Microsoft Plans To Sell Anti-Virus Software

EvilCowzGoMoo writes "From the makers of our favorite OS comes: Anti-Virus! Yes you heard me right. According to an article on Reuters.com Microsoft is developing its own brand of anti-virus software. Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash (chief of Microsoft's security business unit) said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows. My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?"

Perhaps It Belongs in the OS

[Jorj+X.+McKie]

While I'm not certain that I completely trust Microsoft on this, it might make sense to have the antivirus scanner as a part of the OS. Better low-level access, as well as being able to intercept attempts by something like Outlook to execute arbitrary files. Having a unified place to control such actions might help security.

On the other hand, the major effect might just be to introduce a single point of failure/attack. It's certainly possible to argue that the variety of security software in use makes it harder to attack any given system. For evidence, look at the list of processes that the more sophisticated viruses try to stop.

Background: I do not customarily use an on-demand scanner. On occasion, I have loaded up a scanner because of suspicious behavior. My Windows box (patched up to date, firewalled) has had only one virus, a backdoor program that was installed when my daughter clicked a "video clip" that she received in an e-mail, before she understood what a spoofed address was. So I'm not convinced that antivirus software is as necessary as it is built up to be.

Re:Perhaps It Belongs in the OS

[yabos]

They shouldn't need a separate program to stop Outlook from doing something stupid. It should just not do something stupid in the first place.

Re:Perhaps It Belongs in the OS

[Xzzy]

> Better low-level access, as well as being able to
> intercept attempts by something like Outlook to
> execute arbitrary files.

Yes, because that's such a major improvement over just fixing Outlook itself. :P Maybe financially that makes sense, they get to sell you Outlook AND the anti-virus, but technically speaking it's just plugging holes in the dam.

The only AV software that Windows needs is Microsoft to stop making so many bloody ways to infect the system.

Re:Perhaps It Belongs in the OS

[NanoGator]

" it might make sense to have the antivirus scanner as a part of the OS. Better low-level access, as well as being able to intercept attempts by something like Outlook to execute arbitrary files. Having a unified place to control such actions might help security."

That works until everybody cries "anti-trust!" Damned if they do, damned if they don't. There's a lot of lightening up that needs to happen.

Re:Perhaps It Belongs in the OS

[colinramsay]

Unfortunately there isn't a program to stop the user being stupid. No matter which e-mail client is used, they all allow attachments, and without a virus scanner screening those attachments, computer illiterate users are going to get virii.

Re:Perhaps It Belongs in the OS

[Jorj+X.+McKie]

Yes, that goes without saying. But badly-behaved software is a fact of life. The fact the others are running Outlook decreases the security of my computer, so a preventative in the OS might be helpful. But it also (as I said above) introduces a single point of attack, which is a bad thing from a security analysis point of view.

Educating developers would also help, but - even in the present climate - I really don't see much of a push for that.

Re:Perhaps It Belongs in the OS

You know, Outlook has been pretty much "fixed" -- it's the only major mail client that just blackholes EXE/PIF/VBS/SCR/etc executible files. You can bet the vast majority of click-n-run trojans are not being spread through Outlook.

Most of (now pretty rare) "Outlook" exploits are really attacks against the IE HTML engine.

Of course this is slashdot, where the vast majority of people seemed to have stopped learning anything new about IT when they got fired from their dotcom job in 1999.

Re:Perhaps It Belongs in the OS

[sam1am]

"Perhaps just creating the appropriate hooks for low-level access would be more appropriate?"

Great, virus writers would probably love to use them... :)

Re:Perhaps It Belongs in the OS

[Teese]

But isn't this a conflict of interest? If MS gets additional revenue from an anti-virus program (especially if that program is a subscription based program), then wouldn't there be internal pressure to make the OS "not as secure" so they can get additional money from there customers? If all of these security initiatives to make the OS more secure pay off, then the kill the market for there own anit-virus products.

Plus it seems odd to make somebody pay more money to overcome some limitations in the original product, kind of like saying "here we sold you a crappy OS, pay us money and we'll protect you from our mistakes! errrrmmmm, but no guarantes, if our anti-virus software doesn't work you can't sue us")

Of course, there is only so much any OS can do from protecting users from being stupid, and I guess that is what the anti-virus software does. But if the anti-virus software can protect customers from being stupid, couldn't the OS too? (thus negating the previous argument of "there is only so much any OS can do from protecting the users from being stupid")

I don't know if bundling the Anti-Virus software would be any better, then you get anti-trust concerns. Plus I think it is extremely important to have multiple Anti-Virus software vendors, if there is only one Anti-Software program (which is what would happen if MS bundled the program with the OS), then it would be a lot easier for virus writers to figure out how to bypass the safe-guards.

Well, those are my rambling thoughts. In conclusion, I guess I think MS should stay out of the anti-virus software market. Maybe they should concentrate on putting better hooks into the OS so that other software vendors could to their jobs better; or better yet, just make the damned OS more secure.

Re:Perhaps It Belongs in the OS

[chabotc]

Oh B*LL F**K*NG SH*T! (please forgive my french)

Sure it could be benifitial to have low level hooks in outlook (& -express), but in no way do you need to intergrate anything into the OS to be able to do so!

Simply use/make a registry key pointing to the .DLL to load and the function to call, and anyone can now make a AV solution for outlook

The only problem is that MS doesnt want any 3rd party software competing on a level playing field, so they keep intergrating applications into the OS, and keep any low level hooks undocumented, so that they automaticly have leg up over any competetion

Re:Perhaps It Belongs in the OS

[4of12]

Unfortunately there isn't a program to stop the user being stupid.

True enough. But then it is easier to modify applications and their design than it is to modify human beings and their design (well, at least for now...)

Sometimes products are distributed that haven't been thought out well enough to consider the stupid user problem.

In this case, "convenient features" about Outlook running attachments is colliding with user stupidity, gullibility, etc. [It's like stories of "free baseball night" at the ballgame - "fans" started to throw their free gifts onto the field when play got boring. Somebody wasn't thinking far enough ahead.]

While Outlooks ubiquity might exacerbate the problems that Outlook users experience, other mail clients do not seem to have as many problems as Outlook does and certainly not as widespread an impact.

Careful product design can mitigate the unavoidable problems of "stupid users in a cruel world".

Re:Perhaps It Belongs in the OS

[Suppafly]

Do you think the guys at Valve were stupid?

Well since you asked. Yes.

Re:Perhaps It Belongs in the OS

[Precipitous]

Note that they aren't selling the anti-virus as part of the OS. In fact, the article states that they won't even bundle it with the OS.

At any rate, besides the technical considerations of where anti-virus should lie, there are business considerations. Hopefully the AV folks will sit in the building next to the OS folks, so that they can walk across the street and complain about the vulnerabilities.

On the other hand, maybe they'll start creating new OS vulnerabilities, that only MS AV will protect against ...

Re:Perhaps It Belongs in the OS

[slasher999]

Well, Microsoft released VSAPI and VSAPI2 in Exchange for this purpose, kind of. Vendors can use these API's to scan email messages that are in the store (the Exchange message database) and disinfect them. Instead of incorporating the functionality of a AV product into the OS, I'd rather see VSAPI improved (specifically to allow deletion, and some performance enhancements, although performance issues maybe more related to the AV products) and something like it included at the OS level to improve the file disinfection/deletion/quarantine functions of existing products.

Re:Perhaps It Belongs in the OS

[stilwebm]

That works until everybody cries "anti-trust!" Damned if they do, damned if they don't. There's a lot of lightening up that needs to happen.

I agree for the most part. Microsoft bought Central Point Systems in the 1990s to integrate Scandisk and Central Point's antivirus scanner (msav) with DOS, but other file system checkers continued to work well and differentiate themselves. As long as Microsoft doesn't keep Symantec, McAfee, et al., from having access to APIs necessary for them to continue their own innovations in Virus Scanning, they will likely innovate features to make some users prefer to buy their product instead of buying Microsoft's. Remember, Microsoft will not be bundling it in with the OS. The problems come when Microsoft strong-arms OEMs to bundle it, especially if they use price pressure to encourage exclusivity (see also MSN vs. AOL, Windows Media vs. Real Player, etc.).

Re:Perhaps It Belongs in the OS

[Blublu]

While Outlooks ubiquity might exacerbate ...

I'm sorry, what???

Re:Perhaps It Belongs in the OS

[Alien54]

Careful product design can mitigate the unavoidable problems of "stupid users in a cruel world".

Two Buttons:

Do What I Say
Do What I mean

Sounds simple enough to me

Re:Perhaps It Belongs in the OS

[Shwilmo]

uhh, they left their source code on almost completely unprotected computer systems connected to the internet. All they needed to get at the source code was a password. So yes, that is pretty stupid.

Re:Perhaps It Belongs in the OS

[silicon+not+in+the+v]

Unfortunately there isn't a program to stop the user being stupid. No matter which e-mail client is used, they all allow attachments, and without a virus scanner screening those attachments, computer illiterate users are going to get virii.

That's one of the best reasons to use something like Yahoo instead of a separate email client. It won't let viruses come in through attachments. When an email has an attachment, the link is to "Scan & Download attachment". It automatically scans first, and if there's a virus found, it just won't let you download it. I think you could get the emails unscanned with POP access, though.

As to this MS virus scanning software, it seems this could easily violate their court issues for anti-competitive behavior(yeah, like enforce that anyway). I guess by selling it completely separately, instead of including it in Windows, they can say that they are competing on an equal footing. It would still seem though, that they have an unfair advantage in knowing how the operating system works more in depth than their competitors. Don't you think there's going to be some information sharing between the Windows dev team and the AV dev team?

Re:Perhaps It Belongs in the OS

[mandalayx]

You're right. There could be a conflict of interest here. Sadly, if you think about it, this is really nothing new. Hang onto your tinfoil hats for a second.

The fear is that MS will simply not work hard to make their OS secure from viruses, thus generating demand for their associatd virus scanner. In a competitive market, consumers would probably switch OS's, but we have the monopoly and such.

But listen to this analogy. Suppose you sell a software product. You want to make more money. So you simply leave out some functional parts of the product and sell it as an additional product--or service.

Isn't that what some companies are doing? Selling software and making money on the service. One can even sell software as a loss leader and make all the money back on the service (see razors and razor blades by Gilette).

Re:Perhaps It Belongs in the OS

[pediddle]

My first day at the University of Washington they packed all the freshmen into an indoor arena for orientation. They also gave all 4000 of us gift bags that included frisbees. I don't need to say what happened next.

College students are stupid enough, and when it comes to computers, most people that use them in their workplaces are even stupider. That said, I agree with you completely that the simplest solution would have been to not give us frisbees in the first place.

Re:Perhaps It Belongs in the OS

[Long-EZ]

wouldn't there be internal pressure to make the OS "not as secure" so they can get additional money from their customers?

You mean Microsoft could actually made Windows LESS SECURE? Holy crap!

What would it do? Network with your security system, wait until you're gone, unlock the doors to your house and use the outside speaker to blast an invitation for burglars to get free stuff?

Re:Perhaps It Belongs in the OS

[westlake]

Outlook and Outlook Express do not let you open attachments by default. This was fixed about two years back, and it is about time that Slashdot took notice.

Re:Perhaps It Belongs in the OS

[craXORjack]

While I'm not certain that I completely trust Microsoft on this, it might make sense to have the antivirus scanner as a part of the OS.

It is widely suspected the authors of many viruses work for the antivirus companies or own stock in them. Imagine if Microsoft bundled antivirus with the OS which would eventually put McAffee and NAV and others out of business like so many others in the past. The virus writers, whoever they may be, could make Microsoft look stupid by releasing threats tailored specifically to attack machines loaded with MS AV. This is one case where it is more difficult for MS to choke off their competitors air supply.

Re:Perhaps It Belongs in the OS

[slimak]

I STILL cannot understand why it is wrong for Microsoft to release products the compete with existing software. Sure they can have the advantage of knowing more about the OS but tough, they wrote it and marketed it. Putting aside all bias against MS, it seems to me that they should be able to sell/bundle/etc whatever software they want as long as they do not explictly forbid competitor software from executing.

Are Honda engineers allowed to used design information (such as dimensions) when creating additional trim lines or must they "figure out" how to make things fit? (I assume the former, but don't know first hand). Sure there are aftermarket parts that complete with these -- does honda have to share designs with them too?

I am not MS fan or foe, but I know that if I ran things over there my only response to all this would be: "Fine, you don't want competition, then we are discontinuing ALL MS products. Bill has enough money. All you Windows users enjoy XP because you're stuck with it."

Maybe it's the law, but I just don't follow.

Re:Perhaps It Belongs in the OS

[Dog+and+Pony]

Where to begin? Code available via internet, running outlook, not firewalled (enough), not patched (enough) and the list just keeps on going.

Nah, it would be all too easy to answer that question.

Re:Perhaps It Belongs in the OS

[SillyNickName4me]

Outlook still allows running attachments, it is just an extra click to confirm you want to do it really.

The problem with this is that people are too used to clicking yes when asked and will do so here as well.

The only solution is to not allow it at all and to have people take very conscious and specific actuions (which preferably also demand knowing what they are doing before even being possible)

Inserting another click is not a solution. Requiring the user to think does go a long way to solving this.

Thunderbird at least requires you to save it to disk and run it outside thunderbird if it doesn't have a handler defined for a file. It wont allow you to run a random program with the file or run the file itself.

Re:Perhaps It Belongs in the OS

[Sloppy]

No matter which e-mail client is used, they all allow attachments, and without a virus scanner screening those attachments, computer illiterate users are going to get virii.

An email client doesn't need to make executing foreign content so easy and transparent, though. Running a trojan should be harder than clicking on an icon in the attachment list. It should require that the user save the attachment, tell the OS that it's an executable program, and then tell the OS to run it. Automatically launching a trojan inside an email just because the user clicked it, is really weird.

If they are going to keep that horrible UI, then the least they can do is have the subprocess run executables as a nobody-user or otherwise sandbox it where it can't do much harm.

You can write a program that makes it harder to be stupid. Go ahead and write a Linux program that printfs "Ha ha, got you", attach it, and send it to yourself. Now read that email with pine or elm or even Sylpheed. Now look at what all you have to do, to run it. The difference between what you experience in this experiment, vs what an MS Outlook user experiences, shows exactly what Microsoft did wrong.

To fight trojans at the OS level, I would add something like a "potentially hostile" attribute to filesystems; something like "setuid nobody". Internet apps should save things with that bit set, and process loaders and viewer apps should take it into account when loading content, and automatically sandbox themselves. Hostile macro in the word processor document that somebody emailed you? No problem, that process isn't running with all the same capabilities that the user has.

Re:Perhaps It Belongs in the OS

[SillyNickName4me]

> I STILL cannot understand why it is wrong for Microsoft to release products the compete with existing software.

In itself there is nothing wrong with that.

What is wrong is:

1. Using their monopoly in operating systems to give themself a technical advantage.

2. Using their operating system monopoly to give themselves a market advantage (by for example bundling it with their OS)

Why?

Because both result in it being impossible to compete with them, and as a result prevent competition. It is called anti-competitive behavior, and it is illegal if you have a monopoly already. Not having that illegal would mean allowing mega-corporations that determien every aspect of life and that are unchallangable.

So, while they may enter other markets, they may only do so without using their OS monopoly.

Re:Perhaps It Belongs in the OS

[westlake]

In OE: Tools>Options>Security>Virus Protection. Not that well hidden, actually. OE6 posts a warning which is kinda hard to miss as well: "OE removed the following unsafe attachments."

By default, OE6 also warns you when applications attempt to send e-mail in your name.

Re:Perhaps It Belongs in the OS

[PlazMatiC]

Outlook still allows running attachments, it is just an extra click to confirm you want to do it really.

Not quite correct. In recent versions of Outlook, executable attachments cannot be opened or saved without messing with the registry. There is nowhere in the configuration interface to alter this behaviour. While I personally find this extremely irritating, I can understand why Microsoft has done it. Much of the bad publicity they get regarding security is caused by users not taking proper measures to protect themselves.

Yes, there are security vulnerabilities in Microsoft's products, but there are also many vulnerabilities in various versions of Samba, OpenSSH, Bind, Sendmail, and many other software packages that are installed on Linux systems. Open Source evangelists seem to have no problem spreading their own FUD about Microsoft software when it comes to security. Take the quote from this article as an example:

My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?

Microsoft does patch their OS quickly. The only problem is that many many people don't install the patches they provide. The vulnerability that CodeRed exploited was patched three months before the worm was released. The only reason it caused so many issues was because of incompetent Windows sysadmins.

Linux is no more secure than Windows. I'm sure if you added up all the vulnerabilities in Windows 2000 and compared them to a list of vulnerabilities in all the software on a standard Linux distribution of the same age, Linux would have at least as many as Windows. The only reason Linux doesn't have the same bad reputation as Windows in terms of security is because there are many less Internet-facing Linux machines around, and the owners of the existing Linux machines are, in general, more competent than those of the Windows PCs. As Linux becomes a more accepted desktop OS, there will be worms attacking Linux machines, and its "secure" reputation will dissolve. Make sure you're ready for it, because it's not going to be pretty.

Disclaimer: I use Linux and Windows at home. I like them both, and I feel they both have their own advantages and disadvantages. I've got no problem using Linux, Windows or DOS for a task if it's the best tool for the job.

Re:Perhaps It Belongs in the OS

[Mudcathi]

Unfortunately there isn't a program to stop the user being stupid.

Clippy tried; alas, Clippy was even more stupid than the damn users.

Re:Perhaps It Belongs in the OS

[vsprintf]

While Outlooks ubiquity might exacerbate ...

I'm sorry, what???

He said, "While Microsoft's desktop monopoly and inattention to security has screwed its own users . . ." But he was being polite about it. HTH.

Re:Perhaps It Belongs in the OS

[tupps]

Last time I looked the latest version of office still can run on windows 98, or are the MS Office team working on Office 2010 and get tweaks they need put into Windows XP? I beleive that the office team is in exactly the same position that OpenOffice is (except OpenOffice is multi platform). I can see the people building utility apps (eg windows movie maker) for windows XP being able to get a tweaks added to the windows code.

Re:Perhaps It Belongs in the OS

[SillyNickName4me]

> Not quite correct. In recent versions of Outlook, executable attachments cannot be opened or saved without messing with the registry

Thats helpfull, tho for what I can see, this only works for new installations. At any rate...

> Microsoft does patch their OS quickly. The only problem is that many many people don't install the patches they provide.

While we can argue about if they do patch fast enough, you are definitely right about users not installing their patches.

When comparing Microsoft today to Microsoft 5 years ago, they have made a giant leap when it comes to security. That said, none of their systems was designed to be used by multiple users simultaneously, and the results of that are still deeply embedded in their designs.

> Linux is no more secure than Windows. I'm sure if you added up all the vulnerabilities in Windows 2000 and compared them to a list of vulnerabilities in all the software on a standard Linux distribution of the same age, Linux would have at least as many as Windows. The only reason Linux doesn't have the same bad reputation as Windows in terms of security is because there are many less Internet-facing Linux machines around,

First of all, I'd like to see some statistics on that because I strongly doubt there are more vulnerabilities.

But regardless, your statement is not true. The first reason for Linux being more secure is a stricter seperation between what is considered kernel and what is not.

This doesn't mean Linux or any Unix variation is flawless, they have their own problems, and one of the big ones is still privilege escalation due to setuid binaries/scripts.

Such bugs being exposed to remote attackers however happens a lot less often.

Because Linux and Windows mostly get used in different ways, its kinda pointless to really compare numbers anyway.

If you'd want to look at a situation where things compare a lot better, I'd look at IIS and Apache. While Apache's marketshare is bigger, IIS does have a substantial market, and in many cases they are in direct competition with eachother.

I'd really suggest looking at actually compromised machines over time for those two.

What I do know is that despite IIS having a smaller marketshare, the majority of exploit probes that I get in the logs of my webserver are IIS related.

> As Linux becomes a more accepted desktop OS, there will be worms attacking Linux machines, and its "secure" reputation will dissolve. Make sure you're ready for it, because it's not going to be pretty.

While often brought up, the marketshare argument doesn't match reality at all.

Besides the Apache/IIS example above, I suggest lookign at for example the Amiga platform.

While it has a fanatical group of followers still, and had a much larger group of followers in the late 80s and early 90s, it has never had a marketshare of any significance outside some niche markets.

Yet, viruses and malware are a substantial problem on this platform, and both had reached a maturity level that the PC equivalents took quite a few years to catch up with.

The Amiga platform also contains a few features and was surrounded by a culture that make it extremely vulnerable for particular kinds of malware, esp. bootsector infecting viruses. Disk images and disks being the primary way of exchanging software being a large factor in that.

At any rate, a platform needs to have enough users to allow any kind of succesfull virus or trojan, but beyond that popularity seems to be a minor factor, and ease of infecion seems to be a much larger factor.

Re:Perhaps It Belongs in the OS

[milkman_matt]

Because both result in it being impossible to compete with them, and as a result prevent competition. It is called anti-competitive behavior, and it is illegal if you have a monopoly already. Not having that illegal would mean allowing mega-corporations that determien every aspect of life and that are unchallangable.

I agree with you, but where do we draw the line? I think this would be a GOOD thing to integrate into the OS at the system level. Sure there's a problem with it due to the fact that Symantec and McAfee and all of these companies sell AV software already. What if they didn't sell it yet? and MS beat them to the punch. Would it be anti-competitive for MS to embed AV software into their OS if no AV software existed yet? In this case it may be a case of taking a good, much needed idea, and putting it where it belongs, in the OS. True, in any fairness they'd probably have to buy out every AV company in existance and hire them on, which would never happen... But this is a real problem. AV works great as is, but I think it could work greater, and eliminate a major percentage of virus threats on the internet if it were built into Windows, and used to eliminate any virus threat on the system. Maybe get ad-aware in there too, heh ;)

-matt

Re:Perhaps It Belongs in the OS

[|<amikaze]

When they go to open the attachment called "Jennifer XXX cool.jpg.pif", what do you think they actually mean? Show me some porno! What do they get? Viruses.

Are we going to integrate some kind of porn finder into Outlook, just to keep the users safe?

Re:Perhaps It Belongs in the OS

[jtosburn]

Are you kidding? Why do I have to buy a more recent version to fix gross negligence in a product I've already paid for?

And then when I do buy the upgrade, I'm still vulnerable to all those IE exploits that only require one to even preview an evil html message. Sure, if I slavishly keep Windows updated, I can sort of stay ahead of that curve, but Christ! it's never ending! If I do buy the upgrade, I could turn off html rendering completely, but can I convince my boss to do likewise? Why should I have to? There is absolutely *no reason* why html email can't be safe to just view, but MS is apparently unable to make it so.

The real solution would involve Outlook only executing 3rd party code in a sandbox, but MS sees this as a loss of functionality rather than a benefit.

The other real solution might involve re-writing IE, or allowing user specified 3rd party html rendering engines to perform any given Windows required html rendering! Hey imagine that, if you could plug gecko or Opera in there, the problem would vanish. Competition would help keep everyone sharp. /end pipe dream

Oh well.

Re:Perhaps It Belongs in the OS

[OmniVector]

heh that reminds me of a skit from upright citizens brigade.

Baseball park owner: "Last night's marshmallows and lighters night didn't go so well. we didn't see that coming, really. That's why tonight is socks and oranges night! There's nothing harmful people can do with socks and oranges."

Re:Perhaps It Belongs in the OS

[OmniVector]

if a virus can spread that requires users to unzip a password protected zip attachment, then run the executable do you have any hope whatsoever for operating system or anti-virus companies to solve the social engineering problem of email viruses?

nothing short of education can fix these problems. until the day where johnny and sue come home from school and tell me about their virus/malware avoidance class today at public school the problem is going to be simply too wide spread to combat. it's not that far fetched. i imagine in 10-15 years computers will be so important to everyday life that it will be an utter necessity that kids know these sorts of things or else the web/computing environment will become unusable.

Re:Perhaps It Belongs in the OS

[DA-MAN]

In any case OpenBSD has an 8 year track record now: 1 remotely expolitable hole! Windoes cannot match that. Yes there are some gotchas, but it you upgrade your machines when OpenBSD does a major release, something they plan well in advance, you should be safe.

That's why I use DOS, it's track record is untouchable even by OpenBSD. It's got 0 (count 'em, 0) remote root exploits in over 20 years!

Re:Perhaps It Belongs in the OS

[xsupergr0verx]

Are you comparing apples to apples?

No you Mac zealot, they are comparing Windows to Linux.... sigh..

Don't hurt me, it was a joke.

Re:Perhaps It Belongs in the OS

[bergeron76]

You said: Outlook and Outlook Express do not let you open attachments by default.

You meant: Outlook XP and Outlook Express XP do not let you open attachments by default.

Unfortunately, it will take several years until those versions become the "most prevalent on the internet" versions. Let's see - 2 years ago means that anyone running Office 2002 or prior is a virus-factory.

Re-post this same message in about 6 years when you can convincingly say that "Outlook" [generically] does NOT let you open attachments by default. I dare surmise that the vast majority of Outlook users are NOT running Outlook XP.

Re:Perhaps It Belongs in the OS

[1u3hr]

- however, one thing that would be nice to have built into the system itself, is anti-virus.

Bad idea -- single known point of failure. One exploit of that (after MS has put all the other commercial AV products out of business) and the next successful virus owns the whole fucking Internet.

Re:Perhaps It Belongs in the OS

[lpontiac]

The problem with this is that people are too used to clicking yes when asked and will do so here as well.

And I think this is a result of programs just asking too many stupid questions, the result of an application design process that goes something like this:

Developer 1: What should we do here?

Developer 2: I don't know.

...

Developer 1: Hey, let's just let the user decide!

Developer 2: Yeah, fuckit, if it's wrong, at least this way it's the user's fault, not ours.

When you installed the first version of iTunes for Windows, it would ask you whether you wanted iTunes to rearrange all of your music files on disk. So many people blindly clicked 'Yes' and then screamed murder when iTunes went ahead and destroyed their finely tuned music directory structure, replacing it with iTunes' own.

Perhaps if your average Windows user wasn't continually confronted with poorly worded and needless questions, there'd be some change of them actually reading each one and responding intelligently.

Re:Perhaps It Belongs in the OS

[Kindaian]

I STILL cannot understand why it is wrong for Microsoft to release products the compete with existing software.

The problem is not that they produce another product.

The problem is that they profit from the flaws and bugs in one product to sell the other!

Why patch the OS if we can delay the patch for 2 months and add a detection system in the weekly update of the anti-virus (and make a marketing campaign to raise more subscriptor to the virii info updates)...

I would think that there is some liability in there if that scenario happens.

Bonus karma

[SeanTobin]

10 bonus karma points for the first person to write a worm that exploits a vulnerability in Microsoft's AV software!

Re:Bonus karma

[Coneasfast]

10 bonus karma points for the first person to write a worm that exploits a vulnerability in Microsoft's AV software!

you say this as a joke, but seriously there are going to be some losers out there who will attempt to find, and exploit vulnerabilities in their AV app.

i think MS is making a big mistake and should leave the virus software to 3rd party developers.

Re:Bonus karma

[1010011010]

Extra 10 bonus points on top of that if the virus also deletes the Product Activiation data!

"Hello? Microsoft? I need to re-activate Windows and my anti-virus software so I can clean out this virus..."

Re:Bonus karma

[fred_sanford]

10 bonus karma points for the first person to write a worm that exploits a vulnerability in Microsoft's AV software!

MS beat us to it. It's called Outlook.

Re:Bonus karma

[mindfucker]

You say this with the assumption that Microsoft's goal is to keep their customer's computers safe, but it's not.

Their goal is the same goal as any monopolist: makeing you completely dependent on them so that it's more difficult to switch to a competing product. Once you understand that you can begin to understand the rest of their actions.

Business Lesson 101

[stecoop]

what makes them think they can keep their AV software up to date?

It just goes to show you that business isn't about who's right or who's wrong but who can make it sound good.

Re:Business Lesson 101

"Relax, everyone... The vulnerabilities in Windows are all by design. However: No Windows installation is complete without MSAV, included free with the Windows XP Useable Edition Plus Pack. Only $799.75!"

For awhile now, I've heard Windows-only n00bs mention how great the disk defrag utilities in Windows are, and how Linux sucks because it doesn't have things like that (Never mind the fact that MS filesystems seem to be the only ones that need regular defragmentation). I'm sure that at some point I'll hear something along the same lines about AV software: "Microsoft makes better AV software for protecting Windows against its own bad design than Microsoft's competitors do. MS is great. Yay!"

Re:Business Lesson 101

[peragrin]

Sure just like the last major virus outbreak. The patch was there but you couldn't install it without breaking your non MS apps. Databases, servers, and desktop tools stopped working when the patch was apilied. To top it off it also redid MS networking password file so if you were smart and running Samba on a Linux box for your server, you couldn't apply the patch because you couldn't network any more with your servers.

Now Breaking the Network protcol is something MS can do, but it sucks when security is your priority so your servers are different than the desktops,(meaning a virus can attack one but not the other) Now you can't apply any patches without breaking something useful.

Re:Business Lesson 101

[Grrr]

In every case where there has been a problem with Windows security, it's been AFTER they released a patch for the vulnerability. Every one!

- "Microsoft issued a software patch, MS03-032, on Aug. 20 that was supposed to fix the problem. However, that patch failed to close the hole on Windows machines running Internet Explorer Versions 5.01, 5.5 or 6.0.
On Sept. 8, Microsoft acknowledged problems with the MS03-032 patch and promised to issue a fix as soon as possible. Since that time, no changes have been made to the MS03-032 patch. In the succeeding weeks, hackers moved quickly to take advantage of the company's slow response." ( Computerworld.com )

- "Two vulnerabilities have been reported in Internet Explorer, which in combination with other known issues can be exploited by malicious people to compromise a user's system.
1) A variant of the "Location:" local resource access vulnerability can be exploited via a specially crafted URL in the "Location:" HTTP header to open local files. ...
2) A cross-zone scripting error can be exploited to execute files in the "Local Machine" security zone.
Secunia has confirmed the vulnerabilities in a fully patched system with Internet Explorer 6.0. It has been reported that the preliminary SP2 prevents exploitation by denying access.
Successful exploitation requires that a user can be tricked into following a link or view a malicious HTML document.
NOTE: The vulnerabilities are actively being exploited in the wild to install adware on users' systems." ( Secunia )

- "The flaw, which is different from RPC DCOM flaw that spawned the Blaster and Nachi worms, makes Windows XP and 2000 servers vulnerable to denial-of-service attacks because of a multi-threaded race condition that exists. A remote attacker could crash the RPC service simply by sending multiple RPC requests. The vulnerability occurs if two threads process the same request, thereby corrupting memory.
Microsoft still has not released a patch for the flaw, leaving nearly every Windows XP and 2000 system exposed to potential exploits. Microsoft may, however, be preparing an all-encompassing RPC patch that would address this issue and previous flaws surrounding the network service, said Gerhard Eschelbeck, chief technology officer with Qualys Inc., at RSA Conference 2004. RPC is a protocol that one program can use to request a service from another program located elsewhere on a network." - ( searchsecurity.com )

- "Attackers are taking advantage of a security hole in Internet Explorer not immediately patched by Microsoft
Security experts have warned that a vulnerability that has apparently been left un-patched by Microsoft is being exploited by attackers "in the wild".
The "object type" vulnerability, which was first acknowledged publicly by Microsoft on 20 August this year, allows an attacker to take control of a system by embedding malicious code in a Web-page. If the Web page is viewed by an Internet Explorer browser - even a fully patched browser - the malicious code embedded in the Web-page will execute, experts say. Despite Microsoft acknowledging the patch doesn't work, it evidently has not yet issued a working fix for the vulnerability.
US-based information security company iDefense released a statement over the weekend claiming the vulnerability is being actively exploited "in the wild".
"Whether you are patched or not, attackers can execute code on your computer at will when you visit a hostile website when using vulnerable versions of Internet Explorer," the statement read.
The relevant Microsoft bulletin was issued on 20 August and last updated on 8 September." - ( ZDnet - but then again, you didn't say "...after

paranoia mode enabled.

[garcia]

Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows.

So? The same thing that happened to WordPerfect is likely going to happen to NAV.

I am more afraid that MSFT will purposefully allow holes to exist in its OS so that more and more people will buy their AV software. Perhaps that's a bit paranoid but I certainly wouldn't put it past them.

Re:paranoia mode enabled.

[Carnildo]

I am more afraid that MSFT will purposefully allow holes to exist in its OS so that more and more people will buy their AV software. Perhaps that's a bit paranoid but I certainly wouldn't put it past them.

You mean like they don't already purposefully allow holes to exist in the OS?

Re:paranoia mode enabled.

[hawkbug]

Exactly - I can see it now:

"There are 10 new holes in Windows XP - but the patches won't be out for weeks, so you'll need to buy the latest AV software from us to protect against it until the latest updates are out."

the illusive second step

[jimi1283]

1) make crappy software with holes in it like swiss cheese
2) sell antivirus software
3) PROFIT!!!

Re:the illusive second step

[Gaewyn+L+Knight]

Sure does present a MASSIVE conflict of interest issue. Let's see... a monopoly... selling stuff to guard their own product from defects.

Reminds me of the Dilbert with the bonus for finding bugs and the comment is "I'm gonna write myself a minivan!"

Re:the illusive second step

[swiftstream]

2.5) Make AV software recognize competitor's software as virus:

"Warning: Microsoft AV 2004 has identified wordperfect.exe[1] as a possibly dangerous or subversive program. If you would like MSAV2004 to remove this program, please click [Remove]."

[1] Ok, so that isn't actually the name of the program. Sue me.

Integrated AV

[CommanderData]

Maybe Microsoft should just fall back onto it's old standby technique- buy the company. Purchase Symantec and integrate the Norton Anti-virus product directly into the Windows OS!

It would make the net a safer place for the rest of us if they did so...

Re:Integrated AV

Perhaps if we built a giant wooden badger....

Ummm

[Gaewyn+L+Knight]

Is this a little like:
"Dr Kevorkian... Heal thyself"?

Extortion?

[davebarz]

Sounds like extortion to me.

They make a buggy OS with holes for viruses, and then require consumers to purchase their own AntiVirus to patch them. This removes motivation for producing a secure operating system because the worse their OS software, the more people will buy their AntiVirus product.

It seems like they're trying to figure out a way to charge for bugfixes and incremental updates to their security model, but instead of just selling those fixes like Apple (10.0, 10.1, 10.2--which I understand also have lots of new features), this model actually discourages production of good product in the first place.

Basically, the question must be asked: If they have the capability to provide such a product which tacks onto Windows, why can't they just incorporate it into Windows and make it part of the OS?

Re:Extortion?

[krem81]

Is Microsoft sticking a gun to your head requiring you to purchase their AV software? If not, then your post is just another anti-MS rant without a real point and full of buzzwords.

Re:Extortion?

[NanoGator]

"If they have the capability to provide such a product which tacks onto Windows, why can't they just incorporate it into Windows and make it part of the OS?"

Are you serious? If MS did that, the anti-virus companies would cry "anti-trust!" You all demand better security from Microsoft, they try to provide it, and the pitchforks come out.

Re:Extortion?

[shystershep]

It would be too bad if something were to happen to this here computer, wouldn't it Rocky?

Why, it sure would, Guido. That's an awfully nice computer. It would be a pity if someone were to, say, surf with IE on it, or open attachments in Outlook, wouldn't it Guido?

Or even Outlook Express, Rocky.

Hey, now -- that's going a little too far. I do got standards, you know? No women, no kids, and no using Outlook Express.

Re:Extortion?

[nine-times]

I agree that it sounds a bit like extortion. I think the primary point here is that this shouldn't need to be an additional product. Most virus/worm/spyware problems come from bad security design or security holes in the OS. It's like a boat-maker selling you a brand-new boat that, because of a design flaw, floods when you put it in water, and then that very same boat-maker offering to sell you a kit to water-proof your hull.

With any product, if the original manufacturer knows of a serious design flaw that will cause their product to cease functioning, they should fix it. By Microsoft creating AntiVirus software, they are admitting that they have the technology to make their product function properly (securely), but they are going to continue, purposefully, to sell a defective product, so that they can then sell you the fix at an additional price. It's seriously outrageous.

They did this already

[z_gringo]

They used to sell their own anti-virus software, but then they left that market because they felt it was best to focus on their core products, and that other companies who specialized in anti-virus software were better equipped to sell that kind of software.

What has changed since then to make them want to get back in the game?

Re:They did this already

[+CipherDemon]

What has changed since then to make them want to get back in the game?

The bought out an AV company. It was GeCAD, a medium-sized vendor that provided the market's current 'best solution' in terms of price, quality, and reliability for *nix networks. They both acquired AV technology and removed a key market stronghold for the *nix community. Go here for more info.

Re:They did this already

[TheSpoom]

Mwehehehe... I remember that. MSAV was like THE most buggy DOS TSR in existence. Although FASTOPEN (DOS command to irreperably damage all the files on your HDD in one step) was probably worse :^D

Re:They did this already

[mpaque]

What's changed?

The revenues of the anti-virus companies have grown significantly. Symantec (SYMC) has FY2004 revenue of US$1,870 million. Just 5 years ago they had revenue of US$632.2 million.

A triple in revenue, above the billion dollar mark, is enough to get even Microsoft interested. They are not inclined to leave money on the table. Selling an anti-virus program, particularly with the now-popular subscription model, is an easy way to add revenue.

"Anti-virus program as a separate product from Win

[Mz6]

This might be one of the things that they SHOULD integrate!

Whew.. OK, I got that out. Mark me as flamebait or troll if you want, but this should be integrated with Windows. Of course, not everyone will agree, but hear me out first. First, let's put aside the comments that they should build more secure software and that they should be more focused on security than features. The problem is that it's already created and we have to deal with what we (and the 95% of others using Windows) have and not what should have been. The reason why it should be integrated is because if it's being developed by Microsoft, for their own OS, you would imagine that they might have a small niche into what these viruses are going to do and how they would affect the OS. They created the OS, they know the code behind it, and could possibly help prevent more of the "stupid" users who open the email with the "cute" bears. Let's also assume that the AV software was well built with a few minor security bugs that are easily fixable (I said ASSUME :)).

Since Windows has reached market saturation, we really do have to think about the people outside of /. that are not as informed as us. They don't know about certain viruses or worms unless it's on CNN and they are ones to infrequently update the OS (and AV definition files) because they don't see anything wrong with the way it's running now. Virus protection needs to be something that's seamless to these users because they just don't know any better.

*Awaiting flame responses....*

Re:A part of the OS

It started with the browser, and it will continue until slashdot itself is considered part of the os.

Re:A part of the OS

[Stargoat]

But that would leave Microsoft even more vulnerable to being sued when holes were found in the OS. A virus that hits because both the OS and the Anti-Virus software were defective and made by the same company? It sounds like a lawyer's wet dream.

Too easy to say this

[AsparagusChallenge]

Conflict of interest.

Will the projected earnings from AV division affect security choices?

Re:A part of the OS

[strictnein]

Ahh! You didn't even read the whole news post! MS isn't going to bundle this!

It's not that you didn't RTFA... I mean... all you had to do is read another sentence or two:

Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash (chief of Microsoft's security business unit) said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows.

IIRC

[foidulus]

Microsoft actually made an anti-virus programs back in the days of DOS/Win 3.11. My first computer came bundled with it. However, the only virus I ever got back then(Doom2 death), it couldn't remove. Though it did alert me to the fact that the files grew by 666 bytes(they don't write 'em like they used to, do they). It also had this nice little 16 color doctor you could watch as your files were being scanned.

Re:IIRC

[ALecs]

Central Point, actually. MS re-packaged a lot of Central Point's software - from PCTools 8 or 9 I think.

Off the top of my head...

[seizer]

...I can't think of any vulnerability that was widely exploited before Microsoft issued a patch for it. They've usually been fairly prompt in releasing patches to vulnerabilities they're notified of, and those which they discover in house.

That's off the top of my head, the best way to post on Slashdot :-)

Other news...

[FyRE666]

In other news, Benson and Hedges plan to open their own crematorium franchise; "You go out smokin'!". Rumours also spread of plans by Mc Donalds to open a gymnasium adjacent to each grease restaurant, and Darl Mc Bride, Steve Balmer and Steve Jobs to co-author book entitled "Altruism: The secret to success!! (subtitled: Empowering your workforce with kindness)"...

Re:Other news...

[jafac]

. . . in other news;
Former Oil Company Halliburton executive, now US Vice President lobbies to start a destabilizing war causing oil markets to fluctuate.

Extremely Wealthy President pushes through tax cuts which disproportionately reward the extremely wealthy.

. . . ah, screw it. I could go on all day about these two, but I just don't have the heart anymore.

Seperate, until...

[Alizarin+Erythrosin]

Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows.

They'll keep it seperate alright... until it's been out for a while and they don't gain any market share away from competitors. Then it'll be silently built in. There, but not enabled. Then it will be enabled by default, but with the ability to disable it. Then it will be so "tightly integrated" with the OS that you can't turn it off or your computer "will not operate properly"!

Hey, it could happen... and has with previous products.

Re:Seperate, until...

Will you need to run Windows Update to download new virus defs? Will you need a PassPort account? Will it scan pirated copies of Windows? Will it phone home with a list of s/w on your machine? hmmm.....

That's been the real plan all along....

[tktk]

1. Create a fertile ground for viruses with Windows.

2. Sell anti-virus software that 'somehow' works the best.

3. Take over the world.

Re:A part of the OS

[`Sean]

Microsoft is developing software to protect personal computers running Windows against malicious software

So, what, it deinstalls Windows for you?

Re:A part of the OS

[1010011010]

Microsoft said that it would sell its anti-virus program as a separate product from Windows ... "for now."

There, is that clearer?

About time!

[Carnildo]

Just for the record, Microsoft produced an antivirus program back in the DOS 6.2/Win 3.1 days. I, and many other people, wondered why they stopped when they released Win95.

Re:About time!

[NullProg]

Marketing/Gates killed it. If you recall, MS stated Win95 didn't rely on DOS (Remember DrDos?). DOS was dead and therefore no reason to have a DOS based anti-virus scanner. This was the justification for selling Win95 at $80 vs $40 for Win3x. Microsoft did everything in it's power to distance Win9x from DOS.

Enjoy,

Logical Fallacy...

[bcs_metacon.ca]

There's a problem with the idea of them selling the AV software separately from Windows... they always claimed that they had to bundle IE because browsing the web was an integral part of the OS experience... well... when you're talking about Windows, having AV software & keeping it up to date is even MORE of an integral part of the experience than web browsing!

Isn't that a conflict of interest?

[thisissilly]

I would think the more holes for viruses they leave in their products, the more anti-virus software they can sell...

Trust issues?

[MoonBuggy]

Surely if they demonstrated that they made an OS vulnerable to the virus of the day, why should they be trusted to make the software that protects against/fixes said virus?

There are also definite shades of Dilbert here, where the employees who write the software are paid for every bug they remove from the software. It sounds outlandish but MS have demonstrated some pretty evil business practices; might it be possible for them to put a vulnerability into Windows that allowed viruses which could only be combatted by MS Virus Scan - it could be done in a way that means Norton or McAfee could be slapped with the DMCA if they knew the encryption to access the bit of Windows affected by the virus, but it would be a triviality for the virus writer to break said encryption since they're not worried about the law. </tinfoil hat>

Re:Trust issues?

[happyfrogcow]

Another trust issue:

Will it consider software in directories that have a GPL license to be a virus?

Will it consider the device driver i wrote for an old graphics card to be a virus?

Will it consider IBM's web based office productivity suite a virus?

in italy we call this mafia

[Simon+(S2)]

you buy protection from the same people you have to be protected from.

Re:A part of the OS

[ImpiousPunk]

Like all "Great" Microsoft products, they didn't develop anything. They bought someone up and slapped their name on it. http://www.ravantivirus.com/

Holy Shit

[mrpuffypants]

This discussion need a fucking tinfoil Turban over it. Get ready for your conspiracies, folks!

You just need the right OS

[missing000]

Microsoft has had a couple of secure OS's out for years

Pressure for updating AV software

[mshultz]

My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?"

... Because there's a lot more pressure to keep AV software updated as fast as possible. If a user is not happy with the way Norton manages their AV updates, they can switch to McAfee with little inconvenience. But Microsoft is under no direct threat if they wait an extra day, delaying an OS patch, since switching operating systems is a much more serious undertaking.

Microsoft clearly has the resources together to put together a good product- look at Office, for example. They're not idiots, and I'm sure they realize the urgency of issuing timely AV updates. If they made that one of their priorities, they could probably do a very good job at it.

Re:A part of the OS

[xarak]

All we need to do now is to prove they include SCO code in their AV, and there'll be more than one set of sheets to clean!

Re:"Anti-virus program as a separate product from

[JVert]

At CES Bill hinted that they were working on anti-virus software but implied it would be a part of the operating system. Could you imagine the crowd turning on him if he said you have to buy one product from microsoft to run your machine and another product to secure it?

Re:This is actually a good thing

[Carnildo]

If Microsoft can at least build reminders into their Windows Update Services, maybe this will help slow the flood.

It won't help much. If you look at the infection pattern of recent viruses and worms, there's an initial growth period, where most of the infections happen, followed by an exponential decay, as antivirus programs are updated and systems are cleaned out.

The initial growth is usually 24 to 72 hours, during which time the virus is too new for antivirus systems to detect. Where including an antivirus program with Windows will help is the decay period: forced updates will reduce the amount of time infected systems spend spewing out garbage.

free?

[TejWC]

Microsoft sometimes offers its products for free, even if it didn't come with Windows. The perfect case is when IE came out back before 1997 where Microsoft forced Netscape to enter "the free market". Will Microsoft do the same thing with AntiVirus?

1. Make it free
2. Have everybody drop their current AntiVirus and move to Microsoft
3. Have Microsoft later on integrate it to the OS
4. Microsoft will have the monopoloy on AntiVirus industry

Not saying it will happen, but hey, it could...

Freedom to Innovate

They bought someone up and slapped their name on it.

But be sure always to call it please, innovation.

Yea, lots of faith in Microsoft's security

[Timmy+D+Programmer]

Seeing how faith in Microsoft's security is at a all time low I would consider this pretty stupid marketing on their part. Microsoft could completely destroy the antivirus industry just by making better products.

wow.

[ricochet81]

They used to blame AV companies for making virii to generate business, but a company that makes the vulnerabilities in the first place in its OS... wow. let the conspiracies start flowing.

Probably unrelated, but

[mindfucker]

It's interesting considering that Symantec was considering (or at least said they were considering) switching to linux recently.

Just wait...

[paranode]

We'll be seeing virus updates that clean and fix the problem before there is even a patch out. What's that? You forgot to renew your yearly subscription? Better pony up or you'll be vulnerable for a long time.

It's just a little scary that a company that is responsible for almost all viruses and worms is now going to benefit financially from such failure to secure their product. They're marketing their shortcomings to you as a new product! What will they think of next?

Increasing sales

[SnarfQuest]

"Hay Balmer, our anti-virus software sales are slipping lately. Let's add remote scripting capability into solitare."

Mac version!?!?!

[hc00jw]

Fantastic! When can we expect a Mac version?

I feel so DIRTY!!!

[Saeed+al-Sahaf]

No problems. No big deal. If you are running Windows either because you have bought into the Microsoft Party Line or for some reason you are required to run Windows, than who better to make a Windows virus killer? Only Microsoft can take advantage of the secret hidden proprietary back-doors and APIs. I mean, look: If your going to sleep with Bill Gates, you're already somewhat dirty, so why not go all the way? Ah, what a visual...

Before getting your panties

[The+Bungi]

all in a bunch, perhaps someone would like to provide some numbers that prove the majority of worms in Windows systems are not there because the users are just plain utterly stupid and have no AV software to begin with.

The current batch of mail worms making the rounds require the user to actually unzip a password protected executable and run it manually.

Password protected. The password is included in the badly written email message body.

And yet I can't believe how many of these I get every day, from people who were stupid enough to unzip the file and run it.

That is a "hole for viruses" you can drive a truck through, and you're probably never, ever going to patch, because it cannot be patched.

You can get "infected" (because I wouldn't really call it that) regardless of what mail client or operating system you're using. In fact, most worms require user intervention.

Why aren't they incorporating it into Windows? That's ridiculous. If they did they'd be accused of choking the AV vendors using anti-competitive tactics, and if they don't they'll be accused of everything from extortion to incompetence. It doesn't matter.

People will continue to get infected because they are ignorant. Not stupid - just ignorant.

And then one day Linux will be the dominant desktop OS and there will be a worm that requires the user to untar and chmod +x on a bash script (yay monoculture) called "NAKED PICS", which will delete ~/ or turn the box into a spam generator zombie or exploit some vendor-introduced vulnerability that has a big enough user base, and people will actually get infected with it. But of course it will be their fault, not the software's.

No AV can fix this problem. This is ultimately a PR move by Microsoft. If they have a way to say "hey, we have free AV and you didn't use it" they'll close the final gap. They can patch RPC vulnerabilities 2 months before a live exploit all they want but they can't cure ignorance.

Re:Before getting your panties

[mindfucker]

I switched my brother from WinXP to Fedora Core 2 recently after he got sick of being hit with twenty spyware popups whenever he loaded a page in IE.

I'm pretty sure he's safe now because he doesn't know how to install anything.

Well, since you asked....

[khasim]

"Yeah? And how exactly?"

Make it easily and completely removable and publish the API. Again, during the trial, Microsoft claimed that IE could not be removed because removing those .dll's would "cripple" Windows.

"If they could do that, then they'd have more than 3 apps that held monopoly status. Frontpage? Nope. IIS? Nope. Exchange? Nope. Media Player? Nope. Gee, I guess their monopoly isn't all that strong unless people actually want their stuff?"

So far, they've only been ruled a monopoly in one market. The desktop x86 market (Windows). Like I said, you need to read more.

It was cute how you tried to toss in two server apps (IIS and Exchange). Hee hee. :D

Oh well, you Microsoft apologists are all the same.

Re:Well, since you asked....

[NanoGator]

"Exchange I can understand, but you show me a version of Windows 2000/XP that doesn't come prepackaged with IIS."

IIS that comes with 2k or XP only allows 10 connections. Though a fair shade better than GeoCities, you still can't use it for web serving. At best, it's a 'lite edition'.

Re:Well, since you asked....

[killjoe]

"Uh okay. I suppose I should just drop everything, shake my pitchfork at MS at every turn, and badmouth every little thing they do? That way I could be cool just like everybody else here."

No just try not to be sycophant for a corporation. Especially if that corporation doesn't give a shit about you, your life, your family, your freedom, your health or any other aspect of your life.

Why waste your time and energy defending a giant rich corporation from slashdoters? What's in it for you? Why not go to a forum where people discuss washers and defend maytag. Maytag is a corporation too and I bet they need your help just as much as Microsoft does.

Re:Well, since you asked....

[killjoe]

"You want me to go somewhere else because I don't blindly hate Microsoft and every move they make? "

No. I am simply pointing out that other corporations need defending too. Why limit yourself to shilling for just one corporation? Isn't it more rewarding to shill for lots of corporation in lots of different industries?

I don't think it's fair that you only defend Microsoft. Lots of people hate Ford, GE, Coors, Maytag, Monsanto etc. I am asking you to defend all of these poor helpless corporations against the mean and vicious public.

"you're not well enough informed on the matter to justify hating MS?"

I don't need justification to hate a corporation. They are not human beings. They are soul-less immortal beings. When I was growing up I was told that coul-less immortal beings were devils and demons. I think maybe that was the truth.

Re:They use dto didn't they?

[bhtooefr]

Ahh... you got sucked into THAT FUD. There was one in DOS 6.x, called Microsoft AntiVirus (MSAV.EXE). It was based on Central Point AntiVirus. A Windows version (MWAV.EXE, I think) came with it.

MSAV

[rfernand79]

They already had one! It was included in MS-DOS 6.2, called MSAV. It sucked anyway.

Isn't there...

[cs02rm0]

...just a slight conflict of interest here?

Normally we see crappy AV software picking up fake hits to make it look good... where will MS go with this... false positives to make the AV software look good or cover ups to make the OS look good?

It might be a novel idea and almost certainly redundant... but what about the idea of focusing more resources on prevention rather than cure? It'd be less admin for them, although, they'd be another 'feature' down to further clog up Windoze.

Meh

[Haydn+Fenton]

Does anybody else find this a bit unfair? (Yeah, I know that's M$'s gameplan, but still)

I mean, the only OS which viruses are a major threat is windows.. and now they're going to sell AV software? That just takes the piss in my opinion.

"Hey Bill, we can't possibly fight off all these viruses, surely we'll start losing customers at some point", "Hey, I know! lets sell some Antivirus software, that way we make yet more money and we can get away with releasing patches at an even slower rate, and we get away with terrible programming"...

Re:Meh

[Short+Circuit]

Too bad your average consumer doesn't know enough about computers to see the irony:

Salesperson: Buy our Operating System!

Customer: OK.

Salesperson: Now buy our Antivirus solution! Without it, hackers will steal your identity.

Customer: Egads! Here! Take all my cash!

Re:Meh

[sprins]

My parent-message is modded as "Funny" but should have been modded "Sad" as this is indeed the bitter irony.

Re:Meh

[grioghar]

Actually, the average user DOES see this, but they're too afraid to transition to something else.

I sale computers in a Mom & Pop shop for a living, and I almost pity the people who buy new machines, only to have the machine exploited 30 minutes later when they first hook it up to the Internet.

An average week finds angry faces and empty threats of wishing there was an alternative to Microsoft. I promote my precious (see Golum) Apples, but the price difference and the software compatibilities stop a lot of people from switching.

I watch these people get hit in the pocketbooks for Microsoft's insecurities. I mean, hey, it pays my paycheck, but there NEEDS to be a better way. Regardless of whether or not Microsoft can provide this with *their* AV software, well, that's to be seen. They're a fairly innovative company in how they operate (COMPLETELY subjective comment, yes, but XP has empowered 80+yos to print, scan, copy, and fax with an ease not found previously), so we'll see what they do here.

A fool and his software...

[gphinch]

..are soon property of Microsoft

Re:A part of the OS

Nothing a shady EULA won't cure, I'm sure.

How ironic

[NynexNinja]

Microsoft selling Anti-Virus software is like al-Qaida selling life insurance.

It has to be said...

[medelliadegray]

Write Buggy OS...
Monopolise Buggy OS...
Profit!

Neglect to Fix Holes in Buggy OS...
Charge for fixes the H4X0rs exploit...
Profit!^Profit!

TCO

[tallpaul]

What I wonder is - the cost of Anti-Virus software included in all these "Linux vs Windows TCO" comparisons.

Microsoft themselves making AV software is tantamount to admitting that it is pretty much a requirement that you have AV software in order to run any Windows machine (I know I, and most other systems administrators wouldn't considering running Windows without it). At current market prices for Norton/McAfee, that adds about $40 for the first year (license plus 1 year virus signature updates) + $20/yr afterwards (for virus signature updates). Due to the mfr dropping support, you have to pay $40 every couple of years for a new version also. Admittedly you can get site licenses and buy licenses in bulk which reduces the cost.

Writings on the wall

[neurocutie]

Guess its time to short Symmantec and McAfee stock... the variants are endless, but they all lead to one thing: MS "Antivirus" eventually getting 100% "market share".

Let's see...

MS AV is the most effective AV product because they can put in special hooks in Windows/Outlook to allow better AV protection and detection, but only MS AV knows how to use those hooks, or...

MS^H^HSome hacker can "inadvertently" release a virus of their own that only MS AV can stop (for any number of reasons, indeed, who would know better how to write a nasty virus for Windows but MS itself, and of course the best way to drive MS AV sales is for there to be lots of nasty viruses running around), or...

MS AV is quickest to protect against new viruses because Windows can be altered to add in special virus detection and reporting services that report new virus data directly back to MS, or...

MS AV will include and become the only or the most effective way of getting new patches (ostensibly just against new viri, but in actuality, all Windows bugs), ala Windows Update (for a subscription fee, of course). Free Windows Update may remain, but the MS AV will become the enterprise standard for updating and protecting Windows, (again for a fee, just a way of charging for patches), or...

Given better internal virus detection within Windows, it may be possible to construct a Windows "immune system" that learns how to protect itself. Intimate access to Windows internals required.

Then there is always the, "We changed our minds and decided to bundle MS AV in the next release of Windows (since it was hard to find enough other reasons for customers to see that Windows XXXXP is a value-added proposition for $200 a copy)".

The beginning of the end for yet another sector of the 3rd Windows software/utilities market...

Re:A new wind?

[Jason+Earl]

Microsoft has a ridiculously high Price/Earnings ratio. They have to "grow" or their stock price goes down. Anti-Virus software represents one of the very few significant software niches that Microsoft doesn't already dominate.

Microsoft's Anti-Virus moves aren't about security, they are about economics. Microsoft is simply doing what it has always done. Microsoft lets its competitors find out the profitable software niches, and then Microsoft uses its cash hoard to buy themselves a seat at the table. Once Microsoft is in the game they use their influence with the major OEMs to make sure that their product is preloaded on quadzillions of machines. Eventually Microsoft's product becomes the de-facto standard, and an army of MCSEs begin spending their time and effort rooting out the last vestiges of the "non-standard" or "legacy" applications.

On the plus side Microsoft's Anti-Virus software is likely to be less expensive than the competition. So it will probably be a net win for consumers.

Customer demand

[rsilvergun]

I'm not saying Microsoft is being dragged kicking and screaming into antivirus software, but there's definately a demand from customers for Microsoft to provide end-to-end solutions. People get pissy when they see Microsoft doesn't have antivirus software. Their attitude is: You got me into this mess, now get me out. Not a microsoft fan boy (I've got slack 9.1 at home), but to be fair this is something they're probably doing to just to get people off their back.

Re:A part of the OS

[gcaseye6677]

Maybe they won't bundle it right now, but do you not think this is a possibility long term? I see this as the only reason why they are making an anti-virus program. Otherwise, why try to break into a field in which there is already extensive competition (something Microsoft hates) and in which they don't exactly have the greatest reputation?

MSAV (Microsoft Anti-Virus)

[spoonyfork]

Anyone else remember MSAV for DOS?

User level virus

[gr8_phk]

"No matter which e-mail client is used, they all allow attachments, and without a virus scanner screening those attachments, computer illiterate users are going to get virii."

And if they are running a Unix variant that attachment will only run at user level. No low level system modification can be made, so you can then log in as another user (or root) and delete said infected files which should all be in their home dir and not mixed in with 10000 .dll files. They should also have to make a little extra effort to get it to run in the first place, which will discourage some percentage of them too.

Re:User level virus

[westlake]

It is cold comfort to know that root remains untouched, but your home directory has been trashed.
You may have to be a little more clever in laying your trap, but users will launch executables that look attractive and plausible.

Re:User level virus

[Trailer+Trash]

And if they are running a Unix variant that attachment will only run at user level. No low level system modification can be made, so you can then log in as another user (or root) and delete said infected files which should all be in their home dir and not mixed in with 10000 .dll files.

Sigh. How many times do we have to go over this for the slow learners? Two things.

First, all of my important files are in my home directory owned by my user. A virus doesn't need root-level access to destroy everything of importance to me. It's nice that the files in /etc, /usr/bin, etc. are all locked so that my unprivileged user can't destroy them. Who cares? They're safely on a CD here, they're on the Debian site, they're available all over the internet. My own files exist in my directory (and backups). Those are what's important to me.

Second, the modern worm/virus spreads by either remotely exploiting vulnerabilities on other machines or re-emailing itself. Guess what: it doesn't need root privileges for either of those operations. None, nada, zilch.

The only reason a virus would want root privs would be to infect system binaries and spread to other users. This paradigm is mostly dead in the Unix world on 99% or more of the machines in use; everybody has their own machine. Spreading from machine to machine is the game, and that simply doesn't require any privileges.

The bottom line is that if you could trick users into running a Perl script that came through email, which wouldn't be that difficult for a certain percentage of them, you could write a decent worm for Linux. Not a problem now, but when my mother is using Linux, it's a big problem. "But it came from my friend Kate at church and said to save the file and then type this in at the command line..." The extra step will weed out a lot of the real cluebies, to be sure, but with enough of them it'll be a problem.

Re:User level virus

[hearingaid]

Yes, for the single user.

However, people are using viruses to install things like open-relay SMTP servers on computers. The POSIX security framework will make it harder to launch executables that perform that type of action.

What's more, in order for a mailer to launch an executable program, you'd need a mailcap entry that included a reference to /bin/sh. The real problem is Windows' broken way of launching applications, by treating them as just lost cousins of document files.

Wrong Topic. Should be "It's funny, laugh"

[refactored]

Please reassign to correct topic.

This Is Old News

[onecrazyfoo]

In typical MS fashion they bought out this company a while back for this express purpose. The only thing that wasn't known is when and this article doesn't enlighten us any further. So like I said, this is old news.

No surprise here

[steveha]

Microsoft loves to make money. They would love to be in a situation where you buy a product from them, and then you just keep sending them money on a nice, predictable basis.

Antivirus software is perfect from that point of view. I'm actually kind of surprised it took them this long to do it. I suspect they just didn't want to annoy Symantec and the other companies.

Antivirus software is one of the few products where I think paying an annual fee really makes sense. You need constant, continuous updates to make sure that your protection is good, so you feel like you are getting something for your money.

Despite the above, the free software community has actually shown that it can provide effective antivirus software for free. ClamAV was originally designed to be a server-side antivirus solution only, but there is a Windows version available now (file scanning only, it doesn't yet intercept downloads and scan them automatically). ClamAV works and it has a good track record of getting updates quickly to dectect new viruses.

http://www.clamav.net/

I run Debian GNU/Linux on my server and on my desktops, and I'm not too worried about viruses and worms. But I do have ClamAV running on my mail server, and it intercepts dozens of viruses per month. I have not seen any email containing a virus or worm ever get past it.

steveha

But they *did* buy their way in

[xixax]

Why are people thinking that MS "developed" an AV product when they acquired GeCAD AV recently. It just looks like Symantec and Nortons weren't up for sale at the time. Too bad for them...

Xix.

No Need to fix the OS no more

[Psymunn]

I don't think there's somethign wrong with softwaer bundeling really (KDE does it to no end)
What I see as the major issue with Microsoft selling Anti-Virus Software is not them trying to press their monopoly, but that it creates a conflict of interest
The economic viability of antivirus software depends on a virus checker being able to stop a virus and, more importantly, there being a virus in the first place. Basically, I don't like the idea that IE, having contracted a severe case of malware, is essentially going to be earning the boys at redmond money.
Course, i could be wrong.

Far be it from me to defend the beast...

[InThane]

I worked at Microsoft during the Win2k development cycle, testing the (then NT5) user interface. There was a LOT of screaming from the Office 2k people, who wanted to roll their stuff into the core OS, so that they could hook into it with the suite.

The NT5 team told them to get stuffed, at least as far as I know. I was also a peon at the time (and I no longer work there) so I can't say for certain that was the case.

MS patches fast enough, users don't

[darth_zeth]

If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?

MS is pretty good about putting out a patch every time a vulnerability is discovered, usually with in a few days.

But users never patch their systems. I do tech support for small businesses, and every time MS sends out a Critical update about a security vulnerability, two to four weeks later a virus comes out. And when that happens, we get calls. MOST of the recent worms out there were 100% preventable with a patch, even if you DID open up an email attachment.

If users were smart enough to run Windows updates every once and a while, or set it to auto-update, they wouldn't have a fraction of the problems. When i get a hold of a customer's computer, more often then not there's at least 10 critical updates that need to be downloaded form Windows Updates. (gf's mom's had 21)

So yeah, blame MS for making an OS to begin with, but don't blame MS because users don't take the opportunity to download patches that MS supplies.

It's called Windows update

[darth_zeth]

almost all infections can be stopped before there's a VIRUS out. Just get the patches. If i recall, Sasser, Netsky and Blaster could have been worhtless.... if people had patched their systems. Hell it took over a month after the security update came out for Blaster to come out.

An ethical dilemma?

[usermilk]

There is an obvious conflict of interests with Microsoft releasing anti-virus software for their own operating system, but one has to wonder if it is unethical. The two trains of thought I am following are as follows:

Microsoft is not making the viruses that affect their operating system. By making a piece of software to protect their customers from these viruses they are providing a service, this service is not illegal or immoral. What would be immoral is Microsoft abruptly ceasing the release of patches to protect end-users from virus exploits. Many viruses exist only because their is an exploit in the operating system for their taking advantage of. If Microsoft no longer patches these exploits in an effort to make an extra few bucks, they would be acting immorally.

I, however see their anti-virus as a seperate outlet. There are users who don't want to patch their operating system. If you can sell these users anti-virus software which automatically updates its definitions, they won't worry about a need to patch their operating system to protect them from viruses. It will be done through the anti-virus software. Hell, the software can automate Windows Update for them, and patch their system automagically. The rest of us who don't but M$-AV will have to patch the operating system ourselves.

The second train of thought is business oriented. Microsoft is a business, and in the words of my friend James, "...businesses aren't in the habit of accepting a decline in profits." By patching their operating system and allowing persons who do not purchase their anti-virus software to be safe from viruses, Microsoft may not make any profit from their anti-virus software. The conspiracy theorist in me brought the light the idea that Microsoft may actually create exploits or viruses in an effort to help their anti-virus software suceed. This thought is ludacrious. Microsoft would be risking jail time if they created viruses. If they created exploits they would be risking horrible publicity.

Viruses can exist without exploits, macro viruses take advantage of something that cannot be patched, automation. Microsoft just sees an open market and wants to take advantage of it. I see no ethical dilemma at all, just capitalism.

conflict of interest

[null-sRc]

this is a classic case of conflict of interests.

now they will want to delay patches to security holes forcing people to pay for their anti-virus software.

I've always figured if you keep windows update up to the minute, then there's no need for an AV suite..

Pay yearly to use your own computer!!!

[Anita+Coney]

We all know that Microsoft has been itching to get us to pay yearly for the use of their OS. This is their attempt to get that gravy train rolling.

Sure, Microsoft's antivirus app will be a separate product. Sure it will not be bundled with Windows. However, I'd bet anything that it WILL be bundled with new computers via special deals to manufacturers.

After a year, those new computer buyers will get messages to pay some money to continue receiving updates.

Once we're used to paying every year (or every month?!) for antivirus updates, Microsoft will start charging us yearly for other updates.

Microsoft will be smart and will start out with a reasonable price. But it won't be too long before we're paying about $80 a year for the right to use our computers.