Slashdot Mirror
McAfee, Symantec Think Vista Unfair
davidwr writes "Is Microsoft unfairly locking anti-virus companies out of Vista? Symantec and McAfee seem to think so and they aren't being very quiet about it, placing a full-page ad in the Financial Times. If you've found the ad online, please post a link."
Well Avast! is going to get screwed just like Norton and MacAffee. All those free AV products are going to become a lot less useful when they can't detect unauthorized actions on the kernel.
I think a lot of people are missing the point here. Microsoft hasn't "secured" the kernel from attackers. They've simply removed any way for legitimate non-microsoft software to monitor the kernel. People have already found ways to attack the Vista kernel, and given Microsoft's history with security I don't feel very good about them being my only defense.
Not all random numbers are created equally.
My understanding (and please correct me if i am mistaken) is that worms and viruses infect a system through self-replication without the user's consent. While trojan horses require action on the part of the user. You seem to be confusing trojan horses with viruses. Granted, most so-called "anti-virus" software developed in the last few years also attempts to stop trojan horses.
----- "I'm still sane on three planets and two moons."
It's because they've shut the fuck up and updated their product while Symantec has been bitching. MS is not locking out 3rd party virus scanners or 3rd party anything. They know that would get them sued in a hurry. They've just changed the way things work, and you need to update your software accordingly. Vista has all kinds of changes like that. For example PDFcreator no longer works. MS lockout? No, security change. Used to be services could directly interact with the desktop. Well I guess that makes you venerable to a certain class of attacks called shatter attacks. I don't know the details of what they are, but at any rate. So Vista changed the model. Now you have to have the service separate and then a program that interacts with the desktop and controls it. An MMC control would work fine, or your own app, whatever. Just a new way (hopefully more secure) of doing things.
This all reminds me of back in the Windows 2000 days with pro audio cards. So Windows 2000 moved to a new driver model for audio called WDM. While it could use NT drivers, you got none of the features, you needed WDM drivers to be fully 2000 compatible. Well the pro audio companies bitched and whined that WDM wasn't suited to pro audio and that nothing would work and so on. Finally they gave in and released WDM drivers and, what do you know, they work great, better than anything before and that's all that's out there now. However they didn't want to change to a new system so they whined.
That's all that's happening here. Companies are being whiny because they don't want to update. I have no sympathy.
http://www.flickr.com/photos/77014820@N00/25883676 2/
These are called trojan horses.
Viruses and worms replicate themselves and redistribute through backdoors. Typically "worm" carries connotations of being particularly aggressive and requiring no faults of the user. But I think, originally virus meant little more than self replication, not even necessarily malicious - just that you could be "infected" (hence the term virus). Virus carries connotations of being prolific (even within one host system).
Ones that depend on tricking the user or stupid users are trojan horses.
At least those were the definitions back in the day. The media has done a lot to muddy the waters.
In short (and IMHO):
The problem is many cases of malware combine some or all of these rather than just one of them, and the media flounders without having a short, easily digestable label to slap on them, so they confuse things with generalizations.
Question everything
http://www.betanews.com/article/Sophos_on_Symantec s_Vista_Complaints/1159472882
Ron O'Brien, senior security consultant with Sophos, told BetaNews. "But from what we have learned in our dialog with Microsoft, which is ongoing, the objection on the part of some vendors is that PatchGuard will prevent access to the kernel, which is that very basic level of the operating system where people feel that they may need to go, in order to provide a total security solution."
Conceivably, if Sophos wanted to provide a "total security solution," given this new set of circumstances, wouldn't it need to understand some of PatchGuard's secrets? Surprisingly, O'Brien told us no. "At this point in time, Sophos does not see the need to be able to access the kernel within the Microsoft operating system," he said.
"If there is a point in time where the kernel becomes the subject of malware being written specifically to it, then I would expect that we would go back to Microsoft and tell them we need to be able to access the kernel. But at this point, it doesn't appear to be necessary."
A worm spreads on its own, by say scanning the network or sending emails to everyone in your address book.
A virus infects other files but doesn't actively spread to other systems. They may use exploits to infect the system but they may simply wait for another idiot to click on the exe they infected. So when Bob gets that floppy from you he may get infected.
Trojans do not self-replciate at all and usually are designed to control a computer or steal data.
So neither trojans nor many viruses would be stopped by a secure OS assuming the user ran them as "root" which most users would do. Worms would also not be stopped if they did not use exploits to spread, for example by sending themselves as emails or IMs.