Slashdot Mirror
Microsoft's Free AV App May Be a Non-Starter
CWmike writes "Microsoft is preparing to launch a public beta of Morro, the free anti-malware it announced last November, according to reports. Morro will use the same scanning engine as Windows Live OneCare, the software that the free software will replace and Microsoft's first consumer-grade antivirus package. OneCare is to get the boot as of June 30 (along with finance app Microsoft Money). John Pescatore, an analyst at Gartner, has questioned whether users would step up to Morro even if it was free. 'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,' he said. 'Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, but it will cost you $50." Would you buy it?' Not surprisingly, competitors have dismissed Morro's threat to their business. 'We like our chances,' Todd Gebhart, vice president in charge of McAfee's consumer line, said when it was announced OneCare was a goner. 'Consumers have already rejected OneCare,' added Rowan Trollope, senior vice president of consumer software at Symantec. 'Making that same substandard security technology free won't change that equation.'"
As long as it doesn't suck as much as Norton (slow, hard to remove), I'll take a look at it. Right now I'm running ClamWin, and I'm looking for a better (free) anti-virus.
'Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, but it will cost you $50." Would you buy it?'
This analogy is just dumb. This is a free product. Obviously the analogy would have the water company saying, "Sure, we can remove that for free."
Not to mention 'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,' which is a stupid point to make about a free product.
Furthermore, MS's security "problems" are over a billion installs. As we see every year when they tie Linux as the most secure system in pwn2own, they've got nothing to be upset about on the technical side of things.
And finally, "added Rowan Trollope, senior vice president of consumer software at Symantec. 'Making that same substandard security technology free won't change that equation'" is pretty funny from a guy representing a company that actually charges for substandard security technology.
"I zero-index my hamsters" - Willtor (147206)
Hey, when you have direct access to the source of infection, you're almost guaranteed to produce the best cures...
Unless you're Microsoft.
Finally had enough. Come see us over at https://soylentnews.org/
I have to use a bad car analogy. If I buy a BMW and it breaks down, I take it to the BMW dealer to work on it. Some people obviously opt for third party repair, but a lot trust the manufacturer, even though it is often design problems that caused the breakdown. I understand that people have unreasonable expectations that their purchases don't have vulnerabilities and will last forever, but the other 95% of the population recognizes that complicated systems need repairs and protection.
I don't know if this will be successful, but to think that it should not be trusted or immediately dismissed is ignorant. That being said, I don't use Microsoft products, largely because I don't like AV. Linux FTW!
How many people want all of their traffic explicitly going through Microsoft?
On the other hand, it might be an effective way to protect users from the likes of Linux, Firefox, etc...
"'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,"' Well, yes. But it is not just that. We already pay for Microsoft product defects in other ways too. Let's say you are doing a major rollout of Active Directory or Exchange. Sometimes, the only way you get a bug fix is to get a support contract from Microsoft or hire a company that has a support contract. Any Exchange administrator of a good size organization can tell you that Exchange has more than its fair share of bugs, and this new one, Exchange 2007, is no exception. Which leads to the question, where is the incentive on the part of Microsoft to produce really good software? Why not just produce mediocre software and then ask people to pay more money to fix it?
Infected windows machines are a plague on the internet. Many of these presumably have no useful anti-malware running. Microsoft takes lots of heat, as the comments above prove. So Microsoft decides that trying to sell anti-malware won't work, but maybe giving it away, and I assume bundling it, will get it widely deployed. And take some heat off Microsoft for shipping vulnerable stuff. If this happens, and it works at all, it will be a great improvement to the current mess. To put it differently - it's clearly impossible to make an OS bug proof - so an OS ought to contain defenses against malware out of the box.
what bothers me most about this article is this line
'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,'
At this point, most malware doesn't hack Windows, it hacks your brain. It tricks you into executing it. The only vector that is even being used extensively anymore is Office, Acrobat, and Flash, MS has been phasing out older formats and patching up the holes and Adobe is finally waking up and doing something about their security issues. even in those programs, most of the time a Trojan file is involved.
On top of that, the most recent malware doesn't even need administrative privlages. It simply installs in your user account directory and starts up when you login. I see absoletly no reason why this method of execution wouldn't work in any other OS, Be it Linux, OSX, or BSD regardless of security settings.
In Soviet Russia, Trojan exploits YOU!
A huge advert window opens, minimising the fullscreen game that I'm playing to tell me to buy their product.
This must be some use of the word "non-intrusive" which I am not aware of.
Admittedly, I didn't have any problems with it as an anti-virus package, it was much better than bloated "full protection" software packages from Symantec and McAfee but I feel it's cheating somewhat to advertise your product as "free anti-virus" and then use it as a platform to advertise the pay-for versions which just have more features that I don't want.
I wish to remain anomalous
and then
So, the system works? You bought from them, that's the whole point...
Wow, I was actually thinking to try it until I saw that. That's huge, and something I want nothing to do with.
The water company advertised spring water filtered through volcanic rock from water frozen in glaciers milena ago. We called them and told them about the 'rotten egg odor'. They then offer to license a charcoal filter to us for $50.00 a year, to be fitter on premises at another $40.00. If we used any other charcoal filter, they advised us that we might be violating some other company's patents. They reassure us that if we buy their charcoal filter they will give us patent protection against getting sued by this other company. The water company hold a financial interest in the other company. They don't ever offer to indemnify us against getting sued for getting sulfur in our water. Even though they are the only water company that sells sulfurous water. The media invariable refer to 'sulfurous water', instead of $company sulfured water ?
"I think that analogy is broken. Very few malware use the holes in MS software these days. Most of the viruses spread by user error, email, IM, flaws in Flash/Acrobat etc" Defects in application or 'user error' shouldn't lead to the OS being compromised or the consumers having to pay the sellers more money to fix their defective product.
Name a OS where user error can't lead to the OS being compromised. Maybe only in a very locked down system like a kiosk , but a kiosk is not every useful and the user won't have any freedom. If you can install Firefox, you can install a virus. Unless there's a whitelist, but would you trust a whitelist maintained by MS? An alternative is total application virtualization, but given the fact that applications need to talk to each other and be able to access user files make it tough.
This space for rent.
it sounds like zdnet is very much mistaken. how exactly does microsoft plan to handle all of their users traffic being routed through their server?
I suppose most Microsoft programmers are fundamentally honest, so they surely don't want to produce bad code. But they do, so they must possess a certain degree of incompetence. Do I trust incompetents to correct their own mistakes? If they could, they wouldn't have made them in the first place.
What cereal box did you get your CS degree from? Making a mistake does not make on incompetent. All complex systems have some flaws.
I can't believe the biggest focus out of all this is on the "evolution" (or whatever) of their anti-virus, with little mention of the end of the Money product line.
I feel for all the people who have been locked in to MS money, like the one in the article. Hopefully it will drive him to open source... however I haven't really been able to find a good alternative to Money and/or Quicken for Home/SMB finance.. any suggestions?
I put on my robe and wizard hat..
Get off it already. Do you have something more recent than five years ago?
This is idiotic, have you seen how many products other companies produce?
I'll just give you some example analogs off the top of my head:
Symantec Virus Removal Tools
Symantec Antivirus
Norton Internet Security
And in response to your questions.
Malicious Software Removal Tool is targeted at the biggest threats and designed to be distributed via Windows Update, it helps protect unmonitored PCs from the biggest threats. Live One Care is an antivirus suite that is, or at least wasn't free, so of course it was a different product. Windows Defender is antimalware, not antivirus. Almost every security company has a similar product matrix.