EC Watching Microsoft Security Moves

Rob writes "The European Commission is looking into Microsoft Corp's recent moves into the desktop security market, according to Symantec Corp, one of the companies that stand to lose the most if Microsoft leverages its monopoly to compete. We've not filed any official complaint," a Symantec spokesperson said. "We've responded to a request for information from the European Commission... we were not proactive, they came to us." Microsoft announced last week that it will offer an enterprise desktop security package comprising antivirus, antispyware, firewall and centralized administration. That's in addition to its OneCare consumer offering, currently in beta."

This is just laughable

[schestowitz]

How about making an O/S that is secure to begin with? Charging people or supplying add-ons to fix one's own problems?

Re:This is just laughable

Exactly.

Microsoft's new anti-virus/anti-spyware should be called "Windows XP SP3" and it should be free. We didn't pay for software that almost works.

Re:This is just laughable

[LurkerXXX]

If it's worms, etc, that take over your whole system, then yes, tehy should. The problem is a lot of malware these days are things people deliberately install on their maachines, through websites or email attachments. Securing the OS so that they can't take over the whole machine is good, but they can still trash the user data which is really the important thing on the machine. Add-ons like this are still needed to protect the users data files from dumb things the user installs/runs, even if the underlying OS is protected.

Re:This is just laughable

[British]

And if MS released Vista WITH the fixes, thus rendering antivirus sw/anti-malware sw obsolete, people on here would complain about "WHY do I have to pay for this upgrade to fix the problems they didn't in previous versions?!?". It seems with this situation, MS is damned if they do, damned if they dont. Damned if they do: Accused of trying to leverage out Symateic, damned if they dont: blasted for insecure OSes. Damned if they do pt 2: Put fixes in Vista software, and are accused of trying to gouge customers out of more money for an upgrade.

Re:This is just laughable

[Chris+Burke]

It seems with this situation, MS is damned if they do, damned if they dont. Damned if they do: Accused of trying to leverage out Symateic, damned if they dont: blasted for insecure OSes. Damned if they do pt 2: Put fixes in Vista software, and are accused of trying to gouge customers out of more money for an upgrade.

See what happens when you write shitty, insecure code and do nothing to try to fix it until several years after it is a major problem? Sorry if I'm not gushing with sympathy for this horrible situation they put themselves in.

Re:This is just laughable

[m50d]

If you ship a shoddy product you deserve to be in a damned-if-you-do damned-if-you-don't situation. It's more damned-for-shipping-an-insecure-os-in-the-first-pl ace.

What's the Fuss?

[putko]

This issue -- MS moving into the security market -- has always struck me as a non-issue.

If MS just did their job and made a secure OS, like OpenBSD (or the other BSDs), there wouldn't be a huge market for security band-aids.

E.g. suppose MS began to apply formal methods, semi-formal methods, code reviews and so on in an effort to eliminate sources of insecurity -- yet did not sell a single "security" product. Not even a Snort.

Would the EU then claim that MS was taking away their oxygen supply of the "security" band-aid selling companies?

MS is undermining itself

[revscat]

The fact that Microsoft can do this is just astounding. I understand their freedom within the marketplace, yes, but should their anti-virus segment prove profitable then they would then have a financial disincentive to fixing their security flaws that is directly proportional to the underlying success of their security product. This can be neither good for Windows nor the world at large.

Microsoft: Spend your energies fixing the problems, not undercutting them! This seems to me like the smoker who uses asthma medicine to take care of his wheezing. It's a temporary fix, sure, but the larger problem remains.

Wny Anti-Virus is an OS function

[G4from128k]

As much as I dislike MS, I can see four arguments that antivirus is an OS function.

1. A key function of an OS is to regulate, allocate, and manage the hardware and software resources of the machine. Controlling which chunks of code/processes/threads have access to which other chunks of RAM/filesystem/IO seems core to both an OS and to controlling malware.

2. Anti-malware software needs to operate at higher level of privilege than the malware to avoid malware countermeasures. If the anti-virus is just another application, even if its at the admin level, its going to be vulnerable to being turned off by malware that explicitly tries to avoid detection and removal. Anti-virus needs to run at a privilege level above most user and admin processes. This puts it deep into the OS and should probably load before any 3rd party extensions or any form of networking stack.

3. Malware often exploits holes in the OS. All jokes aside, the OS vendor is one of the most likely organizations to understand these vulnerabilities and make a semi-competent decisions on whether to patch the OS to close the vulnerability or use anti-malware to expunge or repel the malware.

4. Defense against malware should be a default-feature of the OS, not an add-on. No car could be sold with bumpers, locks, and seat-belts sold separately. In an age of consumer PCs and botnets, it becomes part of the system provider's responsibility to deliver a "safe" product.