Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Begins anti-virus Software Development

Posted by Hemos on from the long-expected dept.

An anonymous reader writes "From the article: Microsoft's announcement that it will enter the AV market next year, with initial trials starting next week, could be a sign of many things to come, says SecurityFocus's Kelly Martin. " Not unexpected, given their recent purchase.

11 of 199 comments (clear)

  1. Start the week with a dupe by Anonymous Coward · · Score: 3, Informative

    Microsoft To Offer Virus Defense

    1. Re:Start the week with a dupe by hotdiggitydawg · · Score: 1, Informative

      Especially given that both editors appear to be online at the same time (eg. two each of the latest four articles).

  2. RAV Antivirus by smilheim · · Score: 2, Informative

    Remeber that MS purchased the Intellectual Property of GeCad which made RAV Antivirus a few years back.

    --

    Sean Milheim
    iDREUS Corporation

  3. Re:MSAV? by laffer1 · · Score: 3, Informative

    lol.. guess i'm not the only one that remembers Microsoft Antivirus from back in the day...

    My first pc, a packard bell (very sad) included dos 6.22 and windows 3.11 for workgroups. Microsoft antivirus had a dos and windows graphical interface and basically did a checksum test on all the files. It created files to remember what it checksum'd in each directory as I recall.

    It took forever to scan and obviously didn't catch much and had many false positives. Imagine using tripwire to check for viruses except on a dos partition with nothing to check but byte size and maybe the modify date!

    It was credited to symantec in the about box I think.

    This is nothing new.. just a comeback!

    --
    MidnightBSD: The BSD for Everyone
  4. Re:Goals? by dioscaido · · Score: 3, Informative

    There's a reason for user mode and kernel mode. Just because the "system" CAN have full permissions to everything, doesn't mean that it should!

    And MS has agreed with this since NT4. Remove your user account from the Administrator group and. surprise, your system is fully protected, and spyware/viruses aren't a problem because executables cannot modify system folders or system registry. In fact, Win2k/Xp/2k3 have much richer access implementations than the unix filesystem protection in vanilla linux distribution -- you'll need to get the ACL kernels for matching capabilities.

    The real problem is the MS marketing dept, which opted to not confuse Grandma and make accounts Admin by default. Longhorn will make accounts limited by default, and in addition when logged in as admin it will drop priviledges of all apps that don't need admin priviledges (like IE), which is pretty cool.

  5. Re:MSAV? by Anonymous Coward · · Score: 1, Informative

    Does someone remember this one?

    I was involved in an early UK Government initiative to evaluate AV products. At that time, the Government Rep indicated to us that, as a rule of thumb, the evaluation processes proposed would be tested to ensure that they failed MSAV, since that would be a good indication of a suitable evaluation process.

  6. Re:Slashdot search sucks by cr4p · · Score: 2, Informative

    Really?

  7. Your memory fails you by Anonymous Coward · · Score: 1, Informative

    MSAV was a limited version of Central Point Anti-Virus. It did do checksums but that was so it could check for viruses that weren't in the database--which I don't recall ever being updated.

  8. Re:Goals? by NetNifty · · Score: 2, Informative

    "On the bright side, once your OS falls behind so do the number of virus attacks. Win98 is pretty safe now, for instance, because most attacks only work on XP. "

    In some cases yeah, but I've had some malware (ok not a virus as such, but close) completely kill a Windows 98SE box's network stack after it got in by trying to "patch" the Winsock libraries and assuming it was XP.

    --
    Linux Wireless Hardware in the UK
  9. By Comparison by Horrortaxi · · Score: 2, Informative

    When Ford makes a car that is defective they do a "recall" and fix it so that it works the way it should have worked in the first place free of charge. What suckers! They could have just sold users the "seat belt upgrade" or "ignition switch that doesn't catch fire." The stockholders must be pissed.

    You might be thinking "if a car malfunctions it's a life or death matter but who cares if a computer crashes or gets a virus?" But what if that computer is part of the air traffic control system? Windows (for some reason) is used in a lot of important environments. Sometimes it really is life or death.

  10. Re:Goals? by Craig+Ringer · · Score: 4, Informative

    The ability to run as a limited user is, in my experience, nigh useless. Users will regularly encounter things that require admin priveleges to install, even things like browser plug-ins, and then won't run except as the user they were installed as. This requires temporarily modifying a user's account - always fun - to get them to install and work.

    Even better, some apps won't run except as admin because they try to fiddle bits of the registry and/or filesystem they assume they'll have access to, because "everyone runs as administrator". Games are the #1 culprit here, but a large proportion of general use software has that problem too. It's not Microsoft's fault that app developers are idiots, but it still makes the limited privelege accounts nigh useless. Unfortunately, they can't conjure a long history of least-privelege-by-default so they're stuck with breaking compatibility with old apps (90% of users would equate "need to change user account to run program" with "broken OS") or retaining the current braindead defaults.

    I do agree with you on the fine-grained priveleges in NT, though I wish they were consistently inherited instead of propagated through the filesystem tree. The issue with ACLs is that unless very carefully administrated they tend to become a hideous and unmanageable rats nest where nobody can clearly state what happens in a given case. This is as true on UNIXes with ACLs as it is on NT. I've always been way happier with the groups-within-groups model, which lets you get 90% of the benefits of ACLs with 10% of the complexity. It never seems to have become all that popular, though :S