Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Ship New Malware Protection Utility

Posted by CowboyNeal on from the those-who-know-it-best dept.

LadyDarth writes "Microsoft introduced on Thursday a new program called Client Protection that will help to combat viruses, maiware and spyware in the corporate environment. Paul Bryan, product management director in the enterprise security division at Microsoft, said in an interview with BetaNews Wednesday night that Client Protection's aim is to 'make sure people have fewer security products' to concern themselves with. Responding to concerns that it was stepping on its partners toes, Bryan admitted that Microsoft has 'knowledge and an understanding of the capabilities of the operating system' that its partners may not have. But he said that information would not be hidden."

7 of 226 comments (clear)

  1. Vista? by OffTheLip · · Score: 2, Informative

    Could just be all a rumor...

    1. Re:Vista? by brian.glanz · · Score: 2, Informative
      It's real.

      Despite the dearth of official links (MS still doesn't 'get' the whole Internet thing, do they?!), we do now have some more authoritative sources coming online.

      The reveal was in Munich today, which is part of the reason you might see less if you're only trolling around on American sites (on the U.S. dominated and controlled Web).

      As for TFA, Paul Bryan is not even a Real Microsoft Executive, but Mike Nash sure is, and you can catch a couple quotes from him via some trustworthy sources.

      From The New York Times, Reuters, Bloomberg News, and the International Herald Tribune: "Nash said he had seen a culture change since Bill Gates said three years ago security would be a top priority. 'I used to be begging people to pay attention to security. Now they get it. Security is part of everyone's job.'"

      BG

  2. Knowledge and Understanding by telstar · · Score: 2, Informative

    Knowledge and Understanding doesn't imply that they've got secret hooks that they're using. Let's face it ... if you build something, you probably know it better than anyone else, including what's good and what's bad ... and where potential problem-spots are. I don't think it's too far fetched to assume that Microsoft is likely to have a better understanding of their software since they created it. It's just the way it is.

    That's not to say that other firms haven't taken steps beyond where Microsoft has traditionally gone in order to sell products to secure Windows ... certainly many have, and will continue to do so.

  3. Re:can't make up his mind by pete-classic · · Score: 2, Informative

    I think you mean leopard.

    That's the display department.

    -Peter

  4. Re:Instead of protection, how about a better OS? by timmarhy · · Score: 2, Informative
    I used to work in a tech shop years ago. i used to love it when people would say "i don't get viruses" because it always meant they were infected to the hilt.

    The problem is, most people, even technically adapt people, are not capable of protecting themselfs from the host of worms and exploits being used out there today. the blame lies squarely on MS's shoulders.

    --
    If you mod me down, I will become more powerful than you can imagine....
  5. Re:Great... by earnest+murderer · · Score: 2, Informative

    I can make one up... Because other software was installed on the users pc with the agreement that Claria's software be installed as well.

    Removing Claria's software violates that agreement. If that is the case, removal is not the best recomendation.

    Last I saw, Claria was pretty above board about their intentions at install time. And it is easy to remove through the Add/Remove programs application. Those two points alone elevate them above the bulk of the software that is removed via Anti-Spyware solutions.

    --
    Platform advocacy is like choosing a favorite severely developmentally disabled child.
  6. Re:Selling more bandaids is not the answer by starfishsystems · · Score: 4, Informative
    What design decisions are they exactly?

    Fair question, as long as it's not being used as a vehicle to express resentment toward "security experts" for a topic you can't be bothered to understand. That sort of sophistry is the refuge of the ignorant. And as the subject has received widespread attention, it's not as if your question hasn't been answered many times over.

    But assuming that your question is genuine, here is a short, and by no means exhaustive, list of areas is where Microsoft falls down with respect to security:

    • security of supply
    • modularity
    • interoperability
    • containment
    • least privilege
    • security by default
    • verifiability

    Many of these factors are interrelated. When Microsoft engages in illegal monopoly practices, it has the effect of reducing the security of supply to the industry by limiting the number of competing products. It does so by deliberately breaking interoperability with competing products through a strategy which it calls "embrace and extend."

    Another strategy, called "integrated innovation," likewise promotes the questionable virtues of integration at the expense of the fundamental virtue of modularity. Integration is fine for microprocessor chips, but software components are not transistors, and the software engineering problem, as Fred Brooks pointed out, is not about how to efficiently replicate such components. On the contrary, we often need to replace individual software components in order to repair security problems in their design or implementation. Modular systems are thus intrinsically more favorable to security than integrated, monolithic ones.

    Independent of this effect, it's also possible to reason more effectively about security in a modular design than in a monolithic one. The analysis of security between communicating entities has been very well studied, and in a modular system this communication takes place in formally defined ways. The strongest demonstration of this capability lies, again, in how well a module interoperates with others. So when Microsoft attests in court that Internet Explorer can't be removed from Windows, it's acknowledging a basic failure to attend to modularity.

    Security factors such as containment and least privilege are only possible where modularity is already well established and effectively managed. Usually these factors are what people think of as being characteristic of secure design, but they are in some sense derivative of more general security and design factors such as modularity. In any case, from all of the foregoing we can easily predict that problems will arise when bringing them late to a design, as Microsoft has characteristically tried to do.

    Other critical design factors, like security by default and verifiability, require a further degree of commitment to security which Microsoft has a history of actively avoiding. I could cite many examples of these, but surely you can think of some on your own with modest effort.

    --
    Parity: What to do when the weekend comes.