Spy Sweeper, the Next Netscape?

GenieGenieGenie writes "AP is running a story about Webroot's Spy Sweeper, specifically about the competition it's facing from Vista's bundled anti-spyware. Webroot's CEO David Moll maintains that 'The taking of a second-best product in this space [i.e. Vista's Defender, f.k.a. AntiSpyware] is akin to locking half the doors in your house,' but others seem to think that if Moll doesn't want his company to become a second Netscape, it would 'ultimately [...] need to offer more than just an anti-spyware package.' The interesting issue here is whether this need for broadening the offer would be the case also for other leading companies subject to similar 'bundled-with' competition."

Opportunity!

[Ohreally_factor]

I think there's an opportunity here for someone to sell a spyware app, but to bundle a free operating system with it. That ought to hit MS where it hurts. =)

Re:Opportunity!

[creepynut]

And then there's the programmers who sell out and bundle [spy|ad]ware with their programs. Sure, you can opt out, but most people only care to click Next, next, finish.

Let's not forget programs like Kazaa, if it's even still around, which actually REQUIRE you to not only install, but keep the crapware on your system in order to run it.

Defects in the operating system indeed.

Of course, a lot of the nasty crap that gets on your computer without you DOING anything is generally on rathe questionable sites (e.g. Warez sites). This is thanks to lacking security in Internet Explorer, not the OS.

Re:Opportunity!

[drsmithy]

What gets me about all this is why MS is even releasing an antispyware program... wouldn't they be better off patching their own code?

Anti-spyware (and antivirus) software isn't protecting from defects in the code, it's protecting from defects in the user.

Re:Opportunity!

[mrchaotica]

Hmm, that business tactic sounds familiar... oh yeah, that's right--the Mafia does the same thing!

"Yeah, you'd better buy our 'protection service,' cause, you know, Vinnie and me would sure hate to see something happen to your computer..."

Re:Opportunity!

[drsmithy]

So if you used Windows on a daily basis, you would not run a virus scanner or a spyware scanner?

Not only "wouldn't" I, but I don't.

I do, occasionally (maybe once every 6 months) run the online scanners over my PC. Thus far, no infection has ever been detected.

You would rely solely on your personal computing prowess to prevent and/or remove all infections?

I rely on common sense and the security facilities of my OS to avoid infection in the first place. In particular, I don't execute code I can't verify the source of, I don't run as a high-privilege user for day to day tasks and I filter inbound network connections to my computers.

I will also point out that these are the exact same procedures I follow on *all* the OSes I use.

If you say yes, first I'll call bullshit.

I don't really care what you "call". Ten years of Windows use without a single exploit from malicious code is enough evidence for me that my methods work the majority of the time.

Then I'll ask how you can expect this kind of tech savvy from your average user.

Most malware - or, more accurately, the vector it uses - doesn't require even the slightest level of "tech savviness" to identify. How many people, if someone knocked on their door and said they were from their bank, would hand over a blank cheque and signature specimen for "verification purposes" ? Compare that to how many are happy to hand over their banking usernames and passwords to email and web based banking scams.

One of the fundamental problem, IMHO, is many people are still working under the impression that stuff on the "internet" isn't "real", and that actions online can have genuine consequences out in the real world. My guess is they figure that since Word has an undo button, then everything else they do with the computer can be similarly easily "undone". Malware is going a long way towards rectifying this attitude (one of its few upsides).

Now, with all that said I certainly wouldn't recommend most people go without anti-virus and anti-spyware tools. Particularly since most "normal users", IME, are primarily using the internet for inherently high-risk behaviour (swapping software, documents and other data). However, the simple fact is that neither anti-spyware, nor anti-virus software, is there to protect the user from flaws in the OS (although it may do this as a side effect). It's there to protect the user from flaws in their behaviour. No level of OS security known can protect from the user deliberately executing malicious code.

(I use the word "flaws" here in the context of safe computing practices, not behaviour in general. I don't think for a second people *shouldn't* be doing the things they do with computers that typically lead to malware infection.)

netscape products

[gEvil+(beta)]

At the time of the IE/Netscape war, Navigator wasn't the only product that Netscape made. They also had a variety of server software, which from what I've heard wasn't all that bad, especially compared to the competition at the time. So saying Webroot should make other products in order to avoid the same fate as Netscape may not be particularly good advice. Depends on what other areas they branch into, I guess.

Re:netscape products

[NutscrapeSucks]

Yes, it's often forgotten that Netscape was founded to be an enterprise server software company, and got into selling shrinkwrap browser software by accident.

As for Netscape's server products, the webserver was undercut by Apache, and the other stuff (groupware, application server) didn't sell well compared to IBM or Microsoft. Had they been successful with servers, Netscape would probably still be around today.

As for this anti-spyware company, it reminds me about Quarterdeck's bitching when Microsoft took the outragous step of adding a memory manager to their OS.

Is that the right way to look at it?

[penguin_asylum]

I often see it the other way around...

If I'm looking for a good anti-spyware program, and it comes bundled with something that I'm _not_ looking for, then I might instead use something that's not necessarily quite as good but isn't loaded down with other software.

If their software is that much better than Microsoft's, then I'm sure they'll have no problem competing. Honestly most people install spyware without looking at what they're agreeing to, and the people who care about this will be willing to spend the time it takes to install a third party app.

This is NOT the next Netscape...

[jerkychew]

Netscape was a competitor to a product Microsoft sold. Anti-spyware software is little more than a fix for Microsoft's crappy security model that's included in its OS and default browser. There's a big difference here.

Microsoft bundled IE and bullied PC makers into not putting Netscape on the desktop because it wanted to put Netscape out of business. That's a bad thing. On the other hand, Microsoft is bundling anti-spyware software into its new OS to protect its users from a) their own ineptidude, and b)the afore-mentioned crappy software that Microsoft themselves put in place.

Where Microsoft wanted to get into a new market (the browser application) by crushing Netscape, in this case they're just trying to band-aid their operating system's vulnerabilities to (hopefully) lower the amount of user frustration in the future.

I've been an IT guy for nine years, and I've always thanked Microsoft for releasing bad, buggy code. The anti-spyware folks should do the same, instead of being angry that Microsoft is finally trying to fix the problem.

Re:This is NOT the next Netscape...

[DrLZRDMN]

Exactly!
An anti-spyware company suing MS for getting their act together would be the same as a spyware company suing MS.

Go to bed with the dogs...

..wake up with fleas. If you develop for, around, close to, in addition to, anything that micrsoft makes, and THEY aren't making the cash from it..good luck, you are sleeping with the dogs and taking a big chance, and I would include such offerings as FF for windows, a thoroughly misguided and ill advised effort, albeit some of them are well meaning. They are still naieve from the long haul view of things and will one day seriously regret what they are doing to make MS "better". All you are doing is giving MS breathing room as they further consolidate and corrupt things, and they WILL screw you over in the long run somehow.

In the security biz, there's always room

[Opportunist]

You can't simply compare the anti-malware market to others.

With browsers, you want to be compatible. You have a self perpetuating cycle where your browser wants to be compatible to the pages where the page creators want to be compatible with your browser. Thus the widest used browser is the most compatible, and thus "the best" if you want to be able to view everything "well".

The same applies to media players, MP3 players and everything else where all sides involved want to be as compatible as possible.

In the anti-malware biz, it's exactly the other way. You do NOT want to be "compatible" with the malware.

Take a look at antivirus soft and the corresponding trojans, viruses etc. There is almost no trojan today that does NOT try to disable Kaspersky, McAffee, NOD etc. Trying to tear down the WinXP firewall is a given.

I bet my computer against an old ice cone that the FIRST thing that happens as soon as the Windows "Anti-Malware" comes out is that every trojan that could be disabled by it comes with some Anti-Anti-MS-Malware functions, just like they do now with Anti-WinXP Firewall functions.

In other words, there will always be a market for "small" Anti-Malware businesses. For the simple reason that, as odd as it may sound, they will have a higher chance to succeed. Simply by being neglected by the trojan writers.

Re:Anti-spyware should not be considered a feature

[Tx]

Oh, come on. I hate it when people make me defend Microsoft, but the fact is a lot of spyware is installed manually by users, via a bundle with some other product, and there is no way Microsofts OS can differentiate between user-installed spyware and legitimate apps.

So yeah, Microsoft is at fault for the security holes that allow spyware to be automatically installed, but factor those out and there's still a need for anti-spyware for the computer-illiterate masses.

Webroot Spysweeper the best?

[reklusband]

I've been in the spyware removal (windows consulting) business basically since there was spyware to remove (restart computer into safe mode and clean out startups) and I've NEVER had a client who used spysweeper come back and tell me how great it was. Usually they'd say the program didn't do anything to prevent or remove their britney spears doggie porn popups/virus/adware melange. I'd install spybot S+D, spyware blaster, and have them run spybot weekly after I'd removed crap. The spybot/spyware blaster machines ALWAYS came back cleaner. Now I just make them get a copy of Symantec Antivirus 10.0.2 and after installing the innoculations from spybot and spyware blaster, setting the default actions for adware/trojans to delete, and making sure it updates everyday, I get machines from complete porn addicts who refuse to switch to firefox that only have 20 or so (very very minor) issues after 3-6 months as opposed to 20,000(literally) in one month. And for the record I normally HATE symantec products, but their pro (non norton) antivirus is the best I've used.

Re:Uh, wouldn't we WANT a new netscape?

[Bogtha]

No. The demise of Netscape led directly to Mozilla.org pissing about for over four years without a stable release while Internet Explorer simply soaked up all the marketshare.

We might have better browsers now, but imagine where we'd be if a) Netscape continued to be a organisation that actually shipped software and b) Microsoft actually had to compete against another browser. We might have a decent Internet Explorer, for one thing, as things stand, Internet Explorer really has retarded web development for years.

Second Netscape? There are too many to count.

[twitter]

The interesting issue here is whether this need for broadening the offer would be the case also for other leading companies subject to similar 'bundled-with' competition.

It's a good thing to quote that "bundled-with" because the term is misleading. No one cares if M$ or anyone else gives away a text editor. What matters is if they make it so no other text editor will work. The Netscape complaint was that M$ strong armed vendors to gain a desktop software monopoly and then abused that monopoly in all sorts of ways to make it a huge pain in the neck to run Netscape on the desktop so that they could steal Netscapes' server market. The tactics included constantly changing the user's defaults back to IE and a combined smear and code breakage like they did with DRDOS.

It's all very nasty and they keep doing it, over and over. They have done it with Office Software to Lotus and Word Perfect, they have done it with backup software, browsers and just about anything you can think of. The people who want to own the worlds computers want to own every piece of it. The developers ran off a long time ago except for a few large companies and even they are looking for a way out. The current fights are over media and, yes, antivirus.

The most obvious result of all of these fights is a decidedly second rate user experience. So many second rate programs have been kludged together, they hardly work. All the hooks and barbs M$ made for others, they have to deal with themselves. Add a bit of DRM and remove the last of the companies trying to patch up your system and you get Vista, the five year development flop. It's kind of like watching an oil filled megatanker fall into the moon.

Information about the DRDOS example can be found here:

http://web.archive.org/web/20050313031916/www.ki ckassgear.com/Articles/Microsoft.htm

Windoze performance information can be found anywhere Windoze is run. Just wait for them to curse.

I have a question

[Mistshadow2k4]

Considering that Alexa is installed with IE 6 by default and it was known spyware even when IE6 came out, why trust Microsoft's anti-spyware? I'm really not trying to just troll here, but if they bundled IE with links to a known spyware provider in the first place, one has to wonder if a certain amount of spyware isn't deliberately overlooked by their program for business reasons.

Re:There is no "in theory".

[Rix]

You are talking out of your ass. I am not a Windows user, but I would be capable of burying a trojan in your system such that you wouldn't likely find it by that method. Certainly not without spending *much* more time than reimaging, which is the standard practice after a box as been compromised in any professional enviroment, which you quite obviously are not familiar with.

Your method will work most of the time cleaning up after some peon such as yourself who's just fucked things up, but is is not a wise course of action against a determined, experienced intruder.

You clearly do not understand how package managers work. While you would be able to track the base files installed, you wouldn't be able to do so with files generated files (take a look through /var...), nor would you be able to do so with intentionally changed files. (ie, config files, which often point to binaries to be executed) By your method, you'd have to go through every config file by hand, because if you're not keeping backup images, you're probably not keeping logs of what you've changed.