McAfee, Symantec Think Vista Unfair

davidwr writes "Is Microsoft unfairly locking anti-virus companies out of Vista? Symantec and McAfee seem to think so and they aren't being very quiet about it, placing a full-page ad in the Financial Times. If you've found the ad online, please post a link."

McAfee, Symantec living on borrowed time

[ackthpt]

Something McAfee, Symantec and all other anti-virus/anti-spyware/firewall/spam-filter companies should bear in mind, if operating systems, applications and other software had been properly designed in the beginning these companies wouldn't exist. These aftermarket companies are effectively parasites. Once the host changes significantly the parasites advantage is gone. Who can say Microsoft is now to blame for not keeping them on the gravy train? It's would be true, however, to say that these aftermarket companies are in effect and after the effect Q/A arm of Microsoft, which has doubtless helped fuel Microsoft's growth. If you're a corporate IT officer, would you be comforted to know you only have one place to go for help now, and it's the company which releases extreme high priority bug fixes frequently?

Microsoft was overly optimistic about the true nature of people (they shouldn't as they've proven to be devils themselves), expecting nobody would take advantage of flaws, like giving everyone effectively root on their computers, thus every application, including malicious code. Further, they've been wonderful about hiding the true nature of what's running on your PC. I can see executables, but DLL's, why the hell shouldn't I see those easily? Anything running on my computer should be visible, how else can I tell if there's something there which shouldn't be?

So, once again Microsoft attempts to get it right. Maybe they'll be closer to the mark this time. I don't care. XP was the last operating system I'm ever buying from them and I don't pirate stuff. With Vista promising to be larger than ever, I don't think it's the direction I want to go. As Michael Crichton implied in Jurassic Park, the more complex a system the more likely it is to break down. I don't find the every growing Windows OS/Environment comforting. I'm also tired of the technology tax, I just want something to work, to be able to do mundane things and play a few simple games when time affords. Good luck McAfee, Symantec and all the rest, it was overdue. Don't forget to send your stockholders a "Thank You" for all the money they gave you.

Of course, if it all goes tits-up for Vista, Microsoft have nobody else to blame. Doesn't that at least warrant a warm, cozy feeling?

Re:McAfee, Symantec living on borrowed time

Something McAfee, Symantec and all other anti-virus/anti-spyware/firewall/spam-filter companies should bear in mind, if operating systems, applications and other software had been properly designed in the beginning these companies wouldn't exist. These aftermarket companies are effectively parasites. Once the host changes significantly the parasites advantage is gone.

This would be true IF Microsoft had removed the need for av/as/s/sf software but it hasnt. All it has done is changed how the software innterfaces with the OS in an attempt to make it more secure.

Who can say Microsoft is now to blame for not keeping them on the gravy train?

I can. They *arent* stopping the need for this software, just making it harder for the competition.

It's would be true, however, to say that these aftermarket companies are in effect and after the effect Q/A arm of Microsoft, which has doubtless helped fuel Microsoft's growth. If you're a corporate IT officer, would you be comforted to know you only have one place to go for help now, and it's the company which releases extreme high priority bug fixes frequently?

Fuelled MS's growth in the same way a speed bump helps ford's growth.

This might be true *IF* microsoft was releasing fixes when they're needed but as we've seen lately, they still dont.

Re:McAfee, Symantec living on borrowed time

[kalirion]

Something McAfee, Symantec and all other anti-virus/anti-spyware/firewall/spam-filter companies should bear in mind, if operating systems, applications and other software had been properly designed in the beginning these companies wouldn't exist. These aftermarket companies are effectively parasites.

They're not parasites, they're symbiotes. In a parasitic relationship, only the parasite profits. As you've said yourself, "It's would be true, however, to say that these aftermarket companies are in effect and after the effect Q/A arm of Microsoft, which has doubtless helped fuel Microsoft's growth."

Re:McAfee, Symantec living on borrowed time

[SyncNine]

Exactly! I remember when Norton Utilities for DOS was a set of near-impossible to replace system tools that were undeniably useful to anyone with the inclination to use them.

Now we've got SuperSuite SystemWorks 2007.3 Ultra ++ Premium Platinum Professional Network Edition, and it's great! It loads a piece of shit e-mail scanner that sucks up 24mb of your ram and only works with two e-mail clients (not web based e-mail like most people assume it does!), some sort of 'worm protection' that succeeds only in disallowing you to connect to any remote machine ever, for any reason, you've got their anti-virus protection which incidently takes about 45mb of ram to sit in the background, double that if it's doing a scan, then you've got the heuristic detection, which is about another 5-10 mb of your ram, you've got the 'Symantec System Center' console, that takes about 10mb of ram just so it can tell you you're running SystemWorks 2007.3 Ultra++ Premium Platinum Professional Network Edition every five minutes in a pop-up window. Then there's Goback, which doesn't work, Ghost Personal 10, which I've yet to get to work properly thanks to its inability to properly clone 'msgina.dll', and an out-dated 'update' to checkdisk that the software doesn't allow you to force a manual run of. Don't even get me started on 'Norton Internet Security' which effectively stops you from transmitting *ANY* data unless the user clicks OK about a thousand times, and also does about 10 or 15 other things to your connection that it will never tell you about that impede normal workgroup/domain traffic. Lovely.

And that's just SystemWorks. Don't forget about how Corporate Antivirus 10 has a nasty penchant for destroying corporate systems (as seen on slashdot here.)

Maybe I'm just bitter at having to remove all this shit from client's computers who have bought it and spent their $50 or $100 on this software only to have it completely screw them from top to bottom.

I think that Symantec needs to do one of two things: Either drop out completely, admit that their software is a shadow of what it used to be and that they've lost all ability to write any sort of tight and non-resource hungry code, OR re-write their damn software to be functional and not take an average of 100mb of ram to run. I'm fairly certain that properly written code doesn't need direct kernel access to check whether c:\boot.dat is infected with a virus. 'Course, I'm no programmer, so, I don't know that for fact.

But either way, if they did that, I think their cries would fall on more sympathetic ears.

Much ado...

[DoraLives]

about nothing.

Once Vista hits the streets in its final incarnation, and the Bad Guys get to working on it, my money is on the premise that third party antivirus solutions to whatever problems that inevitably must arise, will continue to be a necessity.

After all, it's not like we don't already have a pretty good track record to examine, with the folks who are producing Vista, eh?

Re:Much ado...

[CastrTroy]

McAfee and Symantec aren't complaining that MS made their OS really secure, and as such, have nothing left to protect against. What they are complaining about is that MS has made it impossible for any program to run at a low enough level (except MS programs of course) to be able to work effectively as an antivirus/antimalware application. They've made is so that it's impossible for anybody but MS to make a proper virus scanner. Well, they could make a tool that would get down to that level, but it would have to be through some security hole in the code, and MS would most likely patch it to prevent hackers from using it. So i think that Vista will be more insecure than ever, because MS will be the only ones able to provide security tools.

Re:Much ado...

[molarmass192]

I'm not disagreeing with you, you're bang on, but you raise an interesting point in "MS has made it impossible for any program to run at a low enough level (except MS programs of course)" that I want to expand on. MS doesn't sell open source software. They've never once said "do whatever you want with our OS". They don't provide source code to build your own kernel. So why the big stink by these companies? This is the nature of closed source software platforms. You're at the mercy of their creators. This turn of events for the anti-V companies is EXACTLY the reason why I no longer use or recommend closed source software to my board. Microsoft has ALWAYS owned the key to Symantec's and McAfee's business models. They've just decided to close that door now and these guys will now have to pay the price for the choice of platform they made. This same fate could happen to ANY windows-only software maker. It's the nature of dealing with a platform over which you have zero control.

In other news...

[jfclavette]

Smalltown, US - NAPA says increased quality in GM exhausts unfair. A representative is quoted saying: "GM is in the business of building cars. There's no reason for them to build quality parts for their cars. It's absolutely unfair that the default exhaust lasts more than 3 weeks without needing a replacement. They're trying to drive us out of business."

BuggyWhips!

[bigattichouse]

My buggywhip business has been unfairly targetted by these so-called horse-less carraiges! I demand Mr. Ford require buggywhips in all his model-T vehicles!

Microsoft in a "Damned if they do.." situation..

[Churla]

They are damned either way.

A) Release an OS without really beefing up security and watch everything bad about XP and prior releases repeat itself on a larger scale.

B) Release an OS and beef up security and see people who have made a living compensating for your poor coding in the past complain that they can't in the future.

The NAPA analogy is shockingly accurate in my opinion. Like what would happen if all the fast food places discovered a way to make the same fast food, but make it healthier enough that people didn't have to worry about dieting anymore? Who would complain? Diet manufacturers of course...

why arent they also upset at Mac?

[ClassicComposer]

Why arent they attacking OSX as well? I mean it has a built in firewall that is actually semi decent and not many other widely exploited vulnerabilities... Wouldnt that mean that OSX has been for a long time shutting out companies like this?

Not just MS

[ClosedSource]

Those who designed the Internet were also overly optimistic about the true nature of people and didn't really consider security issues either.

I really don't blame either group. If they had considered all possible future needs prior to creating an implementation they'd still be working on it today and Slashdot would be a pen-pal club.

No love lost for both of them

[Nanite]

Personally, I wouldn't care if both Mcafee and Symantec went bankrupt tomorrow. Both feature bloated, buggy software, and symantec's sales pressure to 'Upgrade' to newer buggier software rather than renewal of the old software is just disgusting. Granted, I don't know if MS could do a better job, given their abysmal track record on security and virus prevention. They love to just leave the barndoor open for stuff like that. But they may be able to produce a spyware/virus solutions that works better within their systems, better than the monkeys at Mcafee and Symantec anyways.

No, but the 'complaint' fits our culture perfectly

[ScentCone]

I suppose Microsoft will claim that this is another integral part of an OS. While my first reaction is to scoff...

Your use of the word "claim" implies that someone other than them should decide what is, and is not, part of their own product. They wouldn't be "claiming" such a thing, but simply stating it. "Yesterday, our product looked like X, and today, it looks like Y." Other companies that glom onto a freight train like MS and get rich doing so can hardly complain (with a straight face) when that other company's products change shape or purpose. Symantec and MacAfee aren't MS's customers, the end users are. If we ever get to the point of killing off most of the spam conduits in the world, we'll probably hear about how the spam-filtering appliance makers are being "unfairly" deprived of a living.

This all derives from the pervasive sense of entitlement that's drenching our culture. MacAfee and Symantec know the score, but they're playing this card because they know it will resonate in a courtroom full of modern day jurors, should it come to that. Sleazy, but probably clever in real terms.

No, that's not correct

[Sycraft-fu]

I really hate this popular Slashdot myth that viruses only exist because OSes are designed improperly. No, wrong. Most viruses are just malicious programs that get executed by the user. They don't hack in to the system, the are downloaded with another program. They come in the front door not the back one. There isn't an OS level defense for this short of an Orwellian trusted computing scheme. If I sent you a version of Apache with malicious code in it and you installed it as root, I could do whatever I wanted. Doesn't matter how secure your OS is, you gave it the permissions it needs.

What virus scanners do is provide a database of known bad code (and check for variants). They are like a bouncer with a list of known criminals. Even if the owner says "Sure, let that guy in," they can check their list and say "Sir, you don't want to do that, he's known to be a bad guy."

Now you are somewhat right that certain kinds of designs make more attacks possible. For example if you have services exposed to the Internet, then a worm can try to get in there without any user intervention. However the fundamental problem of malware is not solvable with any OS I'm currently aware of. Running as a deprivledged user does nothing. Either the malware can just install as the user and wreak havoc on that user's files (which is ultimately what they care about not the OS), or will just ask for escalation, which clueless users tend to grant without thinking, and then do as it wishes.

Unless we move to a trusted architecture, where only signed apps can execute, or we manage to get all users to be highly technically competent, they'll always be a need for virus scanners, at least on the dominant OS. Lock down every other way in all you like, it doesn't matter when you can infect people by sending them an e-mail that says "Hi I send you this file in order to have your advice."

Re:No, that's not correct

[Markusis]

I really hate this popular Slashdot myth that viruses only exist because OSes are designed improperly. No, wrong. ... There isn't an OS level defense for this short of an Orwellian trusted computing scheme. If I sent you a version of Apache with malicious code in it and you installed it as root, I could do whatever I wanted. Doesn't matter how secure your OS is, you gave it the permissions it needs.
</snip>

This is why SELinux and App Armor exist. With a proper SELinux or App Armor setup you could install Apache as root and all it will be allowed to do is what Apache does normally. So, it would only be allowed to read the /etc/httpd directory and the /var/www directory. It would only be able to write to the /var/log/httpd directory and listen on port 80 and 443. So, this could prevent an exploit in Apache from taking over the rest of your system.

Admittedly this example wouldn't help a desktop user. But, there is no reason why SELinux or App Armor couldn't help a desktop user. One example would be if Firefox was locked down to only allow downloads to the ~/Downloads directory or something like that. Now any hole in firefox would only be able to damage your ~/Downloads directory and presumably your firefox cache directory or something. It wouldn't be able to delete ~/Pictures and ~/Music. The browser example is kind of complicated because it has so many tasks these days. But, the point is that you can prevent a lot of problems by employing some kind of mandatory access control system.

Oh, and it really isn't that hard to use one of these systems either. Yeah, they can be pretty nasty if you really get into it (especially SELinux). But, for a desktop user there really isn't anything to worry about. I use Fedora Core 5 at work and at home and I've kept SELinux enabled on both systems. App Armor is really nice to use for the purposes of locking down a server system in this way. SELinux is more generic but it is much more complex than App Armor.

Re:Mcaffe + Norton Licks balls.

[Grand+V'izer]

Well Avast! is going to get screwed just like Norton and MacAffee. All those free AV products are going to become a lot less useful when they can't detect unauthorized actions on the kernel.

I think a lot of people are missing the point here. Microsoft hasn't "secured" the kernel from attackers. They've simply removed any way for legitimate non-microsoft software to monitor the kernel. People have already found ways to attack the Vista kernel, and given Microsoft's history with security I don't feel very good about them being my only defense.

If you want to play with the big boys

[codepunk]

If you want to play with the big boys you got to play like one. They could fix this situation in
less than a week and have microsoft bending over backwards to help them out.

CEO Symantec: Billy you are pissing me off let me have access to what I want.

Billy: No way we are taking over the playground.

CEO Symantec: Well you are going to let me have access to what I want or else.

Billy: Or else what, I am not scared of you I own the desktop.

CEO Symantec: Ok here is what I am gonna do.

Billy: laughs

CEO Symantec: We are immediately updating all of our desktop software.

Billy: yea so

CEO Symantec: Any time a virus is found on the system it will pop up a message to the user. If it
is browser installed malware it will contain the following message "A virus related to your IE installation was quarenteened and removed. To eliminate future possible system infections you can
go to www.getfirefox.com and download a secure browser which will greatly enhance your web surfing experience".

Billy: I don't much care about IE anyhow we don't even make money on it.

CEO Symantec: Any time a macro virus is found on the system it will pop up a message to the user. "A macro virus has been found on your system and it is possible that your personal data could have been stolen. A better office suite that is even compatible with your current documents and is totally fee of charge is available at www.openoffice.org. If you would like this installed press ok and the macro virus will be removed and we will upgrade your system to a better office suite"

Billy: oh crap, please don't do that.

CEO Symantec: Also when it catches a system virus it is gonna point the user to ubuntu and offer to install it.

Billy: Tell you what we will send over a team of developers and help you fully integrate with our system.

Problem solved!

No

[Sycraft-fu]

It's because they've shut the fuck up and updated their product while Symantec has been bitching. MS is not locking out 3rd party virus scanners or 3rd party anything. They know that would get them sued in a hurry. They've just changed the way things work, and you need to update your software accordingly. Vista has all kinds of changes like that. For example PDFcreator no longer works. MS lockout? No, security change. Used to be services could directly interact with the desktop. Well I guess that makes you venerable to a certain class of attacks called shatter attacks. I don't know the details of what they are, but at any rate. So Vista changed the model. Now you have to have the service separate and then a program that interacts with the desktop and controls it. An MMC control would work fine, or your own app, whatever. Just a new way (hopefully more secure) of doing things.

This all reminds me of back in the Windows 2000 days with pro audio cards. So Windows 2000 moved to a new driver model for audio called WDM. While it could use NT drivers, you got none of the features, you needed WDM drivers to be fully 2000 compatible. Well the pro audio companies bitched and whined that WDM wasn't suited to pro audio and that nothing would work and so on. Finally they gave in and released WDM drivers and, what do you know, they work great, better than anything before and that's all that's out there now. However they didn't want to change to a new system so they whined.

That's all that's happening here. Companies are being whiny because they don't want to update. I have no sympathy.

picture of the mcafee ad

[graucho]

http://www.flickr.com/photos/77014820@N00/25883676 2/