Slashdot Mirror
The Netscaping of Symantec and McAfee
rs232 writes to mention a C|Net article about the uncertain future of the popular anti-virus software companies. "I mention Netscape because, if you believe Symantec and McAfee, a similar situation is about to unfold within the security industry. Microsoft, again recognizing late that it had failed to seize upon this thing called security, is now about to bundle its own security solutions within Windows Vista and further enforce new security policies that lock out some third-party security solutions altogether. Vendors Symantec and McAfee have looked into the future and realized that people may one day speak of them in the way that we now speak reverently of the early builds of Netscape."
Netscape had a product, which filled in a need customers had: a web browser.
Symantect and McCafe are only parasites, leeching from Microsoft's -mistakes-. It was unevitable that Microsoft would one day try to fix those mistakes, and unlike things like Office Suites, it is Microsoft's -responsability- to fix this mistake, and it is a feature that SHOULD be part of an operating system (aka: security, though Microsoft's implementation is debatable).
Not only that, but McCafe's and Symantec's products are viruses of their own, doing unthinkable things to the operating system and screwing over their users: They are malwares. I, for one, HOPE these 2 companies die soon, or find a new business model.
Who speaks reverently of the early builds of Netscape? 2 and 3 weren't awful, but they weren't great either. And I think we all remember the abortion that was 4.
"Vendors Symantec and McAfee have looked into the future and realized that people may one day speak of them in the way that we now speak reverently of the early builds of Netscape."
Speak reverently of Symantec...... Bwahahahahaha
McAfee and Symantec exist because of problems that exist in the Windows code. They are concerned b/c Microsoft is releasing its own "security" software, which I agree with to a point, but they are also pissed off because MSFT is locking them out of the kernel (as they have been since x64's XP).
So b/c MSFT is actually doing some stuff to try and protect themselves from outside code (in addition to outside vendors) we're supposed to feel sorry for these people? Either revamp your products and find different stuff to fix or move along.
That or stop whining about MSFT locking you out of the kernel and concentrate on them selling software that "fixes" problems in their own buggy OS.
I stopped using Netscape as their "new and improved" releases became huge, very slow bloated with unneeded features that don't even belong in a browser (email? Use an email client!) and crashed all the time. (It took the Mozilla guys to do for free what Netscape engineers were paid to do and failed to do: make a nice version of that browser). McAfee, etc should not have to worry about this as long as they improve their products instead of turn them into unusable monsters.
Where were you when the voynix came?
Symantec's and McAffee's respective antivirus products are some of the buggiest software I've ever seen. The latest versions of both are awful memory hogs with questionable reliability and average detection rates. McAffee installs are widely known to 'go bad', resulting in cryptic error messages, failed updates, and vulnerable systems. There are threads upon threads in the Dell forums of users trying to ununstall McAffee off a brand new computer and failing.
As for Symantec, , I had a computer at work with a copy of Symantec Corporate AV 10.1 (the latest version) still installed after we chose to migrate away from it due to ever rising costs and poor support. I tried to uninstall it. The uninstaller crashed. Then, every time I tried to right click, it tried to reinstall itself. Yes, you read that right - Symantec's antivirus installs a handler that traps every right click within Explorer that runs a check to see if files are missing. After two hours on the phone with a Symantec rep who didn't know what they were talking about, I finally had it cleaned off the system.
What I'm trying to say, I suppose, is that the original Netscape, while not perfect software, had the right vision behind it. Symantec and McAffee don't. Both companies have gone downhill, and I'm absolutely sure it's for reasons completely unrelated to Vista's new kernel.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
It's fashionable to bash Symantec and McAfee and make ridiculous comparisons between them and viruses, but they're just companies meeting a demand for specific software. They are no more leaching off of microsoft than car-washes 'leech' off the auto-industry.
The OS is changing, and the nature of threats are changing. These companies started by writing software to protect against disk-to-disk threats, then file infectors, then worms, and so on. Each has changed their business model as the needs of the market have changed, and I'd be hesitant to casually write them off just yet.
The market will decide things in the end. Either the companies change and continue to meet customer demand, or they won't, and they'll fade away. My money is on smart people staying fresh and changing based on their past history.
The alternative is to essentially say "Netcraft confirms that security software companies are dead!", with just as much legitamacy.
When your company makes a single product, you cannot complain when that product is no longer relevant. They should have diversified when they had the capital to do so.
Also, Symantec and every other virus scanner makes use of non-approved APIs in win32. They were not documented, and not approved for the use that security companies gave them. Vista is finally removing deprecated APIs and replacing them with documented, hopefully bug-free versions. They have said numerous times in their blogs and elsewhere that they will help existing companies convert existing API calls into standard calls. Symantec et all are complaining because they make such liberal use of these APIs that they are facing a huge challenge to get their product on the market quickly, if at all.
Note that one-time file scanners will still work, e.g., what your e-mail client does with received messages. That can all run just fine in user space. The pervasiveness of anti virus clients, though, would require complete administrator access, something Microsoft has been trying to get rid of for every day use (as they should!). If you allow Anti virus software to run in administrator mode while in user mode, you also open the door to viruses easily being able to do the same.
Human activity and especially software in particular seem to follow a cycle of exploration and compaction phases. I remember when a disk defragmenter was an extra piece of software you bought (Blitzdisk on the Amiga). As time goes by, what used to be peripheral functions become part of the core operating system. This is a good thing. I expect a web browser, media player, word processors (even Notepad counts), and so on to be available immediately upon a fresh install. Microsoft is legitimately trying to improve their Windows product. They are improving their customer experience by folding new functions into the operating system such as anti-malware (or other nasties), and security (firewalls and such). This represents the compaction phase of the cycle preparing the way for the next exploration phase.
Shh.
...symantec in particular brings a system to its knees. Realtime scanning is a great idea IF it doesn't render your computer unusable. For obvious reasons you are forced to used the latest version, which just gets bigger and bigger and bigger. I've started dumping Symantec in favor of a daily clamwin scan. Not as good...but at least the computer is usable.
You do know that it is Microsoft's VISTA OS right? Can't they build in what they want? No One is FORCING anyone to buy Vista, the can buy MacOS or Download any version of Linux they want, Microsoft wrote the code, its theirs, if they want to lock out vendors, or increase or decrease security on a whim, they can, its theirs... doesn't anyone get this? If you don't like MS, choose some other vendors OS...
Symantec and McAfee are only in business because of Microsofts mistakes, true. I'd love to see them go out of business because MS had finally made a secure product. But that's not what MS are doing. Rather than making Windows secure, MS are making it difficult for the AV companies to operate. Sure, they're plugging Windows, but the wrong bits. It's not security, it's monopoly. We've seen this before.
In my opinion, the major "anti-virus" vendors are precisely the type of parasitical hanger-on that you DO NOT want on your computer in the first place. They use an unGodly amount of resources and greatly slow down the machine they're "protecting." They live merely because Microsoft has been unwilling/unable to write secure code. So now Microsoft is trying to fix that (rolling eyes) and these parasites are crying about unfair competition. Do you propose that the EU forces Microsoft to write less secure code in order to allow these companies to maintain their relevance? That seems rather foolish.
Let's use an analogy. Let's say I build an automobile and it's famous for having fuel injectors that clog up. People begin getting annoyed as the engine runs worse and worse until they get stuck on the side of the road. Along comes WidgetX. They invent a device that attaches to the engine end somehow "prevents" the problem. The downside is that the efficiency of the engine drops and you burn a LOT more gas, but your odds of getting stuck on the side of the road are greatly reduced. The next model year, the car company redesigns the engine so that the injectors no longer get clogged. WidgetX cries foul because now their product has become both unecessary and it has become obvious how wasteful of resources it was. So WidgetX demands the EU authorities to force the car company to go back to selling failure prone injectors instead of coming up with another innovation that actually helps consumers.
Call me crazy, but I don't see Microsoft as the "bad guy" here at all.....
Symantec and McAfee will find new lines of business or fade away because they are selling products that shouldn't exist at all.
These products are based on identifying any of hundreds of thousands of programs and stopping them from executing—in an environment containing a few dozen programs the user actually wants to run. It's far easier to allow the few dozen and deny access to anything that isn't on this short list than to check everything against a very long and growing longer list of signatures and behaviours.
In the fullness of time, MS operating systems will fully implement Default Deny security, a path they have already started down; PatchGuard is part of it. When this is done, there will be nothing for anti-virus software to do.
I run my systems using just this part of F-Secure (Application Control enabled, everything else disabled) and the occasional scan. Same approach to browsers: all is forbidden unless expressly allowed. Scan results are always zero hits.
I look forward to the day when this is written into the OS code. Vista security is a good start.
I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
IF you can get realtime scanning that doesn't slow you down. Try out AVG sometime. When I first got it, there was so little impact I was sure it wasn't doing anything. So I went and grabbed a virus to test it. Immediately, AVG threw up a red flag.
The threat to Symantec isn't MS making Windows unvirusable, that's not possible (barring trusted computing), the threat is that there are new AV companies that make good, fast, cheap products that beat the crap out of symantec's offerings. AVG and Kaspersky are two excellent choices. Also I hear lots of good things about Bitdefender though it leads to bluescreens on my (and other's) system.
If there is a monopoly (or even an oligopoly) on antivirus software you can bet on virus writers will test their software to make sure that it is undetected. Having a wide range of antivirus programs is essential or else pretty soon and the major AV software sucks compared to anything else. While people with Vista Home Edition will likely run the Windows AV Software, IT departments at corporations will most likely stick with Symantec and McAfee or whatever else they have.
Many companies don't seem to be bitching. Sophos announced they'll have a Vista compatible version out a couple weeks before Vista (their current version even works with realtime scanning, it just can't update or interact with the desktop). AVG has apparently been working with Vista since Beta 2 (I haven't tried it) and the 7.5 version is listed as Vista ready. Kaspersky Labs says "From what we have seen of Vista, we cannot tell that Microsoft is blocking access to the core."
So it seems that whatever the problem that Symantec and Mcafee are having, it's not universal to virus scanners. Seems more like they are lazy and don't want to do any rewriting whereas their competitors are on the stick.
Well a couple things you miss:
1) I can do the rm -rf / on Linux, I just need to get the user to give it admin access. When dealing with a clueless user, this is easy. Most viruses get in via stealth or social engineering. They either infect another file you want, or they pretend to be something you want. So the user goes to install the infected software and the system asks for root. Well they give it root, since they want it to install and don't take the time to consider if it should really need it. Virus gets on as root and does as it pleases. Watch the average user use a computer, they just answer yes to everything. They just want the computer to shut up and give them what they want, they never consider that these security warnings mean something.
Also FYI Vista does just as you suggest. You run dopriviledged and have to escalate.
2) Data is WAAAAY more important than system and apps to just about everyone. Whenever I get called in to do data recovery at $100/hour do you know what it is that the client wants? It's not their OS or their apps, no it's their data. That's all that matters. They won't pay that kind of money to get their OS back, a system restore disk does that. It's the data that despite being so valuable was never backed up that they want. Deleting a user's data is in every way as bad as blasting their whole system to them.
I mean think about it. Your data is what's unique and it's what really takes time. Right now if you were to hose my OS install completely I could be back up and fully running, apps and all in 3-4 hours. Inconvenient, but no big deal. However if you were to blast the big project I'm working on and all its backup copies. Shit, I'd be out at least 200 hours of work so far. My concern isn't that a disk might drop and I'd lose my system. Big deal I'll fix that. My concern is that my data might get corrupted/lost.
The idea that a computer is more important than the data is only true in a limited capacity on multi-user systems or servers or the like. Yes, if I run a webserver with 50 users I'd much rather 1 user lose their data than the server get waxed. However on a home computer that's used by 1 person the data and the computer are essentially synonymous. The computer's reason to be is to hold that person's data and let them use it. If the data goes, the computer is damn near worthless.
When you think about it, this ITSELF introduces another vulnerability. Another point of failure. Why bother exploiting the OS, when you can use the nice convenient path provided to you by the AV software? Everyone seems to forget this.
Microsoft gets bashed for their 'insecurity' and the moment they try and IMPROVE that, they get flamed, and people cry foul and start throwing around such words as 'monopoly', 'abuse', 'lock-out', and the tin-foil hatters come out of the woodwork and start bashing MS security, while somehow totally missing the absurdity in what they're saying!
Other AV companies have managed to adapt to the kernel lockouts, why can't Symantec and McAfee do the same? Instead, they'd rather keep their grubby paws hooked into the OS as deep as they can be, so that they can effectively hose a user's installation, then charge them $80 for phone support to resolve the issue.
People can't have it both ways. You have to give credit where credit is due. Windows One Care is not installed by default, it's a FOR PAY product (which totally differentiates it from IE vs All) that you have to buy IN ADDITION to the OS. Windows Defender is free, and protects against spyware, and comes pre-installed. While I don't particularly like that, it doesn't really bother me either. People install Yahoo Messenger, and it wants to install a Toolbar with Yahoo Anti-Spy. The same goes for Google, AIM, MSN(yes I know that's redundant), and a plethora of other IM options, and even just generic toolbars. Most ISPs now days 'give' you AV/AS to use. So Windows Defender doesn't bother me, there's already another 50 billion people trying to give me spyware protection (none of which I use, the standard Windows Firewall is quite sufficient for me thank you), so why not MS too?
I had the opportunity to participate in the beta for OneCare (wasn't hard, they offered it free, and I liked that idea, since people were inevitably going to ask me about it). I found it to have a rather large footprint, and be fairly slow. Given it's competition in the form of Symantec NIS, and McAfee's Internet Security Suite, and Trend Micro's Internet Security Suite, it's performance was roughly average. It wasn't as fast as TM, but was quicker than NIS and MIS in most cases. What struck me was only TM had a better detection scheme, and even then it was marginal (though I know a single thing getting through can mean the difference between being completely hosed, and being OK, never knowing how close you came to Virtual Armaggedon). MS One Care did a MUCH better job of catching/stopping spyware then all of them (Windows Defender gets lumped into One Care installs generally).
Think of these things from the USER'S perspective. NOT from YOUR perspective. For people who are WAAAAY non-tech savvy, One Care offers a one-stop-shop for performance tuning (uncomplicated), AV, and AS and Firewall protection. It's easier to use than NIS, WAAAY easier than MIS, and TM rounds out the list of being the least user friendly. Bottom line is this is just one more cool way to bash Microsoft for trying to improve things. Do you think they're using kernel hacks for One Care? Probably not right now, as people would LOVE to find a way to exploit One Care to compromise a machine. Will it remain that way? Probably not, because I see things getting into the kernel eventually, and requiring that the kernel be accessible, at least to be scanned and locked so that it can be replaced. But still, NO AV/AS program should EVER be hacked into the kernel. Period.
It opens up the doors for too many things. OneCare also doesn't bombard the user with useless popups and notifications like the others often do, which aids in hosing the system as they USER tells it to do something bad.
One Care is a LEGITIMATE software release by Microsoft, and not at all a surprise. What is surprising to me, is that it took THIS long for it to resurface.
That is all. Please return to your normal dailty activity.