Microsoft Plans To Sell Anti-Virus Software

EvilCowzGoMoo writes "From the makers of our favorite OS comes: Anti-Virus! Yes you heard me right. According to an article on Reuters.com Microsoft is developing its own brand of anti-virus software. Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash (chief of Microsoft's security business unit) said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows. My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?"

Perhaps It Belongs in the OS

[Jorj+X.+McKie]

While I'm not certain that I completely trust Microsoft on this, it might make sense to have the antivirus scanner as a part of the OS. Better low-level access, as well as being able to intercept attempts by something like Outlook to execute arbitrary files. Having a unified place to control such actions might help security.

On the other hand, the major effect might just be to introduce a single point of failure/attack. It's certainly possible to argue that the variety of security software in use makes it harder to attack any given system. For evidence, look at the list of processes that the more sophisticated viruses try to stop.

Background: I do not customarily use an on-demand scanner. On occasion, I have loaded up a scanner because of suspicious behavior. My Windows box (patched up to date, firewalled) has had only one virus, a backdoor program that was installed when my daughter clicked a "video clip" that she received in an e-mail, before she understood what a spoofed address was. So I'm not convinced that antivirus software is as necessary as it is built up to be.

Re:Perhaps It Belongs in the OS

[Jorj+X.+McKie]

Yes, that goes without saying. But badly-behaved software is a fact of life. The fact the others are running Outlook decreases the security of my computer, so a preventative in the OS might be helpful. But it also (as I said above) introduces a single point of attack, which is a bad thing from a security analysis point of view.

Educating developers would also help, but - even in the present climate - I really don't see much of a push for that.

Re:Perhaps It Belongs in the OS

[Nicholas+Evans]

Do you think the guys at Valve were stupid? IIRC the HL2 code got jacked because something found its way in through Outlook.

Re:Perhaps It Belongs in the OS

[Precipitous]

Note that they aren't selling the anti-virus as part of the OS. In fact, the article states that they won't even bundle it with the OS.

At any rate, besides the technical considerations of where anti-virus should lie, there are business considerations. Hopefully the AV folks will sit in the building next to the OS folks, so that they can walk across the street and complain about the vulnerabilities.

On the other hand, maybe they'll start creating new OS vulnerabilities, that only MS AV will protect against ...

Re:Perhaps It Belongs in the OS

[silicon+not+in+the+v]

Unfortunately there isn't a program to stop the user being stupid. No matter which e-mail client is used, they all allow attachments, and without a virus scanner screening those attachments, computer illiterate users are going to get virii.

That's one of the best reasons to use something like Yahoo instead of a separate email client. It won't let viruses come in through attachments. When an email has an attachment, the link is to "Scan & Download attachment". It automatically scans first, and if there's a virus found, it just won't let you download it. I think you could get the emails unscanned with POP access, though.

As to this MS virus scanning software, it seems this could easily violate their court issues for anti-competitive behavior(yeah, like enforce that anyway). I guess by selling it completely separately, instead of including it in Windows, they can say that they are competing on an equal footing. It would still seem though, that they have an unfair advantage in knowing how the operating system works more in depth than their competitors. Don't you think there's going to be some information sharing between the Windows dev team and the AV dev team?

Re:Perhaps It Belongs in the OS

[mandalayx]

You're right. There could be a conflict of interest here. Sadly, if you think about it, this is really nothing new. Hang onto your tinfoil hats for a second.

The fear is that MS will simply not work hard to make their OS secure from viruses, thus generating demand for their associatd virus scanner. In a competitive market, consumers would probably switch OS's, but we have the monopoly and such.

But listen to this analogy. Suppose you sell a software product. You want to make more money. So you simply leave out some functional parts of the product and sell it as an additional product--or service.

Isn't that what some companies are doing? Selling software and making money on the service. One can even sell software as a loss leader and make all the money back on the service (see razors and razor blades by Gilette).

Re:Perhaps It Belongs in the OS

[craXORjack]

While I'm not certain that I completely trust Microsoft on this, it might make sense to have the antivirus scanner as a part of the OS.

It is widely suspected the authors of many viruses work for the antivirus companies or own stock in them. Imagine if Microsoft bundled antivirus with the OS which would eventually put McAffee and NAV and others out of business like so many others in the past. The virus writers, whoever they may be, could make Microsoft look stupid by releasing threats tailored specifically to attack machines loaded with MS AV. This is one case where it is more difficult for MS to choke off their competitors air supply.

Re:Perhaps It Belongs in the OS

[slimak]

I STILL cannot understand why it is wrong for Microsoft to release products the compete with existing software. Sure they can have the advantage of knowing more about the OS but tough, they wrote it and marketed it. Putting aside all bias against MS, it seems to me that they should be able to sell/bundle/etc whatever software they want as long as they do not explictly forbid competitor software from executing.

Are Honda engineers allowed to used design information (such as dimensions) when creating additional trim lines or must they "figure out" how to make things fit? (I assume the former, but don't know first hand). Sure there are aftermarket parts that complete with these -- does honda have to share designs with them too?

I am not MS fan or foe, but I know that if I ran things over there my only response to all this would be: "Fine, you don't want competition, then we are discontinuing ALL MS products. Bill has enough money. All you Windows users enjoy XP because you're stuck with it."

Maybe it's the law, but I just don't follow.

Re:Perhaps It Belongs in the OS

[Sloppy]

No matter which e-mail client is used, they all allow attachments, and without a virus scanner screening those attachments, computer illiterate users are going to get virii.

An email client doesn't need to make executing foreign content so easy and transparent, though. Running a trojan should be harder than clicking on an icon in the attachment list. It should require that the user save the attachment, tell the OS that it's an executable program, and then tell the OS to run it. Automatically launching a trojan inside an email just because the user clicked it, is really weird.

If they are going to keep that horrible UI, then the least they can do is have the subprocess run executables as a nobody-user or otherwise sandbox it where it can't do much harm.

You can write a program that makes it harder to be stupid. Go ahead and write a Linux program that printfs "Ha ha, got you", attach it, and send it to yourself. Now read that email with pine or elm or even Sylpheed. Now look at what all you have to do, to run it. The difference between what you experience in this experiment, vs what an MS Outlook user experiences, shows exactly what Microsoft did wrong.

To fight trojans at the OS level, I would add something like a "potentially hostile" attribute to filesystems; something like "setuid nobody". Internet apps should save things with that bit set, and process loaders and viewer apps should take it into account when loading content, and automatically sandbox themselves. Hostile macro in the word processor document that somebody emailed you? No problem, that process isn't running with all the same capabilities that the user has.

Re:Perhaps It Belongs in the OS

[jtosburn]

Are you kidding? Why do I have to buy a more recent version to fix gross negligence in a product I've already paid for?

And then when I do buy the upgrade, I'm still vulnerable to all those IE exploits that only require one to even preview an evil html message. Sure, if I slavishly keep Windows updated, I can sort of stay ahead of that curve, but Christ! it's never ending! If I do buy the upgrade, I could turn off html rendering completely, but can I convince my boss to do likewise? Why should I have to? There is absolutely *no reason* why html email can't be safe to just view, but MS is apparently unable to make it so.

The real solution would involve Outlook only executing 3rd party code in a sandbox, but MS sees this as a loss of functionality rather than a benefit.

The other real solution might involve re-writing IE, or allowing user specified 3rd party html rendering engines to perform any given Windows required html rendering! Hey imagine that, if you could plug gecko or Opera in there, the problem would vanish. Competition would help keep everyone sharp. /end pipe dream

Oh well.

Re:Perhaps It Belongs in the OS

[OmniVector]

if a virus can spread that requires users to unzip a password protected zip attachment, then run the executable do you have any hope whatsoever for operating system or anti-virus companies to solve the social engineering problem of email viruses?

nothing short of education can fix these problems. until the day where johnny and sue come home from school and tell me about their virus/malware avoidance class today at public school the problem is going to be simply too wide spread to combat. it's not that far fetched. i imagine in 10-15 years computers will be so important to everyday life that it will be an utter necessity that kids know these sorts of things or else the web/computing environment will become unusable.

Re:Perhaps It Belongs in the OS

[1u3hr]

- however, one thing that would be nice to have built into the system itself, is anti-virus.

Bad idea -- single known point of failure. One exploit of that (after MS has put all the other commercial AV products out of business) and the next successful virus owns the whole fucking Internet.

Re:Perhaps It Belongs in the OS

[lpontiac]

The problem with this is that people are too used to clicking yes when asked and will do so here as well.

And I think this is a result of programs just asking too many stupid questions, the result of an application design process that goes something like this:

Developer 1: What should we do here?

Developer 2: I don't know.

...

Developer 1: Hey, let's just let the user decide!

Developer 2: Yeah, fuckit, if it's wrong, at least this way it's the user's fault, not ours.

When you installed the first version of iTunes for Windows, it would ask you whether you wanted iTunes to rearrange all of your music files on disk. So many people blindly clicked 'Yes' and then screamed murder when iTunes went ahead and destroyed their finely tuned music directory structure, replacing it with iTunes' own.

Perhaps if your average Windows user wasn't continually confronted with poorly worded and needless questions, there'd be some change of them actually reading each one and responding intelligently.

paranoia mode enabled.

[garcia]

Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows.

So? The same thing that happened to WordPerfect is likely going to happen to NAV.

I am more afraid that MSFT will purposefully allow holes to exist in its OS so that more and more people will buy their AV software. Perhaps that's a bit paranoid but I certainly wouldn't put it past them.

About time!

[Carnildo]

Just for the record, Microsoft produced an antivirus program back in the DOS 6.2/Win 3.1 days. I, and many other people, wondered why they stopped when they released Win95.

Re:About time!

[NullProg]

Marketing/Gates killed it. If you recall, MS stated Win95 didn't rely on DOS (Remember DrDos?). DOS was dead and therefore no reason to have a DOS based anti-virus scanner. This was the justification for selling Win95 at $80 vs $40 for Win3x. Microsoft did everything in it's power to distance Win9x from DOS.

Enjoy,

Logical Fallacy...

[bcs_metacon.ca]

There's a problem with the idea of them selling the AV software separately from Windows... they always claimed that they had to bundle IE because browsing the web was an integral part of the OS experience... well... when you're talking about Windows, having AV software & keeping it up to date is even MORE of an integral part of the experience than web browsing!

Trust issues?

[MoonBuggy]

Surely if they demonstrated that they made an OS vulnerable to the virus of the day, why should they be trusted to make the software that protects against/fixes said virus?

There are also definite shades of Dilbert here, where the employees who write the software are paid for every bug they remove from the software. It sounds outlandish but MS have demonstrated some pretty evil business practices; might it be possible for them to put a vulnerability into Windows that allowed viruses which could only be combatted by MS Virus Scan - it could be done in a way that means Norton or McAfee could be slapped with the DMCA if they knew the encryption to access the bit of Windows affected by the virus, but it would be a triviality for the virus writer to break said encryption since they're not worried about the law. </tinfoil hat>

Re:Trust issues?

[happyfrogcow]

Another trust issue:

Will it consider software in directories that have a GPL license to be a virus?

Will it consider the device driver i wrote for an old graphics card to be a virus?

Will it consider IBM's web based office productivity suite a virus?

You need to read more.

[khasim]

Here are some choice quotes for you:

"Knife the baby"

"Cut off the air supply"

Given those quotes, who needs to lighten up? Hmmmm?

Microsoft could include anti-virus software. They have in the past. And Microsoft could do it without hitting anti-trust laws.

But when Microsoft SPECIFICALLY refers to killing another company's market by leveraging their monopoly, THAT is the problem.

You Microsoft apologists are all the same.

Re:They did this already

[+CipherDemon]

What has changed since then to make them want to get back in the game?

The bought out an AV company. It was GeCAD, a medium-sized vendor that provided the market's current 'best solution' in terms of price, quality, and reliability for *nix networks. They both acquired AV technology and removed a key market stronghold for the *nix community. Go here for more info.

Well, since you asked....

[khasim]

"Yeah? And how exactly?"

Make it easily and completely removable and publish the API. Again, during the trial, Microsoft claimed that IE could not be removed because removing those .dll's would "cripple" Windows.

"If they could do that, then they'd have more than 3 apps that held monopoly status. Frontpage? Nope. IIS? Nope. Exchange? Nope. Media Player? Nope. Gee, I guess their monopoly isn't all that strong unless people actually want their stuff?"

So far, they've only been ruled a monopoly in one market. The desktop x86 market (Windows). Like I said, you need to read more.

It was cute how you tried to toss in two server apps (IIS and Exchange). Hee hee. :D

Oh well, you Microsoft apologists are all the same.

Isn't there...

[cs02rm0]

...just a slight conflict of interest here?

Normally we see crappy AV software picking up fake hits to make it look good... where will MS go with this... false positives to make the AV software look good or cover ups to make the OS look good?

It might be a novel idea and almost certainly redundant... but what about the idea of focusing more resources on prevention rather than cure? It'd be less admin for them, although, they'd be another 'feature' down to further clog up Windoze.

Creating the problem and selling the solution

Didn't the FCC go after a Messenger spammer that was advertising via Messenger that they could stop Messenger ads by buying their product? The basis for their suit was that the company was helping create the problem for which they were selling a solution. Is it just me or does this sound somewhat similar?

Re:Business Lesson 101

[peragrin]

Sure just like the last major virus outbreak. The patch was there but you couldn't install it without breaking your non MS apps. Databases, servers, and desktop tools stopped working when the patch was apilied. To top it off it also redid MS networking password file so if you were smart and running Samba on a Linux box for your server, you couldn't apply the patch because you couldn't network any more with your servers.

Now Breaking the Network protcol is something MS can do, but it sucks when security is your priority so your servers are different than the desktops,(meaning a virus can attack one but not the other) Now you can't apply any patches without breaking something useful.

Writings on the wall

[neurocutie]

Guess its time to short Symmantec and McAfee stock... the variants are endless, but they all lead to one thing: MS "Antivirus" eventually getting 100% "market share".

Let's see...

MS AV is the most effective AV product because they can put in special hooks in Windows/Outlook to allow better AV protection and detection, but only MS AV knows how to use those hooks, or...

MS^H^HSome hacker can "inadvertently" release a virus of their own that only MS AV can stop (for any number of reasons, indeed, who would know better how to write a nasty virus for Windows but MS itself, and of course the best way to drive MS AV sales is for there to be lots of nasty viruses running around), or...

MS AV is quickest to protect against new viruses because Windows can be altered to add in special virus detection and reporting services that report new virus data directly back to MS, or...

MS AV will include and become the only or the most effective way of getting new patches (ostensibly just against new viri, but in actuality, all Windows bugs), ala Windows Update (for a subscription fee, of course). Free Windows Update may remain, but the MS AV will become the enterprise standard for updating and protecting Windows, (again for a fee, just a way of charging for patches), or...

Given better internal virus detection within Windows, it may be possible to construct a Windows "immune system" that learns how to protect itself. Intimate access to Windows internals required.

Then there is always the, "We changed our minds and decided to bundle MS AV in the next release of Windows (since it was hard to find enough other reasons for customers to see that Windows XXXXP is a value-added proposition for $200 a copy)".

The beginning of the end for yet another sector of the 3rd Windows software/utilities market...

Re:A part of the OS

[gcaseye6677]

Maybe they won't bundle it right now, but do you not think this is a possibility long term? I see this as the only reason why they are making an anti-virus program. Otherwise, why try to break into a field in which there is already extensive competition (something Microsoft hates) and in which they don't exactly have the greatest reputation?

Re:User level virus

[westlake]

It is cold comfort to know that root remains untouched, but your home directory has been trashed.
You may have to be a little more clever in laying your trap, but users will launch executables that look attractive and plausible.

Re:User level virus

[Trailer+Trash]

And if they are running a Unix variant that attachment will only run at user level. No low level system modification can be made, so you can then log in as another user (or root) and delete said infected files which should all be in their home dir and not mixed in with 10000 .dll files.

Sigh. How many times do we have to go over this for the slow learners? Two things.

First, all of my important files are in my home directory owned by my user. A virus doesn't need root-level access to destroy everything of importance to me. It's nice that the files in /etc, /usr/bin, etc. are all locked so that my unprivileged user can't destroy them. Who cares? They're safely on a CD here, they're on the Debian site, they're available all over the internet. My own files exist in my directory (and backups). Those are what's important to me.

Second, the modern worm/virus spreads by either remotely exploiting vulnerabilities on other machines or re-emailing itself. Guess what: it doesn't need root privileges for either of those operations. None, nada, zilch.

The only reason a virus would want root privs would be to infect system binaries and spread to other users. This paradigm is mostly dead in the Unix world on 99% or more of the machines in use; everybody has their own machine. Spreading from machine to machine is the game, and that simply doesn't require any privileges.

The bottom line is that if you could trick users into running a Perl script that came through email, which wouldn't be that difficult for a certain percentage of them, you could write a decent worm for Linux. Not a problem now, but when my mother is using Linux, it's a big problem. "But it came from my friend Kate at church and said to save the file and then type this in at the command line..." The extra step will weed out a lot of the real cluebies, to be sure, but with enough of them it'll be a problem.

Re:Meh

[grioghar]

Actually, the average user DOES see this, but they're too afraid to transition to something else.

I sale computers in a Mom & Pop shop for a living, and I almost pity the people who buy new machines, only to have the machine exploited 30 minutes later when they first hook it up to the Internet.

An average week finds angry faces and empty threats of wishing there was an alternative to Microsoft. I promote my precious (see Golum) Apples, but the price difference and the software compatibilities stop a lot of people from switching.

I watch these people get hit in the pocketbooks for Microsoft's insecurities. I mean, hey, it pays my paycheck, but there NEEDS to be a better way. Regardless of whether or not Microsoft can provide this with *their* AV software, well, that's to be seen. They're a fairly innovative company in how they operate (COMPLETELY subjective comment, yes, but XP has empowered 80+yos to print, scan, copy, and fax with an ease not found previously), so we'll see what they do here.

MS patches fast enough, users don't

[darth_zeth]

If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?

MS is pretty good about putting out a patch every time a vulnerability is discovered, usually with in a few days.

But users never patch their systems. I do tech support for small businesses, and every time MS sends out a Critical update about a security vulnerability, two to four weeks later a virus comes out. And when that happens, we get calls. MOST of the recent worms out there were 100% preventable with a patch, even if you DID open up an email attachment.

If users were smart enough to run Windows updates every once and a while, or set it to auto-update, they wouldn't have a fraction of the problems. When i get a hold of a customer's computer, more often then not there's at least 10 critical updates that need to be downloaded form Windows Updates. (gf's mom's had 21)

So yeah, blame MS for making an OS to begin with, but don't blame MS because users don't take the opportunity to download patches that MS supplies.

An ethical dilemma?

[usermilk]

There is an obvious conflict of interests with Microsoft releasing anti-virus software for their own operating system, but one has to wonder if it is unethical. The two trains of thought I am following are as follows:

Microsoft is not making the viruses that affect their operating system. By making a piece of software to protect their customers from these viruses they are providing a service, this service is not illegal or immoral. What would be immoral is Microsoft abruptly ceasing the release of patches to protect end-users from virus exploits. Many viruses exist only because their is an exploit in the operating system for their taking advantage of. If Microsoft no longer patches these exploits in an effort to make an extra few bucks, they would be acting immorally.

I, however see their anti-virus as a seperate outlet. There are users who don't want to patch their operating system. If you can sell these users anti-virus software which automatically updates its definitions, they won't worry about a need to patch their operating system to protect them from viruses. It will be done through the anti-virus software. Hell, the software can automate Windows Update for them, and patch their system automagically. The rest of us who don't but M$-AV will have to patch the operating system ourselves.

The second train of thought is business oriented. Microsoft is a business, and in the words of my friend James, "...businesses aren't in the habit of accepting a decline in profits." By patching their operating system and allowing persons who do not purchase their anti-virus software to be safe from viruses, Microsoft may not make any profit from their anti-virus software. The conspiracy theorist in me brought the light the idea that Microsoft may actually create exploits or viruses in an effort to help their anti-virus software suceed. This thought is ludacrious. Microsoft would be risking jail time if they created viruses. If they created exploits they would be risking horrible publicity.

Viruses can exist without exploits, macro viruses take advantage of something that cannot be patched, automation. Microsoft just sees an open market and wants to take advantage of it. I see no ethical dilemma at all, just capitalism.

Pay yearly to use your own computer!!!

[Anita+Coney]

We all know that Microsoft has been itching to get us to pay yearly for the use of their OS. This is their attempt to get that gravy train rolling.

Sure, Microsoft's antivirus app will be a separate product. Sure it will not be bundled with Windows. However, I'd bet anything that it WILL be bundled with new computers via special deals to manufacturers.

After a year, those new computer buyers will get messages to pay some money to continue receiving updates.

Once we're used to paying every year (or every month?!) for antivirus updates, Microsoft will start charging us yearly for other updates.

Microsoft will be smart and will start out with a reasonable price. But it won't be too long before we're paying about $80 a year for the right to use our computers.