Microsoft To Offer Virus Defense

FridayBob writes "According to the New York Times, Microsoft plans to enter the consumer antivirus business with a subscription service next year. Most of us will remember Microsoft's assimilation of RAV Antivirus from GeCAD Software of Romania in 2003." From the article: "Microsoft plans to expand the service beyond its 60,000 employees this summer and offer an open trial for consumers this fall. No date has been set for a commercial introduction, but the executive in charge of the new business said it would ultimately be offered as an annual service by subscription."

This isn't the first time

[Dragonmaster+Lou]

Microsoft used to ship a licensed copy of [then] Central Point Software's Anti-Virus program with MS-DOS 6.0. They stopped shipping anti-virus software with the release of Windows 95, however. I'm surprsied it's taken them this long to start shipping an anti-virus tool with their OS again.

Didn't they try this already?

[John3]

I was involved in a beta test about two years ago for a Microsoft security product for home use that included anti-virus and a firewall. The name of the product escapes me (PCHealth?) but although it worked well enough it was quite a system resource hog. The beta went on for about six months and then shut down with no released product.

Re:It should be part of the OS!

[Zone-MR]

TCPA = Trusted Computing Platform Alliance

Essentially, a TCPA compatible computer will refuse to run all code which hasn't been pre-approved by some "trusted" organisation. This would make not-for-profit software development almost impossible.

And yes, except for a few cases like blaster, viruses don't exploit a vulnerability in the OS. They exploit human stupidity and naivity. An OS which isn't "vulnerable" to viruses is an OS which doesn't obey the user and let them run arbitary programs. Such an OS is usless.

Laughable

[Mark+Gillespie]

How biased this article is. Saying that Viruses are purely a Windows problem. Lets wake up here, almost all OSes have security holes, OSX, Linux and others.

Re:It should be part of the OS!

[brontus3927]

Maybe because nobody writes unix virii?

Also try AVAST!

[dsginter]

Avast Home Edition - Free for personal use. This stuff works like magic. You *do* have to register in order to get a registration code but it is definitely worth it.

I've actually used this software to fix problems that McAfee couldn't (the boot time scan is not possible with McAfee).

Re:Also try AVAST!

[MarkGriz]

Another good, free alternative is AVG Antivirus

It's great for tinfoil hatters too, since you don't even need a registration code.

Virus scanning is futile. Limit authority instead.

[Pingster]

Scanning for viruses is the wrong answer. It is impossible to determine the intent of a program by scanning it.

Downloaded software should not be given the power to mess with your system in the first place. This is a fundamental flaw in the design of Windows. Because it gives every running program the full power of the user account, Windows is B. A. D. (Broken As Designed). Linux and Mac systems have the same flaw.

To truly solve the virus problem, limit the authority of running programs.

Re:Some food for thought

[StuartFreeman]

Look at the number of vulnerablities for IIS(247) vs. the number for Apache(290). Now consider Apache has about 70% and IIS has about 21% of the webserver market. By your theory Apache should have a lot more vulnerabilities because it's "under the microscope more" (and you can look for them directly in the code, rather than just by blackbox testing). So based on evidence instead of conjecture, dominance in the market has little to do with how many vulnerablities are found in your code.

Re:It should be part of the OS!

[finkployd]

Perhaps its intent? If you can run "any code you want", you can run trojans, worms, pirated software and software designed to circumvent copyright.

No, if I can run any code I want then I can run any binaries I sign (or people/companies I have decided to trust sign). I assure you I do not want to run trojans, worms, etc so I will not sign those. Or do you think for some reason I will not be able to specify which software signers I trust, including myself. If so I invite you to research the TCPA. Preferably not relying on uninformed rantings on /.

Of course as a side effect, you can't run free hippie operating systems unless and until their code is certified to be corporate-friendly.

Sure I can, corporations do not control which digital certificates I accept, I do.

Since I took the day off and frankly have nothing better to do right now, I will explain to you how this works. Let me start by saying I am not a fan of the TCPA, but not for the reasons you think.

Under the TCPA the user has complete control over which binaries he wants to run. Or it is possible to just turn off the thing altogether. I can say I only want my system to run binaries signed by Redhat, or Debian, or me, or GNU, or any combination of signers. I can limit my system to only running Microsoft binaries if I want, or IBM, whoever. I can run binaries signed by Kazaa and Limewire if I so desire. This is something of a major misconception by people who hate the TCPA without actually understanding it. The reality is a bit less evil, but much more subtle and (to me) frightening because it can slowly be introduced, like boiling a frog.

Which brings us to the two words at the core of this: Remote Attestation. Without getting too technical let's just say that remote attestation means that a client (or server, or peer, anything communicating over the network) can verify who siged the binary that it is communicating with on the remote machine. The obvious use case for this is media players. Hollywood wants to release movies on the internet but wants to make damn sure you are only viewing them in a media player that will respect it's DRM wishes, like not saving the stream, etc. With remote attestation they can be sure that the only client software that can connect to it is Windows Media Player running on a trusted Windows platform. The protocol can be completely open and documented, and it will not matter because to fake out the server, something like xine will have to be able to effectivly break RSA digital certificates to remotely attest itself as something signed by Microsoft.

Now if you are like me, the first thing you think about is Samba. Suddenly MS can comply with everyone demanding they open their protocols. They just make Windows so that it can only do file and print sharing with other Windows machines. Samba will not be able to fake it out like today. Now sure MS would not do this, it would piss off way too many people. But if their market share suddenly declines, and their stock goes down, it would be fiscially irresponsible of them not to leverage their advantages wouldn't it?

Another scary though is IIS servers that only respond to IE. Fake the browser string all you want, it will not help. This also works both ways if you run an Apache server and want to piss off IE users :)

There was talk a while ago that MS wanted to create their own TCP/IP like stack that was propritary to Windows, remote attestation is basically it when you think about it.

So recapping, while TCPA does not enforce what binaries you run on your system, it can be used by services to enforce who is talking to them over the internet.

Fortunately things have been changing a bit lately. Samba is much more widly deployed and legit, being used by plenty of well known companies both internally and as part of their product lines. Firefox has taken some of the lock that IE has on the web browser market, forcing many online banks and other historically

Re:"Anti-virus software" != "Fixing vulnerabilitie

[Richard+Steiner]

I think you're confusing viruses (which propogate by infecting executables and which could easily present a problem on "secure" platforms which enforce user permissions as long as users themselves are idiots) with worms, macroviruses, and other such threats (which would be addressed by better security on the part of Microsoft, but which are only a subset of the types of malware that AV companies address).

I agree that many types of malware would be better fixed by changing Windows itself, patching obvious entryways such as ActiveX and such, etc;, since the majority of those are actually exploits of Windows system flaws rather than viruses in the traditional sense.

I also agree that the simple release by Microsoft of a free anti-malware products is little more than a band-aid in terms of fixing the general malware problem found on Windows today.

I do, however, disagree that Windows is alone in having traditional viruses (the classic Mac was also hit very hard in the past), and I think the recent focus of AV companies on Windows-centric forms of exploitative malware in addition to their more traditional activities (the detection and removal of traditional viruses) has blurred the distinction between the two types of malware in your eyes.

The two classes of malware are NOT the same.

Even if Microsoft were to fix the massive security holes that exist on their platform, a market for third-party anti-virus tools would still exist.

However, a Microsoft AV offering has the potential to remove that marketplace comepletely.

That's the difference...

Re:If MS follows the strategy it has used in the p

[Bassman59]

"Some of us still remember the old rhyme: The code's not done till WordPerfect won't run."

Actually, the rhyme is even older than you think: "The code's not done until Lotus won't run."

Re:It should be part of the OS!

[jacksonj04]

*sigh*

Windows XP is Windows XP (SP2 issues are caused by using wrong parts of the API).

Windows 95 is Windows 95.

Windows 3.11 is Windows 3.11

Fedora is possibly Fedora, but might be compiled with some new libraries. Or possibly the configuration change means that specific functions won't work exactly the same. Hell, the whole thing could be theoretically rewritten.

'Windows is Windows' is true. 'Linux is Linux' doesn't have to be.

It seems you know little about mentally filling in the blanks and even less about taking things in context.