Slashdot Mirror
Security Companies Tussle With MS Security Center
hey0you0guy writes, "The large security firms such as Symantec and McAfee want Microsoft to allow them to replace Microsoft's Windows Security Center. Microsoft is refusing these requests. 'By imposing the Windows Security Center on all Windows users, Microsoft is defining a template through which everybody looks at security,' Bruce McCorkendale, a chief engineer at Symantec, said in an interview. 'How do we trust that Microsoft knows what all the important things about security are to warn users about?' Given Microsoft's past, with vast piles of security flaws and patches, they should at least cooperate with these companies. A dispute still exists over PatchGuard, a security feature that Microsoft says is designed to guard core parts of the 64-bit version of Vista, but which critics say locks out helpful software from security rivals."
Have you ever run two anti-virus programs on a computer at the same time? More often than not your file system performance completely tanks because every time a file is accessed you have two programs trying to scan it and verify it's integrity. You will also frequently run into problems where one AV program will label the other AV program as a virus.
Don't replace, disable! Simply disable the Security Centre service, install your own and you're done. Infact this is exactly what we have done at work, the idea of a security centre is great however we wanted to add our own applications to the security centre. Sadly there is no way to do this with the default security centre in Windows XP SP2. So rather than try and extend it we simply disabled it and replaced it. Doing the job of the security centre is pretty simple as it is documented what applications have to do to be "seen" by the security centre so we just did the opposite to monitor them (Symantec is very difficult about this because it has anti-monitoring tech built in). I don't see why this is a big problem for Symantec. AFAIK there is no reason they cannot disable the security centre service when they install their application.
5. Takes up 90% of system resources to give the impression that it's actually doing something useful.
Viruses. Not virii. I'm not going to shout, just remember this from now on, ok? :)
Lesson One.
Vista will be defined by what it offers users in business. Vista will be defined by what it offers users in the home.
The Geek gets the crumbs that fall off the table.
Lesson Two.
The OEM system install is the gold standard in many markets where Microsoft is dominant. The home user doesn't simply buy into the new OS. He buys into the next generation of consumer grade hardware at OEM prices.
Old news. Old argument. If Microsoft (oh sorry, "M$" - get it? It's a dollar sign! Derp!) does not ship with a firewall and anti-virus, you complain. If they do, you complain. What is the point in even talking about it on Slashdot? Why the hell am I even writing this.
Fact - most home users don't have AV software. Now they will. Horray!
Umm.. That's a different problem space. Medical devices and flight control systems don't hae to operate in a hostile environment (at least from a software standpoint). Windows (and Linux and OSX and whatever other OS you're running on the internet) does.
Also flight control systems and medical devices have to be RELIABLE.
Reliable != Secure.
They're different dimensions on a multi-dimension graph of software qualities.
Some of the dimensions on the graph:
Security (the ability of a system to prevent a hostile attacker from compromising the system)
Reliability (the ability of a system to ensure continued functioning, regardless of operating conditions)
Robustness (this one's interesting, because the word "robustness" has situational meaning)
Flexibility (the ability of a system to adopt to new environments).
There are tons of other dimensions.
Software can be evaluated against all of these criteria, depending on the needs of your organization.
One other thing: it's IMPOSSIBLE to have perfect security (well, you might get pretty good security on a black box that accepts no inputs and produces no outputs - a computer that's not powered and has no permanent storage is also moderately secure). Security is about risk analysis and mitigation.
You need to decide what level of risk is appropriate for your data and ensure that you have mitigations in place appropriate for that level of risk. For instance, if the bad guy has physical access to your computer, they own your computer. So if you have critical data on a computer, you need to make sure that the bad guy can't get access to the computer (lock it up in a machine room). The 10 immutable laws of security is worth reading.
Microsoft is actually one of the few companies out there that really DOES get security (yeah, you can laugh, but they really do). But it takes a LONG time to turn a ship around, and it's really hard to mitigate the mistakes ofthe past (every user running as an admin is one of those big ones).
Microsoft has adopted a process they call the Security Development Lifecycle. The SDL involves a bunch of different processes that ensure that over time security defects in the system are reduced. Other organizations (Oracle and Mozilla, for example) are also adopting similar methodologies. Microsoft did this because they recognised that Windows was a train wreck in progress and that if they didn't do SOMETHING they'd be in even worse trouble than they are today.
So far, SDL has paid off. Every release of Windows since 2002 has been progressively more secure than the last, as have each subsequent release of other Microsoft products.For instance, when was the last time you've heard of a new SQL server vulnerability?
It's not saying that Microsoft is perfect. It's not. But it's progressively getting harder and harder for the bad guys to attack Windows - that's why they're going after other easier pieces of the ecosystem. Vista will raise the bar several orders of magnitude higher.