analogy: whether your car is a BMW (OSX), a Ford (Windows), or an M1 Abrams main battle tank (*ix), it is possible to drive it off a cliff. That's not the manufacturer's fault because it's a subset of the activity that a car is expected to be able to do. It's not reasonable to expect them to clean up the mess if you do so. If you want anti-cliff-off-driving protection (in the automotive world, called "insurance") - that's extra.

Re:Charges for bug fixing

[amliebsch (724858)]

who would you expect to fix it in this case

The manufacturer.

should they charge you for it?

No.

But Microsoft does already fix those types of problems for free (via hotfixes and service packs) and will continue to do so. That's not what anti-virus software does. Clear?