Symantec Brings Complaint Against MS to EU

linumax writes "Symantec has made a complaint against Microsoft to EC anti-trust regulators over the software giant's entry into the security market. The "informal" complaint allows the Commission to consider whether or not an anti-trust case is merited. The Commission is the executive branch of the European Union (EU)." From the article: "The news comes on the day Microsoft announced plans to begin offering business users an integrated anti-virus and anti-spyware product called Microsoft Client Protection. A beta version of this product is expected to be released by year's end. The company is already offering some customers a beta version of its Windows OneCare consumer security software. At issue is Microsoft's plan to bundle its security software with Windows Vista, the next major version of the Windows operating system due next year."

Mafia

[tobybuk]

And I the only one that thinks that MS offering anti virus software is very similar to the mafia offering 'protection'?

Re:Mafia

[Kjella]

It's pretty ridiculous to ship an OS with a broken security model AND the antivirus and firewall to fix the problems. Why not just design it right in the first place?

Well, the fact that the users are broken as well. If linux users ran every funny program that dumped into their inbox or came across on some shady site, they'd be equally screwed. However you want to tell me the linux security model helps, it doesn't. If people were used to sudo as root to install something, they'd install this. If they had to chmod programs +x, they'd chmod this too. The only way you could protect users against themselves is to make it very hard to install software (bad) or lock them in to only use your distro's software (worse). Or run anti-virus. I don't recall the last time my anti-virus warned me about something that I didn't consider obvious, I don't actually need it (but I design security in layers, just in case). Anti-virus is a fix for broken users, not broken software. And Linux and BSD ships with a firewall too, that's hardly a sign of breakage.

Re:Mafia

[Omnifarious]

I still call that a broken security model.

It should be possible to use the OS to put a fence around such programs so people can still run them. SELinux sort of has some of the infrastructure to do that. But moving to a full capability model may be a better choice.

Blaming people for doing stupid things all the time is a very poor approach to security. Computers are for people. People aren't for computers. Things should work with people in such a way that they have to remember as few rules as possible.

In fact, people might react a little better and follow the rules more if you explained to them that the computer was too stupid to distinguish between the program that ran off the net and a program installed by the sysadmin, and so it would let the program from the net do all the same things, so to help the computer out because it's so stupid, they should avoid running things from the net.

Now THIS is +5 funny!

[RLiegh]

Microsoft has had a looooong-standing relationship with Symantec, going back to the days of the Norton Utilities (Peter Norton was a big pusher of MS products back in 1985/86). What makes this so funny is that slashdotters could have predicted this. How?

Because...Microsoft screws over EVERYBODY who has any business dealings with them.

Everybody

Re:Now THIS is +5 funny!

[justsomebody]

Yeah, agreed. In 100%.

But me being pro-Linux put asside, I somehow agree with MS in this case. While Media Player, Browser and other functionalities that are bundled with OS can be argued with some facts, Antivirus and AntiSpyware software provide basic security.

On one side you can watch people laughing and pointing on every security bug, but on the other people agree with the option that MS is not allowed to bundle software against security and malware problems. Well, it is not a nice time to be at MS position.

Huh?

[Richard_at_work]

If Microsoft got their act together and made it impossible for viruses to spread on Windows, and secured the OS totally against external threats, would Symantic have a case against them? Doesnt Symantic depend on a business model that could concievably be made redundant at any point in Microsofts development cycle?

Re:Huh?

[geminidomino]

Dairy Defamation Council on line 1, and boy do they sound PISSED...

Re:Huh?

[Bogtha]

The complaint isn't based on the idea that Symantec should have their business protected from all of Microsoft's actions. The complaint is based on the idea that Symantec should have their business protected from Microsoft abusing their unique position in the industry.

If Microsoft made a competing product and sold it separately, then this complaint would be meritless. It's because Microsoft are tying their competing product to Windows to get it on people's desktops whether they've chosen it or not.

This is Netscape all over again. If the DOJ had done their jobs and actually punished Microsoft for breaking the law, perhaps they'd stop doing it. But no, they gave Microsoft a slap on the wrist and let them do it all over again. Maybe the EU will do what the USA won't and actually protect people from the abusive, illegal actions of Microsoft.

What?

[hvatum]

I hate Microsoft just as much as the next guy but this doesn't make any sense. It's as if Firestone were to sue Ford for shipping cars with pre-installed wheels. Afterall you won't get very far in Windows without security.

Why should the consumer be forced to buy a product from a second supplier when the original supplier is willing to add that feature on for free?

Cry me a river....

[6Yankee]

I'd feel a whole lot more sympathy towards Symantec if Norton Internet Security 2005 didn't depend on Internet Explorer.

Re:Cry me a river....

[David+Horn]

I'd feel more sympathy if Norton Internet Security 2005 didn't break everything it touched.

The price they pay for being monolitic

[Raul654]

I'm all for anti-trust laws, but I think this situation is a bit ridiculous -- the complaint is utterly without merit. Symantec and McAfee built their buisness models on Windows being a shoddy, insecure POS. Now, that Microsoft is tightening it down and including a virus scanner, and they are crying foul because it's going to put them out of buisness? I'm sorry, but that's the price they pay for being monolithic, for failing to diversify. Structural unemployment is a bitch.

Well, the day has finally arrived

[bechthros]

Microsoft has released a program called MCP. Where did I put my frisbee...

Just bad business model

Maybe they should also file a complaint against Apple for not making Mac OS more susceptible to viruses.

Both are crooks

Symantec thrives off the existence of viruses (and some people have said symantec has in the past written viruses). A permanent fix to viruses and self replicating programs would be bad for their biz.

M$FT, well they will have no ensure their products are vulnerable if they expect to sell AV and anti keylogger/spyware software.

Bottom line, reminds me of "Alien versus Predator" trailer tagline: "Whoever wins, we lose"!

If it were integrated ...

[Random+BedHead+Ed]

Any OS maker has the right - indeed, the responsibility - to secure their system. Integrating security mechanisms into Vista would be fine, not unlike adding iptables to the Linux kernel or requiring an admin password for all security-related operations in Mac OS X. So if Microsoft were to give this away as part of Vista, they could virtually kill Symantec and I would have no problem with it. After all, Symantec has made a killing on compensating for problems in Windows, and fixing those problems is far from bad business.

But if Microsoft intends to charge for their security products, it's a scam. They'd have a vested interest in building only basic security into their OS, because enterprises will otherwise have no reason to buy the security add-ons. I hope Symantec wins this not because Microsoft's entry into this market is wrong, but because they've done it entirely the wrong and corrupt way.

the poop factor...

[Eggz+Factor]

Symantec is clearly crapping it's pants. They have recently been attempting to strike fear of impeding virus doom on the OSX platform, especially since their revenues from that part of the market have dried up significantly. If MS offers a product with hooks into it's OS and attractive bundles, it may very well be game over for Symantec.

Re:the poop factor...

[nmb3000]

...it may very well be game over for Symantec.

I'm not so sure. While it's true that Norton/Symantec Anti-Virus is one of Symantec's big packages, it's not the only software they sell. Their recent acquisition of PowerQuest gave them all that software, including Partition Magic. They have a very active Ghost division, a division that while it might not be quite as profitable as AV, likely makes a fair bit. They've also got several other products like spam/virus filtering. The lists of their Home, Small Business, and Enterprise products are pretty large. If Symantec did completely close down it's AV division, while it might hurt the company for a while and cause a number of jobs to be cut, they have plenty of other products available to keep on going, at least long enough to re-group and put their focus someplace else.

On another topic, these issues are interesting. It's not so much that Microsoft is trying to bully Symantec out of business as it seems they are really trying to improve the view most people have on the security of Windows. XP SP2 gave users a "free" firewall which has drastically cut down the spread of worms and the like. It only seems logical that the next logical step in securing an OS is to control and protect the content already on the system, namely with an Anti-Virus agent.

You could look at this as saying that the reason that Symantec and others were able to sell AV and firewalls in the first place was because Microsoft was deficient in OS security. Now that they're catching up with it, any specialized companies that took advantage of this niche are going to hurt unless they can focus on something else. "Diversified interests" applies to large companies just as it does to personal portfolios.

Yes, it sucks for these companies, but it's not the same thing as if Microsoft started offering Office free with Windows.

Why anti-virus is part of the OS

[G4from128k]

As much as I dislike MS, I can see three arguments that antivirus is an OS function.

1. A key function of an OS is to regulate, allocate, and manage the hardware and software resources of the machine. Controlling which chunks of code/processes/threads have access to which other chunks of RAM/filesystem/IO seems core to both an OS and to controlling malware.

2. Anti-malware software needs to operate at a level higher than the malware to avoid malware countermeasures. If the anti-virus is just another application, even if its at the admin level, its going to be vulnerable to being turned off by malware that explicitly tries to avoid detection and removal. Anti-virus needs to run at a level above most user and admin processes.

3. Malware often exploits holes in the OS. All jokes aside, the OS vendor is one of the most likely organizations to understand these vulnerabilities and make a semi-competent decisions on whether to patch the OS to close the vulnerability or use anti-malware to expunge or repel the malware.

I just don't get it...

[charlie763]

This makes no sense to me on several levels. Who would trust MS to make anti-virus software when they're the ones who wrote the software that allowed the viruses in the first place? If MS knows about a virus that exploits a programming error, why don't they just fix the error? Who would trust a company that has a financial motive to write virus-prone code?

Interesting...

[DarkBlackFox]

So Symantec/Norton make a name for themselves peddling products designed to keep people safe from security problems in Windows. Between the Customer and Microsoft, Symantec is a third party offering protection. After all these years, Microsoft decides it has the capability/desire to protect customers themselves. I can see why Symantec would be pissed, but it was they who built their house on sand. They based their business model on the combination of unwitting users and Windows flaws, so it's only natural for their business to decrease as users become more informed and Windows becomes more secure. As has been said many times in the People vs. RIAA/MPAA threads around here, The Right To Profit is not guaranteed. Symantec gambled on a product line, and thus far has done very well. The odds are changing though, if Microsoft wants to start protecting people from themselves.

Heck, I remember running Microsoft AV in Windows 3.1/Dos 6.2 days, cleaning the Form virus off various floppy disks. (Don't Copy That Floppy anyone?)

* I don't mean Windows becoming more secure in the traditional sense of locking down, though XP SP2 is a big step up, I mean the manufacturer of the product (Microsoft) providing alternate means of protection without the need for 3rd party products.

No sympathy for symantic, but...

[bigtrouble77]

Microsoft should be dedicating their resources in finding a cure, not a treatment. This presents a big conflict of interest for them, kinda like a coach betting against his own team.

Nope, a good security model is "basic security".

[khasim]

While Media Player, Browser and other functionalities that are bundled with OS can be argued with some facts, Antivirus and AntiSpyware software provide basic security.

Nope. "Basic security" comes from a decent security model.

Since Microsoft does not have a decent security model for their OS's, they get infected.

Which is why you need to continuously update the virus signatures.

On one side you can watch people laughing and pointing on every security bug, but on the other people agree with the option that MS is not allowed to bundle software against security and malware problems.

Not many years ago there was a flood of "macro viruses" for Word and Excel. Then Microsoft made a very minor change and asked people if they wanted to run the enclosed macros ..... and the Word macro virus is now almost dead.

The correct approach is to fix the real problem.

The PROBLEM here is that when Microsoft starts shipping its own anti-virus/spyware app, the other companies will all die.

Which means that within a couple years, the ONLY commercial option you will have for anti-virus on Windows will be ... Microsoft.

Now, to see how much effort Microsoft will be putting into that ... look how long the problem has already existed and look how long it took Microsoft to improve IE.

Removing the need for a product is different.

[khasim]

If Microsoft fixed the security flaws, then Symantic might go out of business because there is no longer a need for their product.

The problem is that by competing with Symantic, the product is still needed, but Symantic will go out of business and Microsoft will end up being the single source for commercial anti-virus software for their desktop monopoly.

Which means that Microsoft can start ratcheting up the pricing for this ...or... cut development because it isn't bringing in money.

Either way, the customers lose. Unless they switch to Linux/Mac.

NIS2005 is broken, as i Symantec support

[Daath]

I agree with you there! NIS2k5 is the scum of the earth - I dedicated an entry on my blog to it.

You confuse "virus" with "trojan".

[khasim]

Well, the fact that the users are broken as well.

Partially correct.

If linux users ran every funny program that dumped into their inbox or came across on some shady site, they'd be equally screwed.

Nope. You are only considering trojans.

While it is correct that the majority of current infections are via trojans, they are not the only problem. Ubuntu handles the issue of worms by just not running any open ports in a default installation. So Ubuntu will not be hit with anything close to Slammer or Blaster.

However you want to tell me the linux security model helps, it doesn't.

You are wrong, it does help.

If people were used to sudo as root to install something, they'd install this. If they had to chmod programs +x, they'd chmod this too.

SOME people would. But that's because system security is bound by human stupidity.

But the people who are currently being infected because they double-clicked on "sexy.jpg" which was really "sexy.jpg.exe" would have to go through a LOT more effort to accomplish the same on Linux.

#1. Save the attachment. (extra step)

#2. Find where they saved it. (extra step)

#3. chmod it (extra step) warning

#4. Double click it.

#5. Give sudo password. (extra step) warning

So, all of a sudden, all (99.99%) of the *.jpg trojans are dead. Which means that you have to convince someone to actually run an app on their box, which they know is an app. Some people will still fall for that, but not as many as fall for the .jpg ones.

Anti-virus is a fix for broken users, not broken software.

Nope.

In a correctly designed system, the user will KNOW that s/he is running an app (not thinking it is a graphic) and be ASKED for additional authorization.

And that only matters with trojans. Viruses and worms are few and very, Very, VERY far between on Linux systems.

if Ford was the only car company

[J_Omega]

The analogy might make SOME sense if Ford was a convicted monopoly and decided to start manufacturing the tires as well.

..in other news.

[LarsG]

In other news, Trumpet is unhappy about Microsoft's recent announcement that they will include a TCP/IP stack by default in the next version of Windows.

:) Not flamebait.

[khasim]

Linux is less "user friendly" if you define "user friendly" as "makes it easy to accidently install applications".

On the other hand, if you define "user friendly" as "works and keeps away trojans" then Linux is more "user friendly" than Windows.

The question is ... whether the additional ease of accidentally installing a trojan (Windows) is offset by the ease of keeping them off your system (Linux).

Will the average Linux user spend less time and effort keeping his/her system clean and functional than the average Windows user? Less time but more effort? Less effort but more time? I believe it will be less time and less effort to keep a Linux system clean. Less time and less effort should equate to a more "user friendly" system, eh?

If I was the CEO of symantec..

[codepunk]

There is a much, much quicker fix for this. If I was the CEO of Symantec I would have my secretary get Bill on the phone. The conversation would go something like this.

Symantec CEO: Hi Bill how are you today!

Bill: Very good what can I help you with.

Symantec CEO: Bill I will cut to the chase I want you to stay out of the security market.

Bill: Nope we are going to kill Symantec.

Symantec CEO: Ok if you want to be like that we are going to release a immediate update to our suite on monday. With this update we are going to bundle a copy of the new version of Open Office.

Bill: Ok we will take it off the list, have a very fine day, how about a all
expenses paid trip to bermuda.

These CEO's just don't know how to fight fire with fire.

Antivirus market

[soramimicake]

Losing AV really isn't that big a deal to them in the bigger picture, I'm sure they won't let it go without a fight though. It is still quite the cash cow.

Quite the cash cow is an understatement. Every Windows machine I've seen have some form of antivirus on it, esp. since XPSP2. I think some people just install antivirus to shut that security center tray thing up. (yeah I know you can disable that) Most of them use Symantec/Norton. Let's say only half of new Windows PCs install antivirus (an underestimate) and half of them use Symantec/Norton (an underestimate too, I'd think), that's $40 from 1/4 of every Windows PC sold, just for the 1st year of those PCs' lifetime.

It is consistently the best-selling software in computer stores, and just thinking of the profit it generates from the continued subscription (which may be only part of the market but with a huge margin) should make any executive cream his pants. I agree they wouldn't let it go without a fight.