Concerns Over Security Software

Arthbunot Bullwinkle writes to mention a BBC article exploring concerns about the future of security software. The piece looks at trends toward 'free' security products, such as ZoneAlarm, and wonders aloud about where those products will find themselves after Windows Vista is released. From the article: "'Now maybe the good ones will actually get rid of that attack but at the same time they may drop maybe 10 or 20 other attacks onto your system.' The bottom line, according to Mr Day, is that when you download free security software you cannot be certain what you get. But completely free security software may be a thing of the past when the new version of Windows hits the shops early next year. "

Re:Paid software safer?

[Dissman]

It's not... they are talking about spyware laden programs to remove spyware. I think it's because most people are cautious on what they spend on.

Re:Paid software safer?

[j35ter]

Cause you can put the blame on the guy who sold you this stuff.
Managers usually dont like free software out of liability concerns...weird, the obviously never read the EULA!

Re:Paid software safer?

[Schraegstrichpunkt]

Managers usually dont like free software out of liability concerns...weird, the obviously never read the EULA!

Or maybe they've noticed that EULAs aren't necessarily worth the paper they're written on. Has any EULA's "no liability" clause actually been tested in court?

I suspect that it would be a lot easier to convince a judge that you're entitled to damages when you paid $2M for software from some vendor than if you had paid nothing.

Of course, this all is assuming that when you said "free software", you meant free as in "free of charge". If you meant free as in freedom (e.g. a manager won't buy RHEL because there's "nobody to blame"), then I agree that it makes no sense.

Well the other thing is

[Sycraft-fu]

MS generally provides pretty basic versions of software for their included versions. As you noted, IE is an exception, but things like the firewall, defragmenter and so on are functional and fine, but really don't compete with the stuff you can buy.

The defragmenter is a great example. Windows 2000 and above have a built in one. It works on NTFS and FAT drives and does an ok job. How then do companies like Executive Software and Raxico survive making replacements for it? Simple: They make more feature rich versions. The included defrager does just fine when you run it, it'll clean up most of the fragmented files on the drive. However it has some major limitations. The biggest is it's not real aggressive. It just kinda cleans things up, it doesn't do any sort of placement optimization or try to prevent future fragmenting. Also it doesn't have any features to schedule itself, you need to run it manually. You can, of course, use other software to schedule it but it's a pain. It also isn't all that fast. It's clearly not very speed optimised.

Thus we have a market for other defragmenters. Perfect Disk (Raxico's program) will do a much better job defragmenting your disks. In fact, you can tell it how you want it to operate. It can just do a cleanup, kinda like the internal one does, it can spend more time and try to intelligently place files to improve performance and reduce future fragmentation, or it can get real aggressive and try to consolidate all your freespace to further reduce fragmentaiton. You can have it create multiple schedules on different intervals, it can defrage multiple disks in parallel, you can set it to only defrag on certain fragmentation thresholds, etc.

Basically, they made a better defrag program. Not everyone buys it, but then even when NT 4 had no built in defragmenter many peopel didn't buy one. However enough people do to keep them in business. As a die note if you play a game like WoW or Oblivion, go get Perfect Disk or Diskeeper. You didn't know your system was slow, they'll show you it was (by fixing the problem).

Same is true with firewalls. The firewall in Vista is better than the one in XP, but both are fairly basic. Good enough to keep most people happy and something at least for those that wouldn't but/download firewalls before. However don't kid yourself in to thinking they have the features of the 3rd party ones out there.

In most cases, you really can compete with MS's included versions of stuff because they aren't aiming to have the be-all, end-all version. They want to put something that's good enough for most people to do the basics. Defrag, notepad, the firewall, the calculator, paint, etc all have better versions available from 3rd party sources. Some are free, some are pay, some are a little better some are way better.

Either way just because MS puts something in their OS doesn't mean your market is going away. It just means you have to make something that's more than basic.

I don't care how secure they make their OS, short of a trusted computing model, they'll always be a need for virus/alware scanners. Why? Because most of these programs come in the front door, not the back one. What I mean is they piggy back with another program, or are run from e-mail, etc. They user gives them permission to run, in other words. So it doesn't matter how many levels of privilege escalation there is, or how well isolated components are. If the user gives that thing permission to run at a high privilege level, it can do as it pleases.

So what you have to have is a gatekeeper. You need a program that has a list of bad programs that will warn the user "this is known to be bad, don't run it. The OS can't (barring a trusted model) know if a program is good or bad. It has to take the user's word on if it should execute something, if that user has admin access. It can warn the user that the program wants elevated privileges, but many programs need that so that doesn't do any good.