Microsoft to Ship New Malware Protection Utility

LadyDarth writes "Microsoft introduced on Thursday a new program called Client Protection that will help to combat viruses, maiware and spyware in the corporate environment. Paul Bryan, product management director in the enterprise security division at Microsoft, said in an interview with BetaNews Wednesday night that Client Protection's aim is to 'make sure people have fewer security products' to concern themselves with. Responding to concerns that it was stepping on its partners toes, Bryan admitted that Microsoft has 'knowledge and an understanding of the capabilities of the operating system' that its partners may not have. But he said that information would not be hidden."

Great...

[samj]

more Claria shananigans on the way then?

Re:Great...

Exactly. Microsoft will always be behind the eight-ball when it comes to spyware protection because of its corporate nature. It will always put profit before protection.

Some people may claim that Microsoft still allows users to remove the Claria software. For example:

Windows AntiSpyware (Beta) continues to notify our users when Claria software is found on a computer, and it offers our users the option to remove the software if they desire.

However, the issue here is not whether or not Windows Antispyware still detects Claria products...the issue is Microsoft's recommendation on said products. While it is true that users still have the option to remove Claria products if they so choose, the fact is that users had the option to keep Claria products on their system back when Microsoft was recommending removal. The insinuation that this change offers users more choice than previously available is tacitly false.

The real issue here is Microsoft abusing their position of trust within the general computer user community. No, I'm not talking about people like us here...I'm talking about Ma and Pa Computer User...the ones who see a virus or spyware warning and panic. Many of these people rely upon the recommendations offered by the spyware detection/removal applications to decide on how best to manage their systems. By artificially upgrading Claria products from 'remove' to 'ignore', Microsoft is taking unfair advantage of these users' trust.

Also claimed:

All software is reviewed under the same objective criteria, detection policies, and analysis process," Microsoft claimed. "Absolutely no exceptions were made for Claria.

As far as I'm aware, no other spyware removal application has promoted Claria products in this fashion. Until Microsoft publishes these 'objective criteria', and shows how Claria products managed to get upgraded from 'remove' to 'ignore' under them, we will have no choice but to assume more ulterior motives.

Always with the bad grammar

That should be "Microsoft to Ship New Malware, Protection Utility".

Re:Always with the bad grammar

[StarvingSE]

Yes, I love how Microsoft likes to constantly jam their own software down our throats through their Windows Update. This is unethical and bad business in my opinion, and I don't know why the rest of the industry won't go up in arms about it.

Why buy something like Webroot's SpySweeper when Microsoft pops up a window every month claiming that their anti-spyware suite is critical.

Windows Update should be just that, fix security issues, make windows more stable. Not as a conduit to make sure Joe Computer User always uses 100% Microsoft products.

Re:Always with the bad grammar

[jokestress]

I think there's a typo, too: "Microsoft to Ship New Malware, Protection Futility."

Sweet!

[jav1231]

Will it clean explorer.exe from my system?

And here it is

Right here :-)

I thought

[oldgeezer1954]

They were supposed to document all api's and make them available. Anyone think he's referring to something else besides hidden api's?

can't make up his mind

[timmarhy]

in one sentence he is stating ms knows something about windows that no one else does, in the second he is stating they aren't hiding anything. it can only be one or the other, not both. i'm very inclined to think it's the first. they haven't documented jack shit in order the maintain their strangle hold and put the rest of the industry out of business.

Re:can't make up his mind

[geekoid]

No no, it's not hidden, it's in the basement...with the broken stairs..and no light, in the cabnet marked 'beware of tiger'.

Instead of protection, how about a better OS?

[ausoleil]

Love them or hate them, a Microsoft OS is at best a Rube Goldberg device of an operating system. I think that is one of the reasons why MS OS's slow to a crawl after a period of time, or at least seem to.

Look at the average Windows system that has not had a rebuild in a year or more. More than likely, the system tray at the right stretches halfway across the screen when it is expanded. There's virus protection, a personal firewall, spam protection, etc. etc. etc.

Now we have another protection racket (err, application) from Microsoft to protect us from what is ultimately Microsoft's fault: an operating system that at it's core was designed in such a way that security was an afterthought.

So, we have words of Microsoft's plans to have more protected kernel. Of course, because it is Microsoft, that means you will need to use Microsoft's apps, or their approved vendors, Microsoft approved hardware, etc. etc. Trusted computing? Sure -- Microsoft can trust you to fill their profit stream after you install their secure OS.

Instead, why doesn't Microsoft use the principles of Occam's Razor and not let applications have direct access to the kernel? Why not have an equivilant of chroot that works well? Why, at the core, give so many holes for applications, good or bad, to wreak havoc on your computer?

Gee, sounds like a mind-numbingly simple idea. I guess it has many names, but they all end in "nix." (BSD excepted, but you get the point.)

Re:Instead of protection, how about a better OS?

[QuantumG]

This comment, and others like it, are completely lame. It is possible to use Windows securely, but most people don't. This isn't Microsoft's fault. You can just keep repeating an argument made by people 10 years ago as if it still applies to today.

Re:Instead of protection, how about a better OS?

[DrEldarion]

Agreed! I've run DOS 5, Win 3.1, Win95, Win98, Win2k, and now WinXP, and I haven't ever picked up a virus or spyware. Up until about a year or so ago, I used IE exclusively, too. Use your computer intelligently, and you shouldn't have problems.

Bad users will find a way to screw up any system, regardless of OS. (Barring, say, a C64)

Re:Instead of protection, how about a better OS?

[linguae]

Gee, sounds like a mind-numbingly simple idea. I guess it has many names, but they all end in "nix." (BSD excepted, but you get the point.)

I love *nix (and BSD, too), but there are ways that Microsoft can make a secure operating system without switching its kernel to a BSD kernel. (Note I left Linux out; there is no way Microsoft is ever going to base their flagship product on GPL'd software). Here are some ways that they can do that:

1. Decouple the Internet Explorer/ActiveX connection. Internet Explorer would be much like Konqueror on KDE if it didn't have that insecure ActiveX giving malware access to the machine.
2. Microsoft should do what OpenBSD did to much of their software; check to see if there are any potential buffer overflows and other security issues created from bad code and replace them with safer functions. OpenBSD created strlcat() and strlcpy() to replace the insecure strcat() and strcpy() functions in C, for example. Removing all of these insecure stuff from their software will help a lot.
3. Windows should also better handle user accounts, in an almost Unix-like manner. Granted, Windows has gotten much better over the years with the "Run As..." command and more applications are aware of adminstrator and limited user account, but there are still some minor flaws that need to be fixed.

I don't think Windows needs a new kernel. I just think that all of its APIs, programs, and functionality should be secured, and very insecure things (like ActiveX) should be removed.

Re:Instead of protection, how about a better OS?

[JacksBrokenCode]

If somebody steals your car because you didn't lock the doors, is that the manufacturer's fault?

And if you were told that Ford F150s are involved in vastly more accidents than Volvos, would you be surprised? Could you then declare that Volvos are more safer/stable because they don't get wrecked as often?

Volvos have a reputation of safety partly because they are safe cars and partly because their reputation brings safety-conscious people into their dealerships - people who aren't as likely to get in accidents regardless of what make/model they drive. Windows has the widest desktop distribution on the planet and also has the most computer-illiterate people using their desktops.

Someone who is inclined to research a Linux build, find it, download it, and install it themselves is probably not likely to wire money to some Nigerian royal accountant who out of the goodness of his heart is going to make you a millionaire. But for each nerd who does that, there are 50 little grannies whose Dell came with Windows pre-installed. If Linux was more than 3% of the worldwide desktop market and non-computer-savvy people used Linux we'd be seeing a lot more malware aimed at Linux. And there *will* be malware that penetrates Linux - NO system is ever 100% safe. So STFU with your FUD about Windows and consider the possibility that they have the hardest market of all, a market that the open-source geeks don't seem to think is worth anything: non-techno-savvy people who just want their computers to work.

Re:Instead of protection, how about a better OS?

[drsmithy]

The problem is, most people, even technically adapt people, are not capable of protecting themselfs from the host of worms and exploits being used out there today. the blame lies squarely on MS's shoulders.

Running a Windows machine sans viruses, worms and other malware is trivial for technically adept users.

Annother Teling quote

[temojen]

Client Protection's aim is to 'make sure people have fewer security products'

Sounds like a monopoly practice to me.

Selling more bandaids is not the answer

[starfishsystems]

Yep, Microsoft made the design choices that created the problem. No doubt they'd also like to sell you the solution.

And Paul Bryan is right when he suggests that it would be a good idea to "make sure people have fewer security products". And the very best way to do that is to switch to a more secure platform. Then you don't need additional security products to solve the problems that should have been solved during platform design. Sheesh.

Re:Selling more bandaids is not the answer

[starfishsystems]

What design decisions are they exactly?

Fair question, as long as it's not being used as a vehicle to express resentment toward "security experts" for a topic you can't be bothered to understand. That sort of sophistry is the refuge of the ignorant. And as the subject has received widespread attention, it's not as if your question hasn't been answered many times over.

But assuming that your question is genuine, here is a short, and by no means exhaustive, list of areas is where Microsoft falls down with respect to security:

• security of supply
• modularity
• interoperability
• containment
• least privilege
• security by default
• verifiability

Many of these factors are interrelated. When Microsoft engages in illegal monopoly practices, it has the effect of reducing the security of supply to the industry by limiting the number of competing products. It does so by deliberately breaking interoperability with competing products through a strategy which it calls "embrace and extend."

Another strategy, called "integrated innovation," likewise promotes the questionable virtues of integration at the expense of the fundamental virtue of modularity. Integration is fine for microprocessor chips, but software components are not transistors, and the software engineering problem, as Fred Brooks pointed out, is not about how to efficiently replicate such components. On the contrary, we often need to replace individual software components in order to repair security problems in their design or implementation. Modular systems are thus intrinsically more favorable to security than integrated, monolithic ones.

Independent of this effect, it's also possible to reason more effectively about security in a modular design than in a monolithic one. The analysis of security between communicating entities has been very well studied, and in a modular system this communication takes place in formally defined ways. The strongest demonstration of this capability lies, again, in how well a module interoperates with others. So when Microsoft attests in court that Internet Explorer can't be removed from Windows, it's acknowledging a basic failure to attend to modularity.

Security factors such as containment and least privilege are only possible where modularity is already well established and effectively managed. Usually these factors are what people think of as being characteristic of secure design, but they are in some sense derivative of more general security and design factors such as modularity. In any case, from all of the foregoing we can easily predict that problems will arise when bringing them late to a design, as Microsoft has characteristically tried to do.

Other critical design factors, like security by default and verifiability, require a further degree of commitment to security which Microsoft has a history of actively avoiding. I could cite many examples of these, but surely you can think of some on your own with modest effort.

Genius!

[Douglas+Simmons]

Put yourself in the eyes of Joe Cubicle or look at it from the perspective of your typical housewife. Mal/*ware invade your machine nonstop, but odds are, as you have no idea what an OS is (let alone alternatives), your anger is directed at the virus writers, not MS. Or, and I see this all the time, when the crap piles up and your system slows down because you're running ninety programs on boot up, you do not realize that your processor still crunches math at the same rate it did when you bought the computer; instead you just toss your box out and be a good consumer and buy a fresh box. Intel's gotta be giving MS some kickbacks.

So, given that it is the hacker who is demonized for costing businesses billions and not the shitty programming, Microsoft can actually get away with selling virus protection programs, directing people to partners' sites who sell anti virus ware, or in this case bundling it with their next OS and marketing the software with the edge of having this high security from the evil doers. The whole deal works out great for the chip makers, the programmers, earnings reports, and of course the gross domestic product. This is capitalism at its best my friends. One more thing I gotta say, get your net install iso of debian (i386 arch)here.

Unwinnable Situation

[ytsejammer]

The entire thing is a catch 22.

On one hand, you have an easy to use OS that is prone to malware and spyware when not administered correctly.

On the other hand, you have an OS with a higher learning curve that is less prone to malware and spyware, but that requires the same level of expertise as it does to keep a Windows system free of the garbage that can easily plague a system.

In either case, it is up to the user to be more knowledgable about the product their using. I'm not going to pretend that I don't use Windows, but I can honestly say that in the year and a half since I last formatted, I still have yet to find any spyware, malware, or virii hiding on my system ... my system tray is still as bare bones as it was after installing Windows ... and, my computer still runs just as well and as fast as it did after reformatting. Now, with a CS degree, I consider myself slightly more knowledgable than the average user, but this doesn't negate the fact that it is possible to run Windows without compromising your system. You just have to have a clue as to what you're doing and know better than to visit questionable sites and click 'yes' to every dialog box that pops up and wants to install 'XXX Dialer' on your system.

I don't know if there is an easy solution, other than to make Linux or OSX or another more secure operating system more simple to use - and you can go ahead and tell me that your Grandmother runs Linux and has no problems, but the ordinary computer user is looking for more than a glorified Internet/Email machine.

Could Windows be more secure? Yes. Definitely.

Could Linux be easier to use? Yes, and just as equally so.