Slashdot Mirror
Concerns Over Security Software
Arthbunot Bullwinkle writes to mention a BBC article exploring concerns about the future of security software. The piece looks at trends toward 'free' security products, such as ZoneAlarm, and wonders aloud about where those products will find themselves after Windows Vista is released. From the article: "'Now maybe the good ones will actually get rid of that attack but at the same time they may drop maybe 10 or 20 other attacks onto your system.' The bottom line, according to Mr Day, is that when you download free security software you cannot be certain what you get. But completely free security software may be a thing of the past when the new version of Windows hits the shops early next year. "
I'm pretty sad Windows Vista is apparently killing this off.
How is software that one pays for inherently safer?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Maybe chris had troubles fixing computers, as stated here but we would hope there would be LESS of a need for 3rd party security apps with Microsoft's next gen Windows release...
btw, what about Kate Russell below him, I wonder how she feels about pentration testing...
I sacrifice my karma in the name of cthulu!!
The biggest problem that I see with Vista is that everyone will be encouraged to use nearly identical software. It's why most viruses written get past Norton at least for a few days... everyone knows to test Norton and McAfee to be sure your virus works.
I've always gained a bit of security by using Mozilla rather than IE... by viewing my e-mail in plain text rather than HTML. By using Zone Alarm rather than a Norton or Microsoft product. When you have everone using one piece of security software, it's less secure because if you can infiltrate one, you can infiltrate all.
This is yet another good reason to avoid upgrading for now.
Personally, one of the major reason why I haven't taken RC1 into actual use beyond testing it a bit is lack of compatible 3rd party firewall.
Then again.. situation was pretty similar when Win2K came out - early on nothing was compatible. XP was easier because it is effectively a reskinned Win2K, and 99% of Win2K apps worked out of the box - even security products.
Vista is quite a bit more than a reskinned XP, as lots of stuff under the hood has been reworked, and again it's just like Win2K - nothing works intially, but I'm sure over time the problem is going to be fixed. In fact, it's surprising how good the situation is, considering official launch is still several months away.
Um, I hate to defend Microsot, but unlike Internet Explorer, which had no need to be integrated into the OS as much as Microsoft claimed it was, but basic network security features are exactly the kind of thing that should be built into the OS. I hope that antivirus programs eventually become obsolete (likewise with firewalls *anywhere* except perhaps in extremely sensitive environments, but that's probably a long way off).
Now, I'm not particularly confident that Microsoft will actually manage to render third-party security software obsolete, simply because the company just isn't all that good at software development, but I'm certainly not going to rebuke them for trying.
http://outcampaign.org/
It's ironic that somone from McAfee would dog free products that compete with them. The only AV products I've found on customer systems that were disabled by an infestation were Norton and McAfee products. People running free AV and firewall products are at least as safe as those running Norton or McAfee.
Is it just me or does this guy sound like he is talking out of his ass? There will always be those "fake" security solutions out there that offer themselves for free but are actually spyware/malware. However, there is a large community of people who keep track of these programs and I can tell you that if GriSoft or the makers of ZoneAlarm started dropping trojan horses or spyware on your computer that there would be an uproar and you would hear about it. Right now it is pretty sad for the security companies that charge for their solutions. Every virus/worm that comes out nowadays automatically defeates Norton Anti-Virus or is design to escape its notice. Therefore solutions like Grisoft's AVG Anti-Virus have a leg up sometimes in defeating these problems. In addition, none of the pay solutions do anything useful to prevent or get rid of spyware. While you can upgrade Ad-Aware or Spybot, both have free versions that work great!
I wonder how much Symantec paid these guys to write this article.
Is Bill Gates planning an invasion of Canada? I know his "Trusted Computing" initiative is designed to eliminate choices, but will that junk really work?
Friends don't help friends install M$ junk.
The bottom line, according to Mr Day, is that when you download free security software you cannot be certain what you get.
Mr Day is Greg Day of McAfee.
His intentions are for spreading FUD. There IS bogus spyware software and virus removal tools out there. Odd thing though is some are free and some you actually have to pay for. Having a cost does not make it legitimate at all and Mr Day is stating a criteria that unless you pay for it, chances are it may be a scam. Of course this also implies if you did pay for it, it is not a scam and that is far from the truth. Instead of breaking the FUD campaign into free and paid for, it should be split into "well known and trusted" and "not well known and trusted". Mr Day does not want it to be decided on well a known and trusted basis because to reach that status takes time and effort by a company, he wants everyone to just assume his companies software is the best solution and of course that HAS to come at a price.
Sorry vendors and computer users but these are not binary decisions and it takes some research either way. Free or not free.
Bad boys rape our young girls but Violet gives willingly.
It's not like Windows Live OneCare is getting great reviews by anyone who's doing a comparison based off what threats it stops and which ones it doesnt. Even Ziff-Microsoft publications rated it #7th out of 10 a month after its release.
StarTrekPhase2 - The Five Year Mission Continues!
"The bottom line, according to Mr Day, is that when you download free security software you cannot be certain what you get."
Can we not say the same for commercial software? How many people are still buying Norton Anti-virus despite it's somewhat public record because of it's brand name and price tag? What about firewall software? We've all seen plenty of reviews and comparisons showin firewall A to be better than firewall B and vice versa, but some of the best firewalls for Windows _are_ available for free (e.g. Sunbelt Kerio Personal Firewall [free version] or the rapidly developing Comodo Firewall).
Nothing guarantees that because a product has a price tag attached it is better than any other product.
How to find something reliable and trustworthy? The same way people have been doing it for years - identify knowledgable and reputable third-party reviewers, communities, and do a little research.
Wow, you believe what a random guy wrote on a random website? OK How about I try:
ZoneAlarm is NOT malware.
Haha! You're confused now!
And as for that webpage, if the author simply didn't make their button url have the word "advert" in it it probably wouldn't be blocked by ZoneAlarm, durr. Adblock knows better than to let "advert"s though as well.
Based on the fact that Vista will have been exploited seriously before it's even released. What M$ product hasn't been hit hard in the first week of release? I still have serious doubts about the ability of anyone in Redmond to spell security, much less do anything about it!
Professional Politicians are not the solution, they ARE the problem.
MS generally provides pretty basic versions of software for their included versions. As you noted, IE is an exception, but things like the firewall, defragmenter and so on are functional and fine, but really don't compete with the stuff you can buy.
The defragmenter is a great example. Windows 2000 and above have a built in one. It works on NTFS and FAT drives and does an ok job. How then do companies like Executive Software and Raxico survive making replacements for it? Simple: They make more feature rich versions. The included defrager does just fine when you run it, it'll clean up most of the fragmented files on the drive. However it has some major limitations. The biggest is it's not real aggressive. It just kinda cleans things up, it doesn't do any sort of placement optimization or try to prevent future fragmenting. Also it doesn't have any features to schedule itself, you need to run it manually. You can, of course, use other software to schedule it but it's a pain. It also isn't all that fast. It's clearly not very speed optimised.
Thus we have a market for other defragmenters. Perfect Disk (Raxico's program) will do a much better job defragmenting your disks. In fact, you can tell it how you want it to operate. It can just do a cleanup, kinda like the internal one does, it can spend more time and try to intelligently place files to improve performance and reduce future fragmentation, or it can get real aggressive and try to consolidate all your freespace to further reduce fragmentaiton. You can have it create multiple schedules on different intervals, it can defrage multiple disks in parallel, you can set it to only defrag on certain fragmentation thresholds, etc.
Basically, they made a better defrag program. Not everyone buys it, but then even when NT 4 had no built in defragmenter many peopel didn't buy one. However enough people do to keep them in business. As a die note if you play a game like WoW or Oblivion, go get Perfect Disk or Diskeeper. You didn't know your system was slow, they'll show you it was (by fixing the problem).
Same is true with firewalls. The firewall in Vista is better than the one in XP, but both are fairly basic. Good enough to keep most people happy and something at least for those that wouldn't but/download firewalls before. However don't kid yourself in to thinking they have the features of the 3rd party ones out there.
In most cases, you really can compete with MS's included versions of stuff because they aren't aiming to have the be-all, end-all version. They want to put something that's good enough for most people to do the basics. Defrag, notepad, the firewall, the calculator, paint, etc all have better versions available from 3rd party sources. Some are free, some are pay, some are a little better some are way better.
Either way just because MS puts something in their OS doesn't mean your market is going away. It just means you have to make something that's more than basic.
I don't care how secure they make their OS, short of a trusted computing model, they'll always be a need for virus/alware scanners. Why? Because most of these programs come in the front door, not the back one. What I mean is they piggy back with another program, or are run from e-mail, etc. They user gives them permission to run, in other words. So it doesn't matter how many levels of privilege escalation there is, or how well isolated components are. If the user gives that thing permission to run at a high privilege level, it can do as it pleases.
So what you have to have is a gatekeeper. You need a program that has a list of bad programs that will warn the user "this is known to be bad, don't run it. The OS can't (barring a trusted model) know if a program is good or bad. It has to take the user's word on if it should execute something, if that user has admin access. It can warn the user that the program wants elevated privileges, but many programs need that so that doesn't do any good.
You mean "free" as in speech, right? How much did the P3 box cost, and how much does its electricity cost over its lifetime? Many installations, especially in homes, would do a better job with a firewall/router/NAT appliance with a built-in 100BASE-TX switch and 802.11b/g access point.
Most security software that is downloaded comes with checksums you can and should check. That way you do know what you download is what you expect.
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
I've pretty much lost track of the number of people who think that AVG Free is faster and more effective than Norton's. -- and, of course we all know that OpenBSD can't hold a candle to Windows for security holes.
Even if you could successfully sue MS for $selling you broken software, if you're looking for security (rather than a scapegoat), you're still better off with the the better software than trying (with varying success) to point the finger at the owners of a more expensive (but less effective) product.
A pretty package doesn't indicate the quality of the product -- only the quality of the packaging -- and sometimes not even that.
OS Software is like love: The best way to make it grow is to give it away.