Slashdot Mirror
The Netscaping of Symantec and McAfee
rs232 writes to mention a C|Net article about the uncertain future of the popular anti-virus software companies. "I mention Netscape because, if you believe Symantec and McAfee, a similar situation is about to unfold within the security industry. Microsoft, again recognizing late that it had failed to seize upon this thing called security, is now about to bundle its own security solutions within Windows Vista and further enforce new security policies that lock out some third-party security solutions altogether. Vendors Symantec and McAfee have looked into the future and realized that people may one day speak of them in the way that we now speak reverently of the early builds of Netscape."
Netscape had a product, which filled in a need customers had: a web browser.
Symantect and McCafe are only parasites, leeching from Microsoft's -mistakes-. It was unevitable that Microsoft would one day try to fix those mistakes, and unlike things like Office Suites, it is Microsoft's -responsability- to fix this mistake, and it is a feature that SHOULD be part of an operating system (aka: security, though Microsoft's implementation is debatable).
Not only that, but McCafe's and Symantec's products are viruses of their own, doing unthinkable things to the operating system and screwing over their users: They are malwares. I, for one, HOPE these 2 companies die soon, or find a new business model.
Who speaks reverently of the early builds of Netscape? 2 and 3 weren't awful, but they weren't great either. And I think we all remember the abortion that was 4.
McAfee and Symantec exist because of problems that exist in the Windows code. They are concerned b/c Microsoft is releasing its own "security" software, which I agree with to a point, but they are also pissed off because MSFT is locking them out of the kernel (as they have been since x64's XP).
So b/c MSFT is actually doing some stuff to try and protect themselves from outside code (in addition to outside vendors) we're supposed to feel sorry for these people? Either revamp your products and find different stuff to fix or move along.
That or stop whining about MSFT locking you out of the kernel and concentrate on them selling software that "fixes" problems in their own buggy OS.
The so-called security vendors are best off when there is a proliferation of viruses and people are scared to death of the Internet. Their business model disappears if the Internet actually becomes a secure platform.
Microsoft wants to see the number of exploits impacting its operating system disappear to zero. Only if they are successful will they kill the security vendors. And if not, the security vendors will prosper.
I stopped using Netscape as their "new and improved" releases became huge, very slow bloated with unneeded features that don't even belong in a browser (email? Use an email client!) and crashed all the time. (It took the Mozilla guys to do for free what Netscape engineers were paid to do and failed to do: make a nice version of that browser). McAfee, etc should not have to worry about this as long as they improve their products instead of turn them into unusable monsters.
Where were you when the voynix came?
It's fashionable to bash Symantec and McAfee and make ridiculous comparisons between them and viruses, but they're just companies meeting a demand for specific software. They are no more leaching off of microsoft than car-washes 'leech' off the auto-industry.
The OS is changing, and the nature of threats are changing. These companies started by writing software to protect against disk-to-disk threats, then file infectors, then worms, and so on. Each has changed their business model as the needs of the market have changed, and I'd be hesitant to casually write them off just yet.
The market will decide things in the end. Either the companies change and continue to meet customer demand, or they won't, and they'll fade away. My money is on smart people staying fresh and changing based on their past history.
The alternative is to essentially say "Netcraft confirms that security software companies are dead!", with just as much legitamacy.
If Microsoft were to succeed in shutting out security vendors (which I don't think they really want), they'd be digging their own grave. Many of Microsoft's security problems now stem from their dominance in the browser market - had Netscape won the browser wars, Microsoft would likely not be vilified to the extent it is today since security would not be as big of an issue.
The one thing that has made Microsoft's products at least somewhat secure are the third party security products. If Microsoft shut out these security products, it is unlikely they could provide the same level of security that users expect from their O/S's. Take away McAfee, Norton, and the other security vendors and Microsoft's profit and revenues would be impressive until users became tired of the constant security breaches and holes.
If Microsoft moves forward with shutting out 3rd party security companies, Linux vendors and Apple will be the big winners, not Microsoft
Crack - Free with every butt and set of boobs
The market for anti-virus software is a response to poor software design. So Microsoft claim they will fix it, and in the process are bundling tools similar to their competitors'. But the ultimate solution will will require not a reactive solution - which is why anti-virus software does - but a proactive solution, similar to just about every other professional OS. That is, pervasive use of filesystem ACLs, low privilege user accounts, etc etc etc. That is, enough security such that if a virus does run - it wouldn't do much damage.
Wouldn't a Windows system with proper security be just as damaging to these anti-virus makers as Microsoft bundling anti-virus software? And isn't the OS maker the proper responsible party for system security?
I'd say a comparison with Netscape is a bit off.
I don't think Symantec and McAfee will have a problem in the near future. It think it's the same thing as with personal firewalls. Even though Windows XP has a built-in firewall (which covers only incoming connections, I know), people feel the need for additional security. I won't write about the pros and cons of personal firewalls and the use of Symantec's and McAfee's products, but I believe that the average user will simply keep buying security products. They come in nice boxes and as we all know, Windows isn't safe if you use it as it is.
I don't think Microsoft's marketing will change this perception in the next few years, so many computer users will still believe what the traditional security software vendors tell them.
The strength of a civilization is not measured by its ability to fight wars, but rather by its ability to prevent them.
So does Microsoft. And it's on by default and "good enough".
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
You do know that it is Microsoft's VISTA OS right? Can't they build in what they want? No One is FORCING anyone to buy Vista, the can buy MacOS or Download any version of Linux they want, Microsoft wrote the code, its theirs, if they want to lock out vendors, or increase or decrease security on a whim, they can, its theirs... doesn't anyone get this? If you don't like MS, choose some other vendors OS...
Symantec and McAfee are only in business because of Microsofts mistakes, true. I'd love to see them go out of business because MS had finally made a secure product. But that's not what MS are doing. Rather than making Windows secure, MS are making it difficult for the AV companies to operate. Sure, they're plugging Windows, but the wrong bits. It's not security, it's monopoly. We've seen this before.
In my opinion, the major "anti-virus" vendors are precisely the type of parasitical hanger-on that you DO NOT want on your computer in the first place. They use an unGodly amount of resources and greatly slow down the machine they're "protecting." They live merely because Microsoft has been unwilling/unable to write secure code. So now Microsoft is trying to fix that (rolling eyes) and these parasites are crying about unfair competition. Do you propose that the EU forces Microsoft to write less secure code in order to allow these companies to maintain their relevance? That seems rather foolish.
Let's use an analogy. Let's say I build an automobile and it's famous for having fuel injectors that clog up. People begin getting annoyed as the engine runs worse and worse until they get stuck on the side of the road. Along comes WidgetX. They invent a device that attaches to the engine end somehow "prevents" the problem. The downside is that the efficiency of the engine drops and you burn a LOT more gas, but your odds of getting stuck on the side of the road are greatly reduced. The next model year, the car company redesigns the engine so that the injectors no longer get clogged. WidgetX cries foul because now their product has become both unecessary and it has become obvious how wasteful of resources it was. So WidgetX demands the EU authorities to force the car company to go back to selling failure prone injectors instead of coming up with another innovation that actually helps consumers.
Call me crazy, but I don't see Microsoft as the "bad guy" here at all.....
I've never encountered a virus as terrible as Norton Antivirus.
Sure, Microsoft might kill Symantec with shady monopolism, but I think we should me more angry with the free market, which has kept these leeches alive for this long.
riddance.
Both of these products, and Norton too, piss me off to no end when trying to debug problems on my friends' computers. I would never install them on my own computer, and haven't needed anything like it in ages on any other operating system. Since I end up having to reinstall Windows ANYWAYS, I always just tell people not to worry so much about viruses. I just tell them, don't click something stupid, don't use IE, you'll be fine. It's just one more "fear factor" that is so abundant in people's lives these days. Viruses are the last thing anyone should be afraid of.
Anti-virus software is nothing but leeches on CPU time, memory, and network speed.
...tough luck. This time it is not a function unrelated to the OS that Microsoft is bullying the competition out of, but security of the OS itself. Security companies were spawned by MS' mistakes and they simply failed to grow healthy diverse business offering value other than compensating for MS' mistakes. Nobody is investing in them, some are histerically dabbling in spyware (or so I seem to remember reading somewhere sometime) and are generally about to crash and burn.
Symantec and McAfee will find new lines of business or fade away because they are selling products that shouldn't exist at all.
These products are based on identifying any of hundreds of thousands of programs and stopping them from executing—in an environment containing a few dozen programs the user actually wants to run. It's far easier to allow the few dozen and deny access to anything that isn't on this short list than to check everything against a very long and growing longer list of signatures and behaviours.
In the fullness of time, MS operating systems will fully implement Default Deny security, a path they have already started down; PatchGuard is part of it. When this is done, there will be nothing for anti-virus software to do.
I run my systems using just this part of F-Secure (Application Control enabled, everything else disabled) and the occasional scan. Same approach to browsers: all is forbidden unless expressly allowed. Scan results are always zero hits.
I look forward to the day when this is written into the OS code. Vista security is a good start.
I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
Unless we move to a trusted computing model where MS (or someone else) decides what can and can't run we'll need virus scanners. Why? Because an OS isn't broken when it does what you ask it to. If you are the system administrator and you order your computer to execute something, it can't second guess you. It's job is to run the software. If that software happens to be evil, well then that's your business. I mean I can send you a shell script that does "rm -rf ~" and if you are gullible enough to run it, well you just lost all your data. The OS can't defend against that.
Virus scanners, however, try to. A virus scanner is like a bouncer. It's got a list of know bad guys, and the good ones can tell if it's the same guy in a wig (heuristic scanning). A virus scanner will go and say "Hey boss, this file is probably bad, you should let me delete it."
Mcaffee and Symantec's problem isn't that viruses will go away. Unless we get an Orwellian TCPA/Palladium type setup they won't. The problem is their software sucks, is over priced, causes problems, and has much better alternatives. AVG is faster, does a better job scanning and costs less money. Why would I want to buy from Symantec?
If there is a monopoly (or even an oligopoly) on antivirus software you can bet on virus writers will test their software to make sure that it is undetected. Having a wide range of antivirus programs is essential or else pretty soon and the major AV software sucks compared to anything else. While people with Vista Home Edition will likely run the Windows AV Software, IT departments at corporations will most likely stick with Symantec and McAfee or whatever else they have.
Apples and oranges.
McAfee and Symantec are whining about 64Bit Vista. Kaspersky & co are talking about the 32bit version, which has no PatchGuard.
Of course this is all mostly academic. PatchGuard will ensure that 64bit Vista will be marginalized. Numerous apps will fail because of it - you only need a thing like DaemonTools not working, and big portion of MS home target market will drop the 64 bit version like a rotten fruit.
Control freaks running corporate envinroments will use 64bit, as will users that specifically need more than 4 gigs of ram. Rest won't. Major system builders won't put 64bit Vista as preinstalled, as it would generate a big pile of extra support calls for no tangible benefit.
Symantec and McAfee are pissed if they have to release their security products with 'wont work on 64bit vista' stickers. Especially if at the same time OneCare will work fine. It will imply inferiority, even if in the real world there is no difference, because home users won't adopt the 64bit version, at least not until major home apps start asking for more than 4 gigs of ram (and we're still at least 4-5 years away from that)
When you think about it, this ITSELF introduces another vulnerability. Another point of failure. Why bother exploiting the OS, when you can use the nice convenient path provided to you by the AV software? Everyone seems to forget this.
Microsoft gets bashed for their 'insecurity' and the moment they try and IMPROVE that, they get flamed, and people cry foul and start throwing around such words as 'monopoly', 'abuse', 'lock-out', and the tin-foil hatters come out of the woodwork and start bashing MS security, while somehow totally missing the absurdity in what they're saying!
Other AV companies have managed to adapt to the kernel lockouts, why can't Symantec and McAfee do the same? Instead, they'd rather keep their grubby paws hooked into the OS as deep as they can be, so that they can effectively hose a user's installation, then charge them $80 for phone support to resolve the issue.
People can't have it both ways. You have to give credit where credit is due. Windows One Care is not installed by default, it's a FOR PAY product (which totally differentiates it from IE vs All) that you have to buy IN ADDITION to the OS. Windows Defender is free, and protects against spyware, and comes pre-installed. While I don't particularly like that, it doesn't really bother me either. People install Yahoo Messenger, and it wants to install a Toolbar with Yahoo Anti-Spy. The same goes for Google, AIM, MSN(yes I know that's redundant), and a plethora of other IM options, and even just generic toolbars. Most ISPs now days 'give' you AV/AS to use. So Windows Defender doesn't bother me, there's already another 50 billion people trying to give me spyware protection (none of which I use, the standard Windows Firewall is quite sufficient for me thank you), so why not MS too?
I had the opportunity to participate in the beta for OneCare (wasn't hard, they offered it free, and I liked that idea, since people were inevitably going to ask me about it). I found it to have a rather large footprint, and be fairly slow. Given it's competition in the form of Symantec NIS, and McAfee's Internet Security Suite, and Trend Micro's Internet Security Suite, it's performance was roughly average. It wasn't as fast as TM, but was quicker than NIS and MIS in most cases. What struck me was only TM had a better detection scheme, and even then it was marginal (though I know a single thing getting through can mean the difference between being completely hosed, and being OK, never knowing how close you came to Virtual Armaggedon). MS One Care did a MUCH better job of catching/stopping spyware then all of them (Windows Defender gets lumped into One Care installs generally).
Think of these things from the USER'S perspective. NOT from YOUR perspective. For people who are WAAAAY non-tech savvy, One Care offers a one-stop-shop for performance tuning (uncomplicated), AV, and AS and Firewall protection. It's easier to use than NIS, WAAAY easier than MIS, and TM rounds out the list of being the least user friendly. Bottom line is this is just one more cool way to bash Microsoft for trying to improve things. Do you think they're using kernel hacks for One Care? Probably not right now, as people would LOVE to find a way to exploit One Care to compromise a machine. Will it remain that way? Probably not, because I see things getting into the kernel eventually, and requiring that the kernel be accessible, at least to be scanned and locked so that it can be replaced. But still, NO AV/AS program should EVER be hacked into the kernel. Period.
It opens up the doors for too many things. OneCare also doesn't bombard the user with useless popups and notifications like the others often do, which aids in hosing the system as they USER tells it to do something bad.
One Care is a LEGITIMATE software release by Microsoft, and not at all a surprise. What is surprising to me, is that it took THIS long for it to resurface.
That is all. Please return to your normal dailty activity.
people may one day speak of them in the way that we now speak reverently of the early builds of Netscape."
Probably because I was dual-booting Coherent unix the first half of the 90s, OS/2 the 2nd half of the '90s and linux now, I often feel like I'm the only person left in the world who can still feel a pure warm feeling for the 80s garage software that was the original McAffee.
Everybody else invariably seems to echo, "Die McAffee, Die! Die! Die!" Which I guess is OK with me since it's just been a corporate brand name for ages anyway.
I've done document generation for companies. PDF is extremely flexible, gives guaranteed layout and because it's open, you aren't using tools that have reverse engineered the format. You know the files are going to be readable. There are huge numbers of 3rd party tools for generating and processing PDFs.
The reason they don't want to open source is that Adobe Professional is how they make their money out of the open format. Give the format, encourage people to use it. They can write it, even with their own tools. Adobe make money because even though they've created a market, they make the best tools in that market.
There is no consumer market for an OS distribution that doesn't support DRM'd media play out of the box.
Apple understands this. Microsoft understands this. Linspire -- which has a modest presence in big box retail -- understands this.
The only one with his head still stuck in the sand is the Geek.
I could not believe this when it happened. I was totally amazed that any company would treat their customers this way and go unpunished by law:
A friend of mine allowed his Norton 2005 suite expire. It locked all his networking components completely, only allowing web connection to symantec.com to renew the subscription. (he could no longer see any other website, use the lan, or any ohter network functionality). At this point Norton could not be uninstalled, on uninstallation it protested that the subscription had expired and would not uninstall unless it was renewed. I could not believe this.
I recommended that he simply back up his data and wipe the sytem and start fresh and never install Norton again. Much to my disappointment he caved and renewed the subscription.
That was the final straw for me, previously I had seen Norton completely take over many systems and never uninstall completely etc. etc... but this took the cake - totally unbelieveable. From that day on I concluded that Norton ws the worst of all viruses, no other virus that I am aware of was capable of outright extortion and allowed by law to get away with it.
Norton (both Home and corporate editions) interfere severly with so many applications its not funny, if you install Norton on a system you might as well just fill the case with sulphuric acid, pour gasoline over it and set it on fire, it will be about the same usefulness.
I have always suspected that Norton was just a product developed by Peter Norton to exact revenge on his former employer (quite effectively I might add). Though Symantec continued the trend and took it to new heights. Sad, I remember when Symantec actually made useful software.
As for McAfee, They were fine up to version 6, as of version 7 they began to suffer from severe feature bloat and sad attempts at software firewalls.
The fact of the matter is that no AV software will ever protect a computer from dumb users and kids. They all want their iPod, their iTunes, their iThis and their iThat. If it has an "i" in front of it it must be cool and safe. The only way to allow the chronically stupid to use a computer without demolishing the OS is to run them in a VM or on a disk image restored on every login.
Bottom line: Norton is truly evil. I'd even say criminal. McAfee has never crossed that line, their product just degraded with time.
So to all those super-Antitrust-horny folks out there: get a life, and a clue, and some consistency, and some objectivitiy and...
Netscape lost the browser war partially due to Microsoft's tactics, and partially due to the quality (or lack of) in the product.
Symantec and McAfee have been releasing low-quality products for years. Even Symantec's corporate offerings have been questionable. Release after release gets buggier, slower, and less reliable. If Microsoft's offerings are even a little bit better, Microsoft should have no problem burying these two companies.
Frankly, Trend, Grisoft, Sophos, and Avast have been doing more damage to Symantec and McAfee than Microsoft has in the last few years.
-ted
MS has all those things in the works for Office 2007. They have a beta photo editing program...it's not photoshop, but it's getting good reviews comparable to "elements".... Not a good time to be Adobe after they hung those mac users out to dry with CS2 not showing up for intel macs yet.
Speaking of alternative solutions, there's another big difference between this and the netscape/explorer incident :
Several years passed between when the Netscape browser became b0rked beyond usefullness, and before new partical opensource solutions started to rise from the ashes like FireFox/IceWeasel.
This gave plenty of time for the "bundled with and good enough" explorer to gain market share.
In the current situation not only are there already several player with enterprise-wide contracts with big corps, but free-as-in-speech alternatives have already emerged, and those are already good for a lot of utilisation similar as Mozilla and FireFox were at their dawn (ClamAV is routinely used in mail servers), plus solutions to make them really great are being actively developped (built-in mail plugin, available browser plugin, embeding in opensource watchdogs, nice windows suite, etc)
In article similar to this one, Microsoft is praised with the way in which it managed to catchup in the internet field even if it was a late commer. But we all know how microsoft usually catches up : it's solution are often completly botched, bugged, under-performing. Explorer was getting used by a lot of people, but it mostly was a joke in term of security, stability and standarts.
For sure, Microsoft will try to get a similar monopoly on security. But we can be certain that their solution will, this time too, not be very effective or usefull, probably buggy, full of exploits itself, often circumvented by malware writer, and propably turned of by "wanna-be-power-users" because it slows down their computers (which are already falling under the load of viruses and spambots).
But this time, ClamAV, AVG, H+BDEV and Kaspersky will already be there to be promoted as a better solution by articles, just like now FireFox and Opera are promoted against IE's defects after years of IE dominance.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Well the the thing is, I and most people in the I.T. industry can't sympathize with symantec or mcaffee. In fact, quite frankly, we'd probably key their car if given the chance. They both produce annoying bloatware that attempts to notify the users of it's presence on every occasion possible.
That said, this is a stark reminder that Microsoft can bundle your company out of existence if you develop on their platform. They have done this in the past and they will do this again. I would be worried in several years if I was developing anything like OCR software (like TextBridge), speech recognition software (like ViaVoice) or other as-yet-unbundled mass market products. Because these will be bundled eventually.
They bundled I.E. and killed Netscape, bundled WMP and reduced most other media players and they added the "thumbnails" feature in Explorer (as well as Windows Picture and Fax Viewer) and killed a significant portion of the market for picture browsing software. So Microsoft has a track record (more extensive that this) in doing this.
But on the other hand the notion that Microsoft should never add anything to their O.S. if somebody already sells a product that has the feature is just crazy. I mean, their O.S. would never be able to add anything at all. By definition generally useful features would be prohibited from being added. Or Microsoft would have to come up with some kind of completely new software that was unimagined by any other software developer on earth. Furthermore, it would have to be solving a problem that no one ever perceived before - because those generally already have products out there (i.e. need to manage and view pictures, need to browse the Internet, need protection from viruses.)
Furthermore, most other O.S.es have bundled the same products as Microsoft. My Slackware CD came with several bundled solutions, I sure as hell would have a problem competing with any of them commercially. In fact every Linux distro I've ever used came with a tightly bundled web browser (Konquerer, Epiphany etc.) Much less so than Windows but it would still be very hard to write a successful commercial browser. Same thing with picture browsing software and media players.
Mac OSX bundles these features too. (i.e. Safari)
I guess the final solution is - if you write a program that solves a very common need it's functionality will eventually be bundled into operating systems. So make money from it quickly - if you can. And have eternal fear of MS if you develop for their platform. Because they can release your product for free - pre-installed - at any time.
You will still have a market, but it will be smaller and you'll have to keep on improving your product and you might even need to give it away free and find other ways to make money from it. For example FireFox, Picasa etc.
And this is a good thing for all O.S. users.
I have a theory that the truth is never told during the nine-to-five hours. - Hunter S. Thompson
Actually, every major AV product still relies on signature scanning for detection on client machines. You're right that observation on a honeypot or even VM sandbox is often used to characterize the behavior initially, but this is distinct from a roll-out of detection to the client, which is what I believe everyone's talking about here.
As for signature scanning going the way of the dodo, there are really only 3 choices at present: signature scanning, run in a VM sandbox, or try to detect heuristically without resorting to a VM. The last two are similar, but not identical.
There's already malware that won't run when inside a VM, so 'running in a virtual sandbox' provides no real solution. (And if someone suggests that we solve that by making it impossible to tell whether or not you're running in a VM -- which likely means processor changes -- think about what that will do to being able to detect a rootkit that loads your whole environment into a VM.)
If you take a look at AV-comparatives.org, heuristic scanners don't seem to do very well vs. signature based detection. The very best proactive (heuristic) detection of 'unknown' malware (viruses, trojans, worms, etc.) seems to run about 60%. The very best signature based detection seems to run around 99.9%. (Moreover, the rate of false positives with heuristic detection tends to be much higher.)
60% vs 99.9%? That's a big, big difference. Signature-based detection isn't going away anytime soon.
Warning, URLS lead to PDF's: See: http://www.av-comparatives.org/seiten/ergebnisse/Finally, I'm reasonably persuaded by Eugene Kaspersky's comments on this at http://www.kaspersky.com/eugenearticle Of course, he's slightly biased, his heuristic engine is weak compared to some, though still reasonably strong, and his company is fastest in the world at rolling out signature updates. But I think there's a lot to his argument, and I just don't see heuristic scanning closing the gap anytime soon. Holmwood