Slashdot Mirror
Microsoft Working With Security Vendors
mikesd81 writes "The BBC is reporting on Microsoft's U-Turn. They've now given security vendors some of the information they want to make their products work with Microsoft's new operating system, Vista." From the article: "Earlier this month, security firm McAfee took out a full-page advert in the Financial Times to alert readers to its worries about the way Microsoft was handling the release of its new operating system. 'Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and other online threats,' the advert said. "
These security vendors been taking advantage of the flaws in the windows OS's for years and making tons of money doing it. Great someone needed to do it since MS couldn't or wouldn't. However MS is now trying to hardent heir OS and remove the security holes that should have been removed years ago and what happens? People complain. And by people I mean Symantec, McAfee, etc (not the end user mind you).
I for one am pleased to see MS trying to lock down their systems and these other vendors just need to quite whining. I am sure there will still be plenty left to fix. There always is.
___________________________
Free iPods? Its legit and simple. 5 of my friends got theirs. Get yours here!
While I revile MS for their draconian business practices, Mcafee is not much better. The problemm with security is that everyone have (roughly) the same system. There is no variation in the computers on the 'net. A windows box with Mcafee (or Norton, to me they are all the same) is as vulnerable as anyother equivalently equpipped box. So a virus will spread quickly. Imagine every person ob earth had an equivalent immune system. Every mutated bug would render the entire population out for the count.
For Mcafee to raise the alarm that MS was playing fast and loose with security by freezing out security software is just crap. Its FUD just like the crap MS spouts. Although it seems to have worked in this case.
Don't they just do what they want unless they "lose" a legal case, then continue whilst appealing until the suit is moot? Or until a settlement is reached (money changes hands and minds)?
MS is such a juggernaut that it flows around or over obstacles, like an avalanche, tsunami, mud (fud?) slide, etc. If McAfee and company survive, they'll be the exception that makes the rule, imho.
That's funny... Trend Micro had a fully working Anti-virus product during the Beta. They didn't need any special "Kernel Interface Documenation" to make it work. All the information needed was already available, this is about Norton and McAfee whining because THEY couldn't work with MS and wanted special kernel access, not the other way around.
their OS is....?
... but also the security that protects those computers from viruses and other online threats,'
From the Original post: 'Microsoft seems to envision
Not to be picky, but on my Solaris boxes, I don't call up McAffee every time a security vulnerability is released, nor do I call them to protect my AIX systems from Crackers either. I expect that Sun and IBM, respectively, will secure their OS, issue patches, and provide the appropriate tools to manage security. We've been letting Microsoft get away with fobbing that duty off on third-parties for far too long. Pity if that impacts Symantec's business model, but Microsoft should have years ago either (a) fixed their OS or (b) taken the tcp/ip stack out and stuck a big, neon-orange, sticker on every box and install disk which reads, "This Products Is Terminally Insecure and If You Let It Connect to a Network, 12-Year Old Script Kiddies Will OWN Your Valuable Corporate DATA! Within 20 Minutes Or Less!"
It's hard in a case like this to know which one of them (Microsoft or Symantec) to have less sympathy for.
the more accurate the calculations became, the more the concepts tended to vanish into thin air. R. S. Mulliken
I like MS-bashing as much as the next basher, but this is just a cheap shot. When you get down to it, isn't virtually every company in every trade envisioning a world in which they eventually snuff out all the competition and grow to become the only source for whatever it is they do? Even if you know it won't logically happen, it's still the general goal that's paraphrased into the "mission statement" posters in every corporate breakroom.
Slashdot Burying Stories About Slashdot Media Owned
Reading the comments here, I think that most people aren't aware of what PatchGuard is.
PatchGuard, quite simply, is "security through obscurity". Basically, while the kernel is running, a hidden background thread continuously hashes the code sections of the kernel and validates that nothing has changed. If something changes, the system bugchecks (blue screens). PatchGuard's security comes from it being obfuscated.
PatchGuard doesn't offer true security. It has nothing to do with escalation of privilege - if you're able to modify the kernel, it's already too late. PatchGuard was intended to stop commercial products from patching the kernel because frequently they do so improperly, and end up causing instability and local privilege elevation exploits. If a company got around PatchGuard, their product would only work until the next second Tuesday. However, rootkit authors may not care about that "time limit".
Certainly PatchGuard helps slightly with DRM. However its more important use is preventing companies from doing improper kernel hacks. With Microsoft bowing to these companies, PatchGuard's only use is now DRM.
By the way, the only reason Microsoft is doing this is because of Europe's antitrust complaints. No full page ad will convince Microsoft of anything.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
There's actually a lot of truth to this statement. Success for Microsoft can mean an overall decrease in long term recurring revenue for a variety of service providers (even Microsoft Certified Solution Providers). If Vista is more secure, it means less need for "more secure" alternatives. For those of us who base our living off of maintaining and supporting said alternatives, this is a bad thing.
Personally, I support homogenous networks; so I will see a spike in revenue from any XP->Vista upgrades. In the long run, there will be a decline in revenue if Vista is more secure. A more secure OS means fewer customer calls for security related issues and a decrease in the sales, installation, maintenance, and support of security related products. Initially, the antivirus/antispyware/firewall/IDS/etc. sales and support would stay the course. People have it engraved in the back of their heads that they need all of these things when they're running a Windows environment. Over time, the perception and realization would be that such preventative measures are no longer required.
Luckily, I don't think Microsoft is releasing a more secure OS. Just like every Microsoft Operating System to date, I have a feeling they will roll it out with trumpets blaring and decree how secure it is.... only to have some black hat cracker show up at a hacker conference with an arsenal of exploits and blow holes in their hard work. We all know that there is no such thing as a completely secure networked computer; but I would caveat that with "especially a Microsoft-powered system." I don't see that caveat changing any time in the near future.
-- Stu
/. ID under 2,000. I feel old now.