Slashdot Mirror
Microsoft's Free AV App May Be a Non-Starter
CWmike writes "Microsoft is preparing to launch a public beta of Morro, the free anti-malware it announced last November, according to reports. Morro will use the same scanning engine as Windows Live OneCare, the software that the free software will replace and Microsoft's first consumer-grade antivirus package. OneCare is to get the boot as of June 30 (along with finance app Microsoft Money). John Pescatore, an analyst at Gartner, has questioned whether users would step up to Morro even if it was free. 'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,' he said. 'Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, but it will cost you $50." Would you buy it?' Not surprisingly, competitors have dismissed Morro's threat to their business. 'We like our chances,' Todd Gebhart, vice president in charge of McAfee's consumer line, said when it was announced OneCare was a goner. 'Consumers have already rejected OneCare,' added Rowan Trollope, senior vice president of consumer software at Symantec. 'Making that same substandard security technology free won't change that equation.'"
As long as it doesn't suck as much as Norton (slow, hard to remove), I'll take a look at it. Right now I'm running ClamWin, and I'm looking for a better (free) anti-virus.
I'm not the biggest Microsoft fan out there, but this summary feels a little over the top.
'We like our chances,' Todd Gebhart, vice president in charge of McAfee's consumer line, said when it was announced OneCare was a goner. 'Consumers have already rejected OneCare,' added Rowan Trollope, senior vice president of consumer software at Symantec. 'Making that same substandard security technology free won't change that equation.'"
How can you say that with a straight face? The difference between for-pay and free is huge. And rebranding can make a big difference-- look at the recent success of Bing, for instance.
Personally, I think people are aching for alternatives to the current big players like McAfee. I'm reminded of this recent slashdot story-
"'Security firms Symantec and McAfee have both agreed to pay $375,000 to US authorities after they automatically renewed consumers' subscriptions without their consent.' The two companies were reported to the New York Attorney General after people complained that their credit cards were being charged without their consent. The investigators found that information about the auto-renewals was hidden at the bottom of long web pages or buried in the EULA."
I think something that's free and easy to use can compete very well against this sort of customer abuse.
p.s. anyone else find the quotation by John Pescatore completely unintelligible? Either he's very confused with his analogies or was misquoted.
Microsoft, the virtual inventor of buggy bananaware and OS monoculture that enables mass distributable malware gets into the A/V market. Sounds like Typhoid Mary selling antibiotics...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
"Making that same substandard security technology free won't change that equation.'"
Hmm?
If you're interested in facts I'll tell you what they are and I'll give you sources - Chomsky on The Big Idea
'Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, but it will cost you $50." Would you buy it?'
This analogy is just dumb. This is a free product. Obviously the analogy would have the water company saying, "Sure, we can remove that for free."
Not to mention 'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,' which is a stupid point to make about a free product.
Furthermore, MS's security "problems" are over a billion installs. As we see every year when they tie Linux as the most secure system in pwn2own, they've got nothing to be upset about on the technical side of things.
And finally, "added Rowan Trollope, senior vice president of consumer software at Symantec. 'Making that same substandard security technology free won't change that equation'" is pretty funny from a guy representing a company that actually charges for substandard security technology.
"I zero-index my hamsters" - Willtor (147206)
Alternative names sugestions: Sucke, Foo, Stupi etc.
I'm surprised a quote from this article didn't make it in:
How many people want all of their traffic explicitly going through Microsoft?
Right, there's no way you could have, say, a malicious perl script.
Seriously, his analogy is pretty far off. Let me try: Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, and it's a free service." Not that I have a lot of faith in MS's product quality here, but still, saying that users won't sign for a free service because it's a service they don't think they should have to pay for is a pretty stupid comment.
fdisk the anti-virus i run on it
Politics is Treachery, Religion is Brainwashing
The rotten egg odor is coming from sulfur. It's probably harmless in the quantity you're getting, even if you can smell it. Whole house filters that remove the odor are going to cost a hell of a lot more than $50 and require ongoing maintenance, so if the water company offers a service to provide extra-filtered water for a one-time fee, you should jump.
perl is relatively malicious on its own
I may not be a big fan of OneCare, but I've got to say this may be a step in the right direction. All too often I'm working on systems that are only a few months old that have been infected, all because the owner didn't notice their AV trial had expired. I'm sure that MS will/should make it easy to remove for those that are tech savy and wish to use their own personal AV package. But for the n00bs and dumbasses out there, this is a good thing to have, just like making Windows Defender a part of Vista.
The Amarri pray for god, the Caldari pray for profit. the Gallente pray for peace, but the Minmatar pray their ships hol
Supposedly, Morro is based on Forefront Client Security, and onecare has been completely phased out. Considering the poster, I'm surprised that the article didn't say that morro eats babies and killed your dog.
As for Onecare, I had it. It was a great scanner and a firewal. The only reason I got rid of it was because of the onecare circle. in Onecare you had 3 licences. In version 2.5, they developed this Onecare Circle to help you keep track of security on all three copies. and all it would do is scream about this pc being out of date, or scan this pc, or backup this one, or the firewall isn't working on this PC when it was. after two months of that nonsense (since you couldn't shut it offat the server side) I said to hell with this and put avira back on.
In Soviet Russia, Trojan exploits YOU!
I have to use a bad car analogy. If I buy a BMW and it breaks down, I take it to the BMW dealer to work on it. Some people obviously opt for third party repair, but a lot trust the manufacturer, even though it is often design problems that caused the breakdown. I understand that people have unreasonable expectations that their purchases don't have vulnerabilities and will last forever, but the other 95% of the population recognizes that complicated systems need repairs and protection.
I don't know if this will be successful, but to think that it should not be trusted or immediately dismissed is ignorant. That being said, I don't use Microsoft products, largely because I don't like AV. Linux FTW!
If it's anything as effective as One Care, I'm going to stay away. I received a free 1 year subscription to One Care at a Microsoft event about 2 years ago and ran it until it expired. After removing it and re-installing my previous Symantec product, it detected around a dozen viruses and malware infections that One Care did not notice. Since then I've kept my distance from any Microsoft AV type product.
Launch every sig.
It works on everything I try it on! It works on Windows and Linux and Mac OS X! I just have to go to a web page and it scans my machine and tells me how many viruses I have.
Trolling a little, eh? Your post is complete nonsense.
"Right, there's no way you could have, say, a malicious perl script." - by sqlrob (173498)
on Friday June 12, @09:46AM (#28307331)
Agreed, 110%... And, "right, there's no way you could have, say, a malicious javascripted page or malicious javascript adbanner affect Linux either"
(NOT! Mainly because javascript runs everywhere & is the "vector for infection" across any OS there is, via webbrowsers themselves - correct me if I am wrong on this account fellas, but, it's right along the same lines that sqlrob is hitting upon...).
APK
P.S.=> And, as far as the subject-line above? "Yea, right" (sarcasm) again, because these items show otherwise:
-----
Bitten By the Red Hat Perl Bug:
http://linux.slashdot.org/article.pl?sid=08/08/29/1423201
(Per SQLRob's statement, no less)
-----
Linux.Slapper.Worm:
http://www.symantec.com/security_response/writeup.jsp?docid=2002-091311-5851-99
-----
New worm targets Linux systems (Lupper):
http://news.cnet.com/New-worm-targets-Linux-systems/2100-7349_3-5938475.html
-----
But, then again, because it was said on SLASHDOT that "Viruses aren't a problem in Linux", per the subject-line above (again)?
"Well, heck, those other sources I just put out MUST be lies"... right, Linux Penguins?
Hate to tell you this truth then: "NOT!"
Because the main thing defending Linux vs. these "heinous machinations" is the fact it is less used than Windows (The most used OS on the most used hardware platform for personal computers in x86 that there is, bar-none)...
I.E.-> Security by obscurity, as the saying goes, IS what defends Linux from attacks! IF Linux is ever as widely used as Windows is, you can bank on it that it will be just as oft attacked as Windows is & has been the past decade++ now, because it will be the most used. MacOS X, once it started gaining market share, began to be attacked a lot more than any other *NIX variant I know of, because of it gaining ground... same thing WOULD happen to Linux, should it start stealing personal computer desktop share worldwide.
(Mainly because today's malware makers aren't out to "wreck your machine", as they used to be - now, it's a far more serious game: They're after your personal information & monies (such as stealing credit card #'s &/or other personal info.) OR turning your machine into a zombied DDOS slave, so it can be used to attack others - so, to do that? These malware makers did the LOGICAL thing (from their pov), & that's to attack the most widely used body of systems there is, Windows NT-based ones!) apk
..to computers that don't have any antivirus software on. Same with Defender too... Although AVG and other free antivirus tools are pretty good, a lot of people never think about actually getting and installing them.
Visit ssjx.co.uk
Gee, you had to go back 8 years to find three issues. The first one isn't even malware, just bad programming by the vendor that reduces performance. The next two are specific to Apache web servers, NOT Linux.
If those were the best examples you could come up withm then I guess you succeeded in disproving your own point.
"'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,"' Well, yes. But it is not just that. We already pay for Microsoft product defects in other ways too. Let's say you are doing a major rollout of Active Directory or Exchange. Sometimes, the only way you get a bug fix is to get a support contract from Microsoft or hire a company that has a support contract. Any Exchange administrator of a good size organization can tell you that Exchange has more than its fair share of bugs, and this new one, Exchange 2007, is no exception. Which leads to the question, where is the incentive on the part of Microsoft to produce really good software? Why not just produce mediocre software and then ask people to pay more money to fix it?
There's a type in the product name - they forgot the 'n' at the end.
Hope is the currency of fools
'Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, but it will cost you $50."
I think that analogy is broken. Very few malware use the holes in MS software these days. Most of the viruses spread by user error, email, IM, flaws in Flash/Acrobat etc. MS is offering a service to clean them up and does provide free fixes for bugs in their software. Obligatory car analogy, car company sells insurance for breakins and accidents and charges extra. Why not pay for it if the deal is good?
This space for rent.
Infected windows machines are a plague on the internet. Many of these presumably have no useful anti-malware running. Microsoft takes lots of heat, as the comments above prove. So Microsoft decides that trying to sell anti-malware won't work, but maybe giving it away, and I assume bundling it, will get it widely deployed. And take some heat off Microsoft for shipping vulnerable stuff. If this happens, and it works at all, it will be a great improvement to the current mess. To put it differently - it's clearly impossible to make an OS bug proof - so an OS ought to contain defenses against malware out of the box.
"I think that analogy is broken. Very few malware use the holes in MS software these days. Most of the viruses spread by user error, email, IM, flaws in Flash/Acrobat etc"
Defects in application or 'user error' shouldn't lead to the OS being compromised or the consumers having to pay the sellers more money to fix their defective product.
The water company advertised spring water filtered through volcanic rock from water frozen in glaciers milena ago. We called them and told them about the 'rotten egg odor'. They then offer to license a charcoal filter to us for $50.00 a year, to be fitter on premises at another $40.00. If we used any other charcoal filter, they advised us that we might be violating some other company's patents. They reassure us that if we buy their charcoal filter they will give us patent protection against getting sued by this other company. The water company hold a financial interest in the other company. They don't ever offer to indemnify us against getting sued for getting sulfur in our water. Even though they are the only water company that sells sulfurous water. The media invariable refer to 'sulfurous water', instead of $company sulfured water ?
As much I would like to bash Microsoft from time to time. latest AV-Comparatives report has them up there with ESET NOD32. With Microsoft you never know if that included some sums of money, but yeah.
I wonder how they got the name, sounds a bit like tomorrow or something Spanish..
I found it funny as the word morro in Japanese is how you describe getting a fatal sword thrust to your heart / neck, i.e. "to suffer a fatal blow that hits you right in a critical place" is a way to translate it.
Of course as others note, M$ selling AV is itself a funny proposition.
Why doesn't MS just spend the time building an OS that is not as vulnerable to viruses and malware? Since they won't do that, why not just build the AV stuff in at a lower lever so that it is not obvious to the user that they are even running AV? MS likes to sneak stuff in under your nose anyway, why not something that will make the OS safer and more stable? Oh yeah, it's probably because of some conspiricy like they are the major shareholder in Symantec or Norton...
If I was unwilling to pay Microsoft $50 to buy a product that detected and fixed problems with their other products, what makes you think I'd find it any more palatable to be buying a similar product from you folks?
Don't bother answering, guys. Your response would only make me laugh. You see my desktop hasn't needed any of your products for a good number of years now. In fact, the only Microsoft product loaded on any of our computers is a semi-broken version of XP that now wants to be re-authorized because I added an old SCSI controller to the system. Like that's ever going to happen. (When I get the time, another 80GB of disk space will be available for my daughters to use on Linux.)
CUR ALLOC 20195.....5804M
So it can "fail" to recognize my anti-virus software, and sign me up to have all my net traffic routed through Microsoft for analysis? No thank you.
OneCare is to get the boot as of June 30 (along with finance app Microsoft Money).
Man--I have mixed emotions about this one.
Microsoft Money is the one app I still miss from the Microsoft platform. There's nothing like it for Linux.
I occasionally think about settings up a virtual machine to run Money--but I cringe about paying $125 for an XP license to run a $50 program.
But thank God I'm free from the curse. Now I never have to think wistfully about any app on the Microsoft platform...
There's no place like
I can't believe the biggest focus out of all this is on the "evolution" (or whatever) of their anti-virus, with little mention of the end of the Money product line.
I feel for all the people who have been locked in to MS money, like the one in the article. Hopefully it will drive him to open source... however I haven't really been able to find a good alternative to Money and/or Quicken for Home/SMB finance.. any suggestions?
I put on my robe and wizard hat..
I agree; Money is a good program. Of course, it's not the only app on Windows I use, but since we're both in the same boat... what do you plan on to replace Money?
And please, nobody say GNUCash. It's a pile of crap... I actually moved from GNUCash TO Money!
Microsoft has, for years, maintained three separate tools in this space (that I know of, there might be others). They change the names of them periodically, to confuse their hapless victims.
Microsoft Windows Malicious Software Removal Tool
You gotta read this page. They release a new version every month. It apparently cannot remove viruses which are not actively running. Why is this tool not built in to Microsoft Windows Defender?
Windows Live One Care
This link shows a forum moderator, chastising a poor infested user for asking a question about a different Microsoft antivirus product -- Microsoft Windows Defender. Why are these separate products, again?
Microsoft Windows Defender
Formerly known as Microsoft AntiSpyware.
These should be one product. The fact that Microsoft maintains three separate products to deal with this problem is, itself, an indication of a very serious ongoing problem at Microsoft. As a company, they still don't take this seriously.
If you mod me down, I shall become more powerful than you could possibly imagine.
When you create a product that spawns a multi-billion dollar market focused on protecting people from the flaws in your product, you've done something wrong. This is something that should have happened years ago.
They got Kermit the Frog and Big Bird naming their products now.
It is easy to make a trojan on Linux. Unix permissions mean squat to effective malware. Running as the user is more than enough to spew spam or be part of a botnet. Yes, it's easier clean. No, it doesn't work if someone else logs in. When you're talking single user systems, that's irrelevant.
SELinux and other MAC are a lot of the solution. Problem is, there isn't anything good enough for the average user, not yet anyway. I was hoping Leopard was going to be it, but Apple blew it. MS made Vista too annoying and people turn it off, assuming they hadn't gone back to XP.
Morro will use the same scanning engine as Windows Live OneCare, Microsoft's first consumer-grade antivirus package
Microsoft's first consumer-grade antivirus package? Oooh, you must mean MSAV, released once, updated never. The most useless antivirus software in the history of antivirus software.
It doesn't matter.
You don't need *any* software vulnerability to infect a user's machine with malware. All you need is a user who will run your application.
In any OS that let's the end-user decide what software to run, Malware can exist.
A dumb Linux user is just as likely to install 'Free Screen Savers!!!' as a dumb Windows user.
It's about time MS released an AV product! All those i've tried (Clamwin, AVG, Symantec, etc.) can't detect my viruses. I know for a fact they're called "kernel32", "UAC", "svchost", and the dreaded "taskman." Who knows, there might be more of them gallivanting around my computer!
The problem is not making a trojan for Linux, it is getting it run and getting it to survive a reboot
Getting it to run is harder since it is normally not just a click to run, getting it to survive a reboot is much harder since a user does not normally have the rights to do this ...
There are malware and viruses for Linux, but they were all without exception limited by they fact that most systems were unlikely to allow them to run themselves and on the few that did they did not survive a reboot, all the mildly successful ones used a flaw in a program to get themselves run and when this was patched (usually very soon after) then it died because the majority of systems were updated with the fix
The real problems with Windows systems are being addressed by Microsoft, default rights (don't run as admin, and make sure most programs don't assume/require you are running as admin), auto update (the main parts of a windows systems are now updated automatically, but not all parts and not all programs), don't be a monoculture (Not good in Windows, but Ubuntu Linux is going the wrong way on this....)
Puteulanus fenestra mortis
The cynic in me doesn't trust any of the big AV security companies. They have a clear motive to make sure their products are needed. An OS manufacturer on the other hand is motivated to produce a secure environment, and in this case where Apple has been hammering Microsoft about this issue, there is even more motivation. I'll certainly be giving this free offering a try. BTW- The rotten egg analogy was pretty lame.
The fact that it was McAfee saying that makes me laugh... but even so, it's likely their product will be better than any Microsoft AV will be. Why? Not that Microsoft will make the worst AV, but it's about dedication. "Internet Security" companies like Norton and McAfee only control a niche market (firewall/AV software), so they will prop up their flagship products as much as they can, because without them, they're sunk. A company like Microsoft won't have to maintain it out of necessity, and this could easily go the way of FrontPage, OneCare, Money (as mentioned in TFS), Picture It!, and other products that it shed like excess skin as the years went on.
Yet Another Tech Blog
(but so much more, including game and movie reviews)
http://yanteb.peasantoid.org
That was NAV2007. It didn't support Vista out of the box, but eventually they released an update, and it seemed to work OK for me.
However, NAV2009 is MUCH better. I suspect that Vista forced them to do some major rewrites in 2007 (because 2006 was a steaming pile of crap), and they realized that by cleaning up their crap they could actually improve the end-user experience while making life easier for themselves in the long run. NAV2008 sucked less, and in 2009 they've completely redesigned how the program operates. It's as though they realize everyone hates them and they have competition now. Seriously, if you haven't tried it yet, you should download the NAV2009 trial to see what I'm talking about.
Note: I am not affiliated with Symantec, and I'm currently running AVG Free on my Win7 box.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Maybe their choice of source product isn't as good this time, but they previously made (I think) a good choice in bringing Giant AntiSpyware into the fold as Windows Defender. Giant was at the time one of the better scanners, which would make a good addition particularly for people who don't want to buy/install 3rd party apps. It's only appropriate that windows had both spyware and virus removal built in (note that there's already the malware removal component of windows update).
This leaves the door open (or maybe sets the bar higher) for 3rd party apps to compete, but at least gives the average users (who don't do their due dilligence in cleaning the PC) a fighting chance of having a non-zombie pc.
On a more pessimistic note, all that correct posturing will turn to dust if the product really does route all data through microsoft, because I'll be blocking it right out of the gate.
When you login to your Linux desktop, there's a ton of bash scripts and other startup software running behind the scenes. Getting a program to survive a reboot on a desktop system is not difficult.
Business. Numbers. Money. People. Computer World.
Carl "Bing" Morro is the protagonist of the novel "Never Lark Nor Eagle" by Ray Castagnaro.
Microsoft "Bing"
Microsoft "Morro"
If the next one is Microsoft "Carl" I think Ray needs to talk to his lawyers.
Why?
1. I don't normally worry about viruses or malwares. Running one is just a precaution, especially after downloading stuff from net.
2. Symantec and McAfee just SUCK. I don't know why they are still in business. Their business model is to spread FUD so people will buy their shitty products that do more harm than good.
3. I've had much more success with free AV software than non-free ones. Microsoft Defender is actually pretty good. There is also a Chinese malware product called 360safe (http://www.360safe.com) that I use. On the contrary S/M never cleaned a malware for me once.
MS Money running in virtual box is the best finance app for the macintosh, too. Actually, I use 2004 since when I tried 2005 I didn't like the UI as much, but I'm still a little sad to see it go, even if I wasn't planning on upgrading.
Does it work with Wine?
This does show the problem with closed source software (and closed source file formats). If microsoft is killing a product, they should release the file format specs so users can migrate their data. exporting as QIF loses information in the translation.
Do you even lift?
These aren't the 'roids you're looking for.
update: I did a quick search (before trying to reverse engineer it myself) and with a bit of hex editing (and repairing), you can open it with Access
Do you even lift?
These aren't the 'roids you're looking for.
I agree; Money is a good program. Of course, it's not the only app on Windows I use, but since we're both in the same boat... what do you plan on to replace Money?
And please, nobody say GNUCash. It's a pile of crap... I actually moved from GNUCash TO Money!
I switched to MoneyDance--it's the one proprietary linux app I run on my box. It's decent, but it's nothing like MS Money. Some basic reports, check register, tracking loans--just none of the 'polish' that Money has. It's getting better though, and I believe you get free upgrades for life once you buy it.
There's no place like
Microsoft Money is the one app I still miss from the Microsoft platform. There's nothing like it for Linux.
Well if you really want to run Linux on your PC and still want to lock yourself into products that only run under an Microsoft OS there are two ways of approaching this problem. Obviously the first step is to install a recent Linux distribution on your PC then.
The total cost of installing MS Money under Linux is exactly the same as if you installed it under MS Windows and the same is true for all MS Windows centric software.
Of course a quick Google search will display Linux software equivalents to MS Windows software. In the case of MS Money you have GnuCash, KMyMoney, jGnash, MoneyDance, Grisbi, PLCash, CrossOver Office with Quicken, lazy8ledger. All run natively under Linux on the Intel architecture and if you don't like the free solutions you can pay for a proprietary solution that will work under Linux.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
http://en.wikipedia.org/wiki/Microsoft_Anti-Virus
Have we forgot that MS already tried to bundle AV with their OS?
Well someone doesn't want MS to fix windows. Is the moderator in this case one of those assholes who write virus and other nasty bits of code. If it wasn't for MS you would be unemployed.
"AVG Anti-Virus Free Edition is for private, non-commercial, single computer use only."
Microsoft Money is the one app I still miss from the Microsoft platform. There's nothing like it for Linux.
Well if you really want to run Linux on your PC and still want to lock yourself into products that only run under an Microsoft OS there are two ways of approaching this problem.
I think you missed my point. If you compare Microsoft Money to *any* money app on the Linux platform, the linux platform comes up short.
I don't use Windows in my house. No virtual machines, not even media lying around. But I still miss Money because there's nothing like it for Linux.
There's no place like
...all of which are owned by root and you (and any malware) have no access to be able to change ....
This is why it is difficult to get it to survive a reboot
There is no such thing as a "Desktop" system there is just a system tuned for the desktop with particular packages selected
Puteulanus fenestra mortis
I'm not sure MoneyDance will work for me; I have the H&B version of Money, and actually use it to create invoices and track business expenses. The only other option seems to be Quickbooks.. and I was happy to leave Quicken years ago..
I'm not sure MoneyDance will work for me; I have the H&B version of Money, and actually use it to create invoices and track business expenses. The only other option seems to be Quickbooks.. and I was happy to leave Quicken years ago..
In that case, MoneyDance won't work for you. I've used MS Money H&B 2007, and it's lightyears past MoneyDance. I'm sure they'll get there eventually. Too bad it isn't open source...
There's no place like
Your .bashrc file is owned by root?
I suspect you are trying to be 'technical' here, but the upshot is that you're 100% wrong.
Business. Numbers. Money. People. Computer World.
... and the script will be running as you ... will all your lack of ability to do anything destructive (except to your data files)
Puteulanus fenestra mortis