Slashdot Mirror
Microsoft To Offer Virus Defense
FridayBob writes "According to the New York Times, Microsoft plans to
enter the consumer antivirus business
with a subscription service next year.
Most of us will remember
Microsoft's assimilation of RAV Antivirus from GeCAD Software of Romania in 2003." From the article: "Microsoft plans to expand the service beyond its 60,000 employees this summer and offer an open trial for consumers this fall. No date has been set for a commercial introduction, but the executive in charge of the new business said it would ultimately be offered as an annual service by subscription."
No, no, no! It should be part of the OS. If I buy an OS and it is vulnerable to viruses, it is a flaw in the OS's design. Why do I have to pay extra to make my machine usable?
It seems to me that a company profiting from its own security holes is a serious conflict of interest.
From TFA:
Let's break this down into steps, shall we?
I'm wondering when M$ is going to cut out the unnecessary fluff in their operation and just get a license to print money.
____
~ |rip/\/\aster /\/\onkey
We'll give you virus "protection" for a small monthly fee.
So, your offering a service, to secure the operating system... that you built insecurely... that I paid for... and you want me to pay you MORE?!?!? for this!?!?
its like paying to have GM take care of your car when they built it without brakes!
#include sig.h
A cure for their own disease?
The disease of popularity?
Here they are, trying to address what has been an Achilles heel for them. I'm sure it will get painted here with the brushes of ridicule and scorn.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
It's like paying the mob for "protection" when you pay Microsoft for "security". Thanks but no thanks. I've seen enough Soprano episodes to know what can happen when you deal with the mob.
Microsoft used to ship a licensed copy of [then] Central Point Software's Anti-Virus program with MS-DOS 6.0. They stopped shipping anti-virus software with the release of Windows 95, however. I'm surprsied it's taken them this long to start shipping an anti-virus tool with their OS again.
No, that would be Linux.
A clever person solves a problem, A wise person avoids it. -Einstein
Their not making enough selling windows,so they'll make it up buy selling you something to fix windows.If nothing else,they have balls.
With all the OEMs that ship Norton or McAffee or whatever with their computers, I have to wonder how Microsoft is going to approach marketing this. I smell a deal with an OEM like Dell in the works, or at least imagine they are gunning for one.
Really, don't most major-brand PCs (Macs not included, but this isn't an issue related to Macs as I doubt MS will make antivirus for OS X) come with AV? And people who build their own, I would guess, are a bit less likely to buy *cough* a Microsoft AV.
I was involved in a beta test about two years ago for a Microsoft security product for home use that included anti-virus and a firewall. The name of the product escapes me (PCHealth?) but although it worked well enough it was quite a system resource hog. The beta went on for about six months and then shut down with no released product.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
Viruses exploit a flaw in the security model of the OS. Fix the flaw and the viruses cannot spread.
Anti-virus software should NOT be part of the OS.
But, by that same token, Microsoft should NOT be selling anti-virus software.
This is an outrage. If Microsoft knows how to make their product more secure, they should incorporate it into the OS. "Wow, that's a bad virus! This will be *great* for our antivirus subscriptions..." Will Microsoft's corporate customers accept this?
or is Microsoft trying VERY hard to get into every successful computer related business?
- Anti-spyware
- Anti-virus
- Games console & PC
- The OS
- Office Suite
- Networking Hardware
- ISP
- Phones
- PDAs
- Cars
Ummm I don't thing the DOJ is watching our favorite monopoly very closely. Soon there will be a Microsoft option for everything that can be purchased. I can see it now in stores:
Bob: Hey Carla how about these cool Levis?
Carla: Nah I would rather have the MS-Jeans. They have Anti-virus protection I'll never be sick again.
Bob: Ummm...
Nothing is impossible. It just hasn't been figured out yet.
Seems the only thing left is making the autoupdate mandatory by virtue of the EULA and then charge subscription for that as well. The offer for virus protection by subscription might be just the thing to ease the barrier here.
:-)
End result: OS itself is primarily subscription based for all practical purposes. No more trouble with pirated copies. Needless to say, all in the name of making the world more secure.
Of course I'm just theorizing
The fact of the matter is that many viruses don't bother taking advantage of exploiting Windows or Outlook flaws. They don't have to. By far, the biggest factor in spreading viruses is human stupidity. They don't patch their machines. They click on stuff that reads like this:
FROM: sploitr@fishyware.com
SUBJECT: DO0D YOO gotta secyurtee pr0b/.
BODY: Yer eemail will be canc3lled if y00 do not click the a7tached fil3.
ATTACHMENT: malware.exe
The only way you can seriously argue that this is Microsoft's fault is by saying that they made it possible for people *this* clueless to get on the Internet.
include $sig;
1;
Microsoft's goal has been to get users to pay a subscription fee for use of its OS and Office. This is one step towards that.
Expect a "trial" copy to be included in Longhorn that'll bug the fuck out of users until they break down and subscribe.
Microsoft will get its annual user subscription fee. It'll have NO incentive to fix its security problems. And we'll get shafted.
Thanks Bill!
If someone says he and his monkey have nothing to hide, they almost certainly do.
Ah, good, someone else thought of the mob protection analogy. "Nice computer you have here. Shame if any viruses were to harm it."
What I wonder is why more people (you know, average computer users, not /. posters) don't think about alternative platforms such as Linux or Mac. But last night I was watching the local news and they had one of their typically sweeps-inspired scare stories about how letting your kids use their computer to go to gaming sites will lead to spyware, and adware, and who knows what else! Aaaaaah!
OK, ignoring the stupidity of tying gaming to evil, I found the reporter's conclusion interesting. Noting the steps that could be done to protect yourself, he said keep your OS up-to-date, run anti-virus software, run a firewall, and monitor what your kids do with their computer. I kept waiting for the obvious other solution: Get rid of Windows and move to a Mac. End of problem. I could just imagine the reaction of Joe Average watching this report if the reporter had said, "Or you could just switch to a Mac and have virtually none of these problems." Joe Average would have sat up and said, "What? Really? I had no idea!"
And that's the point, most people have no idea there are alternatives out there that minimize the problem. Not that Linux or OS X-based systems are totally invulnerable, but it's a lot harder for a virus even directed at such OSes to get traction when the first thing they have to do is explicitly ask the user for permission to run and ask for a password!
Watching that news report, I realized this is what my sister-in-law would be going through if she were using a Windows box. She is clueless about computers, checks her email faithfully every month or two whether she needs to or not (sarcasm), and is always connected through broadband. That's a recipe for disaster...except I recommended she get an iMac. Instead of having to clear out adware and spyware every time I visit, she just uses her computer as she wants without any problem in the 2+ years she has had the box. No way a clueless Windows user on broadband would be so lucky, but a clueless Mac user? No phone calls to me with tech support issues in 2+ years. If only more average users knew this kind of computing experience was possible.
Microsoft will dominate the security (AV, spyware) part of the software industry. In five years, there will not be a McAfee or others. So whats left on that side of the computer world?
I MUST be a prophet. Ten years ago I said that you will either run Microsoft software entirely or you won't run it at all. Adobe will be all thats left on the Windows side for off the shelf software.
perl -e "eval pack(q{H*},join q{},qw{70 72696e74207061636b28717b482a7d2c717b343 637323635363534323533343430617d293b})"
So what you are saying is that security has NOTHING to do with the actual software but that viracoders just sid down, stair at the OS for 2hours and WHOOPs a new virus apears....
Popularity does not bread security flaws. How many times does it have to be pointed out? Look at apache vs ISS. If your teory was right Apache should be more insecure because more use it, however it isn't.
Traditionally, Microsoft has always offered substandard products. Office wasn't near as good as Word Perfect, Scandisk and Defrag weren't as good as disk doctor and speed disk, and so forth. They have won by cheaper prices, bundling, or flat out black hat tactics like code adjustments in the OS to keep software from working properly. On thinking about it, I have YET to think of something....ANYTHING that Microsoft didn't either buy, steal, or mimic. Doing that, they take the competitions' ideas and crush them.
Several of the posts here are already agreeing with my thinking of "Microsoft, it's your crappy code that's causing the problem. Why should we pay you to fix something you broke but we bought in good faith?" Granted, I'm speaking mostly for my customers here as I am slowly moving completely away from Windows, but the point still remains the same.
It's come to the point where you have to question Microsoft at this point. If they start making money from Anti-virus subscriptions, what's their incentive to fix the flaws in the software that are causing the problems in the first place? The consumer already has a false idea that viruses and malware are just a fact of life and they WILL get infected without doing anything so they just live with it. If a peice of code is flawed that will allow introduction of malicious code of any type without user intervention, it falls to the software producer to fix it, not charge to protect against it. If you ask me, this is Anti-trust #3 in the making.
Look at Ford awhile back when all those Firestone tires were causing havoc. Did the customer have to pay to get new tires? No! This is the same thing. I would urge ANYONE that's considering using any MS products like this that they should reconsider. It will only support Microsoft's belief that they can milk money out of their customers for producing a crappy product.
Avast Home Edition - Free for personal use. This stuff works like magic. You *do* have to register in order to get a registration code but it is definitely worth it.
I've actually used this software to fix problems that McAfee couldn't (the boot time scan is not possible with McAfee).
More
I was getting ready to invest $5K into Apple. I may have to change my mind now. Just imagine how many consumers or businesses will buy this because its from Microsoft and they will figure that Microsoft knows their OS better than anyone else, so they should be able to protect it better.
Leave it to Microsoft to make money off their own incompetency!
Scanning for viruses is the wrong answer. It is impossible to determine the intent of a program by scanning it.
Downloaded software should not be given the power to mess with your system in the first place. This is a fundamental flaw in the design of Windows. Because it gives every running program the full power of the user account, Windows is B. A. D. (Broken As Designed). Linux and Mac systems have the same flaw.
To truly solve the virus problem, limit the authority of running programs.
paying bounty hunters to track down virus writers, what with the size of MS' war chest...
They could use any methods if necessary, but no disintegration!
Now, I'm no more of an M$ fan than anyone else here, but from reading most of the comments on this story so far, it looks like everyone is thinking a virus is the same as a vulnerability. While some recent virii have exploited vulnerabilities in Windows to spread, there are still many out there that get around the old-fashioned way, by posing as a legitimate program and/or attaching their code to existing programs. This is a problem with any OS, not just Windows. Short of keeping an checksum database for every executable file(including DLLs, OCXs, etc) which is updated by the install program, there is no way that Windows can, by itself, know if a program has been modified legitimately or otherwise.(The whole checksum thing just happens to be what a lot of AV programs do, but anyway...)
Look at the number of vulnerablities for IIS(247) vs. the number for Apache(290). Now consider Apache has about 70% and IIS has about 21% of the webserver market. By your theory Apache should have a lot more vulnerabilities because it's "under the microscope more" (and you can look for them directly in the code, rather than just by blackbox testing). So based on evidence instead of conjecture, dominance in the market has little to do with how many vulnerablities are found in your code.
This is my sig, there are many like it, but this one is mine...
Here's a little allegorical play scene by Me:
Salesman: Mr. Smith, here's your new car.
Mr. Smith: Thanks, Bill. Say, where's the seat belts?
Salesman: Oh, that'll be extra.
Mr. Smith: There's no windows or doorlocks either?
Salesman: Oh, that's extra, too.
Mr. Smith: I'm confused, Bill. Isn't my car supposed to be fully functional and include safety features?
Salesman: Well, Mr. Smith, we can include them on a trial bases for 30 days, but you'll have to return them or pay the subscription price.
Mr. Smith: What the f*ck, Bill? You mean I have to PAY repeadetly for something that should come with my car?
Salesman: Yes, Mr. Smith. Did you not read the EULA?
Mr. Smith: I think I want my money back.
Salesman: I'm afraid I can't let you do that, Mr. Smith.
Mr. Smith: Why the f*ck not?
Salesman: Because by opening the car door, you agreed to the EULA and you are bound to its terms and conditions.
Mr. Smith: You're a bastard, Bill.
Salesman: Actually, I'm the spawn of Satan.
I might know what I'm talkin' about, but then again, this is Slashdot...
Microsoft just admitted to be unable to or unwilling to secure their operating system(s) (I suspect it's a mixture of both).
Lets just sit back and watch Microsoft get sued over and over again by countless clients which relied on Microsoft "security". Just a few arguments:
1) This service should be free, the custumors paid for a secure and capable os (windows is neither - except for games, for which it is perfectly suited). Should the customer pay again to actually get security?
2) Windows gets advertised as being secure. Then why is such a service needed? (lieing in advertisements is punishable in some countries).
Then it's likely that every time you get an update, it will make any competing anti-virus product stop working. Some of us still remember the old rhyme: The code's not done till WordPerfect won't run.
If MS eliminates all other anti-virus vendors then we are put in an interesting situation. We have all heard the rumors that some AV companies have made deals with some spyware vendors and with the government to ignore programs that the vendors don't want scrubbed from your computer and that the government uses when investigating criminals. If there is only one vendor of AV software on Windows, there is only one company anyone has to negotiate with to keep their software from showing up as a virus.
On the other hand, I believe that the security of the computer is fundmentally the job of the operating system. So the software designer in me says that's where it should go. It should be a loadable module of the OS and it should be layered so that it doesn't just look for signatures but for suspicious behavior. It should check the logs for bad behavior, etc.
Finally, I simply will never fully trust any software that is built from sources that I can't inspect. I dont' care if it's the OS or the anti-virus software. I don't believe in security by obscurity. I want to be able to make sure that my AV software isn't excluding some malware because of a little money changing hands. My computer is MY property. If the government want's to know what's on it, I think they should bring a warrant, not plant programs on it.
While I recognize the value of "wiretaps" in law enforcement, I think that establishing a back door through which the government can load malware onto your computer will quickly turn into a backdoor that any hacker can and will use. Whatever technique they come up with, someone will figure it out, steal it, or buy it from some under-paid government worker. It will only leave all of our computers open... kind of like they are now.
I strongly suspect that Microsoft is going to try to dominate the AV market and use that domination to push their "Trusted Computer Model," where, effectively, MS owns your computer and controls what you can and cannot do with it.
All of this reinforces my commitment to never buy another MS Operating System. I only use Windows now because I love computer games and computer game manufacturers have not, for the most part, embraced the Linux market. I wish they'd hurry up and start porting.
-All that is gold does not glitter - Tolkien
www.ra
Microsoft has actually done a decent job with correcting flaws in it Windows.
The virus issue is an interesting question. Any operating system that allows code that the user introduces to the system to run with privelages of the user is vulernable to virus attacks. I mean to say, I can write a binary for a Linux box that wipes every file the user running it has access to.
Is that a flaw or just how things are?
Viruses that exploit bugs or flaws in the OS are deplorable, and show what a lax attitude MS had for so long. However, as MS is fixing those, what's more and more and more common are programs that trick/deceive the user into installing them and then do something that is pretty much malware. How should that be handled? They aren't viruses per se, but they are annoying.
That's whats really wrong with Windows right now. It's just sucky when dealing with stuff on your PC that you don't want.
As Windows is continued to be locked down this is the last "growth vector" around.
At some point, the virsues going around are no longer exploitig what Windows has to "offer", but rather, the users themselves.
Actually, you technically DO need a registration code, it's just packed in with the setup exe now and automatically entered when installing. That makes it improbable to distribute the setup exe, as AVG requires a unique key per install (for the free version anyways).
I think you're confusing viruses (which propogate by infecting executables and which could easily present a problem on "secure" platforms which enforce user permissions as long as users themselves are idiots) with worms, macroviruses, and other such threats (which would be addressed by better security on the part of Microsoft, but which are only a subset of the types of malware that AV companies address).
I agree that many types of malware would be better fixed by changing Windows itself, patching obvious entryways such as ActiveX and such, etc;, since the majority of those are actually exploits of Windows system flaws rather than viruses in the traditional sense.
I also agree that the simple release by Microsoft of a free anti-malware products is little more than a band-aid in terms of fixing the general malware problem found on Windows today.
I do, however, disagree that Windows is alone in having traditional viruses (the classic Mac was also hit very hard in the past), and I think the recent focus of AV companies on Windows-centric forms of exploitative malware in addition to their more traditional activities (the detection and removal of traditional viruses) has blurred the distinction between the two types of malware in your eyes.
The two classes of malware are NOT the same.
Even if Microsoft were to fix the massive security holes that exist on their platform, a market for third-party anti-virus tools would still exist.
However, a Microsoft AV offering has the potential to remove that marketplace comepletely.
That's the difference...
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
Actually, the rhyme is even older than you think: "The code's not done until Lotus won't run."
Buy three McGrease Sliders (TM) and get a free trial of the new Pee-a-Bucket chewy tablet. Comes in three flavors. After a few months, the McDiet pills will be charged separately.
Unimaginative, grumpy consumer associations have derided the new offer, saying that McDonald's should reduce the high sugar, grease, salt and cholesterol content of their food in the first place.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/