Slashdot Mirror
Anti-malware Vendors Stare Down Microsoft Threat
Captain Rose writes "Matt Hines at eWEEK has stepped up to report the other side of the story CNET inked recently on the perceived death knell that Vista will deliver to independent anti-spyware vendors. There's definitely a fight in store (David v. Goliath), though who knows how long we'll have to wait to see it play out now that Vista's delayed yet again. Is this a bit of foreshadowing on how the new Microsoft OS will address the self-replicating, zero-day spyware threats?" From the article: "Most industry watchers concede that it will be hard for Microsoft to easily displace the enterprise security businesses of leading vendors such as Symantec, McAfee and Trend Micro, which market integrated packages of applications to companies wishing to solve long lists of problems. However, for firms that are focused on only one of those problem areas, analysts said, Vista and the other Microsoft security products could pose a significant threat."
If Microsoft stays true to form, their security tools will be full of security holes. They might even spawn a second tier industry similar to the anti-virus/worm/etc industry.
if history serves as an indicator of future performance. I'm sure that Microsoft will stick to the first Tuesday of every month (or whenever it is) to release signature updates, security patches, etc., which will give third-party vendors the upper hand - or worst case should Microsoft totally blow it, potentially drive up the market share for OS/X and Linux migrations.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
As long as the OS permits users to turn down or turn off security measures- experienced users in order to do something they deem useful and noobs for just not knowing any better- followed by forgetting to turn them back on/up and then surfing to some-malicious-site.com or opening some-malicious-email then the liklihood of an unwanted installl/download > 0 yes?
Sounds like we will always need utilities to help out.
As technology evolves, so will the malware.
Compare this topic to that of graphics- in the beginning there was the
There will always be a market for some next-big-thing..
Cogito Ergo Sum
First M$ creates an entire industry focused around fixing holes in their OS. Now they are threatening to fix their own holes and that industry is mad at them?
It seems to me this is like horses being mad at cars for making them obsolete.
However, I am yet to be convinced that Vista will not require third party anti-malware support.
If Vista is as secure as we are being told by MS, why would it need anti-virus code from any source?
I'm guessing the biggest buyers of antivirus, firewall, and spyware detecting software will be knowledgeable users and corporations. Even if you're talking about AOL users with their default installs, AOL still had to make a deal with MacAfee.
My guess is that most corporations and users will turn off the bundled anti-whatever, and use what they trust. After all, should you trust the company that created the problem after they sat for years without doing much, to solve the problem?
I don't get it.
I understand M$'s desire to squash these guys. Every time some server custodian buys another Symantec/Trend/McAfee license, the thought in the back of that custodian's head has to be "I wonder how much less of Symantec/Trend/McAfee's shit I would have to deal with if we didn't have so many M$ platforms running around."
Since everyone will be running MS's anti-spyware program, the spyware folks will concentrate on defeating it, just like virus writers concentrate on beating Windows "security". So there will still be a market for other vendors, since they would hopefully be better at stopping spyware than MS' default option. And since there's lots of them, it's harder to defeat them all. Even now, it's pretty well accepted that you need at least two anti-spyware programs to catch everything.
I can't help but wonder why Microsoft bothered to buy Giant Company awhile back for their antispyware product. Guess it explains why they've put zero effort into improving it since they bought it though.
leading vendors such as Symantec, McAfee and Trend Micro,
AVG Free works quite well and has removed Trojans that Symantec couldn't.
He who knows best knows how little he knows. - Thomas Jefferson
Anti-virus companies, ironically, are very much like a parasite that only lives on a specific host. When the host disappears (pre-Vista versions of Windows), the parasite dies. Either they get lucky and they find a new host in the form of Vista with security problems, or they diversify in a hurry.
For once, you can't blame Microsoft for ruining an industry, and I can't say I'll feel sad if McAfee or Symantec dies...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
You mean they don't already do that?
Yeah, sure, they'll get rid of spyware. Just like they got rid of spam.
Arrrrrrr
Overall, I would like to be put out of business by a real end to the spam problem.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
However, there is a more interesting issue with things like virus signatures and so on (emerging threats.) IANAL but I do wonder if, assuming that continuous updates are required to identify new forms of phishing, Trojans etc., MS might be required by the EU to open its API so that updates could be bought from different suppliers, on exactly the same basis that you can buy tires and exhausts from sources other than the car maker.
Pining for the fjords
Don't worry about that! They told the same about anti virus, web browsers and office suite!
Perhaps you should evaluate the logic of your statement?
Microsofts web browser put the competition out of business. (and got themselves in a bit of a legal battle too)
In the 80's and 90's Word Perfect was the defacto standard for an office suite, and Claris Works was popular on the mac. Then microsoft brought out it's office suite, and has all but put the competition out of buisness.
Not sure where you are going with the anti-virus, since Microsoft has never released one. But when they do, I'm pretty confident it'll steal the market share too.
The point i'm trying to make, is that while all of us know that plenty of non-microsoft products are becoming available, and are even better products in many cases, the fact still remains that microsoft obliterated the competition in all of these areas and only the FOSS community is able to gain any traction at all.
You gotta remember that just becuase you and I use FireFox and OpenOffice.org, doesn't change the fact that 99% of computer users are on Internet Explorer and MS Office.
Big ones, small ones, some as big as yer 'ead!
Give 'em a twist, a flick o' the wrist...
format.com
What?
The big names in anti-virus are just eating resources. Without them we wouldn't be upgrading our computers quite as often. I work on a 2000 box at work with only 256MB of RAM. It normally runs fast enough, but once there was a decision by scared execs Symantec was installed. Now I'm hitting the VRAM like a drunk hits the dollar tapps at happy hour.
This sig isn't original enough, it's time to come up with something witty...
Then when Microsoft is overloaded with attacks, the vendors should return with their new versions. They'll be greeted as saviors.
There's still a significant amount of NT4 out there too, but it's slowly being phased out (still get the occasional person who's IT people haven't certified SP6a yet and they're on SP3! Luckily this is getting rarer... IT moves slow in large companies).
W2k is still in the heart of IT running the domain controllers in many (possibly most) companies... W2k3 is gaining ground but is still not in the majority even 3 years after its release (based on our own marketing surveys, which cover a lot of companies in europe).
Vista isn't even in the planning stages yet. Not heard anyone even mention it or ask for support.
New OSs take time to gain ground in business. We had our first enquiry about Solaris 10 2 weeks ago.. and that was relased, what, about a year ago? That's against several thousand Solaris 9 installs.
we're supposed to feel sorry for companies that hooked their wagon to an unsecure ship? their buisness model is dependent upon MS writing bad software. well, not that that's a bad gamble, but...
maybe it's about time MS writes more secure software. besides, given the hardware req's for vista, there'll be millions who sill still run xp/me/98 for the forseeable future.
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
Microsoft has gotten away with the browser bundling because it was a first offence.
I have word that the bigger players in the anti virus/malware markets have preempted Microsoft and are already being advised by relevant legal departments. They (the AV/M companies) cannot do anything unless Microsoft bundles competing software. But as soon as they do, you can be assured that if there is any drop in revenue seen by the AV/M companies, Microsoft will find itself in court again. Next time it will not be a first offence.
it is only after a long journey that you know the strength of the horse.
If there's an issue over whether Vista will put the big antivirus companies out of business, I don't see it as consequential. IMO, the software companies themselves will be responsible for their own demise, regardless of whether Microsoft enters the market. Programs like Norton Utilities used to be valuable, but now these once-critical utilities have morphed into bloaded virus-like software incarnations that are best not installed in the first place.
Furthermore, both McAffee and Symantec products have been hosts to numerous flaws, security holes and vulnerabilities themselves.
If Microsoft wanted to do it right, they could merely have Vista identify both programs as "malware" right off the bat, remove them from the system, and most users would be better off.
My guess is a "journalist"
Isn't Microsoft using its monopoly power to (Windows platform) to introduce a new product that competes with existing products? Anti-virus companies are already making products to handle security, then Microsoft includes that functionality in the OS itself.
This is quite similar to the inclusion of Internet Explorer. And OS level disk defragmentation (remember PC Tools anyone?).
Now if Microsoft were to include preventatives/prophylactics in the OS, that's one thing, but including AV software, even if integrated into the OS, seems to be stretching things a bit.
Of course, this is the company that said it was cheaper to break the law and fight it in court than it was to follow the law.
Isaiah 43:19 (NCV)
Look at the new thing I am going to do. It is already happening. Don't you see it?
Here you are: Hardened Windows
That will hit some people. Not everyone, many not most, but some. Maybe then a bigger backlash will start. It will probably depend on if the anti-whatever software is free or not.
You've got to love the oddity of it all though. What if tomorrow Oracle released a version of their software that would randomly drop tables? Let's say for the sake of argument that everyone used it anyway. What if Oracle's solution was to sell you software that would catch that happening and instantly put your table back?
What if your Ford car would randomly stall, and Ford's solution was to give you a anti-stall upgrade on your car?
I hope Vista fixes a lot of this (I'm on OS X so it doesn't matter), because it is just mind-bending if you think about it.In what other industry (other than possibly government) would this kind of thing be accepted so well?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
I wouldn't consider it to be anti-competitive for Microsoft to shore up their own OS products for a better user experience and/or better security... unless they were charging money for it, and then I consider it more along the lines of extortion.
These tools provide protection from attacks against multiple fronts. In part the protection is against malware designed to seek out and exploit holes in the underlying software. But it is also designed to protect users from their own inexperience. The strongest OS will still need protection since it still has people using it. So while I think Microsoft should provide free releases to any updates that directly deal with holes in their products, they still are in their rights to charge for a product that takes the extra step of protecting users from themselves. This is not extortion.
I love my sig.
This fact doesn't support your argument concerning bundling because these products are not necessarily included in Windows. Rather, the fact that Office became the standard is either due to a) improved quality over the competition, or b) improved marketing over the competition, neither of which is illegal. When you buy a stock computer from a company like Dell, they most often include WordPerfect by default, and you have to pay an extra $NNN to have Office included instead. People must make an active decision to pay extra for the product, so if they have it, they must feel that it's worth it. If Corel is losing money as a result of people making this decision, it's their own fault, one way or another.
The strange thing about this article is that it makes MS out to be the bad guys. Viruses and spyware feed on weaknesses in the OS, therefore so do anti-virus and anti-spyware products. When Microsoft improves the security of their OS and therefore hurts the businesses that leeched on those holes, are they really the bad guys? All MS does is improve the experience built into the operating system. How is it their fault to make an operating system that fixes itself, even if the "fixing" is done by a part of the system that happens to be called "MS Antivirus" or "MS Antispyware"?
It isn't illegal if you are not a convicted monopoly. But a company using its dominance in a market to squash competition is considered anticompetitive and a violation of antitrust laws (http://en.wikipedia.org/wiki/Antitrust).
If Microsoft want to get into the antivirus/antimalware market, they are free to develop (or purchase) a product, market it and sell it. They just cannot bundle it with Windows as this would be seen as an attempt to squash the existing companies (who compete on product price, quality, etc) out of the market.
it is only after a long journey that you know the strength of the horse.
And, because the DOJ actively stopped caring about the whole anti-trust issue and left it alone. This is because they were told by the administration they weren't interested in the case.
Someone better hope they have awful deep pockets -- if M$ takes away your revenue stream, and can make it takes years to go through court, and if the DOJ isn't strongly motivated to do something, those companies will be out of business long before they resolve anything.
Microsoft has taken away a lot of people's candy by doing such things and just out-waiting them. If the government is not going to intervene, it will happen again quite easily.
Lost at C:>. Found at C.
Mainly because many businesses will start asking the uncomfortable question about why they have to pay for an insecure software product then pay more for security software. I realize many companies are doing it now, but when the checks are going to different companies one can pretend you're buying network security. When both checks go to the same company it becomes glaringly apparent that you're paying for something many companies think should be included in the price.
I realize it must seem strange but I really think this will do more to highlight MSFT's insecurity than boost revenue. Because it's sort of like rubbing a customer's nose in the fact that the product they're buying is basically not secure. I'm guessing MSFT will end up bundling the package at a price not far above where they are now, especially for big buyers. The little people will, of course, get the corporate shaft but most of them are used to it by now anyway. After the XP Activation Follies paying for security updates won't seem like much of a big deal.
Not seeing a win here.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I'm curious as to how they will define "anti-virus" or "anti-spyware" software. If MS releases a patch, or plugs a hole in its firewall to prevent infection, does that count? I see the 3rd-party vendors being forced to define their market *very* narrowly in order for their claims to stand up in court.
A post a day keeps productivity at bay.
Since they have an effective monopoly on the desktop OS segment, they can't move into the other segments using the same.
They, because of their relative size in the market, can't just be putting anything and everything into their products as a bundled deal. It's the same story with the media player and browser software they're already in trouble (though with the browser, they got a slap on the wrist over it- it remains to be seen on the media player software, but it's not looking as good for Microsoft on that front...).
Once you become an effective or complete monopoly, the rules for business change for you.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
These computers will be operated by humans. That is one security hole no one can fix. To us, it seems easy. We're programmers, pen-testers, geek squad members. We're basically lucky enough to have a hoppy that pays well. Not everyone thinks like a geek. Joe Sixpack doesn't give a damn how his computer works, and doesn't want to learn how it works. He just wants to browse the net, send e-mail, and maybe if he's feeling frisky put up a new desktop wallpaper. These people don't know what a "root password" is. They don't know what an "address bar" is. They don't know or CARE. Look, if a phisher just has to ask nicely for Aunt Sally's debit card PIN, what makes you think she'll think twice when we change "pin" to "root password", "firewall password" or anything else? Hell even biometric security won't work because she'll just slide her thumb right in there so she can get the latest hot ring tones.
I've always wondered though, if Microsoft didnt include IE with Windows, then how would I be able to download Firefox?
c:\>ftp ftp.mozilla.org