Microsoft To Offer Virus Defense 579
FridayBob writes "According to the New York Times, Microsoft plans to
enter the consumer antivirus business
with a subscription service next year.
Most of us will remember
Microsoft's assimilation of RAV Antivirus from GeCAD Software of Romania in 2003." From the article: "Microsoft plans to expand the service beyond its 60,000 employees this summer and offer an open trial for consumers this fall. No date has been set for a commercial introduction, but the executive in charge of the new business said it would ultimately be offered as an annual service by subscription."
It should be part of the OS! (Score:5, Insightful)
Re:It should be part of the OS! (Score:4, Insightful)
Also try AVAST! (Score:5, Informative)
I've actually used this software to fix problems that McAfee couldn't (the boot time scan is not possible with McAfee).
Re:Also try AVAST! (Score:5, Informative)
It's great for tinfoil hatters too, since you don't even need a registration code.
AVG Antivirus is great (was Re:Also try AVAST!) (Score:3, Insightful)
Re:It should be part of the OS! (Score:4, Insightful)
Re:It should be part of the OS! (Score:4, Insightful)
Let me get this right (and twist the argument around a bit)...
You are saying that something that would be good for users (Microsoft fixing their vulnerabilities [forget for the moment how they are fixing it]) is bad for businesses? This is like saying, "finding cures for diseases is a bad thing because it will put the pharmacutical industry out of business"!
This flies against the face of logic. Then again, we are talking about businesses here. Anything for a buck!
B.
Comment removed (Score:5, Insightful)
Re:"Anti-virus software" != "Fixing vulnerabilitie (Score:4, Informative)
I agree that many types of malware would be better fixed by changing Windows itself, patching obvious entryways such as ActiveX and such, etc;, since the majority of those are actually exploits of Windows system flaws rather than viruses in the traditional sense.
I also agree that the simple release by Microsoft of a free anti-malware products is little more than a band-aid in terms of fixing the general malware problem found on Windows today.
I do, however, disagree that Windows is alone in having traditional viruses (the classic Mac was also hit very hard in the past), and I think the recent focus of AV companies on Windows-centric forms of exploitative malware in addition to their more traditional activities (the detection and removal of traditional viruses) has blurred the distinction between the two types of malware in your eyes.
The two classes of malware are NOT the same.
Even if Microsoft were to fix the massive security holes that exist on their platform, a market for third-party anti-virus tools would still exist.
However, a Microsoft AV offering has the potential to remove that marketplace comepletely.
That's the difference...
Re:It should be part of the OS! (Score:2, Insightful)
Any OS that can run user code will be vulnerable. Or are you advocating TCPA?
Re: (Score:2, Interesting)
Comment removed (Score:4, Informative)
Re:It should be part of the OS! (Score:5, Informative)
Essentially, a TCPA compatible computer will refuse to run all code which hasn't been pre-approved by some "trusted" organisation. This would make not-for-profit software development almost impossible.
And yes, except for a few cases like blaster, viruses don't exploit a vulnerability in the OS. They exploit human stupidity and naivity. An OS which isn't "vulnerable" to viruses is an OS which doesn't obey the user and let them run arbitary programs. Such an OS is usless.
Re:It should be part of the OS! (Score:3, Insightful)
And yes, except for a few cases like blaster, viruses don't exploit a vulnerability in the OS.
There's a difference between vulnerability due to an intentional mistake, and a vulnerability due to poor design, but in the end they're functionally the same.
An OS which isn't "vulnerable" to viruses is an OS which doesn't obey the user and let them run arbitary programs.
Useless? All the Mac and Linux users would disagree. Anyway, it's not even a matter of running "arbitary" (sic) programs, it's a m
Re:It should be part of the OS! (Score:3, Insightful)
For example, your default Windows install has file extensions hidden. But file extensions are the sole determinant of whether a file is executable or not. So, to the user of a standard Windows machine, image.jpg and image.exe are effectively the EXACT SAME THING as long as the EXE's icon is made to look like a JPG icon.
So the user clic
Re: (Score:3, Insightful)
Re:It should be part of the OS! (Score:2)
Re:It should be part of the OS! (Score:3, Insightful)
Re:It should be part of the OS! (Score:5, Interesting)
No, no, no! It should be part of the OS. If I buy an OS and it is vulnerable to viruses, it is a flaw in the OS's design. Why do I have to pay extra to make my machine usable?
No, it shouldn't. If Microsoft *did* bundle AV with Windows, everyone on slashdot would be jumping up and down saying "Microsoft are being anti-competitive yet again!!". Microsoft have been (rightly) burnt by the fair competition regulations often enough to know that they cannot just bundle this in and need to offer their product so that it can compete on the open market.
That said, many people will use it because it is easiest to take it from the same vendor as the O/S, even if it's not the best solution, technically.
My biggest concern is that MS will use non-disclosed APIs to support their AV, leaving the rest of the market to use the current selection of cludges to make their work. Obviously, this would be unfair and they should be shot if they are thinking it...
Re:It should be part of the OS! (Score:5, Insightful)
There's a big difference between bundling antivirus software into your OS, and making your OS more robust against viral threats to begin with.
Re:It should be part of the OS! (Score:3, Insightful)
Many viruses that hit people have nothing to do with the operating system. Take for instance Firefox. Firefox is not bundled with Windows but it can be installed by the user. Before 1.0.4, there are several known security holes. Is the operating system to blame for any of these?
No, not part of the OS, just fix the OS. (Score:5, Insightful)
Anti-virus software should NOT be part of the OS.
But, by that same token, Microsoft should NOT be selling anti-virus software.
Re:No, not part of the OS, just fix the OS. (Score:2, Insightful)
It's a flaw in the security of the APPLICATIONS that force users to subvert the security model of the OS.
Re:No, not part of the OS, just fix the OS. (Score:2)
Why should they not be selling another product? Are you advocating restrictions on a company trying to enter a free market?
Re:No, not part of the OS, just fix the OS. (Score:5, Insightful)
No, they don't. Worms and trojans frequently exploit holes in the OS, but traditional viruses work by modifying executables. Unless we disable the ability to write to the disk (or disable the ability to execute code), viruses aren't going away.
Re:No, not part of the OS, just fix the OS. (Score:3, Insightful)
Re:It should be part of the OS! (Score:5, Insightful)
Microsoft refers to this as "a business plan for generating recurring revenue".
Re:It should be part of the OS! (Score:3, Funny)
Hey how come there is no antivirus software needed on unix platforms?
Re:It should be part of the OS! (Score:2, Informative)
Re:It should be part of the OS! (Score:4, Insightful)
Re:It should be part of the OS! (Score:3, Informative)
Windows XP is Windows XP (SP2 issues are caused by using wrong parts of the API).
Windows 95 is Windows 95.
Windows 3.11 is Windows 3.11
Fedora is possibly Fedora, but might be compiled with some new libraries. Or possibly the configuration change means that specific functions won't work exactly the same. Hell, the whole thing could be theoretically rewritten.
'Windows is Windows' is true. 'Linux is Linux' doesn't have to be.
It seems you know little about mentally filling in the blanks and even less
Re:It should be part of the OS! (Score:2)
Re:It should be part of the OS! (Score:2)
Re:It should be part of the OS! (Score:4, Insightful)
Microsoft Crash Protect 2006
Microsoft File Restorer 2007
Microsoft Wormguard 2008
Can we see the problem?
Re:It should be part of the OS! (Score:4, Insightful)
OK, I'm seeing a lot of this "lUser stupidity" argument. Unfortunately, that argument is flawed. Let me demonstrate:
This ought to be illegal. (Score:5, Insightful)
It seems to me that a company profiting from its own security holes is a serious conflict of interest.
From TFA:
Let's break this down into steps, shall we?
I'm wondering when M$ is going to cut out the unnecessary fluff in their operation and just get a license to print money.
Re:This ought to be illegal. (Score:5, Insightful)
Bad, man. Just BAD.
Re:This ought to be illegal. (Score:3, Insightful)
Don't get me wrong. I think the SPREADING of viruses should be stopped. But I think that falls into the internet connection. Adding a REAL firewall, and fixing IE. But I don't think it's the O/S's fault.
Re:This ought to be illegal. (Score:3, Insightful)
Viruses by and large run due to exploits in code. They exploit the code, placing themselves as the executable to be run, which then runs on that machine, exploiting other machines. On windows systems, the most commonly exploited code is the OS itself, or other Microsoft code commonly bundled [mssql, iis, ie]. So yes, it is the OS's fault.
Trojans, spyware, and other maladies are a different beast. They're commonly referred to as viruses by the masses, but
Re:This ought to be illegal. (Score:2)
They do -- they have 50 billion in cash reserves...
Re:This ought to be illegal. (Score:2, Insightful)
2.) Market protection from aformentioned viral threat.
3.) Profit^2!
4.) Lose everyone to Linux, Mac, due to mob protection type business practices at Microsoft.
Why doesn't anyone point out the alternatives? (Score:5, Insightful)
Ah, good, someone else thought of the mob protection analogy. "Nice computer you have here. Shame if any viruses were to harm it."
What I wonder is why more people (you know, average computer users, not /. posters) don't think about alternative platforms such as Linux or Mac. But last night I was watching the local news and they had one of their typically sweeps-inspired scare stories about how letting your kids use their computer to go to gaming sites will lead to spyware, and adware, and who knows what else! Aaaaaah!
OK, ignoring the stupidity of tying gaming to evil, I found the reporter's conclusion interesting. Noting the steps that could be done to protect yourself, he said keep your OS up-to-date, run anti-virus software, run a firewall, and monitor what your kids do with their computer. I kept waiting for the obvious other solution: Get rid of Windows and move to a Mac. End of problem. I could just imagine the reaction of Joe Average watching this report if the reporter had said, "Or you could just switch to a Mac and have virtually none of these problems." Joe Average would have sat up and said, "What? Really? I had no idea!"
And that's the point, most people have no idea there are alternatives out there that minimize the problem. Not that Linux or OS X-based systems are totally invulnerable, but it's a lot harder for a virus even directed at such OSes to get traction when the first thing they have to do is explicitly ask the user for permission to run and ask for a password!
Watching that news report, I realized this is what my sister-in-law would be going through if she were using a Windows box. She is clueless about computers, checks her email faithfully every month or two whether she needs to or not (sarcasm), and is always connected through broadband. That's a recipe for disaster...except I recommended she get an iMac. Instead of having to clear out adware and spyware every time I visit, she just uses her computer as she wants without any problem in the 2+ years she has had the box. No way a clueless Windows user on broadband would be so lucky, but a clueless Mac user? No phone calls to me with tech support issues in 2+ years. If only more average users knew this kind of computing experience was possible.
Re:This ought to be illegal. (Score:2)
"Hey Bill, our virus subscription revenue is too low!"
"Well then, lets add more holes to Windows in the next update! Hopefully the virus coders out there wil make good use of the new holes quickly so we don't have to develop viruses of our own."
We'll give you virus protection (Score:2, Funny)
Re:We'll give you virus protection (Score:5, Funny)
Yeah...."nice computer you have here...it'd be a shame if anything were to happen to it..."
So, let me get this straight? (Score:5, Insightful)
its like paying to have GM take care of your car when they built it without brakes!
Re:So, let me get this straight? (Score:3, Insightful)
Except a new car comes with a warranty, and if the defect is bad enough (such as no brakes), the product would get recalled.
Microsoft's EULA absolves them of responsibility for almost all defects.
Re:So, let me get this straight? (Score:2)
"We built an OS. It is not perfect, and we do free updates to patch things up. People out there still write viruses. We are going to offer you a product to help protect from these viruses. This costs us money, and we are a business. If you want to gripe about the viruses, complain to those who MAKE the viruses."
Unless you can prove otherwise, MS did not make those viruses.
What disease is that? (Score:2, Insightful)
The disease of popularity?
Here they are, trying to address what has been an Achilles heel for them. I'm sure it will get painted here with the brushes of ridicule and scorn.
Comment removed (Score:5, Insightful)
Re:What disease is that? (Score:2)
Re: (Score:2)
Re:What disease is that? (Score:4, Funny)
To use an analogy I saw a couple posts up, that would be like GM selling cars without any brakes, and then charging later for their add-on high-impact bumper, so when you hit stuff, you won't break hte car. They should just sell a goddamn working car in the first place.
-Jesse
Re:What disease is that? (Score:2)
If the method with which M$ is trying to address this 'Achilles heel' is this reprehensible, then they fully deserve the ridicule and scorn.
When I paid for my OS, I expected a reasonably secure product. If the product suffers from flaws, it is the manufacturer's responsibility to fix them. No further payment from me should be required.
A couple years ago, the Firestone tires on my Explorer were recalled. I got new tires, gratis. I'm sure that if anyone were expected to pay any amount for the tire repl
Re:What disease is that? (Score:2)
Here's a clue. When all these engineers are prosented with a new virus. Instead of getting then to create a signature to add to the file, or develop a heuristic to spot similar viruses in future, get them to find out what vulnerability(s) it's exploi
Re:What disease is that? (Score:2)
Re:What disease is that? (Score:2, Funny)
If they charged more for Longhorn to fund the battle of security that would be fine, but to try n charge extra is just plain evil.
It also makes it economically stupid to fix ANY future securit
Re:What disease is that? (Score:5, Insightful)
Yes Windows isn't the most secure environment in the world, but any intelligent user taking reasonable precautions doesn't have much to worry about. The reason there are so many virii, malware, etc for Windows is because there are so many Windows boxes out there. Put Fedora or Mandriva on 90% of the desktops and laptops in the world, and see how soon before there are Linux virii. The most insecure thing in Windows is the user. Social engineering, ineptitude, and sheer stupidity can bring down the most stable OS, even DOS.
People rant about how Windows was designed to be insecure, and, in a manner of speaking, that's true. Windows 9x was designed for easy conectivity. Networking and the internet was exploded around them, and they made a conscience decision to write the OS "just work" as much as possible. Fastforward a 5-10 years, and we see that that might not have been the best approach. Hindsight is 20/20. Can we say that MS is evil/inept because they made the wrong choice? Was IBM evil/inept for trying to implement MCA architecture? Was Churchill evil/inept for trying to stop a second world war with appeasement? It's easy to be a "Monday night quarterback"
Re:What disease is that? (Score:2, Interesting)
Nice... (Score:5, Funny)
This isn't the first time (Score:5, Informative)
MS..... (Score:2)
A cure for their own disease? (Score:5, Funny)
No, that would be Linux.
Microsoft To Offer Virus Defense (Score:3, Interesting)
MS Virus protection is SIMPLE (Score:2)
Market Penetration... (Score:5, Insightful)
Really, don't most major-brand PCs (Macs not included, but this isn't an issue related to Macs as I doubt MS will make antivirus for OS X) come with AV? And people who build their own, I would guess, are a bit less likely to buy *cough* a Microsoft AV.
Didn't they try this already? (Score:4, Informative)
Outrageous (Score:3, Interesting)
Is it just me ... (Score:2, Funny)
- Anti-spyware
- Anti-virus
- Games console & PC
- The OS
- Office Suite
- Networking Hardware
- ISP
- Phones
- PDAs
- Cars
Ummm I don't thing the DOJ is watching our favorite monopoly very closely. Soon there will be a Microsoft option for everything that can be purchased. I can see it now in stores:
Bob: Hey Carla how about these cool Levis?
Carla: Nah I would rather have the MS-Jeans. They have Anti
Re:Is it just me ... (Score:3, Insightful)
If you buy a Chevy Cavalier... (Score:2, Offtopic)
If you find that unappetizing, get a Toyota or a Honda. They're more robust and less prone to breakage.
MSAV (Score:2)
It shipped with MS-DOS 6.2 and 6.22. I remember it looked a lot like an early BSOD as it scanned for viruses I might have recieved while downloaded a registered copy of Scorched Earth from a BBS.
http://home.earthlink.net/~rlively/MANUALS/COMMAN
Re:MSAV (Score:2)
Remember the old Gahan Wilson cartoon? (Score:2)
Just around the corner, another man is struggling to crawl to a second stand marked "Iced drink antidote - $2".
Halfway there? (Score:2, Interesting)
End result: OS itself is primarily subscription based for all practical purposes. No more trouble with pirated copies. Needless to say, all in the name of making the world more secure.
Of course I'm just theorizing
RAV was a good product (Score:2)
The anti-Popeil (Score:2)
"Now how much would you pay?"
But instead of offering more and more products for lower and lower prices, instead Micrsoft is heading the other way.
"How much would you pay for an OS? How about $200! But Wait! What if it included a virus checker? What if we threw it in for FEE! Now how much will you pay?"
Don't blame Microsoft (Score:5, Insightful)
FROM: sploitr@fishyware.com
SUBJECT: DO0D YOO gotta secyurtee pr0b/.
BODY: Yer eemail will be canc3lled if y00 do not click the a7tached fil3.
ATTACHMENT: malware.exe
The only way you can seriously argue that this is Microsoft's fault is by saying that they made it possible for people *this* clueless to get on the Internet.
Re:Don't blame Microsoft (Score:2)
At most, it would wipe out their home directory. Not bring the entire machine, and all users on it down.
Tha's the issue I have. Focus more on getting people to do things right, instead of just defaulting immediately to the most risky settings.
Make sure that if a user doesn't create and use a standard account, that the
Re:Don't blame Microsoft (Score:3, Insightful)
Wrong. At most it would wipe out their home directory, but not before emailing itself to their entire address book . Then it could attempt to remotely gain access to anything sitting on the local network - likely much easier than if you're attacking from outside - and email the results to the author. Insecure servers beware.
This isn't dramatically different to the worst that can happen in a prope
Re:Don't blame Microsoft (Score:3, Insightful)
As Linux rises in popularity, more people will be attracted to it because it's "not Windows".
I've already noticed a distinct drop in the signal to noise ratio in a lot of Linux newsgroups and web based forums - reasonably easy questions are given answers which are just way out wrong.
Also, you fail to even acknowledge the fact that a vi
Re:Don't blame Microsoft (Score:3, Insightful)
Question (Score:2)
Prediction (Score:5, Insightful)
Expect a "trial" copy to be included in Longhorn that'll bug the fuck out of users until they break down and subscribe.
Microsoft will get its annual user subscription fee. It'll have NO incentive to fix its security problems. And we'll get shafted.
Thanks Bill!
This will just kill the industry (Score:3, Interesting)
I MUST be a prophet. Ten years ago I said that you will either run Microsoft software entirely or you won't run it at all. Adobe will be all thats left on the Windows side for off the shelf software.
Re:This will just kill the industry (Score:2)
The fact that games run on Windows is no reason todo **WORK** in it as well. And if all you're buying a $400 copy of windows for is gaming you might as well get an Xbox and save yourself a couple 100 dollars...
Tom
Automagic updates! (Score:2, Interesting)
Traditionally and additionally (Score:3, Interesting)
Several of the posts here are already agreeing with my thinking of "Microsoft, it's your crappy code that's causing the problem. Why should we pay you to fix something you broke but we bought in good faith?" Granted, I'm speaking mostly for my customers here as I am slowly moving completely away from Windows, but the point still remains the same.
It's come to the point where you have to question Microsoft at this point. If they start making money from Anti-virus subscriptions, what's their incentive to fix the flaws in the software that are causing the problems in the first place? The consumer already has a false idea that viruses and malware are just a fact of life and they WILL get infected without doing anything so they just live with it. If a peice of code is flawed that will allow introduction of malicious code of any type without user intervention, it falls to the software producer to fix it, not charge to protect against it. If you ask me, this is Anti-trust #3 in the making.
Look at Ford awhile back when all those Firestone tires were causing havoc. Did the customer have to pay to get new tires? No! This is the same thing. I would urge ANYONE that's considering using any MS products like this that they should reconsider. It will only support Microsoft's belief that they can milk money out of their customers for producing a crappy product.
Huge profits for Microsoft! (Score:3, Insightful)
Leave it to Microsoft to make money off their own incompetency!
Virus scanning is futile. Limit authority instead. (Score:3, Informative)
Downloaded software should not be given the power to mess with your system in the first place. This is a fundamental flaw in the design of Windows. Because it gives every running program the full power of the user account, Windows is B. A. D. (Broken As Designed). Linux and Mac systems have the same flaw.
To truly solve the virus problem, limit the authority of running programs. [skyhunter.com]
They'd be more successful (Score:3, Interesting)
They could use any methods if necessary, but no disintegration!
Our wall's are cracking, so we're making it ... (Score:2)
That's the kind of thinking that gets people killed in tsunami prone areas.
M$ has felt the rumblings underfoot, (customer dissatisfaction over security holes), and is seeing the wave build on the horizon, (Linux & Symbian & OS X & others,) and they are offering a patch kit for a hemmorhoid cushion as a floatation device.
A Little Play (Score:4, Funny)
Salesman: Mr. Smith, here's your new car.
Mr. Smith: Thanks, Bill. Say, where's the seat belts?
Salesman: Oh, that'll be extra.
Mr. Smith: There's no windows or doorlocks either?
Salesman: Oh, that's extra, too.
Mr. Smith: I'm confused, Bill. Isn't my car supposed to be fully functional and include safety features?
Salesman: Well, Mr. Smith, we can include them on a trial bases for 30 days, but you'll have to return them or pay the subscription price.
Mr. Smith: What the f*ck, Bill? You mean I have to PAY repeadetly for something that should come with my car?
Salesman: Yes, Mr. Smith. Did you not read the EULA?
Mr. Smith: I think I want my money back.
Salesman: I'm afraid I can't let you do that, Mr. Smith.
Mr. Smith: Why the f*ck not?
Salesman: Because by opening the car door, you agreed to the EULA and you are bound to its terms and conditions.
Mr. Smith: You're a bastard, Bill.
Salesman: Actually, I'm the spawn of Satan.
If MS follows the strategy it has used in the past (Score:5, Interesting)
Then it's likely that every time you get an update, it will make any competing anti-virus product stop working. Some of us still remember the old rhyme: The code's not done till WordPerfect won't run.
If MS eliminates all other anti-virus vendors then we are put in an interesting situation. We have all heard the rumors that some AV companies have made deals with some spyware vendors and with the government to ignore programs that the vendors don't want scrubbed from your computer and that the government uses when investigating criminals. If there is only one vendor of AV software on Windows, there is only one company anyone has to negotiate with to keep their software from showing up as a virus.
On the other hand, I believe that the security of the computer is fundmentally the job of the operating system. So the software designer in me says that's where it should go. It should be a loadable module of the OS and it should be layered so that it doesn't just look for signatures but for suspicious behavior. It should check the logs for bad behavior, etc.
Finally, I simply will never fully trust any software that is built from sources that I can't inspect. I dont' care if it's the OS or the anti-virus software. I don't believe in security by obscurity. I want to be able to make sure that my AV software isn't excluding some malware because of a little money changing hands. My computer is MY property. If the government want's to know what's on it, I think they should bring a warrant, not plant programs on it.
While I recognize the value of "wiretaps" in law enforcement, I think that establishing a back door through which the government can load malware onto your computer will quickly turn into a backdoor that any hacker can and will use. Whatever technique they come up with, someone will figure it out, steal it, or buy it from some under-paid government worker. It will only leave all of our computers open... kind of like they are now.
I strongly suspect that Microsoft is going to try to dominate the AV market and use that domination to push their "Trusted Computer Model," where, effectively, MS owns your computer and controls what you can and cannot do with it.
All of this reinforces my commitment to never buy another MS Operating System. I only use Windows now because I love computer games and computer game manufacturers have not, for the most part, embraced the Linux market. I wish they'd hurry up and start porting.
In other news... (Score:3, Funny)
Buy three McGrease Sliders (TM) and get a free trial of the new Pee-a-Bucket chewy tablet. Comes in three flavors. After a few months, the McDiet pills will be charged separately.
Unimaginative, grumpy consumer associations have derided the new offer, saying that McDonald's should reduce the high sugar, grease, salt and cholesterol content of their food in the first place.
Re:Isn't that... (Score:2)
It's more like the doctor exposing you to several deadly viruses/bacteria and then charging you an annual fee to give you perscription drugs that will cure the ailments.
Re:It does do more than just anti-virus... (Score:2)
These sounds like perfectly good O/S features to me. They should add them.
The AV they should let others take care of. I don't want FireFox being uninstalled because of 'possible infection alert'.
Re:"A cure for their own disease?" (Score:2)
I mean, it's well known that virii propagate through magical warpholes (pink and pastel blue, with silver stars all around)(and open it by dancing a bit and singing "Lunar Prism, Make Up") and just pop on your HD from thin air.
Re: (Score:2)
Re:Some food for thought (Score:2)
Popularity does not bread security flaws. How many times does it have to be pointed out? Look at apache vs ISS. If your teory was right Apache should be more insecure because more use it, however it isn't.