Microsoft to Ship New Malware Protection Utility

LadyDarth writes "Microsoft introduced on Thursday a new program called Client Protection that will help to combat viruses, maiware and spyware in the corporate environment. Paul Bryan, product management director in the enterprise security division at Microsoft, said in an interview with BetaNews Wednesday night that Client Protection's aim is to 'make sure people have fewer security products' to concern themselves with. Responding to concerns that it was stepping on its partners toes, Bryan admitted that Microsoft has 'knowledge and an understanding of the capabilities of the operating system' that its partners may not have. But he said that information would not be hidden."

Great...

[samj]

more Claria shananigans on the way then?

Re:Great...

Exactly. Microsoft will always be behind the eight-ball when it comes to spyware protection because of its corporate nature. It will always put profit before protection.

Some people may claim that Microsoft still allows users to remove the Claria software. For example:

Windows AntiSpyware (Beta) continues to notify our users when Claria software is found on a computer, and it offers our users the option to remove the software if they desire.

However, the issue here is not whether or not Windows Antispyware still detects Claria products...the issue is Microsoft's recommendation on said products. While it is true that users still have the option to remove Claria products if they so choose, the fact is that users had the option to keep Claria products on their system back when Microsoft was recommending removal. The insinuation that this change offers users more choice than previously available is tacitly false.

The real issue here is Microsoft abusing their position of trust within the general computer user community. No, I'm not talking about people like us here...I'm talking about Ma and Pa Computer User...the ones who see a virus or spyware warning and panic. Many of these people rely upon the recommendations offered by the spyware detection/removal applications to decide on how best to manage their systems. By artificially upgrading Claria products from 'remove' to 'ignore', Microsoft is taking unfair advantage of these users' trust.

Also claimed:

All software is reviewed under the same objective criteria, detection policies, and analysis process," Microsoft claimed. "Absolutely no exceptions were made for Claria.

As far as I'm aware, no other spyware removal application has promoted Claria products in this fashion. Until Microsoft publishes these 'objective criteria', and shows how Claria products managed to get upgraded from 'remove' to 'ignore' under them, we will have no choice but to assume more ulterior motives.

Re:Great...

[earnest+murderer]

I can make one up... Because other software was installed on the users pc with the agreement that Claria's software be installed as well.

Removing Claria's software violates that agreement. If that is the case, removal is not the best recomendation.

Last I saw, Claria was pretty above board about their intentions at install time. And it is easy to remove through the Add/Remove programs application. Those two points alone elevate them above the bulk of the software that is removed via Anti-Spyware solutions.

Always with the bad grammar

That should be "Microsoft to Ship New Malware, Protection Utility".

Re:Always with the bad grammar

[Carnildo]

Sort of like the malicious Software Removal Tool they've been sending out via Windows Update?

Re:Always with the bad grammar

[StarvingSE]

Yes, I love how Microsoft likes to constantly jam their own software down our throats through their Windows Update. This is unethical and bad business in my opinion, and I don't know why the rest of the industry won't go up in arms about it.

Why buy something like Webroot's SpySweeper when Microsoft pops up a window every month claiming that their anti-spyware suite is critical.

Windows Update should be just that, fix security issues, make windows more stable. Not as a conduit to make sure Joe Computer User always uses 100% Microsoft products.

Re:Always with the bad grammar

[jokestress]

I think there's a typo, too: "Microsoft to Ship New Malware, Protection Futility."

Re:Always with the bad grammar

[TheNetAvenger]

But it was from Apple or part of a Linux distribution it would be wonderful and a perfect way to ensure even the casual user had some level of protection.

Just because they use big bad words like Microsoft, doesn't mean it is a bad idea...

Sweet!

[jav1231]

Will it clean explorer.exe from my system?

Re:Sweet!

[Anyletter]

not just explorer.exe, but also IE. Microsoft plans on eliminating all malware!

Vista?

[OffTheLip]

Could just be all a rumor...

Re:Vista?

[brian.glanz]

It's real.

Despite the dearth of official links (MS still doesn't 'get' the whole Internet thing, do they?!), we do now have some more authoritative sources coming online.

The reveal was in Munich today, which is part of the reason you might see less if you're only trolling around on American sites (on the U.S. dominated and controlled Web).

As for TFA, Paul Bryan is not even a Real Microsoft Executive, but Mike Nash sure is, and you can catch a couple quotes from him via some trustworthy sources.

From The New York Times, Reuters, Bloomberg News, and the International Herald Tribune: "Nash said he had seen a culture change since Bill Gates said three years ago security would be a top priority. 'I used to be begging people to pay attention to security. Now they get it. Security is part of everyone's job.'"

BG

And here it is

Right here :-)

I thought

[oldgeezer1954]

They were supposed to document all api's and make them available. Anyone think he's referring to something else besides hidden api's?

Re:I thought

[game+kid]

Bryan admitted that Microsoft has 'knowledge and an understanding of the capabilities of the operating system' that its partners may not have.

I somehow doubt it's a non-API advantage. It's like they're trying to get sued by the government again.

<offtopic>DAMN this slashdot thing is rendering awful. Probably not for non-IE users though.</offtopic>

More MS software?

[sedyn]

Great, more microsoft software that people can exploit.

(of course, I am making assumptions based on the premise that it will be connected to the 'net for updates)

can't make up his mind

[timmarhy]

in one sentence he is stating ms knows something about windows that no one else does, in the second he is stating they aren't hiding anything. it can only be one or the other, not both. i'm very inclined to think it's the first. they haven't documented jack shit in order the maintain their strangle hold and put the rest of the industry out of business.

Re:can't make up his mind

[geekoid]

No no, it's not hidden, it's in the basement...with the broken stairs..and no light, in the cabnet marked 'beware of tiger'.

Re:can't make up his mind

[Antique+Geekmeister]

What Microsoft knows that no one else does is their future development plans. They can pre-develop security software to cope with the latest MS Office or .NET security stupidity, such as the way both of them auto-execute things now, and stop wasting time on developing utilities for features they are about to discard.

Re:can't make up his mind

[pete-classic]

I think you mean leopard.

That's the display department.

-Peter

Re:can't make up his mind

[DeafByBeheading]

I think he meant tiger...

Instead of protection, how about a better OS?

[ausoleil]

Love them or hate them, a Microsoft OS is at best a Rube Goldberg device of an operating system. I think that is one of the reasons why MS OS's slow to a crawl after a period of time, or at least seem to.

Look at the average Windows system that has not had a rebuild in a year or more. More than likely, the system tray at the right stretches halfway across the screen when it is expanded. There's virus protection, a personal firewall, spam protection, etc. etc. etc.

Now we have another protection racket (err, application) from Microsoft to protect us from what is ultimately Microsoft's fault: an operating system that at it's core was designed in such a way that security was an afterthought.

So, we have words of Microsoft's plans to have more protected kernel. Of course, because it is Microsoft, that means you will need to use Microsoft's apps, or their approved vendors, Microsoft approved hardware, etc. etc. Trusted computing? Sure -- Microsoft can trust you to fill their profit stream after you install their secure OS.

Instead, why doesn't Microsoft use the principles of Occam's Razor and not let applications have direct access to the kernel? Why not have an equivilant of chroot that works well? Why, at the core, give so many holes for applications, good or bad, to wreak havoc on your computer?

Gee, sounds like a mind-numbingly simple idea. I guess it has many names, but they all end in "nix." (BSD excepted, but you get the point.)

Re:Instead of protection, how about a better OS?

[QuantumG]

This comment, and others like it, are completely lame. It is possible to use Windows securely, but most people don't. This isn't Microsoft's fault. You can just keep repeating an argument made by people 10 years ago as if it still applies to today.

Re:Instead of protection, how about a better OS?

[DrEldarion]

Agreed! I've run DOS 5, Win 3.1, Win95, Win98, Win2k, and now WinXP, and I haven't ever picked up a virus or spyware. Up until about a year or so ago, I used IE exclusively, too. Use your computer intelligently, and you shouldn't have problems.

Bad users will find a way to screw up any system, regardless of OS. (Barring, say, a C64)

Re:Instead of protection, how about a better OS?

[linguae]

Gee, sounds like a mind-numbingly simple idea. I guess it has many names, but they all end in "nix." (BSD excepted, but you get the point.)

I love *nix (and BSD, too), but there are ways that Microsoft can make a secure operating system without switching its kernel to a BSD kernel. (Note I left Linux out; there is no way Microsoft is ever going to base their flagship product on GPL'd software). Here are some ways that they can do that:

1. Decouple the Internet Explorer/ActiveX connection. Internet Explorer would be much like Konqueror on KDE if it didn't have that insecure ActiveX giving malware access to the machine.
2. Microsoft should do what OpenBSD did to much of their software; check to see if there are any potential buffer overflows and other security issues created from bad code and replace them with safer functions. OpenBSD created strlcat() and strlcpy() to replace the insecure strcat() and strcpy() functions in C, for example. Removing all of these insecure stuff from their software will help a lot.
3. Windows should also better handle user accounts, in an almost Unix-like manner. Granted, Windows has gotten much better over the years with the "Run As..." command and more applications are aware of adminstrator and limited user account, but there are still some minor flaws that need to be fixed.

I don't think Windows needs a new kernel. I just think that all of its APIs, programs, and functionality should be secured, and very insecure things (like ActiveX) should be removed.

Re:Instead of protection, how about a better OS?

[timmarhy]

I used to work in a tech shop years ago. i used to love it when people would say "i don't get viruses" because it always meant they were infected to the hilt.

The problem is, most people, even technically adapt people, are not capable of protecting themselfs from the host of worms and exploits being used out there today. the blame lies squarely on MS's shoulders.

Re:Instead of protection, how about a better OS?

[QuantumG]

Sigh. No it doesn't. It lies on the people making the worms. Really, it does. I used to be like you. I've slowly come to realise that it's just tall poppy syndrome. Worms exist for Windows not because it is more or less insecure than anything else. They exist because it is the biggest target and therefore people put more time into figuring out how to attack it. If Mac OS X were the #1 operating system we'd see more worms for Mac OS X. If some flavour of Linux were the #1 operating system we'd see more worms for it. If you want an historical validation of this theory, take a look at the first worms that spread across the internet. They were for SunOS 5 and other Unix systems. Does this mean that Apple II's and C64s were more secure than Unix systems? Of course not. I means that Unix systems were a more attractive target, and that's what the malware writers went for.

Re:Instead of protection, how about a better OS?

[JacksBrokenCode]

If somebody steals your car because you didn't lock the doors, is that the manufacturer's fault?

And if you were told that Ford F150s are involved in vastly more accidents than Volvos, would you be surprised? Could you then declare that Volvos are more safer/stable because they don't get wrecked as often?

Volvos have a reputation of safety partly because they are safe cars and partly because their reputation brings safety-conscious people into their dealerships - people who aren't as likely to get in accidents regardless of what make/model they drive. Windows has the widest desktop distribution on the planet and also has the most computer-illiterate people using their desktops.

Someone who is inclined to research a Linux build, find it, download it, and install it themselves is probably not likely to wire money to some Nigerian royal accountant who out of the goodness of his heart is going to make you a millionaire. But for each nerd who does that, there are 50 little grannies whose Dell came with Windows pre-installed. If Linux was more than 3% of the worldwide desktop market and non-computer-savvy people used Linux we'd be seeing a lot more malware aimed at Linux. And there *will* be malware that penetrates Linux - NO system is ever 100% safe. So STFU with your FUD about Windows and consider the possibility that they have the hardest market of all, a market that the open-source geeks don't seem to think is worth anything: non-techno-savvy people who just want their computers to work.

Re:Instead of protection, how about a better OS?

[mmurphy000]

If somebody steals your car because you didn't lock the doors, is that the manufacturer's fault?

That would be a fine analogy if the attacker came in through an advertised feature of the program (e.g., user fails to set a password, and somebody walks by and starts using their PC).

When the attacker comes in through bugs in Windows, your vehicle analogy needs to change:

If somebody is able to disable your car from remote by exploiting bugs in your radio and engine on-board computer, is that the manufacturer's fault?

I'd say the answer is yes.

Re:Instead of protection, how about a better OS?

[drsmithy]

The problem is, most people, even technically adapt people, are not capable of protecting themselfs from the host of worms and exploits being used out there today. the blame lies squarely on MS's shoulders.

Running a Windows machine sans viruses, worms and other malware is trivial for technically adept users.

Re:Instead of protection, how about a better OS?

[lordofthechia]

(Worms for Windows) exist because it is the biggest target

Bah, it's the old Cardboard box vs safe argument... It goes like this: "People who keep their valuables in cardboard boxes are at risk because everyone uses a cardboard box to keep their stuff in. If everyone kept their valuable in safes they would be equally at risk since then safe cracking would become more common place." Nobody can argue that a virus or worm couldn't be written for a Mac or Linux for that matter (just like no safe is uncrackable), what is argued though is that for an equal amount of work expended in securing your Windows machine vs securing virtually anything else you end up a lot more secure system with a non-microsoft product.

So how secure is windows by default with no user intervention? How does a Mac compare? Granted Windows 2000 and XP are a great improvement over the good ol' 9x series but c'mon? How many security products did you have to install on your PC (that it did not come with) in order to get it secured?

Windows may be the biggest target, but it's also the easiest, like breaking into a cardboard box (ok, maybe XP is more like a pressboard box...). At least with other OS's and the speed with which security patches are made available we would see the security bar raised to the point where most malicious folks would just give up while trying to break into them.

Annother Teling quote

[temojen]

Client Protection's aim is to 'make sure people have fewer security products'

Sounds like a monopoly practice to me.

Selling more bandaids is not the answer

[starfishsystems]

Yep, Microsoft made the design choices that created the problem. No doubt they'd also like to sell you the solution.

And Paul Bryan is right when he suggests that it would be a good idea to "make sure people have fewer security products". And the very best way to do that is to switch to a more secure platform. Then you don't need additional security products to solve the problems that should have been solved during platform design. Sheesh.

Re:Selling more bandaids is not the answer

[starfishsystems]

What design decisions are they exactly?

Fair question, as long as it's not being used as a vehicle to express resentment toward "security experts" for a topic you can't be bothered to understand. That sort of sophistry is the refuge of the ignorant. And as the subject has received widespread attention, it's not as if your question hasn't been answered many times over.

But assuming that your question is genuine, here is a short, and by no means exhaustive, list of areas is where Microsoft falls down with respect to security:

• security of supply
• modularity
• interoperability
• containment
• least privilege
• security by default
• verifiability

Many of these factors are interrelated. When Microsoft engages in illegal monopoly practices, it has the effect of reducing the security of supply to the industry by limiting the number of competing products. It does so by deliberately breaking interoperability with competing products through a strategy which it calls "embrace and extend."

Another strategy, called "integrated innovation," likewise promotes the questionable virtues of integration at the expense of the fundamental virtue of modularity. Integration is fine for microprocessor chips, but software components are not transistors, and the software engineering problem, as Fred Brooks pointed out, is not about how to efficiently replicate such components. On the contrary, we often need to replace individual software components in order to repair security problems in their design or implementation. Modular systems are thus intrinsically more favorable to security than integrated, monolithic ones.

Independent of this effect, it's also possible to reason more effectively about security in a modular design than in a monolithic one. The analysis of security between communicating entities has been very well studied, and in a modular system this communication takes place in formally defined ways. The strongest demonstration of this capability lies, again, in how well a module interoperates with others. So when Microsoft attests in court that Internet Explorer can't be removed from Windows, it's acknowledging a basic failure to attend to modularity.

Security factors such as containment and least privilege are only possible where modularity is already well established and effectively managed. Usually these factors are what people think of as being characteristic of secure design, but they are in some sense derivative of more general security and design factors such as modularity. In any case, from all of the foregoing we can easily predict that problems will arise when bringing them late to a design, as Microsoft has characteristically tried to do.

Other critical design factors, like security by default and verifiability, require a further degree of commitment to security which Microsoft has a history of actively avoiding. I could cite many examples of these, but surely you can think of some on your own with modest effort.

So does that mean...

[mars_rover]

So does that mean it will protect mt PC from Windows Vista?

I sure hope it's not another Cow!

[ackthpt]

That Anti-Spyware thing is a mother of a memory and CPU hog. Also a real drag on startup.

I have to wonder, if anything Microsoft creates really is just insanely resource dependent because they don't know any other way.

"We defeat spyware by using up all the available memory and denying it resources!"

...that includes

[grumpyman]

Mozilla, opera, firefox, apache, tomcat...etc. Java will be removed and replaced by ActiveX-based emulation.

Have I got a deal for you!

[M00NIE]

Hi, my name is Joe Blo and I'm selling the most whizbang awesome bowl you EVER saw complete with a sparkling handle, twirligig, whistle for those of you who like music, buttons, knobs and switches for only $32693.99

But wait, there's more! Act fast and for only another $292.99 I'll throw in the bottom part so your bowl will actually hold something! (no warranty is given on "bowlsealer add-in®" product - void where prohibited)

Buy now and I'll throw in the installation free!

Knowledge and Understanding

[telstar]

Knowledge and Understanding doesn't imply that they've got secret hooks that they're using. Let's face it ... if you build something, you probably know it better than anyone else, including what's good and what's bad ... and where potential problem-spots are. I don't think it's too far fetched to assume that Microsoft is likely to have a better understanding of their software since they created it. It's just the way it is.

That's not to say that other firms haven't taken steps beyond where Microsoft has traditionally gone in order to sell products to secure Windows ... certainly many have, and will continue to do so.

Genius!

[Douglas+Simmons]

Put yourself in the eyes of Joe Cubicle or look at it from the perspective of your typical housewife. Mal/*ware invade your machine nonstop, but odds are, as you have no idea what an OS is (let alone alternatives), your anger is directed at the virus writers, not MS. Or, and I see this all the time, when the crap piles up and your system slows down because you're running ninety programs on boot up, you do not realize that your processor still crunches math at the same rate it did when you bought the computer; instead you just toss your box out and be a good consumer and buy a fresh box. Intel's gotta be giving MS some kickbacks.

So, given that it is the hacker who is demonized for costing businesses billions and not the shitty programming, Microsoft can actually get away with selling virus protection programs, directing people to partners' sites who sell anti virus ware, or in this case bundling it with their next OS and marketing the software with the edge of having this high security from the evil doers. The whole deal works out great for the chip makers, the programmers, earnings reports, and of course the gross domestic product. This is capitalism at its best my friends. One more thing I gotta say, get your net install iso of debian (i386 arch)here.

Microsoft to ship...

[atomic-penguin]

Microsoft to ship new Malware Production Utility, codename Vista.

Vista, Microsoft's innovative new Malware Production Utility, allows partners and advertisers to easily create Malware with their "easy to use" software development toolkit and utilities.

Vista is guaranteed to provide you with a lower standard of security, and the slow system response you have come to expect from the Microsoft product line. Microsoft claims Vista will increase your chances of a "sensitive information leak", while providing the end user with a lower Total Cost of Ownership (TCO) than Linux. Microsoft expects Vista will be ready for production, and will begin shipping August 2010.

As much as y'all love to throw rocks at MS,

[museumpeace]

you ought to wait and see what they throw at themselves. Yes, they know their internals better than symantec, MacAfee etc etc and yes, they know what those internals will be 4 years from now. But given the way Microsoft has of leaving holes, if not doorways, in what should be functional partitions between operating system kernal, applications, communications stacks, languages, debug/development environments and user privelege management, I would bet ANY solutuion that really worked better than the confederation of antivirus and antispyware I now run would either add complexity to the the user's experience or reduce some of the functionality that was based on execution that could jump through those holes and doors.
Go ahead Microsoft, impress me.
We just have to see their product. [and yes, it I too see it as a way to reduce market share for AV vendors.]

No no it's correct

[commodoresloat]

This is a utility that protects malware from virus scanners and the like.

Unwinnable Situation

[ytsejammer]

The entire thing is a catch 22.

On one hand, you have an easy to use OS that is prone to malware and spyware when not administered correctly.

On the other hand, you have an OS with a higher learning curve that is less prone to malware and spyware, but that requires the same level of expertise as it does to keep a Windows system free of the garbage that can easily plague a system.

In either case, it is up to the user to be more knowledgable about the product their using. I'm not going to pretend that I don't use Windows, but I can honestly say that in the year and a half since I last formatted, I still have yet to find any spyware, malware, or virii hiding on my system ... my system tray is still as bare bones as it was after installing Windows ... and, my computer still runs just as well and as fast as it did after reformatting. Now, with a CS degree, I consider myself slightly more knowledgable than the average user, but this doesn't negate the fact that it is possible to run Windows without compromising your system. You just have to have a clue as to what you're doing and know better than to visit questionable sites and click 'yes' to every dialog box that pops up and wants to install 'XXX Dialer' on your system.

I don't know if there is an easy solution, other than to make Linux or OSX or another more secure operating system more simple to use - and you can go ahead and tell me that your Grandmother runs Linux and has no problems, but the ordinary computer user is looking for more than a glorified Internet/Email machine.

Could Windows be more secure? Yes. Definitely.

Could Linux be easier to use? Yes, and just as equally so.

Great business plan

[HangingChad]

1. Create largely insecure OS product
2. Sell customers "value added" security tool
3. Profit!!!!

I think all this demonstrates is that to MSFT you're not just a customer, you're a revenue stream! And MSFT users just keep taking it. It's amazing.