Slashdot Mirror
Security Companies Tussle With MS Security Center
hey0you0guy writes, "The large security firms such as Symantec and McAfee want Microsoft to allow them to replace Microsoft's Windows Security Center. Microsoft is refusing these requests. 'By imposing the Windows Security Center on all Windows users, Microsoft is defining a template through which everybody looks at security,' Bruce McCorkendale, a chief engineer at Symantec, said in an interview. 'How do we trust that Microsoft knows what all the important things about security are to warn users about?' Given Microsoft's past, with vast piles of security flaws and patches, they should at least cooperate with these companies. A dispute still exists over PatchGuard, a security feature that Microsoft says is designed to guard core parts of the 64-bit version of Vista, but which critics say locks out helpful software from security rivals."
Vista is dead before it even arrives. What would I possibly want it for that I don't already have?
Athiesm is a religion like not collecting stamps is a hobby.
It's not as though Symantec and McAfee have spotless records on security and especially not fucking up your Windows installation. The more stuff that's in a sandbox the better.
Hail Eris, full of mischief...
E pluribus sanguinem
It is possible to run third-party security consoles in Vista, said Stephen Toulouse, a security program manager at Microsoft. However, people have to manually disable the Windows Security Center if they don't want to use it. And the software giant has no plans to give other companies the ability to turn off the Windows Security Center, Toulouse noted.
... because most users will assume that they don't need the 3rd party software. McAfee and Norton will just have to work extra hard at flooding the media with examples of why their 3rd party software is superior to Microsoft's crap.
What's the harm in running both at the same time? From a technical perspective, I don't see one. From a money-making stand-point, of course, I see one
Remember the whole bundling IE with Windows fiasco? Off the top of my head, I remember something about their media player in Europe too.
I think their strategy is "do what we want until we get told off." Even then they could just pay a hefty fine and it still wouldn't hurt them one bit.
By imposing the Windows Security Center on all Windows users, Microsoft is defining a template through which everybody looks at security
By imposing the Windows UI on all Windows users, Microsoft is defining a template through which everybody looks at UI.
By imposing the Win32 API on all Windows developers, Microsoft is defining a template through which everybody looks at development.
If you sell software to help manage Windows, Microsoft will define your business plan. Those are the consequences of dancing with the devil. Not that they should be happy with it, but you can't expect any less from Microsoft.
Developers: We can use your help.
It is possible to run third-party security consoles in Vista, said Stephen Toulouse, a security program manager at Microsoft. However, people have to manually disable the Windows Security Center if they don't want to use it.
I tried disabling the Security Centre in Vista Beta 2; it kept popping up messages in the system tray warning me that I'd disabled the security centre and should re-enable it immediately. Try as I might I couldn't find a way to turn that off.
But we really shouldn't be surprised by this approach, should we?
There is a lot more in the way of precedence and case law nowadays for software companies to cry foul for being cut out of their market by the 800lb gorilla. There'll be lawyers all over the place on this one.
I wonder how much of the growth of the legal profession could be blamed on these large software behemoths and tech companies?
This sig contains a manual self-destruct. Kindly please put your foot through your monitor in 8 seconds.
It seems to me that for vista the practice is simply "secure via reduced functionality".
Whenever something may be insecure they eliminate it as a feature. This has the advantage of reducing development costs. Basically it is an extension of the philosophy that a computer can be a little more secure if it's buried 10 miles underground encased in 5 miles of hardened carbon nanotube metamaterial. Of course, nobody can use such a computer. But in MS' case, who cares they already paid.
From what I have seen from them thus far, I doubt I'll be buying.
And that's why MS will never allow other companies to replace it. It seems to say "this makes the user more secure" but it actually says "this makes US more secure". Notice how that is the vector that allowed Microsoft Genuine Advantage onto all the XP machines. Which is also doublespeak - there is no advantage to the user, only to MS.
If these guys think MS will simply hand over the keys to that much control, they're nuts.
Weaselmancer
rediculous.
that M$ gets bashed for consiladting major system services into its operating system, much in the fashion of Apple. Granted, M$ has a bit shadier history with their applications and capability to ensure a secure OS, but such an approach worked pretty well for apple (from a technical viewpoint), but M$ gets accused of monopolistic policies when they attempt the same thing.
How is this different from 'bundling' Internet Explorer with Windows to lock-out other web browsers? M$ IMPOSES their security model in an area they are traditionally weak in, removing key players in the business.
Get your Kicks on Route 66
Last time I looked Norton used more resources and was harder to uninstall than most virii.
We all know what to do, but we don't know how to get re-elected once we have done it
Microsoft's whole approach to security is backwards. And so is the approach of Symantec and Macafee and the rest... not to mention the EC and everyone who thinks antitrust is even applicable to this whole commotion.
They think they can add security on, like a product. You can't. You have to design it in. If you had a building with no locks on the doors you wouldn't keep casual visitors out by adding guards before you'd even tried adding locks, even if carrying cards or keys was "inconvenient". So why does Microsoft think they can add security to Internet Explorer that way?
The whole basis of Microsoft's approach to the Internet is fundamentally wrong. They can't fix it by adding products. They can only fix it by ripping out most of the desktop-browser integration they fought the DoJ to a standstill over in the Clinton and first Bush administrations, and making the browser responsible for never allowing an untrusted object out of the sandbox, no matter what. Even if sandboxes are "slow" and installing plugins are "inconvenient".
Same with Windows networking, CIFS, CIFS-authentication for HTTP, and everything else they've done to lower the barriers between local and remote resources. Those barriers, those locked doors, are there for a reason.
Windows is the most secure OS on the planet
I'm not exactly sure how this can be considered an anti-trust issue. These 'security' companies have created products and business models around Microsoft's flawed and insecure product. If Microsoft chooses to fix what they can, and beef up the security of their own product, whether it puts other companies out of business or not, do they not have the right to do this? How is it Microsoft's fault if by fixing their product, it renders another company's business model obsolete?
I mean, why don't these 'security' companies just ask Microsoft to conitnue to ship a flawed and insecure product, just so they can have a market to develop software to fix it? It sounds pretty absurd when worded like that, but that's essentially what's going on here...
"In other news, Ford Motor Company has made a deal with Napa Auto Parts to begin shipping all new model vehicles from the factory with head gaskets designed to last only 6 weeks or 1,500 miles. Napa will however provide an upgrade gasket that can be installed at the dealership that will last for 1 year regardless of miles. At which point, you can renew your gasket subscription online, in which case it will be good for 1 more year."
The second issue, and the bigger issue is that Microsoft seems be denying companies access to the low level hooks that they need to properly integrate their applications with the operating system. I kind of understand where MS is coming from. After all if they allow Symantec access to the system call table and the various other, kernel level hooks, then they might as well allow everyone access. On the other hand, those who want access to the lower level functions of the OS are going to hack them anyway. It's a Catch-22. Personally, I'd rather that EVERYONE have access to the low level functions. That way the market can sort out who will do the best job of securing it.
Simple...They programed the OS....I don't know about you but if I created something you'd think I would know a thing or two about it's insides.
The greatest revenge in life is massive success.
...thought for a minute about the fact that if third party vendors can programmatically disable the security console, so can virus and rootkit writers? Allowing this to be disabled only manually makes perfect sense for security.
>What's the harm in running both at the same time? From a technical perspective, I don't see one.
From a UI perspective, it's like the old joke about the man who buys a second clock and is never sure what time it is afterward. If they agree, the user gets the uncertainty of trying to figure out which one to use. When they disagree it will be worse.
So, McAffee/Symantec..
Has actual PC security actually interested you in the past, say, decade? I was of the impression that you just paid some second rate programmer in bangalore a load of bananas to churn out any old crap that had the following requirements:
1. we must be able to sell it in regular, deluxe, gold, platinum, internet, special edition, international, lite, and fat free versions. after all, this allows the user to pay for the exact level of security they need. consumer choice, right! some people only want to pay a little and thus be protected only against some vague subset of last year's threats, while others want to pay more and thus be protected a bit more against some vague subset of last year's threats.
2. as in #1, the software must be sold in yearly versions. this allows users to respond to the cutting edge threats of 2003 by buying the 2005 version, still on sale in CompUSA (probably).
3. we must really focus our efforts on getting this shiat pre-loaded on as many chain store PCs as posslbe. WARNING YOUR COMPUTER IS AT RISK! DO YOU WANT TO PAY $99.99 PER YEAR NOW TO UPGRADE? Your choices are [ Yes ] and [ Ask me again in 5 minutes with a big ass system modal dialog box ]
4. The software must be impossible to uninstall, for Sound Business Reasons (tm). Well, we should include an uninstall routine, but ensure that it does not work if the software is modified in any way.
Remember that MS has faced years of harsh criticism over the insecurity of their products. They view WSC as a major step forward in combating future criticisms. By allowing someone else to replace WSC, they open themselves up to inferior products disabling it and making Windows in fact less secure, and once again making MS look bad.
I suggest a compromise: create a method of adding widget-like components to WSC, so that Symantec and others can interface with it seamlessly and add information without Microsoft having to sacrifice their (probably false) sense of security from having it there in the first place.
120 characters for a sig? That's bloody useless.
I wouldn't trust either side in this argument -- Micrsoft has long proven itself incapable of understanding comptuer security (at least compared to any other OS competitors), and the anti-virus guys have a business model that relies on Fear of Viruses.
Neither is in a position to earn any trust from anyone.
My bet is that the first time that a major US gov network of PC's gets crippled by a "MS Security Center" vuln, there's going to appear an quick and easy way to kill the MS Security Center, or MS will be told to pack their shit and hit the road.
~
If third-party software could automatically disable Microsoft's Security Center, couldn't malicious software do the same?
From a busines perspective, this may be the same as bundling IE, but from a security perspective this is the exact opposite: removing security holes rather than adding them (in the name of "functionality").
Yes, Microsoft is likely being monopolistic, but I think I'd rather worry about all the Windows zombies populating the web rather than the profit margin of particular security software companies, especially when said companies rely on the inherent insecurity of Windows installations for their income.
if the host system has implemented its own version a security center, like vista, and has essentially blocked what truely is a 3rd party app to help windows do what it was meant to do in the first place, thats fine. i would rather something build into the kernel of the o/s than a 3rd party app that breaks windows when you uninstall it, and when it is installed, it slows your pc down to a grinding hault.
... and im a mac user, and a IT engineer that works with microsoft products all day.
ultimately its windows' product, their space, and it is not their fault another company has based their entire product range on a previous microsoft product with security flaws.
maybe their time has ran out. i doubt it, but i like to know that the people making vista are attempting to fix mistakes from their previous range of products. if this ultimately leads to a more stable, secure product, i dont see a problem.
linux and mac users do not need antivirus, and do not need a 3rd party app to slow down their pc. one of the reasons of this is because on linux and mac you need to enter a administrative password to do anything that is going to affect the operating system. if im not mistaken, vista has also implemented this. if this is the case, what is the need for symantec products
we've had anti virus on windows for so long we've gotten used to the fact that we need it, when truely we shouldnt.
i welcome this.
So . . . you can disable it and install anything you want to "protect" your PC, but they're not giving out the ability for a 3rd party app to integrate with their security system, or to disable their security system at the point of installation of the third party security product. Ok . . . where's the problem? You can do it yourself if you want to use something other than their integrated product. I would assume this would involve you inputting your highly unique administrator password in order to do this. I mean. . . windows users do have highly unique user names and passwords for the admin accounts, right? This is safer, right? RIGHT???!!!
If you open up part of the system so that rival security firms can access them, then potentially anyone could access them. Security mandates that there are some things that only the OS can access. So much as I despise M$, I have to agree with them here.
Not allowing 3rd party products to touch core OS files without significant hassle is a good thing. Am I wrong?
First they came for the office software companies. But I said nothing because I wasn't an office software company.
Then they came for the internet browsing companies. But I said nothing because I wasn't an internet browsing company.
Then they came for the media playing companies. But I said nothing because I wasn't a media playing company.
Then they came for the security software companies. But I said nothing because I wasn't a security software company.
Then they came for me, and there was no one left to speak out for me.
I suppose some day the sofware companies that do bussiness with Microsoft and so help it consolidate its grip on the desktops of this world will take note and start thinking about alternative platforms.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
I dont think MS need to let these guys have access. They(Symantec and McAfee) have had free reign for years.
If the companys really need access to such componets, then they should pay a fee of $1000 ish per installation of there product, as both cause emotional stress, not to mention slowing ones PC to 1/4 the speed it was before the software was installed.
MS should also put a notice on there software, "if any third party security software is install, all complation are to be sent to and resolved by that third party,.....etc."
Get a Mac.
Thank you.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
They WERE a "Monopoly", a quite a few years ago (in IT terms). Things have changed a lot since then.
Even the DOD has stopped chasing them.
(no, really)
As a former McAfee home user, I was rather surprised to see MS' "security center" replaced with McAfee's when I made the mistake of updating their AV software just over a year ago. What McAfee put in place instead was little more than an annoying attempt to sell me McAfee products that I didn't need (such as a software firewall; in addition to a hardware router controlling access in I also had a software firewall from another vendor in place to stop unwanted access out).
I rejected McAfee for home use because of this, and tried to make it is clear as I could to the company why (although I doubt that that got past the poor bloody infantry on the helpdesk). Like many people here I'm sure, I get landed with fixing people's Windows PCs. Recommendations count, and McAfee's home software certainly haven't had any from me over the last year.
Don't replace, disable! Simply disable the Security Centre service, install your own and you're done. Infact this is exactly what we have done at work, the idea of a security centre is great however we wanted to add our own applications to the security centre. Sadly there is no way to do this with the default security centre in Windows XP SP2. So rather than try and extend it we simply disabled it and replaced it. Doing the job of the security centre is pretty simple as it is documented what applications have to do to be "seen" by the security centre so we just did the opposite to monitor them (Symantec is very difficult about this because it has anti-monitoring tech built in). I don't see why this is a big problem for Symantec. AFAIK there is no reason they cannot disable the security centre service when they install their application.
Any OS that provides an enriched user experience is going to define how things are done. Even OSes that are real minimalist at heart like Linux still end up doing so just via convention.
Ultimately it kinda has to go that way because that's what users want. They don't want every single thing about their computer experience to be totally different. They want consistency and that's why vendors like MS and Apple offer it. Even some Linux vendors do the same thing, and some apps demand it. Oracle doesn't like just any Linux, it wants an enterprise Linux like RHEL. You can, if you know how, hack it to work on something else but Oracle provides you with NO support, it must be on an EL. Why? Well because they want a guarantee of consistency in the OS. They want to know that things will be a certain way.
I don't see what the problem with the Windows security centre is. You needn't use it, all it really does is keep an eye on various kinds of apps and notify the user about the, (unless the user tells it to shut up).
5. Takes up 90% of system resources to give the impression that it's actually doing something useful.
I mean, I know Microsoft has a monopoly through Windows, but do these companies really not expect Microsoft to use that against them? These software vendors, between them, do have the power to move people away from Windows and on to a system where they all have a much more level playing field.
Errrrr. I have news for you Mr. Chief Engineer *snigger*. Windows is a closed source operating system designed to make money for Microsoft. They control the software you run your software on, so they have the high ground. Be grateful that you have had a company and a nice salary off the back of that for all these years. Windows is not designed to keep you in business.
Errrr. I have news for you imbeciles. Wait until that is protected by a Trusted Computing system in the hardware and it is difficult, bordering on impossible, to bypass and you are legally prevented from doing so even if you could. See. The whole Trusted Computing thing is most certainly not just about DRM in films and music, and it looks like a fairly big deal for Microsoft.
I mean, I think Windows is a monopoly and Microsoft should be subject to restrictions like all monopolies have been. However, there's a part of me that is glad that idiotic companies like Symantec, other security companies and companies like Adobe will probably go out of business. Many of them go into denial and like to pretend that they don't compete with Microsoft in order to support only Windows (making more money for Microsoft), but it is obvious that they do. When the brown stuff hits the fan they then whinge about it, rather than having put some thought and effort into ensuring their own survival. Digging your own grave must be a fun business endeavour.
You know, Microsoft will argue that all these companies had it within their power, collectively, to go off and bolster the popularity of the Mac, or make Linux a first-rate desktop OS that they could sell their wares on if they weren't happy. And you know what, however much I don't want to really say it? They'll be right.
AV Companies: Learn to CODE!
This guy probably knows more about Windows' guts that anyone outside Microsoft.
Don't take that shield away from me. When it pops up it gives me that warm feeling of security. I know I'm safe with all of those Microserfs toiling to protect my little computer. I'm not alone. I belong!!
The security centre performs four functions: It monitors updates, firewall, virus scanner, and anti-spyware (in Vista) software. Of those only the updates can't be replaced (in theory it probably could) and it doesn't ship at all with a virus scanner. So when you install it, it whines about not having a virus scanner. If you choose to install 3rd party utilities security centre is perfectly happy with them. I run AVG and Windows is quite happy with that. It notes AVG is installed, and notes it's up to date. Same with Kerio, which I also use. It disables the Windows firewall and Windows is content with it, and whines if I turn it off.
So I fail to see what the deal is here.
Lesson One.
Vista will be defined by what it offers users in business. Vista will be defined by what it offers users in the home.
The Geek gets the crumbs that fall off the table.
Lesson Two.
The OEM system install is the gold standard in many markets where Microsoft is dominant. The home user doesn't simply buy into the new OS. He buys into the next generation of consumer grade hardware at OEM prices.
Why don't McAfee and Symantec just fork Windows then? Then they can put whatever they want in there for security, and the people will decide if their distro is... wait a minute... never mind.
Many People in Business get used to their system working one way. Every single one of my clients in the legal field has at one time or another paid me to replace XP on their system with either 2k or 98.
As one of them recently put it after buying his new computer, "I thought I'd give XP a try since it came installed, but it's all sizzle and no steak. How much will you charge to put 2000 back on it?"
Say bad words about my book, in cold oatmeal, or I shall sue!
Bullshit. They just want to be able to sell a product, and they are mighty pissed off that MS are now bundling software that makes the products unnecesary.
I still remember that their virus scanner used to catch back orifice as a trojan but completely ignore PC anywhere. Both products did pretty much the same thing except one was more extensible than the other. And one was written by the same people as the Virus scanner.
These companies are just whining because Microsoft is now doing to them what it has to Netscape and loads of others since.
I dont read
I know this isn't the crowd to say this to, but Vista really will be a lot more secure than past versions of Windows. In fact, the mere addition of Protected Mode IE will prevent the VAST majority of Malware from ever getting a shot at most users PCs. (Since IE is the primary attack vector for virtually all of the bad guys, whether that's directly through the browser or via IE components being used in e-mail clients or other applications.)
McAfee and Symantec are very scared about this. They know that the more secure Windows gets the less people are going to want their very, very crappy products.
First they cry foul about Microsoft preventing kernel patching (yet somehow ignore the fact that Windows One Care works just fine without kernel patching by using documented APIs), and now they complain about what amounts to them not being able to plaster their brand and cross sell their other crappy products via the security center.
There is a *LOT* to be said for consistency in UI design. If users always know that you go to the Security Center to make sure your computer is secure, they're at least somewhat more likely to do it.
So they have an OS which frequently has security problems. They get a lot of flak for this. Then they attempt to mediate it by adding in security services. Then they get slammed for unfairly competing with Windows security software vendors.
You can't have it both ways. If Microsoft makes their OS secure and bundles anti-virus/anti-spyware you may put companies that make their livings off of Windows insecure nature.
Wheee.
Sometimes my arms bend back.
The solution is easy. Symantec and McCafee should plug into the security center. If 3rd party vendors are allowed to replace core parts of the user interface, how are any un-knowledgable users going to find their way arround a system? Let alone the poor tech support guy who has to take their calls.
Not the usual MS bashing, more my usual posting on that topic. MS cannot, by definition, implement security, for the simple reason that their security software will be on every computer. That, in turn, means that, if you want to get spyware on a given computer, you HAVE to circumvent that security system. So this system will be broken by default by every given trojan out there. They might not go to the lengths of trying to defeat McAfee, they might not try to defeat Kaspersky, but they WILL for sure go to any lengths to defeat the MS Antivirus suit.
Fighting security software costs resources. So you only do it if you have to. Many trojans today defend against the most predominant AV software, like the forementioned. Simply because they are widespread and thus do present a threat to the ability of a given malware to spread. How much more effort will be put into defeating a security suit that is invariably on ALL computers you plan to infect?
For reference, take a look at the MS "firewall". Granted, the implementation is shoddy as can be, so defeating it is by no means any kind of feat, but still it HAS to be done. It is on every computer out there, on those computers suffering from clueless owners (i.e. your primary target as a malware writer) it is most likely the only kind of intrusion detection software. Defeating it is the golden key to the computer.
It will be the same for MS AV. So there is NO security to be expected from an MS AV suite. Not because MS cannot do it. Because malware writers will put any effort necessary behind defeating it. Because it has to be done to infect a computer.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If MS would allow this, you can just as well do a replace of "Symantec and McAffee" with "malware developers" to see the problem.
Beware: In C++, your friends can see your privates!
Correct me if I'm wrong, but the premise of their argument seems based on the same shaky logical fallacy of the record companies. "This is the way it has always been, so this is the way it must always be." Is there even a name for this type of fallacy, or did I just dream it up?
To be honest, I don't mind if these guys are slapped around some by some competition. I have a machine, 2Ghz, 2GB of RAM, about 80GB of data on a 160GB SATA drive, probably 40GB is MP3 data, Symantec takes like a whole day to scan it... Literally, it's like 12 to 16 hours for a full-scan. Now, it's not a super computer but that seems a bit long to me and if that is how long it really takes, then maybe throwing some integrity management type stuff at it like tripwire to speed things up might be in order so you can do at least a weekly scan with out dogging the machine down, maybe only scan files that have changed or something like that. I have no problem forking over the cash but despite the fact that they change the version number every year, the tools seem like the just keep getting worse. And by worse I mean more annoying and slower.
This will continue until MS realizes that they are doing too much and tries to scale it back some or splits the company up. The only company I know that has hung with them is Intuit. That's their MO.
McAfee, Symantec, et al are doing great work in some regards it seems like they've got kind of complacent though with their products and suites. I'm somewhat surprised that they aren't selling tools and technologies to other developers. The whole virus scanner and firewall kind of thing is nice but it's so Windows 2000 era. No HIDS, no rootkit detector, no vulerabilty assessment tools (since you're running local, you totally have a leg up on the remote scanners) They are selling these "integrated security suites" that really don't do that much.
This might be it and better yet THE WHOLE LIST! (This pretty much encapsulates modern politics, copyright law, the RIAA, MPAA, Microsoft, John Kerry, George Bush, Al Gore, Newsweek, The New York Times, NY Post, and on and on)
Knowing them kind of gives you an edge.
Old news. Old argument. If Microsoft (oh sorry, "M$" - get it? It's a dollar sign! Derp!) does not ship with a firewall and anti-virus, you complain. If they do, you complain. What is the point in even talking about it on Slashdot? Why the hell am I even writing this.
Fact - most home users don't have AV software. Now they will. Horray!
I think given the possibilities I have to side with MS on this one.
"Microsoft Caves In; Allows Third Party Security Centers"
A month later: "Hackers spoof fake Security Center tricking millions of users"
Again I'm off topic though I'd just like to thank kdawson for quality posts today. Good work. :)
I ate your fish.
It's a good thing for you they didn't take the time to figure out how to make XP act like 2k.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Report on our Grand Plan on eradicating terrorism and child porn accross the world:
-I-I-I-I-I-I-I-I-I-I-I-I-I-I-
Terrorism
-I-I-I-I-I-I-I-I-I-I-I-I-I-I-
*Threat:
The security measures are widely announced and campaigned, terrorists educate themselves and go around the new measures.
*Collateral:
People being frisked, called on "random checks", arrests, disruption of business, spread of fear, rapid increase in intolerance towards muslim religion, rapid increase in muslim radicalists towards western cultures.
-I-I-I-I-I-I-I-I-I-I-I-I-I-I-
Child Porn
-I-I-I-I-I-I-I-I-I-I-I-I-I-I-
*Threat:
Child porn sharers have long since moved to encrypted channels, they are nowhere to be found on public internet.
Data retention can't decrypt strongly encrypted information and can't differentiate which encrypted data contains child porn or just bank data or whatever.
*Collateral:
All those people who think they're safe since they did nothing have their data in the government. Corrupt people in appropriate position accessing private information and issuing arrests based on indirect evidence.
Microsoft may well have built their Edsel.
The Edsel was the best american large car. It had every possible accessory and option, had more chrome and bling than you could shake a stick at. It had every advanced feature they could build into it.
Just like Vista, nothing need be or could be added.
The design had many innovations and convenience features such as:
* The engine designers put the dipstick an oil filler at the front of the engine so it was easy to reach.
* The body designers made the hood hinged at the front for safety.
Now reach the dipstick.
It was big, expensive, required a big engine which used lots of gas, was overhyped, overdecorated, overpriced and no one wanted it (or very few).
The main problem was that while the Edsel was big and gobbled resources, most had decided that what they wanted was compacts and small foreign imports.
Vista = Edsel.
Mac = compact
Linux = foreign imports
And then there is the new Nintendo with Opera for internet access, gMail for mail, and online office why would anyone need a full PC when it could be done online from anywhere there happens to be access to the internet.
Business is going to be frustrated with the new offering, as
...there are likely more internal MS deserters yet to come
it isn't a carryover from previous Windoze versions. It
has the big screaming learning curve, a plothora of new
annoyances, and likely cannot merge into existing networks
out of the box. Just great.
Symantec and McAfee have a point. They are the founders of
the A/V industry, let them take care of the nasty virii.
Instead MS is pushing their weight around in hopes that it
will make them shine somehow later on.
The I.T. support guys-n-gals around the world are going to lose
their minds, and the users (and upper management) are going to cry foul
that they can't figure it out, and can't screw with it.
I'm an I.T. guy with 450 Win2K users. I don't relish this next version.
Our systems integration with business systems such as Oracle
Financials and other fudged packages are going to get
messy; if not down right impossible to migrate.
Microsoft proves time and time again that they DABBLE in
everything, but MASTER NOTHING. Buying up small companies
and stuffing the new products into Redmonds portfolio doesn't
mean that MS can carry it forward.
Not to meantion that Vista will be the last Windows OS produced
by Redmond. Vista is going lack lustre for the billions of daily
windows users when the product discs do ship. Early integration
tests in Networking environments aren't very pleasing so far.
I don't want more ignorant Windoze wizards.
Windows products since the inception demonstrates that MS
hasn't stablized or improved the product(since Winnt 3.5.1).
It is the same old stuff... Crashing OS, and ever increasing scads
of semi-useless wizards. Wait!, credit for the new dumptruck load
of familiar Eye-Candy(hey, dejavu) added into each new release to give
the feeling of "freshness".
Sad that the PR department in Redmond have only the visuals
to brag about. And that isn't very impressive. KDE, GNOME,
and OSX shine together in this spotlight already.
If you think that your parents will get turned off of PC's
running Linux, but just wait till Vista hits the shelves
preloaded onto their new system.
PC's will exist a few years from now only because of Google
and Linux. Ubutu, Apple, BSD, Novell (SUSE) are going to end up
wiping the P.C. floor in the near future. Just watch.
before the end of the year.
Many People in Business get used to their system working one way. Every single one of my clients in the legal field has at one time or another paid me to replace XP on their system with either 2k or 98. As one of them recently put it after buying his new computer, "I thought I'd give XP a try since it came installed, but it's all sizzle and no steak. How much will you charge to put 2000 back on it?"
"Many" is a bit of an overstatement. You are describing niche users. These niches existed during previous upgrade cycles and they amounted to noise. XP succeeded despite some people reverting to 2K, 2K succeeded despite some people reverting to NT4 or 9x, etc. These people are offset by those who want the latest, "ooh, shiny", and are absolutely dwarfed by those who stick with whatever the machine left the factory with.
A dispute still exists over PatchGuard, a security feature that Microsoft says is designed to guard core parts of the 64-bit version of Vista, but which critics say locks out helpful software from security rivals."
Umm...so fucking what? You are purchasing a license that gives you the right to use the software as presented. If they want to lock you out of the core to protect THEIR software - that should be their right. Why should they let you allow other software modify THEIR software? After all, how do THEY know that this other software wouldn't make things worse?
Symantec and McAfee are not fighting for the right to sell a security product. They are fighting for the right to sell a subscription to their security services. The fact that both companies' flagship products are bloated crap -- even worse than Windows itself -- should give you some idea of what you'd be subscribing to.
.DLLs loaded that neither program detects or removes. I can't believe that they can't detect this stuff... instead, they won't because they want to sell you additional products and subscriptions, and more bloated crap.
Doing home PC repairs, more than half of my income is from malware... and that doesn't include the problems caused by Norton Internet Security itself, which accounts for about 5% of my initial calls. ("I can't get my mail, and I can't logon to my bank, and [Dell | Verizon | Comcast] says I have spyware!")
When that program, or McAfee's suite, haven't killed the PC yet, I often find well-hidden malware
Microsoft stayed out of the antivirus market all these years because they didn't want to be responsible for failing to prevent virus attacks. Now that they're ready to step up to the plate, let them... then we can sue them when the next Blaster worm or "I Love YOU" virus hits.
Can anybody explain what is the Security Center to an Ubuntu user?.
I don't think the issue is with making Windows more secure. It's giving Microsoft's own security software suite a preferred position. From an antitrust pov, Microsoft is free to eliminate the need for security software. It just needs to give the 3rd party vendors access to the same rights, interfaces, etc.
... obviously not.
i ndowsvistaRC1AV.mspx - i don't see MS forcing any MS security product on me.
The security vendors can already plug into it, as i sit here my security center says i don't have AV installed.
When i click find options it takes me here http://www.microsoft.com/athome/security/update/w
In fact when I have CA etrust AV installed the MS ecurity center tells me when the etrust is out of date (encouraging me to re-subscribe) it also alerts me when a virus is found because etrust tells security center that there is an issue.
This is a case of pure FUD, 1) security center doesn't protect you, 2) the vendors can plug into it - expect to see more on the war of FUD from symantec
They may provide users with a single area to associate with security, but they also provide malware authors with a single target for their malware to sieze control of and disable and/or modify...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Boo fucking hoo. It sounds to me like you're in over your head. Perhaps a career change is in order?
Are you sure that, if Vista is released as Microsoft wishes it to be released, the need for 3rd party anti-virus and security tools will vanish? Are you absolutely sure that Vista will be so much safer than all previous versions of windows that the anti-virus software will be reduced to a funny anectode in computing history?
There is absolutely no proof that Vista users will not suffer from virus problems or even that MS's own anti-virus will be the absolute best in the business. Nonetheless, Microsoft is trying to prevent all anti-virus vendors from being able to install anti-virus software on Vista by not only tying Microsoft's products into the OS but also not releasing any information about Vista's interfaces and reserving them to their in-house products. So, where exactly is that a good thing? What exactly is good about offering an unproven product as the only possible solution, barring every alternative from being able to be installd and locking out every 3rd party tool produced by the competition? Is it in the user's best interests to influence the security tool's offering not on the quality and efectiveness field (i.e., competing on a levelled playing field) but by restraining the security tool's ability to install and run on the platform (i.e., preventing the rival team from entering the court)?
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
I followed your link and it specifically states Vista Enterprise. It says nothing at all of any other versions so I wonder, will it be sandboxed in its home edition?
+Raider of the lost BBS
I'm pretty sure that's a documentation error. I've been following IE7 development, and this is the first I've read or heard that protected mode is only available for Vista Enterprise. Where it says "Available only to users running Internet Explorer 7 in Windows Vista Enterprise", the "Enterprise" part shouldn't be there (both in the intro and the sidebar text). It should say "only available in Vista" (make it clear that IE7 doesn't use protected mode in XP), period; the different versions of Vista all use protected mode.
;-) (Likely the documentor didn't have a clue what he was talking about.)
If anyone knows different, feel free to correct me, but as I've said, I've followed IE7 for a long time and I think I know of what I speak.
-- "I never gave these stories much credence." - HAL 9000
Maybe Symantec can use one of the *many* security holes in MS Security Center to disable it....
Anything that prevents Symantec's software from getting its evil little hooks into the OS has got to be a good thing, no?
My UID is prime!
"Vista really will be a lot more secure than past versions of Windows"
"There is a *LOT* to be said for consistency in UI design"
What has UI design got to do with security. Will my car go better because it has translucent wavey controls on the dashboard?
It is ironic that we get to pay MS for fixing defects in its own OS. Whether from Microsoft or Symantic these 'security' solutions are merely a plaster cast round a fractured system. The only difference is such revenues go to MS.
What is required is an OS that can't be compromised by opening email or clicking on a URL and that don't require any action on behalf of the user to work. For instance when a box pops up asking me to accept a 'certificate'. How the heck is the average Vista user supposed to tell that.
was Re:More FUD From Scared Companies
davecb5620@gmail.com
"Like many people here I'm sure, I get landed with fixing people's Windows PCs"
..
No I, many years ago I decided to get out of the business of fixing Bills OS for free. Buy a computer from DELL, pay Bill money, pay DELL money, sell it to customer, go back in four times a year to reinstall, reinstall, reinstall. Every two years pay Bill for a new OS as they can't open docs from the latest msOffice format. Reinstall, reinstall, reinstall. Unlike MS I don't have the brass neck to charge them money for selling them a broken OS. Reinstall, reinstall, reinstall, reinstall, reinstall, reinstall, reinstall, reinstall, reinstall
was Re:Rather Microsoft than McAfee...
davecb5620@gmail.com
That "protected" mode is pretty close to what would be "normal user" mode in any other operating system.
An exploit running in that mode is still running native code, it can still make any network connections it wants, it can create files, it can write to the registry, it can perform buffer overflow attacks on system calls, it can drop executable files and scripts in "Temporary Internet Files" and execute them.
A real sandbox environment is one where there is no mechanism to execute native code (even after asking the user in an approval dialog), where there is no mechanism to create files, to write to non-volatile storage visible outside the session, to establish network connections, to open windows, to create processes...
Because once you can do that, you're penetrated. And once you're penetrated, you're fucked.
Thirty years ago the first "cyberpunk" novels were being written, and one of the things that the writers of these novels suggested was that you'd be able to run programs on other people's computers even if they didn't have a reason to trust you, and this would be considered "OK". As a technically oriented SF reader I thought that was a dumb idea then, but it was OK as SF. It would never happen in the real world.
Twenty years ago the first email "worms" showed up. Obviously they were a temporary abberation. The authors of mail programs were acting to close the holes in the programs that let them propogate, and a little simple level of common sense would make them a thing of the past. Right?
Ten years ago there was a hoax going around called the "GOOD TIMES" virus, about an email worm that could infect you just by opening a message. Even if you were (as everyone should be) careful about running attachments, you could be infected. That could never happen, nobody would be so stupid as to allow code to run in email, or to have mail scripts that were powerful enough to do that...
Nine years ago Microsoft merged the browser and the desktop, and we've been fucked ever since. Until Microsoft backs out of that and everything that comes out of it, they're never going to have a secure system.
If they put in their oar with the add-ons theory and it actually works, then they've beat the odds and saved lots of man-hours.
They've been trying to do that since 1997, with more and more layers of bandaids every time around, and with Microsoft's well-wishers hopefully saying "maybe they'll beat the odds this time". By now using the active content components of IE is less convenient for user and developer alike than the old "sandbox and plugin" model that they rejected because it was to inconvenient ever was, and they STILL haven't beaten the odds. And they've wasted FAR more man-hours than they ever might have saved.
One definition of insanity is doing the same thing over and over again after you've seen it doesn't work. Microsoft is not a sane company.
In all honisty Microsoft should guard against anyone accessing core parts of the operating system. If you leave system calls available to anyone (read root kit) that allow the average application to either hide itself from the OS or interfere with the operating of the OS then the malware writers will use them too. Software needs to be forced into a sandbox if we ever hope to have secure a OS. I know people will complain and say that Microsoft is being all anti-trustie but everyone complains and says they need to get on the security ball, well they cant complain now that they are trying.
If Symantec and McAfee can disable Windows security, so can any passing malware.
I have never had problems with malware anywhere near as troublesome as the problems I have had with so-called anti-virus software that behaves more like a virus itself. My workstation solution is to run only enough of one well-behaved package (F-Secure) to warn me when an application I haven't cleared tries to access the internet. The rest is safe practices and a very effective SPI firewall protecting the LAN. It works.
I want code buried deep in the OS to tell me when some process is trying to disable or bypass security and to give me a choice between letting it, stopping it, or stopping it and wiping the offending process and all of its related code from my system (particularly the last part). It should be so intertwined with the OS that it can't be disabled without killing the OS. If XP had this feature it would have saved me days of effort recovering from the ill-considered installation of virus-like applications such as Norton, McAfee and Macromedia Flash.
I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
hey, you spelt Windows wron....
WAITAMINUTE!
I see it so clearly now!
It's a pun, right?
From 1994, at a guess.
If M$ integrated a really useful firewall, antispyware etc system into Vista, it would be a huge leap for M$. That being said, they won't. Their "security tools" as of thus far have been second-thought, add-ons, rather then a solid system. They just throw something together so people think they are doing something. Instead of wasting system resources with aeroglass, M$ should be using those resources to have better real-time security tools.
Klingon Software is not released, it escapes, inflicting terrible damage onto the enemy as it does
Relevant wikipedia article here.
(rot13) rpbzbab@tznvy.pbz
Humm, one of numerous services I disable during install here at work and at home... Are you trying to tell me I'll have to hack it out of Vista ? I will, just watch me do it too, all the FBI on Canadian soil won't be able to stop me from going againts the unread EULA stating that if I defunk the Security Center I'm a bad Luser...c'mon now...hype hype hype.. Let Micro$oft do what they want, and we'll answer that call with low retail numbers. Cheers !
End of Line.
There is a direct precedent to this. IBM markets security software for its mainframe series. The software's interfaces are open and fully documented, so that users can buy 3rd-party equivalents instead of the IBM product, and get the same functionality. The reason IBM allowed this is to avoid the threat of an anti-trust lawsuit. Several competitors are out there.
So there is already a direct, apple-to-apple comparable precedent here. If antivirus makers go and to dig up that precedent, MS will have a hard time legally defending its stance.
"Being widely reused by the system" is *the whole freaking point* of using shared components like IE.
Yeh, I know, I got that.
What that means, though, is that when there's a deep fundamental unfixable security flaw inherent in the design of the HTML control, that's a deep fundamental unfixable security hole in the OS.
You haven't explained how it's different to its contemporaries on other systems
I have explained at great length how making the HTML control attempt to figure out whether a document its presenting is trusted or not (rather than putting that decision in the hands of the application that called it) is inherently insecure... oh, roughly two to the infinity minus one times over the past 8 or so years. I have explained, similarly, how the API makes it impossible for a calling application to make that determination... maybe as often.
And I'm not alone on this. This is something that is so completely obvious to anyone with any experience in computer security that it's hard to imagine that everyone at Microsoft in a position to decide policy is so incompetant that it escaped their notice. You shouldn't need to watch wave after wave of attacks totally blow by Microsoft's appalling patchwork of "security zones" to figure it out.
Gecko and KHTML do not suffer from the same flaw. It's possible for an application using these components to be secure from "cross zone" attacks, because there is no mechanism to bypass a strict application-level sandbox available to documents using these components unless the application that called them inserted it.
This is not actually possible with he HTML control.
Are you similarly ambivalent towards glibc on Linux ?
As a matter of fact, the complexity of glibc does bother me, but I'm not aware of any similar deep security flaws in glibc that would require re-writing parts of every application that used it, so I can't say I'm "similarly ambivalent". I'm not "ambivalent" towards the HTML control in any sense. It's not a love-hate situation in any way, bucko, it's a straightforward contempt-hate one.
Certainly not by an order of magnitude (and marketshare pretty much covers that disparity on its own).
.NET and other components. They've added thousands of complex rules and restrictions about it, and added lots of ever-changing and confusing dialogs to warn people that it was being used, but they've refused to fix it.
No, it's not an order of magnitude worse than any other browser component. It's much much worse than that.
Before Microsoft introduced the HTML control the very idea that it would be possible to have code downloaded and executed with full local permissions simply by viewing a document was a bad joke. Literally. There was a virus hoax going around called the "GOOD TIMES" virus that was clearly a hoax because everyone in the industry knew that nobody would be so stupid as to ship software that could do that, at least without it being a bug that would be immediately fixed and never re-introduced. Good Times was a classic urban legend on the Internet, funny once, but by 1997 system admins were long tired of their users asking about it.
Not only did Microsoft do that, but they published an official API to support it, and they refused to back the API out after the worst flood of viruses ever showed up taking advantage of it. They refused to take it out when (for unrelated reasons) the DoJ was demanding that they take it out. It's still in there, and on top of that they've extended the original fundamentally broken design to
There is nothing even vaguely as bad as ActiveX in any other HTML display component implemented anywhere. By anyone. There are individual bugs that have to be fixed... but once fixed, they're fixed for good, because plugging a buffer overflow doesn't involve removing a published API. Internet Explorer has those kinds of problems as well, but no other browser, mail program, or any other application using any other browser component than the MS HTML control is within several orders of magnitude at risk of the kinds of attacks the the Microsoft HTML control opens them up to. The very worst cases (and I've written about THOSE elsewhere) are negligable problems by comparison.
And the idea that anyone with your obvious competance would consider this as anything less than an utterly damning flaw in IE, Outlook, WMP, Realplayer, and any other application that uses the HTML control is incomprehensible to me. How can you possibly condone making "Good Times" real?
Microsoft are too stubborn and think that they are such a big company therefore they does not need any help from others that small scale from them and too young in the industries..
WHY MICROSOFT ARE STUBORN!! even though that microsoft have their own security system, they should also work together with other companies to develope even better system. also, without microsoft knowing it, there are people who use other security system besides microsoft, even if they are using windows. so...they should work as a TEAM!!!