Slashdot Mirror

← Back to Stories (view on slashdot.org)

EC Watching Microsoft Security Moves

Posted by CmdrTaco on from the i'm-watchin-you-boy dept.

Rob writes "The European Commission is looking into Microsoft Corp's recent moves into the desktop security market, according to Symantec Corp, one of the companies that stand to lose the most if Microsoft leverages its monopoly to compete. We've not filed any official complaint," a Symantec spokesperson said. "We've responded to a request for information from the European Commission... we were not proactive, they came to us." Microsoft announced last week that it will offer an enterprise desktop security package comprising antivirus, antispyware, firewall and centralized administration. That's in addition to its OneCare consumer offering, currently in beta."

19 of 206 comments (clear)

  1. This is just laughable by schestowitz · · Score: 4, Insightful

    How about making an O/S that is secure to begin with? Charging people or supplying add-ons to fix one's own problems?

    --
    My Linux - (L)ove (I)s (N)ever (U)tterly eXPensive
    1. Re:This is just laughable by Anonymous Coward · · Score: 5, Insightful

      Exactly.

      Microsoft's new anti-virus/anti-spyware should be called "Windows XP SP3" and it should be free. We didn't pay for software that almost works.

    2. Re:This is just laughable by LurkerXXX · · Score: 4, Insightful

      If it's worms, etc, that take over your whole system, then yes, tehy should. The problem is a lot of malware these days are things people deliberately install on their maachines, through websites or email attachments. Securing the OS so that they can't take over the whole machine is good, but they can still trash the user data which is really the important thing on the machine. Add-ons like this are still needed to protect the users data files from dumb things the user installs/runs, even if the underlying OS is protected.

    3. Re:This is just laughable by Savage-Rabbit · · Score: 3, Insightful

      How about making an O/S that is secure to begin with? Charging people or supplying add-ons to fix one's own problems?

      Since when has Microsoft elected to do things the easy and efficient way when they can do things the really complicated and inefficient way? From my point of view it is really kind of funny that they might now get into trouble with the EU because they are trying to muscle into (and probably kill off) an industry that largely owes its existence to Microsoft's incompetence and its long-standing reluctance to fix the gaping security holes and design flaws in it's own operating system.

      --
      Only to idiots, are orders laws.
      -- Henning von Tresckow
    4. Re:This is just laughable by British · · Score: 5, Insightful

      And if MS released Vista WITH the fixes, thus rendering antivirus sw/anti-malware sw obsolete, people on here would complain about "WHY do I have to pay for this upgrade to fix the problems they didn't in previous versions?!?". It seems with this situation, MS is damned if they do, damned if they dont. Damned if they do: Accused of trying to leverage out Symateic, damned if they dont: blasted for insecure OSes. Damned if they do pt 2: Put fixes in Vista software, and are accused of trying to gouge customers out of more money for an upgrade.

    5. Re:This is just laughable by Chris+Burke · · Score: 4, Insightful

      It seems with this situation, MS is damned if they do, damned if they dont. Damned if they do: Accused of trying to leverage out Symateic, damned if they dont: blasted for insecure OSes. Damned if they do pt 2: Put fixes in Vista software, and are accused of trying to gouge customers out of more money for an upgrade.

      See what happens when you write shitty, insecure code and do nothing to try to fix it until several years after it is a major problem? Sorry if I'm not gushing with sympathy for this horrible situation they put themselves in.

      --

      The enemies of Democracy are
    6. Re:This is just laughable by m50d · · Score: 4, Insightful

      If you ship a shoddy product you deserve to be in a damned-if-you-do damned-if-you-don't situation. It's more damned-for-shipping-an-insecure-os-in-the-first-pl ace.

      --
      I am trolling
    7. Re:This is just laughable by Verteiron · · Score: 4, Funny

      If you are running a legal copy of Windows then you did, in fact, pay for software that almost works.

      --
      End of lesson. You may press the button.
    8. Re:This is just laughable by Deathlizard · · Score: 3, Interesting

      Microsoft Could easily secure Windows to the point that no malware could infect the machine. You wouldn't like it, however, because you wouldn't be able to do anything on it other than browse the web. Want to install that Program? Sorry, it's not digitally signed! Like that Desktop Wallpaper? Sorry, but it's a Jpeg so it could have a Virus! ETC. If you want a Truly secure OS which doesn't need any type of protection, then you want Palladium. Simple as that.

      On the other hand, Not having a secure OS means that now you have to deal with Joe Stupid installing everything Bob Ignoramus sends to him, because Bob Ignoramus would never send Joe Stupid a virus. No Sirree. Now in Joe Stupid's mind. All he sees is PAM_ANDERSON_NUDE_ON_THE_BEACH.JPG.EXE, and thinks to himself, "I wanna see that, and I'm going to click Yes on this big red box that says that this could be a virus, and I'm going to click yes on this other big red warning that says that it isn't signed, and I'm going to put my Admin Password in this box that says I need admin rights to run this file, and HEY it's not Pam Anderson, it's Paypal telling me to enter my password since my account expired, How Nice of them to remind me So I better do that, and Hold Up! This damn Punch the monkey Ad keeps coming up and my machine is running slow for some reason!!!"

      Basically, Since Locking the machine Down isn't a good solution, and there's no security patches for the human brain yet, the easiest way to increase security without restricting the PC to the point that it's useless is have these addons to Stop Joe from being too stupid, but allow Joe to install Redneck Rampage Deer Hunter Extreme Machinegun Challenge when he feels like killing something. Frankly Why MS didn't have A virus scanner in XP is beyond me other than MS didn't want to hear Symantec Crying that their business they built on insecure Microsoft Os's is going away because Microsoft Suddenly decided to start securing their OS.

      Frankly, The only complaint about this Microsoft Anti virus is that they are going to have definition subscriptions like all the other anti virus apps instead of just turning their AV solution on by default on Vista and allow it to update without having to worry about expiring definition subscriptions.

      --
      In Soviet Russia, Trojan exploits YOU!
  2. Bloatware by sp3298622 · · Score: 5, Interesting

    First Adobe gets hit with integrated PDF creation in the new version of Word, and now Symantec is on the list of features Microsoft is going to incorporate in the next version of Windows. If there is anything they should have learned by now from the success of Linux, the benefits of allowing specialized developers creating software packages they know, understand and excel in doing properly, should have been clear to Microsoft by now. But I guess that's another thing that Microsoft think they can do better than anything else, what's new?

  3. What's the Fuss? by putko · · Score: 4, Insightful

    This issue -- MS moving into the security market -- has always struck me as a non-issue.

    If MS just did their job and made a secure OS, like OpenBSD (or the other BSDs), there wouldn't be a huge market for security band-aids.

    E.g. suppose MS began to apply formal methods, semi-formal methods, code reviews and so on in an effort to eliminate sources of insecurity -- yet did not sell a single "security" product. Not even a Snort.

    Would the EU then claim that MS was taking away their oxygen supply of the "security" band-aid selling companies?

    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
    1. Re:What's the Fuss? by 99BottlesOfBeerInMyF · · Score: 3, Insightful

      E.g. suppose MS began to apply formal methods, semi-formal methods, code reviews and so on in an effort to eliminate sources of insecurity -- yet did not sell a single "security" product. Not even a Snort. Would the EU then claim that MS was taking away their oxygen supply of the "security" band-aid selling companies?

      No, because their is a fundamental difference between improving an existing product in a market where you have a monopoly and using that existing monopoly to move into a new market. The first is legal, the second is not. If MS improves their OS so that it uses no electricity, that is fine. It has made the product better, and while this will have an adverse effect upon electricity sales, it does not move MS into the electricity market by leveraging their existing monopoly. That is the part the law objects to, because that is the dangerous part of a monopoly and one that removes all the competitive benefits of a free market. What MS cannot (legally) do is start to give away electricity for free with copies of their OS or bundle it in any fashion.

  4. MS is undermining itself by revscat · · Score: 4, Insightful
    The fact that Microsoft can do this is just astounding. I understand their freedom within the marketplace, yes, but should their anti-virus segment prove profitable then they would then have a financial disincentive to fixing their security flaws that is directly proportional to the underlying success of their security product. This can be neither good for Windows nor the world at large.

    Microsoft: Spend your energies fixing the problems, not undercutting them! This seems to me like the smoker who uses asthma medicine to take care of his wheezing. It's a temporary fix, sure, but the larger problem remains.

  5. Uh Oh.... by 8127972 · · Score: 4, Funny

    ....I think someone is going to be throwing some chairs shortly.

    --
    This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
  6. Wny Anti-Virus is an OS function by G4from128k · · Score: 4, Insightful
    As much as I dislike MS, I can see four arguments that antivirus is an OS function.

    1. A key function of an OS is to regulate, allocate, and manage the hardware and software resources of the machine. Controlling which chunks of code/processes/threads have access to which other chunks of RAM/filesystem/IO seems core to both an OS and to controlling malware.

    2. Anti-malware software needs to operate at higher level of privilege than the malware to avoid malware countermeasures. If the anti-virus is just another application, even if its at the admin level, its going to be vulnerable to being turned off by malware that explicitly tries to avoid detection and removal. Anti-virus needs to run at a privilege level above most user and admin processes. This puts it deep into the OS and should probably load before any 3rd party extensions or any form of networking stack.

    3. Malware often exploits holes in the OS. All jokes aside, the OS vendor is one of the most likely organizations to understand these vulnerabilities and make a semi-competent decisions on whether to patch the OS to close the vulnerability or use anti-malware to expunge or repel the malware.

    4. Defense against malware should be a default-feature of the OS, not an add-on. No car could be sold with bumpers, locks, and seat-belts sold separately. In an age of consumer PCs and botnets, it becomes part of the system provider's responsibility to deliver a "safe" product.
    --
    Two wrongs don't make a right, but three lefts do.
  7. It's right and it wrong by erroneus · · Score: 3, Insightful

    It's right for Microsoft to be interested in security. It's wrong for them to attempt to profit from it. I don't think I need to go into any lengthy discussion about those notions.

    If you ask me, Microsoft should create a mode of operation in Windows that will disallow all programs and libraries except for the ones indicated in some list. This would be most useful for corporate desktops but could also be useful for a bunch of other users as well. It would prevent the installation of software that is unwanted and all manner of things. It would change the way people use their computers, of course, but then I think it should change. It would do wonders for Microsoft's security reputation and I can't imagine it would be particularly difficult to implement. But we already know most people would simple turn that off anyway -- it impedes their access to the wonderful experience of "internet browsing" and downloading cool new things. (They get what they deserve IMHO) And since MS still essentially controlls the desktop, it's not like anyone would consider switching because Windows became a little more annoying...

  8. Re:let me know of some OS that is immune by twiddlingbits · · Score: 3, Insightful

    When the default browser (IE) is NOT a trusted app then you know you got problems. In fact I wouldn't consider the OS itself a trusted app. So just booting up Windows makes your machine insecure.

  9. Re:This is ridiculous by 99BottlesOfBeerInMyF · · Score: 4, Informative

    The fact is, Windows, as terrible as it may be can come with as much [spyware infested] programs as they want, for it's their product.

    The fact is, Monopoly Inc.'s product, as terrible as it may be can come with as many bundled other products as they want, for it's their product.

    Oh wait, or we could pay attention to all the antitrust laws that have been written and all the economics we have learned in the last 400 years and realize that monopolies tying new products to an existing monopolized product results in them completely bypassing fair trade and competition and results in them taking over more and more markets, products that are inferior (since the benefits of competition no longer apply), products that are unfairly priced (again competition is bypassed), the economy suffering (since one company gets more money than the value of the work/product they provide), the industry suffering (since their is no motivation/oportunity for innovation), and eventually (in theory) a single company taking over all markets.

    I take it you slept through your freshman economics course? It is illegal for monopolies to bundle products and that is exactly what MS is doing and has been convicted of doing in the past. Unfortunately all of the punishments and remedies have been largely ineffective.

  10. There is a legal aspect to this too by Been+on+TV · · Score: 3, Insightful

    If Microsoft starts charging for antivirus software, they may under various legislation be seen to ship a defect product that can only be fixed by making an additional purchase of a Microsoft product. This will open up the field for numerous lawsuits including class action in those countries that have it in their legislation.

    The thing is that if Microsoft knowingly ships a product with open attack-vectors, and these can only be fixed by applying another product from Microsoft for which there is an additional charge, I am sure it can be argued under various legislation that they have shipped a defect product and you are entitled to a replacement product without the defects and/or a compensation.

    Microsoft shipping an anti-virus product for their own operating system is significantly different from anti-virus firms shipping such products for Windows. Since Microsoft is 100% responsible for the design and production of their operating systems and applications, and have sufficient knowledge to produce a product to prevent attacks from viruses and spyware targeting their operating environment, they are also 100% capable of clearing those attack-verctors from their own products either by re-design or re-writing the software being attacked.

    So the solution, both from a legislative and technical point of view, is to fix the original defect products, hence there will be no need for the second product and no business can be made from it.

    --
    The future is in beta