Slashdot Mirror
Microsoft To Offer Free Anti-Virus Software
Dynamoo writes "The good news is that Microsoft have announced free anti-virus software for consumers, dubbed Morro, available late next year. The bad news is ... well, exactly the same. Although Microsoft's anti-malware products are pretty good, this move could drive many competitors out of business and create a dangerous security monoculture; major rivals will be lawyering up already. On the other hand, many malware infections could be prevented even by basic software. So is this going to be a good or bad thing overall?"
If it comes free with the OS it will drive away competitors because Joe-sixpack is
not going to spend any money to replace something he got for free, even if it sucks.
On the other hand, if any feature needs to be part of the OS is precisely a form of
protection against malware.
Come to think of it, if MS does a bad job of protecting PCs and drives away
competition on virus protection, maybe the company will finally implode and let other OSes
get a greater market-share.
Be very, very careful what you put into that head, because you will never, ever get it out. - Cardinal Wolsey
That's all I have to say.
http://www.zombieapocalypse.tv/
Does it run on Linux?
Microsoft has done enough to break backwards compatibility already. They should just go the whole hog and on their next iteration, do a ground-up security analysis and refactoring of their OS, instead of trying to prevent & remove malware that latches onto existing API problems that some software might use legitimately.
It wouldn't be impossible to give private sandboxes to "legacy" apps that don't use the new secure APIs.
I've used both Avast and AVG freeware products with good results. Zero infections over the last couple of years.
As a consumer, it sure would be nice to have the OS actually ship with something that keeps the naughty people out, but there are a number of freely available alternatives already.
http://www.avast.com/eng/download-avast-home.html
http://free.avg.com/
'course, if you use Linux then you can probably safely ignore the threat for now.
Cheers,
Microsoft has long had the strategy that "We don't need to do that... we are creating a rich fertile ground for third-party developers."
(Which of course brings up: if they create rich fertile soil, what does that make them? But I digress...)
Then, as Microsoft so famously does, it reverses its strategy and promises to partners, when it becomes convenient for them.
The free products are probably better anyway. Sorry, Microsoft, but you are reduced to catering only to fools. Admittedly, that is a rather large market.
There are already a handful of free options available (AVG, Avast, etc), and they haven't stopped Symantec from raking in the bucks.
I know they are not making their O/S's more secure, but isn't anything they do to reduce malware a good thing. Aren't these other companies only existent because of Microsoft's poor quality in the fist place?
1) Find a company that make a product with a defect
2) Make a process for improving the flaw
3) Sue when they try to fix the flaw
4) Profit for life?
That reminds me, I need to put duct tape over all the rust on my car. Thing should hold up like a champ!
From Wikipedia :
Built initially in 1589 in response to raids on Havana harbor, el Morro protected the mouth of the harbor with a chain being strung out across the to the fort at La Punta. It first saw action in the 1762 British expedition against Cuba when Lord Albemarle landed in Cojimar and attacked the fort defended by Luis Vicente de Velasco e Isla from its rear. It fell because the English could command the high ground
@neonux
As soon as you provide users who won't click on somefamouspersonnaked.exe. Let's not lie to ourselves and say that if we put the same dumb users in front of say an Ubuntu install that they wouldn't click on somefamouspersonnaked.deb or something. They'd give sudo their password too.
Bring the users who won't do shit like that, adn then we will all have software that doesn't need anti-virus.
The antivirus market is, as everyone knows, the most FUD-filled part of the security industry. The effectiveness of different antivirus products is largely anecdotal, and shifts rapidly because of the arms race between virus writers and antivirus manufacturers. As it stands now, even "expert" end user cannot ascertain the relative effectiveness of the suites, and because antivirus products are still heuristics-based with a few "depacker" routines built in, they only catch the really obvious fish. (One funny thing with this is, if you pack an executable with a common yet relatively complicated packer, say "redeye", it'l get caught, but if you just jump in and jumble up the instructions with a debugger you can make it "invisible" easily). Because of this reliance on FUD to sell, and because there *is* already fierce competition in the antivirus market, maybe this won't change much, unless MS locks other vendors out somehow. Or will it be a different form of competition, because of the now-asymmetrical playing field? MS has an advantage in that they have access to the code and people who wrote the code, and designed the OS architecture.
2. It will be a basic virus scanner and will probably not replace NOD32 or another fully featured scanner.
3. Webroot seems to be doing just fine even though Windows Defender has been around for a few years now. Same for Spybot, Ad-Aware, and any number of other apps.
4. Compounded with #3, Microsoft Antivirus will be entering a well established field with plenty of household name competitors. Norton and McAffee are well known names that most consumers know and will probably opt for (quality of software notwithstanding).
5. Many smaller firms (Kaspersky comes to mind) have consumers as their small-fry and make their big bucks off volume licenses. It appears that Morro isn't competing here.
6. Whether accurate or not, perception or reality, many people consider Microsoft Security Solutions to be an oxymoron. So long as it can be uninstalled, people will be free to add their own antivirus software (see point #4).
Joey
That is if it works. Windows defender, in my experience, does not work nearly well enough. I have it on my MS Windows computers because it is installed by default by MS. I still run spybot to actually protect the machine. My fear is that MS is not going to that good of a job, but people are going to feel that the MS protection is enough, and not lay in that second line of defense. Maybe the company that built all the security holes is the best to build the defense against them. Maybe not.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Presumably this will only be for Windows 7 as it is to be released around that time too.
Anti-virus really shouldn't be needed (Obligatory XKCD), but if they are going to offer the updates for free as well, that could be a good thing.
It could also be a very bad thing, since it would lead to a near monoculture of OS+antivirus, so you only have to crack one platform and the associated antivirus to write a virus, and don't really have to worry about other antivirus software products.
Antivirus is "enumerate the bad" which generally doesn't work well, instead of having a whitelist of acceptable software.
If I have nothing to hide, don't search me
The opportunities for humor start here and go on forever. I guess we might as well start:
"My God! Its full of fails!" "Like buying antibiotics from the hooker." "TrunkMonkey equipped with chair." "Would you like Warez with that?" "Antivirus vendors: Oooh. That's what 'gold partner' means!" "Hi, I'm a Mac ... and I'm a PC (achoo)." Good Lord this stuff writes itself. Hold on while I microwave some popcorn.
Help stamp out iliturcy.
Well a virus is an irritating program that eats up resources, making your computer unstable, interfering with hardware, replicates and repairs itself when you attempt to delete it, and drives you insane.
The sad thing is, a lot of system-tray startup software that insists on self-installing does the same things too. No acrobat, i don't need to be running all the time. You listening, Apple? Heck, a lot of AVG software bogs down the system so much I'm wondering if the cure is worse than the disease.
There are two issues here. Will it really change business for the companies who already give away their home use software for free - ie. the ones who make their money on business solutions? I doubt most businesses would be content with whatever MS offers up. Second, will people trust MS, a company who makes wildly insecure software, to provide anti-virus software??
It's free. If ANY other company (Apple, HP, anyone) decided they were going to release free antivirus software, anti-malware, blah blah blah, it'd probably be a good thing. MS does it and it can't be good, they're just fixing their own software, it is their own fault to begin with, etc. One would think we'd have gotten at least more creative at blasting MS.
On a more constructive note, it doesn't matter if MS ships it free with Windows. IE ships free with Windows, Safari ships free with Mac, Konqueror ships free, etc. The user that doesn't know any better to begin with is not going to go out and look for the best (out of 25) anti-virus and anti-malware solution possible. The user that doesn't know any better will use what Windows comes with. So what's wrong with MS providing free software with it's own product? Nobody seems to gripe about Konqueror being default in KDE, even though I presonally dislike it as a web browser.
Now, if they do other shady things like make it hard to uninstall, or whatever, that's different. But "free anti-virus software" and "shipped with Windows" in the same sentence doesn't mean we should get out a Gates-shaped guillotine.
Driving out the big players in the commercial antivirus market will do consumers a world of good. If you've had to use a computer infected with Norton or Symantec antivirus anytime in the past few years you'll know what I mean.
Make it a feature of the OS that it will flag trojans and malware. Nothing to install or configure, it just does it. Virus signature updates just get installed transparently via Windows Updates. Savvy users can opt-out, just like they can with UAC and Windows Firewall. If anyone does need "extra-strength protection", they can go ahead and install whatever they like.
As to the wider issue of anti-trust; you can't complain that the OS is insecure, and then complain that steps MS takes to secure it are an abuse of their monopoly power.
This might even work well enough that botnets will dwindle as systems become more secure. The only people who might lose, are AV companies. Tough. You're not *entitled* to the AV market. And I've seen enough pushy sales tactics and ineffective programs *cough*Nortons*cough* to have little sympathy.
MS releasing free A/V software... again? Wasn't Windows Defender "anti-virus" software?
And what to you do when someone finds and exploits a security hole in what many users will use as their sole means of computer protection?
I've got a bad feeling about this...
Anybody want my mod points?
It's obvious why they are offering / integrating an AV product.
... requiring an antivirus? since windows 3.1? Windows 95?
But it's been how many years now that they've really had the reputation for
Why are they doing this now? Did they just now get the guts to roll out an AV since the whole integrated IE issue? What was the trigger point, really? How long have they been working on it? Are they giving up on the likes of AVG, Avast, Norton and McAfee? (I know I gave up on the latter 2 back in 2000, 2001, personally)
Is it because they think they can do it better? Are they realizing that Norton and McAfee are CRIPPLING their operating system, giving them an even worse reputation?
I guess it ISN'T so obvious why.
Like many slashdotters, I'm "The Guy" people come to and ask questions like "Which Antivirus should I use? Why is my cupholder broken? Can you help me dust off my 386 and put it on the interwebs? Why is XP slow when I have 64 megs of ram on my celeron 233?" I need to know why MS is doing this and if it is any good.
Flappinbooger isn't my real name
Well, if MS doesn't include their AV software with the OS, the situation will be different. Users will still have to pick a product, and not just use the default one.
Also, I can't really feel to sorry for the AV providers. For years, people have been clamoring for Microsoft to improve security. They tried some fundamental architecture changes with Vista, knowing it would break backwards compatibility. That's what everyone wanted, right? Well, turns out it was a huge PR shit-storm. Now they are creating some free AV software; as long as it's not included with the OS, I hope all lawsuits against it fail. If we are going to start suing companies for providing good, free software, then I personally am starting a lawsuit against the Mozilla corporation. If you build a business plan on repairing another company's inadequacies, you're going to have to deal with the reality that that company might fix those problems itself.
Woah oh oh... Nothing. Is free. At all. Ever. If this moves even a tiny % of people away from buying a mac or installing Linux then MS has made their profit.
The eternal struggle of good vs. evil begins within one's self.
Mr. Obama: "And now Mr. Ballmer, let me show you my fully armed antitrust division."
AV companies: "I can haz bailout?" Paulson: "No can haz. Not yours."
But will there be a Linux version?
Of course it requires WGA. Why wouldn't it require WGA?
Somebody stop me please.
Help stamp out iliturcy.
What you speak of is known as The Dancing Bunny problem which as someone who has worked nearly 15 years in PC repair I can say is all too true. I had a buddy working corporate when Melissa hit and he said several PHB middle managers got MAD when he told them they couldn't have their attachment from that Melissa girl. He said he finally had to tell them "Go tell the boss you want to run Melissa and see what HE says". So never underestimate the incredible stupidity a user is capable of when they think there is a dancing bunny waiting for them. You should really read the link on the dancing bunnies. It is SO true!
ACs don't waste your time replying, your posts are never seen by me.
The reasons why antivirus software exists is because Microsoft software security uniformly sucks, almost all software for the platform is pathetically vulnerable to exploitation and people don't patch it - mostly because the patches themselves are often toxic and because the patching system is so archaic every program needs its own update monitor and installer, each with permission to update software on the box and each subject to its own vulnerabilities. People also don't patch because many of them are using pirated windows or other software and are leery of getting the WGA virus, so they don't patch and become a persistent blight on the global network.
Microsoft making an antivirus isn't going to solve any of these problems, and Microsoft making the quality of antivirus software that matches their anti-malicious software effort will make things worse. It will, however, drive yet another category of software partner out of business. It's good to have goals, I guess.
Help stamp out iliturcy.
If you think AVG is bad install NortonAV. You I've never EVER seen a computer with worse virus problems then the resource hogging that AV does. I've cleaned 500+ infected machines and NOT a single one was as screwed up as just installing norton. If you use FF you don't get popups from the virus anyways. The only real problem is if the pc is added to a botnet. I'd only recomend norton to the worst 1 of 30 users. I mean they'd have to be dling kiddie porn labeled as pron.jpg.exe through IE 1.0 while uninstalling windows patches and opening every attatchment they find while shitting on hackers. (Having worked tech support yes i do believe 1 in 30 people are that stupid)
No acrobat, i don't need to be running all the time. You listening, Apple?
Apple might be listening, but it's unlikely they can do anything about Adobe Acrobat starting when you log in to Microsoft Windows.
Look, I did OS/2 support back in the day, and there was quite a lot of concern that we'd never be able to convince the user to click "Shut down" prior to turning off his machine "Because you don't have to do that in Windows." Then Microsoft rolls it out and all of a sudden everyone is used to it, pretty much overnight.
They could have pushed separate administrative accounts early on. They could have chosen to break some ancient programs to fix architectural problems. They could have paused to consider the implications prior to developing Internet Explorer. The end user may not have liked it but what were they going to do? Run OS/2?
Sure, there are going to always be users who fall for the tricks, but Microsoft doesn't have to make it easy for the bad guys. They spawned an entire goddamn industry revolving around addressing their security problems, and that industry doesn't really do that good a job at it. I don't really expect Microsoft to, either.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The cure, of course, would be to use an OS that was designed with security in mind, and patched as quickly as possible when a security vulnerability turned up. Anti-virus software isn't a cure, it's a band aid, and it's always going to be at least one step behind the black hats. There's no way it can work, let alone be effective, without using up system resources, and from what I gather, getting more bloated, more of a resource hog and less effective as time goes on. I say I hear, because I don't use anti-virus software, I use Linux and as long as The Year Of The Linux Desktop never comes, I'll never need to worry about getting infected.
Good, inexpensive web hosting
No, they were pegged because of this: for a while, Internet Explorer was actually part of the operating system. Many parts of windows would simply NOT function if you removed Internet Explorer. The core of IE is also used in many places by MS products, including Windows Help for example. Basically, they bullied their way into the browser market by forcing everyone who had Windows to have IE on their computers. The case has been settled, unfortunately.
does it detect Vista as a virus?
I don't believe in trusting the wolves to guard the sheep.
Why would anyone sane trust the company that either a) couldn't be bothered to fix exploits, or b) doesn't have the smarts to find the exploits, to protect them?
If Microsoft can afford to find these exploits and block them using their AV product, why can't they just patch the OS? It could be the deafening sound of greed... or some other, more mundane reason.
But my basic question stands: if they can do this in AV, why can't they do it in their OS?
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
MS providing a free AV solution will put pricing pressure on 3rd party providers and add some competition.
A decent basic malware package (AV and spyware -- not a security suite) should not cost more than $15 to buy and $10-$15 a year subscription
Its not the years, its the mileage
It's a good idea. sure Symantec, McAfee, and the rest are going to lose some business - I doubt it'll be a big enough dent to notice. Folks that will rely on the microsoft offering will be the same people that rely on Defender for malware prevention. Those slightly more technology minded will identify the need for something more robust.
Chalk my vote up in the "its better than shipping it with a trialware sales pitch for some other crap" column.
cout >> "I have no patience to program anything useful and I hate having to write code";
You're right about this one, because you got the operator wrong: :)
cout << "I have no patience to program anything useful and I hate having to write code";
I guess I was wrong in the first place
Let me see if I get this correctly.
MS has supplied bad code for so long that an entire market has evolved around keeping that creaky wagon a bit safe. A bit like some dominant car manufacturer supplying cars without brakes, thus creating a whole aftersales market for brakes, parachutes, airbags and wall padding..
In other words, NO track record whatsoever (nil, nada, zilch) of writing anything that actually fixes the problem they have created themselves (which figures, if they ever fixed the OS properly they would no longer be selling hope - that's the whole Vista vs XP problem), and someone is supposed to trust THEM to get it right? I bet there are plans to charge for this "feature" as well at some stage.
(shakes head in disbelief that people continue to fall for this)
Insert
Next OS release will finally be patched. There. Fixed that for ya.
Seriously though, how can the AV vendors have any leg to stand on? Whatever happened to that suit the makers of patches for inner tubes brought against the tire companies when tubeless tires were introduced?
As for this creating a security monoculture, and for that having an impact, then AV companies will just re-emerge.
Sorry. I have a hard time shedding any tears for AV companies. I don't run AV, it just slows down your machine. I'm vigilant, and have occasionally had to manually remove infections over the years. It's high time MS itself addressed the issue. If there's anything wrong it's the way they're doing it.
Instead of presenting their solution as AV software, they should present it as better control over the installation and running of executable code. That's all infection really is anyway--the undesired modification or introduction of executable code. If you can control that, you have solved the AV problem. The challenge is that there are so many legitimate executables, DLLs, processes, threads, etc. on a box that it's information overload even for technical users. Some of the solution's I've had in mind are a bit too much for a /. post.
DEP was a step in the right direction. I've seen it in action a couple times now.
Bottom line though, is that AV should have been nipped in the bud long before AV companies became so big. I mean, not just one, but a whole category of companies based on fixing a fundamental flaw in another company's software. I mean, just... wow.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
This is like the cigarette companies selling cancer treatments.
Participatory Governance : The only feasible option for a real democracy, where everyone really does have a say.
Because if they don't, it takes away a perceived level of control from the user, and users like at least having the feeling that they're in control.
Also there are often false positives, and it would be extremely annoying to be unable to install something useful because it's mistakenly detected as a virus.
From the perspective of malware authors tho, microsoft taking over the anti malware market and driving all the other competitors out of business is the best possible outcome. You now only have one anti malware program to test your malware with (ie ensure it doesn't get detected) and one anti malware program that your malware needs to disable.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
A side effect of this will be that MS will be able to readily identify where license numbers are being used more than once. If they take the opportunity to remotely shut down ''illegal'' PCs, the whole exercise might make them money.
I wonder if they will do an Apple and disable s/ware that they don't like (pronounce as malware) -- because it competes with some MS s/ware.
Second time is the charm anyone, or are most of you too young to remember them giving it away before?
They consistently test near the bottom third of all the malware test suites I've ever read about.
Windows Defender in particular irritates the crap out of me because it reports tons of "suspected software" in the Windows event logs without being able to do anything about it - either shutting off the spurious messages or specifying that the software is safe. It's pathetic. It also detects things like Adobe's crappy License Manager creating bogus "services" repeatedly.
Use Spyware Terminator or SuperAntispyware instead of Windows Defender and use a decent brand name AV instead of anything Microsoft might sell OR give away free.
The only advantage to a free Microsoft product is that the company idiots who don't run AV because they're too cheap might actually use it. I've got one small business client I had to put Comodo AV on their machines - even thought Comodo detection rates suck - because they're just too cheap to pay for Kaspersky or Avast.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!