Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Offer Free Anti-Virus Software

Posted by kdawson on from the another-industry-done-gone dept.

Dynamoo writes "The good news is that Microsoft have announced free anti-virus software for consumers, dubbed Morro, available late next year. The bad news is ... well, exactly the same. Although Microsoft's anti-malware products are pretty good, this move could drive many competitors out of business and create a dangerous security monoculture; major rivals will be lawyering up already. On the other hand, many malware infections could be prevented even by basic software. So is this going to be a good or bad thing overall?"

31 of 448 comments (clear)

  1. re Hard to decide ... by jelizondo · · Score: 5, Interesting

    If it comes free with the OS it will drive away competitors because Joe-sixpack is
    not going to spend any money to replace something he got for free, even if it sucks.

    On the other hand, if any feature needs to be part of the OS is precisely a form of
    protection against malware.

    Come to think of it, if MS does a bad job of protecting PCs and drives away
    competition on virus protection, maybe the company will finally implode and let other OSes
    get a greater market-share.

    --
    Be very, very careful what you put into that head, because you will never, ever get it out. - Cardinal Wolsey
    1. Re:re Hard to decide ... by dnoyeb · · Score: 5, Interesting

      Its illogical. How can you produce a product that attacks things attempting to exploit your holes when you have the ability to patch the holes?

      If they sold it, it would be a conflict of interest.

    2. Re:re Hard to decide ... by mazarin5 · · Score: 4, Insightful

      It would be a very difficult stretch for MS to sell an anti-virus program for Windows. That would be like selling defective car tires, and then charging extra for the patches.

      I don't think that most AV vendors have to worry though; Microsoft's AV division is likely to be as good at plugging security holes and patching exploitable bugs as the rest of the company.

      --
      Fnord.
    3. Re:re Hard to decide ... by 99BottlesOfBeerInMyF · · Score: 4, Insightful

      If it comes free with the OS it will drive away competitors because Joe-sixpack is not going to spend any money to replace something he got for free, even if it sucks.

      Agreed. If there were to be real competition for OS's then consumers could choose the OS with the best anti-virus and we'd still have competition. Right now, that is not the case though.

      On the other hand, if any feature needs to be part of the OS is precisely a form of protection against malware.

      Again, I agree that the technology needs to be there, but not necessarily the data. If the DOJ had a clue they'd see this as an antitrust issue and order Microsoft to implement the technology, but open up the whitelist, blacklist, and detection heuristics as an open spec and then require MS sell their service separate from the OS and on even ground with any other company that wanted to compete. Hell, require the data feed to be an open standard so Macs and Linux could implement it and plug in to the same anti-virus blacklist feeds and we'd have some real progress in the industry, for a change.

    4. Re:re Hard to decide ... by Sancho · · Score: 4, Insightful

      Antivirus guards against trojans, too. Not much Microsoft can do to patch if the user is insistent upon running that program (i.e. the security hole is in the meat), but a whole lot of them will sit up and take notice if their antivirus pops up and warns them away.

    5. Re:re Hard to decide ... by quanticle · · Score: 4, Interesting

      but a whole lot of them will sit up and take notice if their antivirus pops up and warns them away.

      You'd think so, but that's simply not the case. In my time as a PC tech. I saw all too many PCs where the user had clicked on something, seen repeated antivirus/anti-spyware warnings and still continued with the installation. Basically, it comes down to an issue of trust. People distrust their antivirus as much as they distrust the random crapware they download from the Internet. So, when the antivirus pops up and tells them, "Hey, this software is going to bring along a virus," they feel safe in ignoring it, since they've seen all too many false alarms for other things (like tracking cookies).

      --
      We all know what to do, but we don't know how to get re-elected once we have done it
    6. Re:re Hard to decide ... by Sancho · · Score: 4, Insightful

      Well, I said a lot, not all. Remember, as a PC tech, you've got a locality bias. You're seeing a lot of people whose PCs were infected. The ones who practice safe computing probably don't come in as much.

    7. Re:re Hard to decide ... by Darkness404 · · Score: 5, Insightful

      In the pre-Vista age perhaps, but with UAC and the paranoid level of dialogues in browsers needed to get anything done, Joe Sixpack is going to just click allow, even if that means he has to pay $300 to get his box repaired by the Geek Squad. The problem is, by increasing the amount of warnings, the less likely anyone is going to care about them.

      --
      Taxation is legalized theft, no more, no less.
    8. Re:re Hard to decide ... by martin-boundary · · Score: 4, Funny

      The ones who practice safe computing probably don't come in as much.

      Yeah, they probably even use Linux. Savages.

    9. Re:re Hard to decide ... by 99BottlesOfBeerInMyF · · Score: 4, Insightful

      Why does everyone seem to think Windows somehow allows malware due to 'holes' in the OS?

      Because, statistically speaking, malware running is the result of holes in the OS and most infections are worms that run with no user interaction at all. The malware you describe is called a trojan and, while a serious problem, is still not the most common type of malware infection (note there are more trojans than worms, but each trojan hits a much smaller number of systems).

    10. Re:re Hard to decide ... by Anonymous Coward · · Score: 5, Insightful

      > Why does everyone seem to think Windows somehow allows malware due to 'holes' in the OS? Malware isn't any different to normal software from the OS' perspective. If you can write legitimate software than can send an email, or download an image and display it to the user, then you can write 'malware' that can send spam or display advertisements.

      Windows think. Installing software can indeed be made totally different to normal software from the OS perspective.

      Windows will just blindly and happily execute anything it thinks it has been requested to execute.

      On Linux or BSD, files aren't executable by default. The OS just won't run them. Any attempt to make a file executable requires a local user to manually enter a password. Hence, if a user is asked for a password ... especially the administrator password ... they are immediately alerted ... "hang on a minute, I wasn't trying to install anything just then, or make a change to the system". Having to enter a password is like waving a great big red warning flag. "Whoop, whoop, install happening!! Attention, attention ... did you mean this?"

      Amongst Windows users (being used to the complete lack of concepts such as these), Windows' complete lack of adequate security is often confused for security being impossible to achieve.

      Windows think. Its everywhere.

    11. Re:re Hard to decide ... by blueZ3 · · Score: 5, Insightful

      On many fronts, the malware situation on Windows is the OS's fault.

      First, OS files should not be writable by random executables on the system. Period. The idea that bobs_your_uncle_32.exe, installed on a user account, runs as a superuser and can modify important system files is completely idiotic. The inability of Microsoft to implement a basic separation between privilege levels is the root of the problem (pun intended)--and they don't get to weasel out of it by saying "you COULD run/install software as a local user" because their FUBAR'd implementation meant that wasn't a realistic option.

      Secondly, a lot of malware installation has historically been the result of stupid things that Microsoft did to be "helpful"--like automatically executing scripts in Outlook's preview pane. Or the idea that installation of software should be "silent"--where a program can be downloaded and installed without any user interaction. Brilliant.

      Microsoft has made (some small) improvements in these areas. But they're not off the hook by any means.

      --
      Interested in a Flash-based MAME front end? Visit mame.danzbb.com
    12. Re:re Hard to decide ... by 99BottlesOfBeerInMyF · · Score: 5, Insightful

      What monopoly? Last time I checked Mac and Linux existed.

      You obviously don't understand what MS's market for desktop OS's is. They sell very few of them as boxed copies to individuals. They have a small market selling site licenses to corporations, but by far their largest market is computer OEMs like Dell. So if you were running Dell, would you license OS X to run on the computers you sell? Nope, because Apple isn't selling them. Hence, OS X and Macs are not a valid competitor. Would you pre-install Linux? Well maybe, but it is not a valid competitor in most cases because of software lock-ins. It has basically no market share and certainly not enough to affect whether or not MS has enough market share to unduly influence other markets (70% is the amount regulators start looking hard at). Generally, if the closest thing you can find to a competitor is a product developed by hobbyists disgusted with having no choices and given away for free... well that's a bloody good sign there is a monopoly at work.

      MS has a virtual monopoly by merit of being the most used but that's not the same as an actual monopoly. As long as other choices exist any monopoly argument falls apart.

      Legally and economically, you don't have to be the only option to wield undue influence in markets and undermine the benefits of capitalism. You're not going to find any reputable economists not being paid by MS who claim MS does not wield monopoly influence in the desktop OS market and MS has, in fact, been found to have such influence by the US courts, the EU courts, and several other nations. Sorry, but at this point the argument that MS doesn't have a monopoly can only be the result of burying your head in the sand. What, do you think it's all some sort of global conspiracy of lawyers, judges, and economists?

      More akin to there being 3 power companies and one following the practices you describe while the others don't, and people just being too lazy, stupid, or in the dark to switch to another company.

      Not at all. The analogy holds up very well. MS is the power distribution monopoly in your geographic location. Apple is the guy who sells solar cells and windmills and fuel cell generators which cost a bundle but are economic for some uses in some locations over the very long term and prevent you from having to deal with the power distribution company (but do not distribute power themselves). Linux is the guy who drives a big truck full of car batteries to the nearest power plant, pays to charge them all up, then drives back home and hooks them up to run his house for another couple of days. They are alternatives that allow one to avoid MS, but not much in the way of actual competitors in the same market.

    13. Re:re Hard to decide ... by rrohbeck · · Score: 4, Insightful

      That would mean that all legacy SW, including MS's own, would stop working. They all rely on being able to write all over the system. And without backwards compatibility, what's the impetus to stay with Windows?
      Backwards compatibility is why they needed something as screwy as UAC.

      --
      thegodmovie.com - watch it
    14. Re:re Hard to decide ... by Anonymous Coward · · Score: 4, Insightful

      Don't forget the ones who click on misleading popups that say "You may have a virus", thereby installing malware.

    15. Re:re Hard to decide ... by rts008 · · Score: 4, Insightful

      "Now I ask you, is any of the above something a normal user (without administrative rights) should be able to do?"

      Emphatic NO!

      I do not know anything about Vista first-hand. I have info from my co-worker(he said that it is 'different' from XP,sort of, but overall not bad-seems to like it a little better than XP, but dislikes some changes. I had previously set him up with Kubuntu 8.04, and he has become partial to that over Xp or Vista, but still dual boots with more time spent in Kubuntu than Vista.), and what I 'hear' here and elsewhere on the internet.

      I understand(from above info) that Vista is a positive step forward for MS on the security front, and can only applaud that-diminishing malware is a GOOD thing no matter which OS someone is using.

      Having said that, I do have to admit(from personal experience as a PC tech, and as a self-employed in spare time 'Window' cleaner and tuner-upper, that MS has inadvertently 'trained' users to click on the 'allow' button on pop-ups during upgrafes/installs/changes since at least the Win95 days to 'just get stuff done'.

      "I wish this myth would die."

      Good luck with that.
      I have been wishing the same for the '*nix is too hard to learn for a n00b'* meme that even pops up here on /., but I don't hold my breath. I suggest you don't either.

      Your list seems accurate to me, and I have to agree with you.
      We should be more objective here, but it seems that religion/politics/OS discussions seem to bring out the trolls and flamers.
      Loyalty for what you believe in(human nature-at the risk of an off-topic thread/flamefest) is deeply embedded here.

      *disclaimer: I have been 'anti-MS since the whole WGA implementation' days when I switched to *nix, but I agree with everything you said.

      --
      Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
    16. Re:re Hard to decide ... by Anonymous Coward · · Score: 5, Interesting

      It is much worse... I got a trojan on my system, a Net Devil, roll-your-own type. Before I went to uninstall it, I debugged it and got the ICQ account details. I used the credentials to log into the account and changed the password. I watched as the victim IP addresses poured in! To investigate, I downloaded the client half of Net Devil and connected to a few victims. Total access!

      Screen capture, key logger, executable, download, upload, you name it! It had a feature to send popup messages that I used to tell the victim they had a virus and they should take steps immediately to remove it. Some would unplug their computers immediately, while others would just click OK and keep going. I would send another message like "No really! You have a virus!" and they still just pressed OK and just kept typing their IM. Of course, it usually got their attention when I opened 30 message dialogs in a row. The most effective way I got their attention was to turn their graphics upside-down and open their CD/DVD tray :) Nothing like a ghost in the machine to wake them up.

      • Other variations:
      • launch winamp and crank up the volume
      • same, but use a pr0n clip from their stash
      • (most sinister) activating their webcam
      • (silent, yet dreadful) the keylogger

      It had an option to remove the trojan from the host, so I cleaned up a few, but the IP addresses kept flowing in worldwide (esp. France?) and it was rather depressing trying to help users that pretty much ignored anything but the blatant scare tactics.

    17. Re:re Hard to decide ... by bill_kress · · Score: 4, Insightful

      How did you get the ICQ password? If it was used by the trojan to log into an ICQ account and send messages, then after you changed it no other clients would have been able to send messages.

      It's a good story, but smells a little fishy right there...

  2. About bloody time by jaxtherat · · Score: 4, Insightful

    That's all I have to say.

    --
    http://www.zombieapocalypse.tv/
  3. Yeah, but by NoStrings · · Score: 5, Funny

    Does it run on Linux?

  4. Security vs backwards compatibility by White+Flame · · Score: 4, Interesting

    Microsoft has done enough to break backwards compatibility already. They should just go the whole hog and on their next iteration, do a ground-up security analysis and refactoring of their OS, instead of trying to prevent & remove malware that latches onto existing API problems that some software might use legitimately.

    It wouldn't be impossible to give private sandboxes to "legacy" apps that don't use the new secure APIs.

    1. Re:Security vs backwards compatibility by Nico3d3 · · Score: 4, Interesting

      Couldn't have used better words to describe what I was thinking. Instead of reusing and unsecured platform for every new Windows version, why not start something completly from scratch like Apple did. We were able to use the Classic environnement in OS X when we needed old app compatibility and it didn't cause any security concerns because the OS9 program were running in a sandbox. The Classic environnement disappeared in OS X Leopard but, we can still use Sheepsaver emulator if we really need OS9. It wouldn't be the first time they copy Apple anyway ;-)

  5. My thanks by cyrus0 · · Score: 5, Funny

    That reminds me, I need to put duct tape over all the rust on my car. Thing should hold up like a champ!

  6. Re:Oh Yeah? by Anonymous Coward · · Score: 4, Insightful

    As soon as you provide users who won't click on somefamouspersonnaked.exe. Let's not lie to ourselves and say that if we put the same dumb users in front of say an Ubuntu install that they wouldn't click on somefamouspersonnaked.deb or something. They'd give sudo their password too.

    Bring the users who won't do shit like that, adn then we will all have software that doesn't need anti-virus.

  7. More competition in this sector may be good. Or? by Surreal+Puppet · · Score: 4, Informative

    The antivirus market is, as everyone knows, the most FUD-filled part of the security industry. The effectiveness of different antivirus products is largely anecdotal, and shifts rapidly because of the arms race between virus writers and antivirus manufacturers. As it stands now, even "expert" end user cannot ascertain the relative effectiveness of the suites, and because antivirus products are still heuristics-based with a few "depacker" routines built in, they only catch the really obvious fish. (One funny thing with this is, if you pack an executable with a common yet relatively complicated packer, say "redeye", it'l get caught, but if you just jump in and jumble up the instructions with a debugger you can make it "invisible" easily). Because of this reliance on FUD to sell, and because there *is* already fierce competition in the antivirus market, maybe this won't change much, unless MS locks other vendors out somehow. Or will it be a different form of competition, because of the now-asymmetrical playing field? MS has an advantage in that they have access to the code and people who wrote the code, and designed the OS architecture.

  8. Odds are... by Voyager529 · · Score: 5, Insightful
    1. It will probably go the way of Movie Maker, Windows Mail, and a few other apps that are now optional downloads.

    2. It will be a basic virus scanner and will probably not replace NOD32 or another fully featured scanner.

    3. Webroot seems to be doing just fine even though Windows Defender has been around for a few years now. Same for Spybot, Ad-Aware, and any number of other apps.

    4. Compounded with #3, Microsoft Antivirus will be entering a well established field with plenty of household name competitors. Norton and McAffee are well known names that most consumers know and will probably opt for (quality of software notwithstanding).

    5. Many smaller firms (Kaspersky comes to mind) have consumers as their small-fry and make their big bucks off volume licenses. It appears that Morro isn't competing here.

    6. Whether accurate or not, perception or reality, many people consider Microsoft Security Solutions to be an oxymoron. So long as it can be uninstalled, people will be free to add their own antivirus software (see point #4).

    Joey

  9. Hilarity ensues by symbolset · · Score: 4, Funny

    The opportunities for humor start here and go on forever. I guess we might as well start:

    "My God! Its full of fails!" "Like buying antibiotics from the hooker." "TrunkMonkey equipped with chair." "Would you like Warez with that?" "Antivirus vendors: Oooh. That's what 'gold partner' means!" "Hi, I'm a Mac ... and I'm a PC (achoo)." Good Lord this stuff writes itself. Hold on while I microwave some popcorn.

    --
    Help stamp out iliturcy.
  10. Re:The real question is... by British · · Score: 5, Insightful

    Well a virus is an irritating program that eats up resources, making your computer unstable, interfering with hardware, replicates and repairs itself when you attempt to delete it, and drives you insane.

    The sad thing is, a lot of system-tray startup software that insists on self-installing does the same things too. No acrobat, i don't need to be running all the time. You listening, Apple? Heck, a lot of AVG software bogs down the system so much I'm wondering if the cure is worse than the disease.

  11. Re:Oh Yeah? by hairyfeet · · Score: 4, Interesting

    What you speak of is known as The Dancing Bunny problem which as someone who has worked nearly 15 years in PC repair I can say is all too true. I had a buddy working corporate when Melissa hit and he said several PHB middle managers got MAD when he told them they couldn't have their attachment from that Melissa girl. He said he finally had to tell them "Go tell the boss you want to run Melissa and see what HE says". So never underestimate the incredible stupidity a user is capable of when they think there is a dancing bunny waiting for them. You should really read the link on the dancing bunnies. It is SO true!

    --
    ACs don't waste your time replying, your posts are never seen by me.
  12. I don't know... by blueZ3 · · Score: 4, Insightful

    I don't believe in trusting the wolves to guard the sheep.

    Why would anyone sane trust the company that either a) couldn't be bothered to fix exploits, or b) doesn't have the smarts to find the exploits, to protect them?

    If Microsoft can afford to find these exploits and block them using their AV product, why can't they just patch the OS? It could be the deafening sound of greed... or some other, more mundane reason.

    But my basic question stands: if they can do this in AV, why can't they do it in their OS?

    --
    Interested in a Flash-based MAME front end? Visit mame.danzbb.com
  13. OK, let me get this straight by cheros · · Score: 4, Insightful

    Let me see if I get this correctly.

    MS has supplied bad code for so long that an entire market has evolved around keeping that creaky wagon a bit safe. A bit like some dominant car manufacturer supplying cars without brakes, thus creating a whole aftersales market for brakes, parachutes, airbags and wall padding..

    In other words, NO track record whatsoever (nil, nada, zilch) of writing anything that actually fixes the problem they have created themselves (which figures, if they ever fixed the OS properly they would no longer be selling hope - that's the whole Vista vs XP problem), and someone is supposed to trust THEM to get it right? I bet there are plans to charge for this "feature" as well at some stage.

    (shakes head in disbelief that people continue to fall for this)

    --
    Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.