AV-Test Deems Windows Security Essentials "Very Good"

CWmike writes "Microsoft's new free security software, Windows Security Essentials, passed a preliminary antivirus exam with flying colors, said independent and trusted firm AV-Test, which tested Essentials, launched yesterday in beta, on Windows XP, Vista and Windows 7. It put it up against nearly 3,200 common viruses, bot Trojans and worms, said Andreas Marx, one of the firm's managers. The malware was culled from the most recent WildList, a list of threats actually actively attacking computers. 'All files were properly detected and treated by the product,' Marx said in an e-mail. 'That's good, as several other [antivirus] scanners are still not able to detect and kill all of these critters yet.' It also tested well on false positives."

Malware?

[homes32]

viruses, trojans, and worms, are all nice and dandy but what about malware? That is what most people have to worry about these days.

Re:Malware?

[molafson]

"AV-Test also examined the program's anti-rootkit skills and its ability to scrub a system of malware it finds with a limited number of samples and "found no reasons to complain," Marx said. "[Security Essentials] is able to remove found malware very well, but further tests against larger sets of samples are required before we can come to a final conclusion."

Re:Malware?

[Darkness404]

I don't see how hat was a troll. Really, the main threat if you keep up with security patches is simply malware, and malware that has a legitimate use but comes bundled with all sorts of crap like adware and spyware (think of Kazaa).

Re:Malware?

[Talchas]

Even against viruses, trojans and worms, it really won't stop them from getting owned. It may help against old viruses spreading, but it is unlikely to help much against new ones. And new ones often will take out the antivirus, leaving you with an even falser sense of security.

Re:Malware?

[ruemere]

Unfortunately, in a sense Microsoft produces most popular vehicle for malware delivery. And yes, the users are forced to trust Microsoft as the average Joe's computer skills are not on the par with the skills of malware manufacturers.

Regards,
Ruemere

Re:Malware?

[Jurily]

Mod parent up. The "several other [antivirus] scanners" won't detect new ones because they're tested against before release.

From a software engineering point of view, malware is state of the art.

Re:Malware?

[overbaud]

"And yes, the users are forced to trust Microsoft as the average Joe's computer skills are not on the par with the skills of malware manufacturers." No they choose to trust Microsoft because they do not have computer skills. Even if they switched to another OS they would CHOOSE to trust that vendor because they do not have computer skills. It's the same as choosing to have your car serviced by the dealer due to lack of skill or desire to do it yourself. Your not forced to have it serviced.

Re:Malware?

[Skuld-Chan]

Good thing its not the only thing Microsoft is doing security wise to protect their OS ehh? ;).

Re:Malware?

[CrashNBrn]

I'd be pretty suprised if they're AV-tool doesn't handle "Malware" - considering Mark Russinovich of sysinternals works for Microsoft now, and was the one to discover Sony's Rootkit and provide the fix for it. Among the many other tools he has provided over the years and still updates regularly.
http://blogs.technet.com/markrussinovich/

Re:Malware?

[CrashNBrn]

ugh, don't post at 2 in the morning. Repeat after me. s/they're/their/

Re:Malware?

[trifish]

> viruses, trojans, and worms, are all nice and dandy but what about malware?

Actually, malware is a universal term collectively referring to viruses, trojans, worms, rootkits, and spyware. In other words, malware is any kind of malicious software.

Re:Malware?

[trifish]

> It may help against old viruses spreading, but it is unlikely to help much against new ones.

You refer to heuristic scanning, or pro-active security. This means that the software is able to discover new unknown viruses based on their behavior or properties.

You might be surprised but MS Security Essentials has been found to have the best heuristics (60%) in retroactive tests (outdated definitions, therefore, unknown viruses) with by far the least number of false positives (which is crucial for good heuristics).

They even overtook the former leader, NOD32 (and often even in performance).

Source for heuristics (2009):
http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf

Re:Malware?

[trifish]

Yes, the most recent report is at http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf

Microsoft practically won it.

Re:Malware?

[Talderas]

You're just cringing at the fact that Microsoft did something right, and are looking for any reason to bash them. This is Slashdot however, and everyone is supposed to be a Microsoft cynic.

Re:Malware?

[Sinbios]

I've used his tools since before he got bought out by Big Corp, and even after he's still producing some of the most useful tools in the Windows computing world. I can't count the number of times I've solved my problems with stuff like FileMon (monitors filesystem access in real time) or Process Explorer (maybe ProcMon? Shows which processes has handles on which files, etc). Props to the guy.

Re:Malware?

[CrashNBrn]

Yeah the one time I had an "invasion" on my system, I was clued into the fact because Filemon wasn't spewing any results... something was capturing/preventing it. Seek n Destroy mission begun :-) And I can't fathom how much time Junction has saved (Win2K). Even though theres a WinXP tool that can create hardlinks and symlinks (and works on 2K) - the syntax of it is abominable. Among a few others that get fired up on a semi-regular basis.

Re:Malware?

[JTSmith]

viruses, trojans, and worms, are all nice and dandy but what about malware? That is what most people have to worry about these days.

Do not make remarks about stuff you do not know what you're talking about. Malware by its very definition is malicious software. Therefore, Viruses, Trojans and Worms are all malware. How did you even score a 4, insightful for your post?

Re:Malware?

[FrozenFOXX]

You're just cringing at the fact that Microsoft did something right, and are looking for any reason to bash them. This is Slashdot however, and everyone is supposed to be a Microsoft cynic.

You're right, we *are* cynics, and after the extremely long and horrible history from the company you'd be a fool to blame anyone for it.

However occasionally they do something right. I hope it's true personally, as when they actually do something right it's usually pretty impressive. My personal favorite recent achievement's the XBox/XBox 360.

Re:Malware?

[DeVilla]

And you are ignoring the fact that Microsoft has earned this reputation. For decades Microsoft has had bad quality and as a result, bad security. Back when I was learning to code pattern matchers in my first year programming classes, I was able to write a better matcher than the one they continued to use in DOS at the time. In DOS the pattern "*a.txt" would match a file named "z.txt". (The splat gobbled up the whole name and declared success without caring about the 'a' in the pattern.) Granted, once they shipped it broken, it had to stay broken, but they were (already monopolistic) professionals and I was a wet nose who only thought he knew everything. That should not have been difficult or recourse intensive (which did matter back then) to get right.

They've had an occasional high point over the years, but that doesn't beat the overriding trend of their long history. Their security has improved some in recent years, but that bar wasn't too high to begin with. You don't just get a reputation like Microsoft's. You earn it.

Re:Malware?

[ruemere]

It's a compromise. A compromise anyone may be forced to accept because of external circumstances.

Reality seldom defaults to binary properties.

Regards,
Ruemere

Re:Malware?

[overbaud]

Obviously English is your second language so I will go easy on you. Again... they are not forced to trust Microsoft. Forced means they have no option. They have several options. Your second sentence makes no sense. A compromise is "A settlement of differences in which each side makes concessions" (thefreedictionary.com) in this situation Microsoft is making NO concessions. The word 'may' is "used as an auxiliary to indicate the possibility that something could happen" (thefreedictionary.com) which is the complete opposite of 'force' "to compel (a person, group, etc.) to do something". I can see what youâ(TM)re trying to say in your 3rd sentence (even though it makes no sense as a property is a characteristic which is not a synonym for choice and reality is a concept unable to be defined with characteristics) and we are not discussing the broad concept of reality. We are discussing if people are forced to trust Microsoft. This question is Boolean, it is either true or not true. It IS NOT TRUE that people are forced to trust Microsoft. Further if we really want to split hairs TCP is the most popular vehicle for malware delivery or packets or copper maybe even light itself. But thatâ(TM)s probably not what you meant and there in is the problem, what you mean and what your say are two different things. Iâ(TM)m not even sure what you mean is correct either.

Re:Malware?

[rdnetto]

That's only because Microsoft knows that no-one ever bothers installing their updates...

Sounds positive

[dov_0]

MS is lifting their game.exe

Re:Sounds positive

[shermo]

I tried to open that file but it didn't work. My norton is working to protect me from malicious files very well thankyou.

Re:Sounds positive

[Mista2]

But they still think the US and it's friends are the whole world:

From the download site:
Not available in your country or region

You appear to be in a country or region where the Microsoft Security Essentials Beta is unavailable.

This beta is available only to customers in the United States, Israel (English only), People's Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only).

Re:Sounds positive

[bertoelcon]

I tried to open that file but it didn't work. My norton is working to protect me from malicious files very well thankyou.

If norton was doing its job, it would not allow you to open norton since it is also malicious.

Re:Sounds positive

[SilverHatHacker]

It's available in China? It runs on pirated versions of Windows then? I wonder if it considers WGA as a virus?

Re:Sounds positive

[pacinpm]

I downloaded it from Poland. The only problem was register page. It's headers were in Polish but content in Dutch.

Re:Sounds positive

[gbjbaanb]

This beta is available only to customers in the United States, Israel (English only), People's Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only).

Isn't that list of countries the ones bot-spamming the most crap out of their PCs?

Perhaps its more targetted than conspiracy?

Re:Sounds positive

[Sinbios]

Apparently not available in Canada. That whole piracy thing really tarnished our image :(

Re:Sounds positive

[hesaigo999ca]

Tor is a proxy service you can install and use and bounce off a server in the us, so it looks like you R belong to them...

Re:Sounds positive

[Sinbios]

http://www.softpedia.com/get/Antivirus/Microsoft-Security-Essentials.shtml

Re:Sounds positive

[master811]

It is so hard to look?

http://www.softpedia.com/get/Antivirus/Microsoft-Security-Essentials.shtml

I wonder how Symantec, Norton, et will react

[supercell]

Norton, Symantec and others have created an entire multi-billion dollar subscription based industry around virus protection for Windows. I wonder how they are going to react to this potential bomb for there business model?

Re:I wonder how Symantec, Norton, et will react

[gewalker]

Well, we know one thing for certain: "Resistance is futile"

Re:I wonder how Symantec, Norton, et will react

claim anti-trust and attempt to sue.

How dare microsoft plug security holes themselves.

Come on EU, save us from a secure windows platform.

Re:I wonder how Symantec, Norton, et will react

People attempting to buy Norton AV should be arrested; then given a choice between installing a completely locked down Linux kiosk, or have their hands and balls chopped off.

Re:I wonder how Symantec, Norton, et will react

[fuzzyfuzzyfungus]

Don't worry, you can still Punch the Monkey and Win a Free Nintendo Wii!!! with just your nose.

Re:I wonder how Symantec, Norton, et will react

"Resistance is futile"

Yes but only if much less than 1 Ohm

Re:I wonder how Symantec, Norton, et will react

[Skylinux]

I wonder how they are going to react to this potential bomb for there business model?

I don't know how BUT I do know that it will take a while considering the speed of Norton AV (consumer edition)....

ohh and anti competitive law suit in the EU in 3,2,1

Re:I wonder how Symantec, Norton, et will react

[zonky]

There would only be grounds for such a claim if they bundled it with windows.

Re:I wonder how Symantec, Norton, et will react

[icebraining]

No, unless they bundle it with Windows 7.

Re:I wonder how Symantec, Norton, et will react

[edivad]

Norton, Symantec and others have created an entire multi-billion dollar subscription based industry around virus protection for Windows. I wonder how they are going to react to this potential bomb for there business model?

React? You mean, they should feel threatened by the same noOneCare technology that so miserably failed to make any business because of its design flaws?
I can already see everyone in the business running scared about this new thing.

Re:I wonder how Symantec, Norton, et will react

[Mista2]

Even odds this will be offered through Windows Update, just like IE.

Re:I wonder how Symantec, Norton, et will react

[bertoelcon]

Hmmm make a secure OS, or put an OS out and then make a security program to secure it with more profit?

Re:I wonder how Symantec, Norton, et will react

[morghanphoenix]

Well, MS will only offer this for free until they've killed their competition, then they'll take over that subscription market and get all the money Norton & Symantec were raking in before they decided to smother their competition. Is there any other reason MS does a decent job of something? Once they've killed off their competitors it's back to the joke these types of products once were, after all, why try when you're the only game in town?

Re:I wonder how Symantec, Norton, et will react

[i.of.the.storm]

What are the design flaws? That said, if Norton and McAfee are still doing well now then they'll probably be able to survive this as well, because there have been much better free alternatives to their bloatware and they still seem to be extant. That said, the Symantec online virus database is pretty handy, but their client software is horrible. After switching to Avast, my computers booted 30 seconds faster. It seems like this Security Essentials thing is similarly lower on resource usage than Norton et al; perhaps a surprise coming from Microsoft, but a welcome alternative nonetheless.

Re:I wonder how Symantec, Norton, et will react

[FishWithAHammer]

They're not charging for it.

Re:I wonder how Symantec, Norton, et will react

[mysidia]

Microsoft has raised the bar. To continue to have people buy their product, their competitors will need to further differentiate themselves from Microsoft's now free offering.

That means doing it better, providing features the customers want (that MS doesn't deliver), innovating.

e.g. Enhancements and capabilities that are beyond Microsoft's expertise, or that MS isn't interested in delivering.

Probably mostly for enterprises, security management capabilities. There are elements of security to manage on your network OTHER than scanning and trying to block known infections.

And 'group policy' is not perfect, or necessarily ideal, for endpoint security management. The security vendors might be able to come up with more powerful solutions.

What about unknown threats? What about security patches in OS and third-party product....

Where's the popup from system security software warning the user that there's a known exploit for a bug in their current version of program Xyzabcd PDF viewer, being actively exploited??

Why rely on being able to detect a virus in a new untrustworthy .EXE a user downloaded, why not also sandbox all untrusted .EXEs, unless the user is authorized to install software, and manually taking a 'privilege elevation' action ?

Nornot/Symantec aren't the be-all, end-all of system security. There are also antimalware/security apps like Spybot S'n D, Adaware, Malwarebytes, and commercial ones.. eEye Blink, PrevX, SUPERAntiSpyware.com, Avira.

Which aren't $100-year subscriptions and provide their own advantages.

The higher the market share of the MS AV product, the less you should trust it (malware will specifically aim to be undetectable, or to evade the detection of and disable that specific product).

It's a lot easier for badware authors to 'evade' an antimalware product, if there's only one they really need to worry about.

Re:I wonder how Symantec, Norton, et will react

[morghanphoenix]

It's much easier to compete with people who can't break your software with an OS update.

Re:I wonder how Symantec, Norton, et will react

This isn't plugging security holes. Its producing a product which will be direct competition to other products that have been around for ages. If they then choose to bundle the MS one with windows, that will basically undercut all other products out of the market. I'm pretty sure thats illegal by most antitrust laws but they'll weave their way out of it somehow.

The issue is not about how secure everything is. You're looking at it from the point of view of whats best for the people and the common good. But using their existing monopoly to promote their own product is not fair to all other players in the industry. It is then no longer a level playing field.

People argue that they should be able to do whatever they want with their own product. But they overlook the fact that MS is a monopoly and that comes with responsibility. There are extra laws specifically for monopolies and they are there for a reason. If MS make the best product then they will not need to bundle it with windows for it to succeed. In a fair marketplace, it should just exist alongside all other existing products. Whether the best option is to bundle multiple trial versions with windows so that the pc is protected right away - I dont know, but that would make the most sense to me.

Re:I wonder how Symantec, Norton, et will react

[L4t3r4lu5]

Would there be a claim if Microsoft all of a sudden created an operating system that didn't require an antivirus solution?

There is no difference here. Much like any other business in a free market economy, when their market dries up they're free to fail^h^h^h^hobtain government funding, costing the tax payer millions of dollars, to spend on a business model which is failing to produce a product which obviously nobody needs or wants to buy anymore.

Re:I wonder how Symantec, Norton, et will react

[Antique+Geekmeister]

Yes. They are. The cost is folded into that of Windows itself.

Please review the findings _against_ Microsoft in the US Department of Justice cases for their monopoly based anti-competitive behavior against Netscape, by folding the cost of browsers into the included version of Internet Explorer, proprietizing it, and using their monopoly power to prevent the installation or use of other browsers.

And please don't assume that because the ocst is included in the basic OS cost, that they are not charging for it. They're merely, once again, charging _all_ customers for software that they might otherwise buy from competitors.

Re:I wonder how Symantec, Norton, et will react

[heffrey]

Well, since I can't get Norton to work on my 64-bit Vista (a platform that is three years old) I think they haven't really got a leg to stand on.

Re:I wonder how Symantec, Norton, et will react

[FishWithAHammer]

It's not even bundled with the OS. You have to go download it. Your reasoning completely sucks, and smacks of (stupid) knee-jerk anti-Microsoft sentiment. Unsurprising among Slashbots, but still.

If Microsoft can do it better than the antivirus vendors (and given how absolutely execrable the antivirus vendors are at doing their jobs, I don't see that as much of a stretch), then they are entirely welcome to do so. I'll still use Avast or Avira if theirs isn't up to snuff, and so will plenty of other people.

For-pay antivirus (especially the new subscription model foisted on consumers by Symantec and McAfee, among others) needs to go the fuck away. If Microsoft releasing a free antivirus (and I categorically reject your retarded assertion that it's a cost built into Windows) gets rid of that, then I'll throw 'em a fuckin' parade.

Re:I wonder how Symantec, Norton, et will react

[Antique+Geekmeister]

Whether it's bundled with the OS or a separate download is completely irrelevant to who paid for it. Microsoft did: they fund the websites for download, they take the support calls, they paid the programmers who wrote the OS. Where did the money come from for that? Windows sales and Microsft Office sales, that fund the company's R&D.

I don't object to Microsoft doing it themselves and putting most of the anti-virus people out of business: it's one of the things Microsoft's funds should have been used for, from day one in development and through every release and service pack. And because of Microsoft's design decisions, anti-virus tools have to be incredibly invasive to detect and disable known vulnerabilities, and that kind of work is expensive.

Just don't mistake it as "free" or "unpaid for". Microsoft has repeatedly been convicted of abusing its monopoly position to force users to have tools they would prefer other versions of, and forced vendors not to pre-install those other tools, and deliberately used their funding from their core business to replace competitive products with de facto (and often inferior) built-in products as a deliberate anti-competitive move. (Remember, Microsoft _lost_ cases about interfering with Netscape this way.)

Re:I wonder how Symantec, Norton, et will react

[internerdj]

Herein lies the antitrust problem... People have been making money off this area for years, but is the money being made off of Windows flaws? If I started selling unofficial patches that fixed say crashes in IE, would I have the right to sue if Microsoft patched those flaws? What if they waited several years and I had a clearly established market for my patches? This case is interesting because it will define how far a company can go in fixing its own issues. If they rule against Microsoft, this could mean that companies are only allowed to patch issues in the last two phases of Software Engineering.

Re:I wonder how Symantec, Norton, et will react

[Keeper+Of+Keys]

This is a thorny issue: there is no defensible reason to coerce your captive OS audience to use a particular browser when there are perfectly good alternatives out there. I would say it's unarguably an abuse of Microsoft's monopoly, except a lot of people seem not to have got it.

But a case can be made for an OS keeping itself free of malware. Where is the dividing line between features such as UAC and the Malicious Software Removal Tool, which have already been accepted as an essential part of Windows' security, and a more proactive anti-malware tool like Security Essentials - especially if it's a good as this report says?

Re:I wonder how Symantec, Norton, et will react

[Keeper+Of+Keys]

Please go and look up the word "argument".

Re:I wonder how Symantec, Norton, et will react

[ITJC68]

Exactly!! I had to go to Avast antivirus because all the "major" players (McAfee and Symantec) didn't support it. Avast has turned out to be a very good tool. It has found "junk" that others missed. My ISP gave out CA for antivirus for awhile. It was ok but Avast found things that CA should have. Needless to say CA is no longer on any machine I own and Avast home is on all of them. If M$ makes this a viable alternative and keeps the cost at $0 I might be tempted to try it out.

Re:I wonder how Symantec, Norton, et will react

[FishWithAHammer]

Except they're not forcing people to install non-preferred stuff in any way. If they start doing that, you have a point, but until then, you're just spewing crap.

(And I categorically reject the idea that something released for free is tainted because the R&D costs are paid for by applications in other markets. It's a stupid idea.)

Re:I wonder how Symantec, Norton, et will react

[rliden]

This is a really interesting question. I've been wondering this myself.

I've been testing the Win 7 beta and RC. Along with that I've been testing several security solutions. Of all the major vendors promoting full security suites Symantec seems to have the least intrusive low overhead solution in NIS2009 or N360. Of the AV only solutions I like Panda AV the best. It was similarly hassle free and easy to use. Microsoft Security Essentials, along with Windows Defender, firewall, backup, and defrag supply all the same functionality and are easy to use.

Several vendors are trying to sell not just security but centralized system management in the form of firewall, anti-malware, performance tools (disk defrag and registry defrag), and an automated backup solution (some offering online storage on their site). The problem I see here is that the Windows now provides a firewall, Windows Defender, and now MS Security Essentials for free. Windows 7 has a backup utility that, while fairly rudimentary, is good enough. The complete solutions I tried used the Windows 7 disk defrag tool and just scheduled it for you. In the end the only people are just paying for a fancy registry defragger and possibly some online storage. The third party vendors do provide all this in a centralized management console, but that's about all they have to offer. The new Windows Action Center provides easy access to all those tools as well just packaged in a more spartan interface.

I think it will be interesting to see how security vendors and software evolve from this.

Re:I wonder how Symantec, Norton, et will react

[DeVilla]

Does it matter at all that Microsoft help create the market and even encouraged it for years? If Microsoft had encouraged people to buy you fixes to their flaws, then your fixes become "value add". At that point, are the fixes or add-ons/extensions? Does it become like Microsoft creating a market for third party browser plugins and then bundling replacements for all the most popular third party plugins?

The stick point here, at least for me is that Microsoft not only create the market for anti-virus software. They encouraged it use and even discourage running without it. Now they are using monopolistic techniques that could crater the market they've fostered.

I understand the desire to have Microsoft just fix their broken software. But this isn't a fix. It's just a duplication of someone else's third party work around. Secondly, they've actively turned their broken software into a market. They've made the complicated for themselves.

Re:I wonder how Symantec, Norton, et will react

[Lucky75]

Care to spell out your point for those of us that don't speak slashdot?

Re:I wonder how Symantec, Norton, et will react

[Keeper+Of+Keys]

My comment was intended for those who understand the English language.

"People attempting to buy Norton AV should be arrested; then given a choice between installing a completely locked down Linux kiosk, or have their hands and balls chopped off."

That's not an argument - (s)he gives no reason at all for this drastic suggestion. It's just vitriol. Or, to put it another way, trolling.

Not that I think the poster was trying to make an argument in the first place, or that I necessarily disagree with their idea.

Re:I wonder how Symantec, Norton, et will react

[rdnetto]

And you think it won't be?

Anti-trust?

[Roger+W+Moore]

Should be interesting to see if the current AV vendors try the anti-trust card with MS for this. I imagine it will be a vary hard case to make since really all they are trying to do is fix their broken OS.

Re:Anti-trust?

[bill_kress]

There was talk about antitrust suits when Microsoft first included the TCP/IP stack in windows. Before that you had to go to another vendor.

It made life a LOT more easy once it was built into the OS.

I'm pretty sure the same thing will be true of AV software.

Re:Anti-trust?

It should be noted that Bill Kress is a Public Relations "professional" who works under contract for Microsoft.

Re:Anti-trust?

Be that as it may, his statement of comparing the relative usability of windows during time periods before and after MS made a windows component change is no less valid. Additionally, his statement supposes that similar integration (assuming it is done properly) will likewise make windows usability improve.

So, AC, your very obvious implication that he is astroturfing despite relating nothing but easily confirmed facts is a waste of everyone's time involved. If you want to take a swing at MS' credibility, by all means do so. There are plenty of avenues you could approach and would get no argument from me. GP's simple comment, however, is not one of them.

Incidentally, did you ever [i]try[/i] dealing with windows during the era of 3rd party tcp/ip stacks? It was unpleasant, to say the least.

I would add another example of integration that I think has improved the windows experience: the Vista (and Win7) search tool compared to XP's and earlier. Not as drastic as the implementation of the tcp/ip stack, I'll admit, but nonetheless quite the improvement. An indexing service that works and does so without a fuss and a simple WinKey followed by typing what I want has dramatically increased the speed with which I access what I want in many cases.

Integration is not all bad, you see. Provided it's done right. I expect the AV vendors who have built their subscription model on equally useless bloatware will not be happy about this. Good riddance, I say. As to you, MS, please don't screw this up.

Re:Anti-trust?

[b4dc0d3r]

TCP/IP should be in the OS - it is a resource management issue and is a hardware issue. If only a handful of apps used it, maybe third-party would be acceptable. But you don't want a third-party stack crashing the OS, so write it yourself and include it.

On the other hand, Anti-virus products shouldn't even be needed. MS should be able to write software with fewer holes in it. They have piles of static analysis tools, piles of research, and piles of other stuff. They just don't want to take the time and fix things (including testing), so they put wrappers like UAC around things instead of fixing it.

I've seen lots of bug reports ignored by MS just because it doesn't look like it's exploitable, only to have some crafty fool figure out how to exploit it. I can cause a stack overflow in Oracle 10.x drivers by sending a VALID openquery through a linked server. Runtime catches the error, but then it causes a crash in the error reporting because the stack is trashed. Currently it's a null refrence, but how hard would it be to turn a stack overflow into a server root hack? Not all that hard. But they won't fix it because the problem is in a third party module, and if that one is fixed the MS error disappears. I'm just saying these vulnerabilities are all over the place, especially since they have so much third-party code.

One person or company making the problem, and the solution to the problem, does not look good. Especially since MS only publically fixes holes they publically admit to. There might be piles of security problems no one else knows about, but MS AV might know to watch for suspicious behaviour that only MS knows about.

Giant virus outbreak because it's too expensive to patch a particular problem, or can't get it out fast enough, and only Windows SE customers are protected so everyone ditches Symantec and other AV and goes to Windows. It's not that far-fetched, and they might even do it that way by accident. When it's possible to have that kind of advantage and wipe out your competition in a single event like that, especially if it's unintentional, that's a problem.

Just saying, the mafia used to take protection money, but you were being protected from the mafia. Problem and solution should be from different sources. Therefore your analogy is invalid, same as if my hair were a bird.

Re:Anti-trust?

[not+already+in+use]

I imagine it will be a vary hard case to make since really all they are trying to do is fix their broken OS.

How is releasing anti-virus software fixing their "broken OS?" Are you implying that a non-broken OS is completely immune to viruses and malware or are you just spewing typical anti-Microsoft vitriol?

Oh ok... Thought so.

Re:Anti-trust?

[shaitand]

That was a stack? I thought that was swiss cheese. I do remember that they replaced parts of the cheese with a stable stack but they didn't write that stack. They borrowed it from an already well established system that was designed around the network years prior.

Re:Anti-trust?

Mr. Kress, you forgot to log in before posting.

Re:Anti-trust?

[Blakey+Rat]

On the other hand, Anti-virus products shouldn't even be needed. MS should be able to write software with fewer holes in it. They have piles of static analysis tools, piles of research, and piles of other stuff. They just don't want to take the time and fix things (including testing), so they put wrappers like UAC around things instead of fixing it.

Microsoft software is already more secure than most vendors. Recent major viruses have either:

1) Spread via social engineering. (The kind of thing UAC is supposed to help with, contrary to what you seem to think it's for.)

2) Spread via non-Microsoft software. For example, I got a lovely copy of the Vundo virus courtesy of Sun's Java VM. Sun and Adobe software have been major spreaders recently.

What would you suggest Microsoft do about either of those issues that they aren't already doing? Make it impossible to run Sun or Adobe software? Yeah, right.

Re:Anti-trust?

[westlake]

really all they are trying to do is fix their broken OS.

It isn't one OS.

Every OS is "broken" in the sense that there are always avenues of attack.

It can't be otherwise so long as mere humans have the final say on which programs can be installed and which programs can be run.

To call something "Malware" is fundamentally a value judgment.

I think the geek would be the first to howl if he could only install the apps approved and certified-safe by Redmond, Cupertino, or his favorite Linux distro.

Re:Anti-trust?

[Thaelon]

Considering those antivirus companies' entire business model depends largely on flaws in a single product line of another company does it really matter if they go out of business? They're parasites on a monopoly.

Re:Anti-trust?

[b4dc0d3r]

Let me rephrase. They don't consider bugs important unless someone can turn it into a vulnerability. Previous examples have shown that it is possible to turn a seemingly benign bug into a security hole, with a little flash of insight.

I should be able to submit bug reports directly to MS, instead of having to talk to a desk jockey at the OEM who never passes it on to the company that wrote the software. They would prefer you didn't do that. They will take your "send error report to microsoft" data, but at that point it's just statistical - whatever gets the most reports gets attention.

They should say at this point, you know what, let us know if you find something and we'll take a look at it to make sure it's not going to cause problems. You know how much that would cost? Probably not as much as you think if it's simple triage.

If I didn't work at a fortune 100 company, I wouldn't have a vendor support contact I could just call up and say hey this is causing problems, can you look at it? Smart people who know what they are doing can give great feedback and have it completely ignored because it doesn't seem worthwhile to look at something that might have problems.

They will always have problems with third-party code, and not much you can do about it. But you have to realize that the attack surface area increases, and have your bug-squasher team increase in surface area along with it. I don't see an equal response. Sure I'll be your effective beta tester, but I don't want to hear one more detailed report about bug reports getting ignored.

Simple, eh?

Re:Anti-trust?

[hot+soldering+iron]

Yes, It is like tow truck companies suing GM for making a more dependable car.

Wahoo!! I think I got the first car analogy in!

Re:Anti-trust?

[dbIII]

Microsoft software is already more secure than most vendors

"Most vendors" have a single bit of visual basic crapware to sell as shareware so I really do not see this as a valid argument. Microsoft likes the pretend they are in the "enterprise" space now so that is what they should be compared with - not something to display a purple gorilla.

Re:Anti-trust?

[Blakey+Rat]

I've reported more than a couple bugs to Microsoft. My track record on getting them fixed is significantly better than for bugs I've reported to open source projects. (Admittedly, the place to report them is hard to find for most products, and Windows itself. Some are easy though.)

For example, SQL Server Management Studio shouldn't open windows off-screen anymore, it'll sanity-check the saved window coordinates with the current monitor layout. (Last version would gleefully open windows off-screen if its saved position was on a no-longer-present monitor.)

Expression Web 3 should no longer install a duplicate copy of "Office Picture Manager" and clutter-up the "Open With..." menu with a pointless entry. (A bug I reported with Expression Web 2 that was resolved.)

And playback of MP4 over a network drive is *greatly* improved in recent versions of the Zune player software. I'm not going to take credit for that one, of course, as I'm sure it was on their "to-do" list, but at least by putting in the bug report, Microsoft can gauge how important that feature is for the product. (Unfortunately, Zune still has *many* unresolved issues with plug-and-play USB headsets.)

I think my open source record for bugs fixed is hovering around 2/15 or so. Maybe more, but I no longer have an OS X box so I can't check a couple of them. In my experience, open source projects (and psuedo-open source projects like Slashdot) are a heck of a lot more likely to ignore bug reports.

Re:Anti-trust?

[Blakey+Rat]

Maybe you weren't paying attention: I just compared their security to Sun and Adobe. Or are you now arguing that Sun and Adobe don't make "enterprise" software?

Re:Anti-trust?

[shutdown+-p+now]

I should be able to submit bug reports directly to MS

secure@microsoft.com

I have actually submitted information about a vulnerability that way. It was fixed.

Re:Anti-trust?

[Skuld-Chan]

Honestly I wouldn't mind if symantec and mcaffee left us alone - most customers don't understand the whole subscription to definition update model and are hopelessly out of date. If anything this particular program is a sign that Microsoft is no longer trusting 3rd parties to take care of their platform anymore and is probably a good thing.

Re:Anti-trust?

[jonbryce]

UAC in theory is just like sudo. There is nothing wrong with the idea of it, just the implementation.

Re:Anti-trust?

[colinrichardday]

Or OpenSuSE. Or several other Linux distros.

Re:Anti-trust?

[dbIII]

I'm saying that Microsoft have such a lax attitude to security that they even had a flaw to allow arbitrary code embedded in images to run when you tried to view the image - something that is so incredibly stupid it should only exist in the realms of science fiction. Their systems do not rate at all in terms of security in comparison to things designed with security in mind. That is why I had to reply to your "Microsoft software is already more secure than most vendors" to politiely point out it is no more than ignorant fanboy bullshit with a deliberately flawed comparison. Adobe of course are also infamous for things like calling ROT-13 "encryption" when it is literally cereal box codewheel stuff.
I suggest looking after more than a single Microsoft based system preferably with several in the hands of inexperienced computer users and you will begin to see why so many here are critical of things like the lax attitude of Microsoft to security. It helps if you have other half-decent systems to compare it to.

Re:Anti-trust?

[weicco]

For example, SQL Server Management Studio shouldn't open windows off-screen anymore

Hooray and thank you! I was so annoyed by windowses opening outside the screen so that I wrote a little program that enumerated them and moved them in to the view if necessary. Somehow it didn't occur me that this was actually a usability bug in the application :)

Re:Anti-trust?

[L4t3r4lu5]

Well, you're correct in that it's a control for rights elevation for a particular process, but way, way off apart from that.

sudo is a manual control; You have to physically type the command into your shell to instigate a rise in privilege. UAC asks you if you want to raise privilege. To a (l)user, desensitised as they are by Microsofts' abuse of message dialogues, clicking "Yes" is almost coded into muscle memory, and it's between MS and the users to sort out who is responsible for that situation.

AFAICT, UAC is just a get-out. It shifts the onus for installing crapware onto users PCs onto the user, as MS can now say "Look, you had to type in the password! You didn't read the box? Oh, well then... That's not our fault!"

sudo requires knowledge. Pressing "Yes" only requires impatience.

Re:Anti-trust?

[beuges]

Oh yes of course, because no non-microsoft image libraries have ever had vulnerabilities... no wait. What's this?

libpng Multiple Vulnerabilities

The vulnerabilities can e.g. be exploited by tricking a user into visiting a malicious website or view a malicious email with an affected application linked to libpng.

The WMF issue you're most likely referring to was fixed, whilst still preserving the ability to contain scripting commands inside the image file, implying that the ability to run code embedded in an image is not as incredibly stupid as you make it out to be. Or was that just some ignorant fanboy bullshit from the other side of the fence?

Re:Anti-trust?

You're an idiot. Can you read what you wrote? They stole BSD code? Wow! I know microsoft can do some pretty amazingly ridiculous things but you're saying they took BSD code and put it in their product, which is perfectly acceptable according to the BSD license, and saying it is stealing? I'm not Microsoft fan but really stop drinking the koolaid. Making statements like that will only make you look more ridiculous and less respected amongst your level headed tech peers.

Re:Anti-trust?

[beuges]

MS never actually wrote a TCP/IP stack. The one that's still in Windows is the development one (that was quite broken) that they stole from BSD back in the early 90s...

Look at how wrong you are

Re:Anti-trust?

[dbIII]

We have deliberately putting the behaviour in there in the first place and a bug in the second. On the larger scale it's the difference between poor security by design and poor security by accident. Both are of course poor security.
Also consider that the arguement "little bobby was bad so why can't I be bad too" is best left in the playground. There are many failures in computer security but it's not worth pretending that something with a few million minor failures is better than something with a few hundred severe failures - it's all bad.
Nobody should really expect to be taken as anything other than a fanboy when they are praising Microsofts security while everyone competant that has to touch their products is busy trying to make sure that they are not going to get submerged under the rising tide of Malware. May Microsoft products are good value for money for what they do, but security is not really a feature.

Re:Anti-trust?

on modern desktop distributions (BSDs as well) there is gksudo and ksudo. It's true that certain applications need to have graphical sudo do need to be configured beforehand (i.e a shortcut for gksudo wireshark) but desktop environments are pretty integrated enough and many applications are designed to ask the user to raise their privilege level when doing something system wide. I believe that's actually a better way of doing things and personally typing in your password to do something seems to be more involved for the user than clicking yes and may help them think twice before running purplemonkey.exe.

Re:Anti-trust?

[Antique+Geekmeister]

Excuse me, but that's the one in _NT_. NT is, in many ways, VMS rewritten by David Cutler and his software pirates from DEC, so I'm not surprised it has a not-merely-FreeBSD TCP stack. There was also another company back then selling TCP stacks which I used at the time, FTP software, which collapsed in various ways when Microsoft included a free TCP stack for Windows 3.11b and then Win98. (http://en.wikipedia.org/wiki/FTP_Software)

Looking at the Wikipedia for that company, I see Roxanne van Bokkolen, nee Ritchie. Why is that name familiar? Ohhh, my: (http://tech.mit.edu/archives/VOL_097/TECH_V097_S0241_P012.pdf). I had a chat with a colleague about this, during the dotcom era. It apparently explained a lot about the divorce among the founders, and was used as during a presentation as an example of what dotcom companies should avoid.

Re:Anti-trust?

[L4t3r4lu5]

If that's the case, why is MS still moving into the AV market? Surely UAC solves all of their issues with running as admin by default?

Re:Anti-trust?

[cerberusss]

He should have fully disclosed his credentials.

Re:Anti-trust?

[Quantumstate]

Programs on Ubuntu can ask for root permissions if they need it without you having to go to the command line. The main problem on windows is that software was designed to be run by people as an admin because that is what everybody did before Vista. So you get lots of unnecessary alerts because programs are poorly written. Linux has had a culture of being strict with permissions from the start so you will find that programs are very uniform and generalyl do things properly. This applies to things like where files are placed as well. On linux applications will put everything for the user in their home directory because otherwise they need root permissions so everything is nicely organised. Wheras on XP I had applications dumping stuff all over the place, some even used the install directory to store things, others put stuff in My Documents, polluting the users files.

Re:Anti-trust?

[Jaseoldboss]

Not all malware needs to run as admin. I'm thinking of those ransomware programs that encrypt all your files under "My Documents". That wouldn't need any special privileges.

Re:Anti-trust?

[Clover_Kicker]

Incidentally, did you ever [i]try[/i] dealing with windows during the era of 3rd party tcp/ip stacks? It was unpleasant, to say the least.

Of all the retarded problems that Win3.x had, Trumpet Winsock is pretty low on my list.

Re:Anti-trust?

[not+already+in+use]

Regardless of UAC or not, that model of software distribution is totally unworkable.

UAC is no less effective than sudo. Why are linux advocates unable to draw this parallel?

Re:Anti-trust?

[skiman1979]

Wouldn't it be more like tow truck companies suing GM for integrating an automated self-towing system into all new GM vehicles starting in 2011? If your car breaks down, a third axle with attached tires would lower to the ground and raise the front end of the vehicle. The system would be programmed to take the car to the nearest auto repair shop via GPS.

Re:Anti-trust?

[vertinox]

Are you implying that a non-broken OS is completely immune to viruses and malware or are you just spewing typical anti-Microsoft vitriol?

Yes.

Take my iPhone for example.

But more seriously, it is possible to create a complete secure OS that is immune to viruses and malware if you sandbox or sacrifice usability.

The question is how much usability do you want to give up?

Re:Anti-trust?

[Blakey+Rat]

You didn't read my original post so I suppose it's hopeless to explain it again- but what the hell, it's a long train ride.

The point I was making is that the majority of malware out in the world now does not spread by exploiting security holes in windows. It either spreads via social engineering, or through holes in other software. Given that, what is it you want Microsoft to be doing that they aren't already doing?

BTW, since you're on slashdot, I'll just go ahead and assume your one of those "vista sucks" kind of people- try moving some of your users to vista instead of the decade-old, only-secured-with-service-packs XP. You'll notice a world of diference.

Re:Anti-trust?

[Keeper+Of+Keys]

Further thanks from this quarter, but you sort of made the GGP's point: the bugs you reported that got solved were usability bugs, not security ones. Obviously these are important too, and more important to the end user until they get pwned. MS does seem to have a problem taking security seriously. With their resources they really ought to be able to do both.

Re:Anti-trust?

[Keeper+Of+Keys]

Please don't complain about how posts were modded, it's very boring. At any one time there will be more sensible mods than idiotic ones and obvious mistakes are almost always rectified.

Re:Anti-trust?

[Blakey+Rat]

Further thanks from this quarter, but you sort of made the GGP's point: the bugs you reported that got solved were usability bugs, not security ones.

So you're claiming that Microsoft *only* addressed my bug reports because they related to usability and not security? And further you're assuming that if I did submit a security bug using the same channel it would have been ignored?

Come on, we're trying to have a discussion here.

With their resources they really ought to be able to do both.

Prove they aren't. So far you're just asserting your own assumptions with absolutely no data to back them up.

Re:Anti-trust?

[Blakey+Rat]

The great part was the first Microsoft engineer who saw it, and declared that it was impossible for SSMS to open windows off-screen. He didn't even try it!

http://schend.net/images/screenshots/offscreen_ssms_window.png (the image I submitted after the bug was declared "impossible")

Re:Anti-trust?

[intheshelter]

You're right, it is not fixing their broken OS. The OS remains broken and now they will try to capitalize off that and make more money off the illusion of protecting their broken OS.

Are you a retard or a MS apologist? . . . .
Oh ok... Thought so.

Re:Anti-trust?

[Keeper+Of+Keys]

No need to overreact - look through my other posts on this page, I'm no kneejerk MS hater.

This discussion is about Windows security and while it's great that they fixed your bugs, other posters are claiming their reported security bugs were ignored. Since it is widely felt that they put more emphasis on user experience than security, really my post should be modded -1 Bland.

Re:Anti-trust?

[Blakey+Rat]

Sorry, you're right, it was flame-y. On the other hand, you'll have to excuse me if I don't count Slashdot posters as reliable sources when it comes to Microsoft's reaction to security-related bugs.

If you read, for example, Raymond Chen's blog, he frequently talks about the hundreds of non-security-related things that people report as security holes.

Re:Anti-trust?

[Keeper+Of+Keys]

Apology accepted :-)

I don't understand why MS-haters feel they need to try so hard: they are usually provided with more than enough rope. Today, it looks like MS has done something right - trotting out the usual flamebait is just foolish.

While I don't follow the security blogs in detail (though I'm cautious about letting Windows auto-update; I've been burned several times by misfiring fixes), I am aware of a steady drip-drip of known vulnerabilities being exploited before a patch is released. It would seem to imply the security team is overwhelmed, either by the number of misreported bugs or genuine vulnerabilities.

Re:Anti-trust?

[bill_kress]

I didn't say I was impressed with MS or anything, but yeah, it was better when it was built in. The alternatives were annoying and expensive, brutally hard to get anything working right with them just due to the nature of there not being a single stack to support.

Re:Anti-trust?

[rliden]

Please don't complain about people complaining about how posts were modded. Eventually they will get marked redundant or ignored.

I keed. I keed.

Re:Anti-trust?

[dbIII]

You are also here so making such an assumption about the readers is rather odd, and the assumption that I didn't read your earlier post is also wrong. As for what I would like, it is already happening although it is taking time - improvement of security. Hiding behind a pile of PR based on a lie is not going to speed up improvement and is really counterproductive. I also very strongly disagree with your complacent view about social engineering being the only vector - there is a lot of mess to clean up first.

Re:Anti-trust?

[DeVilla]

I'll try this one.

How is releasing anti-virus software fixing their "broken OS?"

I won't speak the the grandparent post, but to me it's not fixing their broken OS. Anti-virus is not a fix. It's a dodge. It's failure. It's surrender. But not a fix.

Are you implying that a non-broken OS is completely immune to viruses and malware or are you just spewing typical anti-Microsoft vitriol?

Again, speaking for myself, if the operating system is vulnerable to a virus or malware, it's broken and should be fixed. If it's vulnerable without user action, it's seriously broken. If a user adds the malware the it could be an irresponsible user's fault, but when things like ClickOnce are so common place, you can't honestly place blame on the user. The OS leaves the user defenceless.

Pretty much every OS is broken in this sense, but Microsoft has spent a long time demonstrating that some software can be (far more) broken than other software.

So, if it was an honest question, for me, the first one. Any vitriol, perceived or otherwise is just a symptom of a long established history of broken software.

Re:Anti-trust?

[DeVilla]

Calling something Malware may be a value judgement. But certification from Redmond is neither required not sufficient to make something not Malware.

My judgement tells me that if I was tricked into installing something I did not want or if the software has hidden function it does not claim to do or if it is installed behind my back, it's Malware. There is plently Microsoft software that fits that description on that enable other software to fit that description (Thanks for ClickOnce!) so I doubt a certification from Microsoft will really change that.

Re:Anti-trust?

[DeVilla]

That would only be true if GM had spent years telling everyone they should have their own tow truck to deal with the abysmal quality of GM cars and if GM's cars where actually so bad that that made enough sense to GM car owners that most of them did.

But seriously, congrats on using the car analogy!

Re:Anti-trust?

[weicco]

It would seem to imply the security team is overwhelmed, either by the number of misreported bugs or genuine vulnerabilities.

Could be, could be not, but things aren't so easy that when you get the bug report you just go and fix the thing.

At my work I get bug reports like, and this is actual case that's been hanging around almost half a year now: "There's some problem with logging on from remote site" (my translation from Finnish).

The weird thing is that the application does not support any "remote site logon" funtionality. It took me three months to find out what the heck this means. First I thought that they were using VPN or RDP or something like that. No, they were using some half-assed VPN-over-browser thingy. Next thing was that they were not really talking about logging on to the system but totally something else but related to security and user thought that logon = security and vice versa so he wrote that it is related to logon procedure.

Now why didn't I see this problem beforehand? Because a) it was not in the requirement spec and b) their half-assed VPN system is plain broken. I can't even fix this issue because the problem is not in the application I wrote!

Let's compare this bug report to another one: "Popup window gets stuck behind main window". Now this was an easy one. I asked which popup window it is causing the trouble and fixed the thing by commanding the popup window to foreground with single line of code.

So it is 1000 times easier to fix an UI bug than some weird security bug which occurs in some weird circumstance.

Oh, and I'm not working for MS. And yes, security bugs should be fixed the minute one is found and not to wait bug report from user. It's not just that simple sometimes.

Re:Anti-trust?

[Keeper+Of+Keys]

Indeed. The scenario you describe is what I meant by being overwhelmed by misreported bugs. I would imagine this is a highly nontrivial problem for Microsoft, simply because of the sheer size of their userbase. But it's a problem that is amenable to having money thrown at it: more people looking at bug reports correlates pretty much directly to more bugs fixed. A decent triage system would throw out the first bug you mention for being too vague, or at least demand more detail from the user before taking it seriously, leaving the team free to concentrate on properly submitted reports.

Re:Anti-trust?

[weicco]

Well, my personal and professional opinion is that there is a point where adding more resources doesn't make a difference and starts to even decrease the quality. Like in healthcare where adding more and more money to the picture starts only to build more byrocrazy and not to cure people. This is because when you all the sudden add 10 programmers to the picture you need more management for them and you need to train them. After these startup hiccups there can be at most so many people working on a single piece of code or module. It could lead to code management nightmare otherwise. So there is now 8 people doing nothing and getting bored which is not good for a programmer.

Of course I don't know if MS is at that point. It could be that hiring more talented people would do some good. Quality over substance I guess.

And besides I find the security of my Vista box quite good! My wife and I use the same Vista laptop so I made normal user account for my wife (and other for me) and didn't (and wont) tell her the administrator password. No she can't screw it up like she was able to do with XP (alltought XP, as any other NT based Windows, supports normal user accounts but it is not really practical in that manner because the lack of UAC). At work I find IIS and ASP.NET to do extremely well in case of security. All I need to do is to make sure that it is not I who makes bad decisions like it is extremely easy to do in PHP: include($_GET['something']);

Re:Anti-trust?

[bill_kress]

Umm, have you looked at my posts? The AC was a total troll, I actually despise windows and wouldn't use it at all except my company wouldn't get me a mac when I asked (we do development for cable boxes and the emulator software runs on windows).

Kinda makes me wonder if the AC was working for one of these sleazy companies that sells AV software with viruses built in.

On the other hand it amused the hell out of me! I've been showing that post to everyone I know. Also that a few people fell for it was kinda funny.

Re:Anti-trust?

[cerberusss]

Whoops sorry, I have to say I'm ashamed I believed straight-up what that AC wrote. BTW just curious; on what OS do the cable boxes run? Something like VxWorks?

Re:Anti-trust?

[bill_kress]

Mostly Linux based (BusyBox) around a custom micro kernel (VxWorks and others, depends on box manufacturer). I don't see that level much because I'm a java developer mostly.

The next generation called "" is all java based with the ability to run apps from alternative sources--the guide is even being rewritten in java and the platform will be a good deal more open. There are some other cool things going on but I think I'm getting close to "the line" and I'd rather not cross it.

And I don't blame you for believing AC, he said it with such certainty that I had to look around and make sure I hadn't been transported to Seattle. The use of my name in there really made it look like he knows me.

I'm guessing he has an agenda, but I don't have the balls to just come out and recklessly assert something I have no clue about with such certainty.

Re:Anti-trust?

[bill_kress]

The thing in quotes is supposed to be "tru2way" in angle brackets.. I forgot about the HTML formatting, but that's their trademark deal--in anglebrackets. I suppose if it fails they will have to have a /tru2way project...

Re:Anti-trust?

[bill_kress]

> One person or company making the problem, and the solution to the problem, does not look good.

Although I see exactly what you mean from a "programmers" point of view (It's not good for a programmer to QA his own code), looking at that line again made me laugh.

"No, you are not allowed to solve your own problems, it doesn't look good. Go find someone else to solve your problems or you will be severely frowned upon!"

Our world is a strange one where a line like that could go un-laughed-at.

Hitler's Kosher Hotdogs

[EdIII]

It's interesting, but at this point can Microsoft really convince anyone that they are serious about putting out a quality product? I think that is there biggest problem here... PR.j I will admit I laughed when I saw the article, and it is Microsoft's reputation that made me laugh. Maybe it is good, but I am I really willing to give them the chance with something that important?

I can remember articles talking about Windows Firewall in the past as being pretty darn good too, yet it seems the first thing a tech person does is to deactivate these days.

Let's face it. If Microsoft was seriously competent about doing these "core" activities, would the 3rd party market be as big as it is?

In any case it will be interesting if they start shipping Windows with this pre-installed. Then maybe the manufacturers won't be so quick to bundle Norton/McAffee with their products, and THAT will be fun to watch.

Re:Hitler's Kosher Hotdogs

[Darkness404]

Well, it depends but after installing Linux there are a few things you need to do to make it usable, even with Ubuntu I usually have to install codecs, DVD support, Flash, etc. Those are determined by your network connection so on a DSL connection it could take an hour or two of installation + configuration.

Re:Hitler's Kosher Hotdogs

[Anarchduke]

I am sure the builders of the Maginot Line would probably disagree with you.

Re:Hitler's Kosher Hotdogs

[ClosedSource]

Fixing holes in their architecture? I don't think it works that way.

It's not that MS is incapable of making a more secure OS, it's just making an Windows-compatible secure OS that is the problem.

People forget (or weren't alive yet) that Windows roots are on a very limited platform that even a Linux kernel can't run on (no hardware support for "root" on a 8088).

So far legacy compatibility has more business value than a more secure architecture (at least on the desktop).

Re:Hitler's Kosher Hotdogs

[Pharmboy]

People forget (or weren't alive yet) that Windows roots are on a very limited platform that even a Linux kernel can't run on (no hardware support for "root" on a 8088)

Not exactly accurate. For starters, Windows NT 3.1/3.5 also ran on Alpha and MIPs, not just x86. More importantly, Windows didn't take off until the 386 came out (and i386 is still the basis for much code, including Linux). Almost no one ran Windows on a 286, and virtually no one on a 8086/8088.

Code originally designed to run on a 8086 and 286 won't even run on a 64 bit version of Vista (and 64 bit is the standard now, assuming you want over 3-4gb of ram, depending on BIOS). The 64 bit version doesn't have any 8 or 16 bit API support, only 32/64, unless you can hack it in virtualization. There really is no reason to run a 32 bit version of Windows 7 either, unless you need those old apps (not common) and will never need 4gb of ram (unlikely).

In short, Windows Vista/64 and 7/64 won't run DOS or 8088 code, and *isn't* backward compatible.

As a side note, I *think* you can install the 64 bit version of Linux and run DOS apps in a dosbox if you need. Will have to try that on the servers at work and see.

Re:Hitler's Kosher Hotdogs

[westlake]

It's interesting, but at this point can Microsoft really convince anyone that they are serious about putting out a quality product?

Microsoft is strongly positioned as a client OS. On the server. In core business applications. In development tools. In console gaming....

In software software sales, MS Office is bigger than games.

Bigger than anything. It is the tail that wags the dog. The 900 pound gorilla. Choose whatever metaphor you like.

The Win 7 Beta opened to rock-solid reviews and has effortlessly claimed about half the market share of Linux on the desktop. Operating System Market Share

The geek knows all of this intellectually, but he can't process it emotionally. It is easier to live within the bubble.

I can remember articles talking about Windows Firewall in the past as being pretty darn good too, yet it seems the first thing a tech person does is to deactivate these days.

Windows Firewall wasn't designed for the techie.

It was designed for the user relentlessly nagged by requests to approve outbound access for the obscure subroutines of programs that already have his permission to access the net.
 

Re:Hitler's Kosher Hotdogs

[shutdown+-p+now]

Windows Firewall wasn't designed for the techie.

Why not? If you just want to block per-port or per-application, it does just that. And how often do you really need something more complicated than that on a single machine (we aren't talking about dedicated firewall boxes here)?

Re:Hitler's Kosher Hotdogs

[ClosedSource]

"Not exactly accurate. For starters, Windows NT 3.1/3.5 also ran on Alpha and MIPs, not just x86. More importantly, Windows didn't take off until the 386 came out (and i386 is still the basis for much code, including Linux). Almost no one ran Windows on a 286, and virtually no one on a 8086/8088."

Suddenly you're jumping to Windows NT. I wasn't discussing when Windows "took off", I was talking about its origins. I don't think there was much expectation that legacy applications were going to be binary compatible with Alpha and MIPs. These non-x86 versions had far fewer users than pre-386 versions of Windows.

"Code originally designed to run on a 8086 and 286 won't even run on a 64 bit version of Vista (and 64 bit is the standard now, assuming you want over 3-4gb of ram, depending on BIOS). "

I don't know if your claim is true or not, but 64-bit won't be "the standard" for a few more years.

Re:Hitler's Kosher Hotdogs

[PRMan]

Why not? If you just want to block per-port or per-application, it does just that.

It does? Every time I have tried to use it, it blocks apps even though they are in the list. I set up everything the way that it should be and it still doesn't work. I turn it off, and everything works perfectly. This is why everyone turns it off, because IT DOESN'T WORK.

Re:Hitler's Kosher Hotdogs

[AK+Marc]

My 8088 started with DOS 3.3, made it through DOS upgrades, some Windows, and last had Windows 3.1 (running horribly, but running) when it was retired to the dumpster.

Re:Hitler's Kosher Hotdogs

[rliden]

This has been my experience as well. The firewall rules come with a fairly secure set of default settings while still allowing applications to work. The built-in firewall is easier to configure than some third party firewalls (both Kaspersky and F-Secure have given me more troubles in my experience) and automatically configures some complex rules for games.

Re:Hitler's Kosher Hotdogs

[Pharmboy]

64 bit is the standard for new systems now. Would you really buy a new computer with less than 4gb ram, and expect it to have a shelf life of more than a year??

Probably Pretty Good

[Sponge+Bath]

With all that talent, resources, and internal knowledge they should have a slam dunk. Unfortunately I have a lot of distrust built up from over the years about what MS sticks under the hood. It will take many years of good reviews and endorsements before I feed comfortable that the MS AV does not give any special passes to iffy software from a MS partner, or that the MS firewall will correctly block things from going out when configured to if the originator is an MS component.

It makes sense

[phantomfive]

The Microsoft style is to solve problems by throwing a lot of people at it, and they use that strategy fairly well. Instead of simplifying the structure to where it can be reasonably dealt with by a small group of people, they are happy to make it big. For example, compare the number of system calls in the windows kernel with the number in the Linux kernel. Having so many more system calls means each internal refactor will have to take more into consideration, as well as requiring more testing, but it's ok, Microsoft is happy to throw lots of testers at it. The ASP.net model, which basically wraps a whole system around html/javascript to encapsulate it and make it easier for the average programmer was an amazingly man-hour intensive job, once again requiring lots of testing and many special cases, and yet Microsoft did it.

That operating style is especially well suited to AV software, because it is a job that can be easily broken up and handed out to different programmers, and catching all the viruses is a job that can be easily helped if you have a lot of programmers and testers. It makes sense that Microsoft would write good AV software.

Re:It makes sense

Ok, I have to quibble with the ASP.NET comment. Bash Microsoft all you want but get your facts straight.

ASP.NET is not primarily an HTML/Javascript wrapper. Its purpose is much more ambitious than that. I would argue that the greatest strength of ASP.NET is providing an easy method for a web developer to utilize the .NET framework. Yes, its complex but so are the enterprise-class applications I build with it. Some of us build things more complicated than a blog publishing platform. And thus we need more robust tools.

As to your argument that it was a man-hour intensive project: so what? Microsoft, for all of their chair-throwing, Internet Explorer-inflicting ways, does know how to create top-tier dev tools. And that does tend to take time and a lot of qualified people.

Re:It makes sense

[phantomfive]

ASP.NET is not primarily an HTML/Javascript wrapper. Its purpose is much more ambitious than that. I would argue that the greatest strength of ASP.NET is providing an easy method for a web developer to utilize the .NET framework. Yes, its complex but so are the enterprise-class applications I build with it. Some of us build things more complicated than a blog publishing platform. And thus we need more robust tools.

This is an interesting comment. I am interested in knowing what sorts of things the integration with the .NET framework is helping you to do. For the most part I have found I only need an extremely small subset of the .NET framework for working with ASP. It is also hard for me to think of a case where I would need MORE than a small subset of the .NET framework. So if you read this, Mr. AC, please let me know.

Also, my experience with ASP has been the opposite: as I've made more complex web applications, I've needed to branch out beyond Microsoft's ASP, and use third party controls, and more and more I've needed to write my own javascript and html (which is annoying because now instead of the ASP wrapper making my life easier by eliminating the need to learn javascript and html, it's made my life harder by forcing me to learn ASP on top of it. It's not a huge burden, though). ASP.NET from my perspective seems to be aimed more at people who are doing simple things like blogs, not at people who make web applications. Microsoft CRM seems to do a good job with that, but licensing costs are expensive.

Re:It makes sense

[Blakey+Rat]

For example, compare the number of system calls in the windows kernel with the number in the Linux kernel.

Where would I get data to compare these two items? I see from Wikipedia that Linux has around 320.

Re:It makes sense

[Dutchboy2000]

In my view, using a "small subset of the .NET framework" is not an argument against using ASP.NET. .NET is a huge and extremely varied framework (as you evidently know well). It would be a very odd case where any particular application - whether it be web or Win32 - would require the majority of the functionality provided through .NET.

But the fact that all I need is a screwdriver does not lessen the value of having a well-stocked toolbox. The first time I had to create a web application that could consume and perform complex recursive logic on XML files created by a mobile application framework, I didn't have to wonder whether .NET provided the necessary functionality. I knew it did even though I'd never used it before.

I'm not going to sit here and tell you there aren't things about .NET that drive me nuts. And, in fairness, I don't have a lot of experience with other web application frameworks. Still, .NET gives me what I need when I need it and without a lot of fuss. The biggest problems I deal with each day have very little to do with my framework of choice and much more to do with things outside of my control. C'est la vie, eh?

By the way, I'm the Anonymous Coward that posted above. I just created a new Slashdot account so now I can be a Well-Known Coward.

Re:It makes sense

[phantomfive]

You're right, it is hard to find that information on Windows. http://www.metasploit.com/users/opcode/syscalls.html is one resource, looks like 424 according to them. Admittedly not a whole lot more.

I believe this is the http://www.visualcomplexity.com/vc/project.cfm?id=392 link I was thinking of when I made my original statement.

The question is

Why do we need MS antivirus software in the first place?

Re:The question is

[Nightspirit]

Because people will download and install anything? Even OSX was hit recently with people pirating the iwork suite.

Re:The question is

In other words, MS is protecting users from their own ignorance and/or stupidity.

Re:The question is

[nausea_malvarma]

In other words, MS is protecting users from their own ignorance and/or stupidity.

And nullify what caused them to purchase microsoft products in the first place?

I would hope...

[Jesterace]

So far it's been running very well. I would presume that they should be able to make something that will protect their own operating system after all they did code it.

Re:I would hope...

[ichthus]

Yeah, but this is a bit like a car manufacturer providing locks for their doors after the fact.

Re:I would hope...

[b4dc0d3r]

Their OS gave rise to a cottage industry of antivirus. The whole reason we need protection is because of their insecure code. I don't trust them to protect it.

Re:I would hope...

[Antique+Geekmeister]

It's not merely the code. It's the historical approach to security as an after-the-fact addition to features like auto-run of inserted CD's or media, auto-open of downloads, auto-conceal of filename extensions, auto-interpret of strange URL's into something more sensible looking but more dangerous to the user, more auto-display of web content of strange new proprietary and poorly tested formats, etc.

Anti-virus cannot hope to fix this anymore than buckets can hope to fix a leaky roof.

MS still has superb programmers

[geekboy642]

It's always been this way. Microsoft rests on their laurels until an upstart company starts making money at their expense. Between Mac, Linux, and the insane proliferation of general crapware, MS has a real image problem on their hands. Luckily for Microsoft, the best and the brightest can be wooed by the kind of money they're able to throw around. When they throw their top programmers at a job, the results are stunning, just witness the turnaround from early Vista to the current beta of Windows 7.
Sadly, the end result will be bad for consumers. Other security companies will be badly hurt by the release of this freebie, and MS will go back to sleep, leaving the security marketplace to stagnate like the pre-Firefox browser market stagnated.

Re:MS still has superb programmers

[icebraining]

There are many AV suites already released for free - Avira, AVG, Comodo, etc. Avira is much more popular than paid AV suites around here.

Re:MS still has superb programmers

[b4dc0d3r]

Does Avira require registration? I got pissed at other AV tools because they either require registration or magically ballooned into ridiculous clown-barf color schemes.

AVG Free was my favorite, but they discontinued the previous version (7.5?) and made 8.0 install only on XP SP2 or above. Or something like that. So I went with something else that required me to sign up. Sure they want to track users or somethinig, but I delete everything they e-mail me with so it's really me being up-front - I'm not going to upgrade nor pay you money, so you don't need my information to spam me with.

Then upgraded to SP3 because the free MS compilers require SP2... and tried AVG next version again. I right-click to scan, and there's a balloon tip type notice that I started a scan, a giant orange notice that I decided to ignore the fact that on-access scanning is off, a slide-down notice to upgrade, 60 second scan startup time, and when I close the window a balloon tip type thing to let me know if finished. Fuck all of that. I want a virus scanner, not a billboard.

So - you or someone else - what makes Avira good?

Re:MS still has superb programmers

[Plekto]

Sadly, the end result will be bad for consumers. Other security companies will be badly hurt by the release of this freebie, and MS will go back to sleep, leaving the security marketplace to stagnate like the pre-Firefox browser market stagnated.
*****

And the *real* problem isn't if, but WHEN, all of those systems are hit by a piece of mal-ware that is purposely written to defeat Windows 7's built-in AV. With everyone trusting and few people installing other products, it could be a potential nightmare if the mal-ware writers sit back and let everyone think Windows 7 has fixed the problem(ie - sit and do nothing for about 2-3 years then rip a huge hole in all of the machines at once)

Re:MS still has superb programmers

[bigngamer92]

But how many of them are made by a company that even a non-techie would trust? I guess this isn't a problem if it's not bundled since non-techies won't download anything unless it's front page google or a techie advised it to them. And most techies will jump on the non-Microsoft version typically. It all comes down to winning over those techies and CxO's. I'm sure Microsoft will throw the for-pay version at corps though.

Re:MS still has superb programmers

[CyberDragon777]

This won't be a built-in AV.

Re:MS still has superb programmers

[Plekto]

I bet 90% of home users will be stupid enough to think that it is effectively built-in AV though.

Iffy software

Unfortunately I have a lot of distrust built up from over the years about what MS sticks under the hood. It will take many years of good reviews and endorsements before I feed comfortable that the MS AV does not give any special passes to iffy software from a MS partner, or that the MS firewall will correctly block things from going out when configured to if the originator is an MS component.

...or give free passes to "iffy" USA government-sponsored spyware.

Great if you're living in one of 5 countries...

[jpedlow]

So I decided i'd check it out for my XP box.... "Not available in your country or region You appear to be in a country or region where the Microsoft Security Essentials Beta is unavailable. This beta is available only to customers in the United States, Israel (English only), People's Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only). " So...not Canada? *sigh* Well, time for Nod32 or kaspersky I guess...

Re:Great if you're living in one of 5 countries...

[Z34107]

Looks like you got modded "-1, Canadian." :P

directed self-interest

[Horar]

A computer consultant advocating Windows is like a doctor prescribing cigarettes. It creates a lot of extra work.

Re:directed self-interest

[mozzis]

A computer consultant advocating Windows is like a doctor advocating a healthy lifestyle. Stop twisting reality to fit your fundamentalist preconceptions.

Re:directed self-interest

[dublin]

Any computer consultant worth his salt won't get drawn into silly squabbles over OS/platform/software/language/etc., and will recommend the *best* solution for the client. Don't ever let bigotry blind you...

I describe myself as a dyed-in-the-wool Unix proponent (24 years now), but I run Windows on my desktop machines, and have recommended Windows on many occasions, including some large-scale Fortune 20 deployments, where it made more sense. (For servers, I avoid Windows unless the app environment really needs it or runs markedly better there, but there are still a good number of those situations. Given my druthers, I design new systems around open source technologies, mostly because of the lifecycle cost savings. Auditing all those licenses is a non-trivial cost and PITA, not to mention acquiring them in the first place - and avoiding licensed software makes leveraging cloud computing *much* easier...)

Windows certainly has its faults, and I'm a big critic, but it also has its place, and for a good number of things (even some server-based things), Windows is the best choice - sometimes by a good margin.

Re:directed self-interest

[simplexion]

I recommend the best solution to the client all the time. They just like to ignore it and go with Windows anyway.

Re:directed self-interest

[InsertCleverUsername]

A computer consultant advocating Windows is like a doctor prescribing cigarettes. It creates a lot of extra work.

I am intrigued by your offer to provide Linux support desk services for my aging parents.

Re:Beta not available for download

[NervousNerd]

Right here.

Maybe, but...

[fenring]

Maybe Microsoft's antivirus is pretty good, I don't know. The problem remains that Windows needs some sort of AV to function properly. That's the problem.

Re:Maybe, but...

[xxuserxx]

If Mac's had 90% of the user base such as Microsoft does you would see the same problem with Macs or Linux even. It has nothing to do with system security it's simply that PC's are who virus programmers target.

Re:Maybe, but...

[h4rr4r]

Too bad apache proves you wrong.

This is an old, tired and false argument. If any OS had the holes windows does it would get exploited like mad.

Re:Maybe, but...

[xxuserxx]

Did you not read about the Apache security flaw that was posted on Slashdot just this week?

Re:Maybe, but...

[h4rr4r]

Oh wow 1 flaw, BFD.
The point is more IIS boxes get owned than Apache boxes. Yet there are far more Apache servers in the wilds.

Re:Maybe, but...

[ClosedSource]

"Oh wow 1 flaw, BFD."

Well, you have to add them all up you see..

Re:Maybe, but...

[_Sprocket_]

Did you not read about the Apache security flaw that was posted on Slashdot just this week?

Did you read about it? It was a potential DOS. The issue is well known and generally mitigated either through various common deployment strategies or a module that comes with Apache. So while you can certainly deploy an Apache server that's susceptible to this - you don't have to. And even if you do, it's not going to be an avenue of attack for malware.

Re:Maybe, but...

[shutdown+-p+now]

Viruses don't target server environments. That's pretty much by definition - as they require active user interaction to spread.

Exploits are a different thing, but, really, have you looked at vulnerability stats in Apache vs IIS6/7 lately? Try it, you might be surprised.

Re:Maybe, but...

[shutdown+-p+now]

It has had much more patches over the year and I'm not conviced that an actively developped open source project like this is more vulnerable because more holes are found. That might be a sign that it's easier to locate in apache than IIS but does not mean they are non existent and unknown to the wrong people in IIS.

To sum it up: you don't care about any numbers I might show you, you just firmly believe that Apache is more secure, simply because it's OSS.

So, is there any point to discuss it further, then?

Re:Maybe, but...

[Virtual_Raider]

Odd, I got along for years without using it.

It is simple: 1. Use Firefox (fewer 0-day exploits) 2. Don't browse porn/warez 3. Don't use P2P at all (no malware) 4. Run a web virus scan every couple of months just to be safe.

The users, and the insistence on admin privileges are the problem. At least MS is slowly working on the latter. The former is unfixable. OS X is NO better on many counts.

Um, yeah, "Don't use a computer, don't get pc viruses". There are far more productive and fun ways to not get infected, such as don't run everything as admin, use sand boxes and / or virtual machines. The end user doesn't have to even have a clue what this means, they are transparent solutions.

Re:Maybe, but...

[andy.ruddock]

That's pretty much by definition - as they require active user interaction to spread.

Actually, by definition, a virus doesn't require active user intervention to spread.

Re:Maybe, but...

[Americano]

The issue is well known and generally mitigated either through various common deployment strategies or a module that comes with Apache. So while you can certainly deploy an Apache server that's susceptible to this - you don't have to. And even if you do, it's not going to be an avenue of attack for malware.

*cough*same-applies-to-Windows*cough*

I've deployed plenty of Windows XP systems for home use for family & friends, and with common sensible deployment strategies, a decent security package (a la AVG), and a few configuration changes, they've been remarkably secure and problem-free.

Your argument that you *can* deploy a secure Linux/Mac box or Apache server relies on "choosing secure settings and not doing dumb shit." Windows will work just fine for you if you do the same.

Re:Maybe, but...

[_Sprocket_]

Your argument that you *can* deploy a secure Linux/Mac box or Apache server relies on "choosing secure settings and not doing dumb shit." Windows will work just fine for you if you do the same.

Sorry - you misunderstood what I was saying. The parent poster was talking about a specific bug / exploit against Apache that was recently announced. Turns out, the issue doesn't have much bearing on the conversation at hand. Your anecdotal story about deploying WinXP systems has more to do with the thread than the parent's posting about the Apache bug. But the point isn't about intelligent deployment of systems. It is about whether marketshare dictates a fertile environment for malware.

Re:Maybe, but...

[Super_Z]

On one side is a project that publishes every fault and problem that is found in its code. On the other side is a product which owners never publishes its faults and problems unless its owner has published a patch.

Comparing numbers here is a bit like comparing apples and oranges, right? Hence the parents refusal to play your game. And somehow your post got modded "Insightful".

It seems wrong for an OS vendor/maker to do this

[erroneus]

Microsoft should not be making antivirus software. It should be fixing its vulnerabilities.

The OS has many fundamental problems, some of which cannot be resolved without redesigning the core internals which would render all older software incompatible any newer version of the OS. This sort of problem was identified long ago, but it was decided that the cost of change would be too great, the burden on third party software vendors too heavy and ultimately, it would be too slow to adopt and migrate for all users. And the longer they wait for this eventuality, the more expensive and prohibitive it becomes to make such important changes.

If this sounds like the U.S. moving from Imperial measurements to the globally accepted Metric system, you wouldn't be alone in this observation.

Microsoft still cannot fix the "stupid user" problem but there are many things they could fix if they had the balls to do it. And they could take a page out of Deep Freeze's playbook and create a system where the user must first unlock the system before they can install anything. But perhaps the similarity to the adoption of the metric system doesn't stop here. Perhaps there will come a point at which everyone will move on to another system leaving the "imperial" one behind... well I can dream can't I?

Re:Microsoft Hate

[TexNA55]

So much hatred towards Microsoft here. My experiences with Server 2008 and Windows 7 have been nothing short of stellar. Terminal services are rediculously easy to setup through IIS (which happens to be more secure than Apache currently) and Windows7 benchmarks are better than XP. What else do you guys want from Microsoft?

Compatibility.

About time

[avandesande]

When you consider all the extra crap they ship with their OS, including something that is actually useful like this should have been done 10 years ago.

Only protection against files?

[sugarmotor]

'All files were properly detected and treated by the product,'

Aren't there other attacks besides file-based ?? This sounds rather silly!

Stephan

Re:Microsoft Hate

[Curate]

Yes, please go on.

Re:Microsoft Hate

[Slothrup]

A real shell? Having to install cygwin is kinda a pain. No powershell does not count.

Why doesn't PowerShell count?

Windows Defender?

[Degro]

So what is the difference between this and the Windows Defender that comes with Vista? I don't trust any of these AV companies and haven't run their software in over a decade with no real problems. I do however let Windows Defender do whatever it does since upgrading to Vista. I never really looked into what that doing actually is though...

Re:Windows Defender?

[dave562]

If my memory serves correctly, Windows Defender is based around IE and protecting the computer from exploits that come in through the browser. Anti-virus software on the other hand scans the rest of the system. To come up with a theoretical example, if you are running Windows Defender and AV software, when you visit a website with malicious code on it, Windows Defender will recognize the code attempting to execute in the browser and block it. On the other hand, if you are only running AV by itself, the malicious code will execute in the browser, and MAYBE your anti-virus software will catch whatever trojans and other executables the website copies onto the local system (if you're lucky and have up to date definitions that can detect whatever they are trying to drop on the system).

The sad reality of the fact seems to be that in order to secure a typical Windows network in this day and age requires a multi-tiered approach. You need some sort of proxy/web filter software to block known malicious sites outright, and also to do some sort of packet inspection/exploit detection on the open connections. You then need some sort of software to protect the browser itself, like Windows Defender (if you are running IE). As a last line of defense, you need anti-virus software running on the local workstation. Also worth noting if you're hosting email in house and forwarding that email to Windows clients, you need AV on the email server, and some sort of anti-spam box in front of the email server.

Re:Windows Defender?

[ECCN]

Defender is Anti-Spyware only. Security Essentials is Anti-Virus & Anti-Spyware combined, so it effectively replaces Defender outright.

Re:Windows Defender?

[microbee]

This is anti-virus as well as anti-malware. It supercedes windows defender.

Re:Microsoft Hate

[h4rr4r]

Try using it.
1.
A shell that uses objects is asinine.
It looks like a bunch of java idiots tried to make a shell. If I wanted objects I would use a programming language, this is supposed to be scripting.

2. No ssh, lame.

3. does not support anything like authorized_keys.

In other news

[Ludedude]

Redmond WA, June 24 2009. Microsoft is proud to announce today its acquisition of independent and trusted testing firm AV-Test. Details of the transaction are not immediately available but rumors involve a large cash payment and real estate on a remote Caribbean island.

Re:Microsoft Hate

[Blakey+Rat]

A real shell?
Having to install cygwin is kinda a pain. No powershell does not count.

Way to craft your requirements in such a way that they're impossible to meet. What is a "real" shell? And what features does your "real" shell require that PowerShell doesn't have?

Let me guess, a "real" shell is defined as "a shell that Microsoft is not currently shipping."

Virus Bulletin

[p51d007]

Don't see anything from the VB100 list yet. http://www.virusbtn.com/index

AV-Test better than VB100 and Checkmark

[Rsriram]

AV-Test uses a really large sample size for testing against real viruses. Unlike VB100 or Checkmark that focus on a sample size of around 1000 to check "in-the-wild" viruses.

To be fair, in-the-wild viruses cause about 98% of the attacks and AV organizations catching them have demonstrated their capability of catching the others.

AV companies catch viruses a few hours to few days after a virus has been released. So, even the best AV company cannot save you from getting infected by that brand new virus which has been released just a few minutes ago.

When a lay user is also the administrator on a system, they can inadvertently install/click on exe files and answer yes to threatening questions about security. For a really secure OS, the user needs to be upgraded to an administrator, preferably a NetBSD admin. But then who would do the rest of the work in the world!

Re:Microsoft Hate

[ClosedSource]

"A shell that uses objects is asinine."

Right. We forgot that UNIX fans worship ASCII.

AV-Test Deems Windows Security Essentials ...

[xjlm]

( I just couldn't bring myself to finish the title) Wonder how they'll cripple this one? "For only $99/month, your computer can be covered, too!"

Re:AV-Test Deems Windows Security Essentials ...

[CyberDragon777]

1. It will be free.
2. It will not be shipped with Windows. (Sorry anti-trust guys.)
3. It is based on the Microsoft Forefront business product line.

Re:It seems wrong for an OS vendor/maker to do thi

[TSPhoenix]

Its a social problem, not a technical one.

All UAC did was train people to press "Yes" on every dialog even more zealously than before. A system based around asking important questions to people who neither understand or care is not a good one. sudo works because everyone using it does care.

What MS is doing here is clever IMO. Instead of trusting the user to not do anything dumb, they've instead given them a big "Press me to fix your computer" button to wail on. People will see their computer is being slow, hit the button and hopefully the problem will be fixed.

Re:Microsoft Hate

[Mista2]

Because it would have been so hard to impliment a POSIX shell that most people who are command line junkes already know. Now, they use MONAD and PowerShell to wrap around .Net, and again ties people into Windows. Otherwise you might be able to run your scripts on anything!

I have 5 general purpose PCs at home, and three games consoles. My work provided laptop runs Win7RC because is really is so much better than Vista, and meant the company could save some money and didn't have to upgrade the hardware in it, my Wifes PC runs Vista, because that is what it came with. My server runs Suse Linux (and VMWare Server, and 4 linux guests), my netbook runs Ubuntu. My desktop is a Mac Mini. With all this stuff, everything I need runs on all of these platforms, except anything provided by Microsoft. Office 2007-nope. Powershell-nope, Office Communicator-nope
However I can install cygwin on the windows boxs to get X11 and BASH, and opensource software for everything means I am not beholden to any one vedor to keep my home network running fine. Really important as all of this cost me no more than the initial cost of the hardware. 8)
Oh, and none of my machines have ever been pwnd by a virus, even windows. It is possible to run a secure windows platform, but it is much harder than with other OS's.
At work I am working on an implimentation of a corporate wifi using 802.1x authentication It needs to transparently just work, and so trying various methods of authentication. The wifi is in a seperate firewalled extranet. The Authentication servers have to work through a firewall. The Linux clients auth using RADIUS, not a problem, only a couple of ports through the firewall to the known RADIUS servers. For windows AD auth, nope, need RPC, which is one port out, then the DCs responds on a random highport back out making is nealy impossible to protect the wifi authentication servers properly.
It still amazes me that RPC ever made it in the server enviornment. Most people just swiss-cheese their firewalls to make it work then wonder why they then get pwned.
The OS has got better, but MS's protocols remain the same.

system performance?

[Satanboy]

Has anyone tried this out yet to see what the performance hit is?

Re:system performance?

[rliden]

Running in Win 7 RC this is what the resource monitor says for MsMpEng.exe:

• Threads: 23
• Commit (KB): 95, 488
• Working Set (KB): 48, 364
• Shareable (KB): 5,708
• Private (KB): 42, 656

I haven't noticed a performance increase or hit using this compare to Symantec, Panda, Kaspersky, or AVG. Obvious anecdote I know, but that has been my experience so far.

Like getting a robber...

to guard your house/grave.

region locked beta?

[unfunk]

I just tried to get the beta and got this message;

Not available in your country or region

You appear to be in a country or region where the Microsoft Security Essentials Beta is unavailable.

This beta is available only to customers in the United States, Israel (English only), People's Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only).

Whiskey Tango Foxtrot?

Re:region locked beta?

[DanJ_UK]

UK here, can't get it either. Whiskey Tango Foxtrot indeed. Ah well, thank god for Apple.

Re:region locked beta?

[Sinbios]

http://www.softpedia.com/get/Antivirus/Microsoft-Security-Essentials.shtml

Re:Mint Linux

[Darkness404]

I actually tried that for a while, however it seemed like a non-working version of Ubuntu. To put it quite simply, the repositories didn't work no matter what I did. Plus I don't really like the UI (I like default GNOME myself). Granted, this was when they were first starting (I think it was version 3 or 4, based off of Ubuntu 7.04 or 7.10, can't remember) so they probably have gotten better.

Re:Microsoft Hate

[ratboy666]

Um... no.

A real shell is a POSIX XCU compatible one. Microsoft does offer this as SFU

http://www.microsoft.com/Downloads/details.aspx?familyid=896C9688-601B-44F1-81A4-02878FF11778&displaylang=en

bash is then available (may have to install it separately -- not too sure anymore). This also supplies NIS and NFS.

If you say they're trusted, they're not.

[synthesizerpatel]

"independent and trusted firm"

It's fascinating to me as I read marketing lies how unimaginative and similar they are to 419 scammers. While marketing people aren't crafting their message for critical thinkers you would imagine at some point in a marketing seminar somewhere someone would jump up and say

Instead of making the subject line of the e-mail "You've won the lottery", how about "Dearly beloved?"

Re:Yes they can

Yes, Microsoft CAN convince people they can put out a quality product. If fact, they have convinced many, many people. Anyone running Windows7 beta or RC1 is convinced they can do it if they want to. I work in the Linux environment all day, but when I sit down in front of my personal machine, I don't want to "make it work" I want to have it work. Windows 7 does.

Re:Microsoft Hate

[colinrichardday]

As opposed to a "real" office suite being defined as one that is compatible with Microsoft Office?

Re:Beta not available for download

[prockcore]

If you weren't so eager to install software provided by random slashdotters, perhaps you wouldn't need the beta...

Re:Microsoft Hate

[The+Moof]

Offered. It's past its mainstream support date. Microsoft was retiring this package back when Vista was first rolling out. So SFU isn't something I'd say they're currently shipping.
http://support.microsoft.com/lifecycle/?LN=en-us&x=15&y=6&p1=3207

The 'official product page' takes you to a comparison page trying to sell you Windows Server over a Unix OS.
http://www.microsoft.com/windowsserver2003/migrate/unix/unixproresources/default.mspx

Re:Microsoft Hate

[seaturnip]

A shell that uses objects is asinine. It looks like a bunch of java idiots tried to make a shell. If I wanted objects I would use a programming language, this is supposed to be scripting.

What's asinine is dealing with a bunch of text parsing BS every time I want to pipe some simple data from one program to another. Code to deal with spaces and weird symbols, to convert between hexadecimal and integers and comma-filled integers, to exclude header and footer lines. It wastes a lot of time and makes my scripts failure-prone. I'm speaking as somebody who has a lot of Unix experience and has barely used Powershell, so I don't know how Powershell stacks up in practice, but it's clear to me that an object system is superior in principle.

Um, iPhone?

[Namarrgon]

How many of those same geeks are running off to buy a nice, locked-down iPhone?

I suppose Apple are let off the hook, just because their security is poor enough to jailbreak?

Re:Deems Windows Security Essentials "Very Good"

[dave420]

Wow that's ridiculous. Compared to what? How about other Windows AV software. Is it really that difficult to understand. 'What is the grade?' How about being able to detect common threats and remove them without hassle. 30% processor time to scan files? What?? And as for little to brag about, Windows 7 already has half as much desktop market share as Linux. I know you don't like Microsoft, but please don't stoop to making things up. It makes you look bad, makes the things you argue in favour of look bad, and makes the whole OSS community look bad. We don't like FUD from Microsoft, so we should not accept it from ourselves.

Whats with the intense astroturfing

[SoulRider]

Does Microsoft have a big release coming up? Just curious.

They Aren't Fixing Their Broken OS(Re:Anti-trust?)

[EXTomar]

You'd have a good point if they were actually trying "...fix their broken OS" but that isn't what is happening. They are offering another package of software to cover up the holes in their broken OS instead of fixing any flawed software component. I'd give a lot more leeway to Microsoft if they were actually correcting Windows and making AV vendors go out of business due to a lack of flaws that need protection but that isn't what is going on here. The flaws are still very much there where they only thing that has changed is which vendor is providing the Band-Aid.

Re:Microsoft Hate

[Blakey+Rat]

Who are you replying to? Nobody made that claim in this thread. Or are you just taking your strawman out for some exercise?

Where from?

[Keeper+Of+Keys]

Got a direct link? I can't download it from the UK, it seems (although we Brits are supposedly very good friends with the US). OTOH it is a beta. With positive press like this I would expect MS to get it out of beta quite soon, as they sorely need it.

Re:Where from?

[pacinpm]

Direct link was tide to server session somehow. I just checked it and it's not working.

Re:Microsoft Hate

[colinrichardday]

No, I'm responding to you and this:

Let me guess, a "real" shell is defined as "a shell that Microsoft is not currently shipping."

Purple Gorillaware

[Keeper+Of+Keys]

Well, it's easier to display a purple gorilla with Flash than Silverlight.

Re:It seems wrong for an OS vendor/maker to do thi

[Americano]

sudo works because everyone using it does care.

And the sudo method will not achieve wider adoption because it requires everybody to care.

Re:Microsoft Hate

[Blakey+Rat]

I didn't say anything about office suites. You're not replying to me, you replying to some communication from Martians, or something.

If you trying to suggest that *I* believe that Microsoft Office is the only real office suite, then you completely wrong. I didn't say that, and I don't believe it.

Re:Microsoft Hate

[Lt_Kernal]

Bzzt. SFU is no longer a seperate product. It's part of Windows now, in Windows Server 2003 R2 and above - which includes Vista, Windows Server 2008, and Windows 7.

It's called the Subsystem for UNIX-based Applications (SUA). Relevant TechNet link: http://technet.microsoft.com/en-us/library/cc786798(WS.10).aspx

Here's a good Wikipedia article on the product, showing the history from Interix, to SFU, to SUA: http://en.wikipedia.org/wiki/Interix

There's even a Debian port for it: http://debian-interix.net/

Anti-malware isn't only anti-windows-holes

[jonaskoelker]

claim anti-trust and attempt to sue.

How dare microsoft plug security holes themselves.

Well, strictly speaking, the anti-malware vendors still have a market if people run non-MS software, such as firefox, VLC, OpenOffice and others. If MS fixes their own holes, it might shrink the anti-malware market, but isn't that just "the cost of progress", just like cars shrunk the market for horse shoes?

I'm not the one to frivolously defend Microsoft, but here I think there's an argument which at least needs a counter-argument before a suit about anticompetitive behavior can be won.

Let me be the first to howl!

[jonaskoelker]

I think the geek would be the first to howl if he could only install the apps approved [by Apple]

I just had a look at a demo iPhone today. One of the top 25 apps in the store shows scantily clad women. The app description says "they're as naked as Apple will let us make them".

Oh, Apple gets to censor my mobile porn. Screw that, then. Hello, Android-running HTC Magic.

Probably the truth is somewhere in-between?

[jonaskoelker]

if $NOT_MS had 90% market share...

Apache! You're wrong

Maybe the solution is a mix of the two?

You know, just like infant mortality can be explained* in part by mother's marital status, mother's smoking habits during pregnancy, socio-economic status, and tons of other factors, maybe the observable security levels of any piece of software depends in part on its prevalence and in part on its development process?

(*I don't actually know, I'm just listing some hypothetical factors. Feel free to dig up some stats and do the math. Or even better, do it on security.)

Re:It seems wrong for an OS vendor/maker to do thi

[CyberDragon777]

So...

Linux sudo: good

Windows "sudo": ZOMG FAIL!!!!

Re:It seems wrong for an OS vendor/maker to do thi

[rliden]

Microsoft can fix vulnerabilities, bugs, and provide security tools. They aren't mutually exclusive. Why shouldn't they be providing security/malware tools? There are known malware problems and since they can't fix the "stupid user" problem, as you call it, then providing anti-malware tools makes sense doesn't it?

Microsoft has implemented an elevated privilege system in UAC. You can require permision, passwords, or allow automated elevation depending on settings. It sounds like Microsoft is making improvements. This is a case of Microsoft actually doing the right thing and people just don't like that. It's harder to bash someone when they do the right thing.

Great song by fleetwod mac :

[unity100]

"Tell me lies, tell me sweet little lieeees"

Re:It seems wrong for an OS vendor/maker to do thi

[erroneus]

The problem with malware problems is that the malware always comes first, then it is identified, then the removal/cleaning/protection from it. So between the time that malware is first released and the time that a fix is installed, there is much danger.

If they incorporated Deep Freeze technology, users just reboot when there is a problem and their data should hopefully be in tact (but if infected can later be identified) and their program files will be unaffected. Having to "thaw" your system before installing software or making changes is definitely a pain the ass, but if it is perceived as "normal" then all will be fine and every operation the user takes will have to be deliberate... each and every time.

Someone else suggested that the UAC was good enough, but I don't think so. There are known exploits for privilege elevation that has much to do with some core internal windows OS process communications which cannot be fixed without breaking Win32 and every program written for Win32. This takes me back to earlier assertions that Win32 must be fixed.

Re:Microsoft Hate

[colinrichardday]

Whether you believe it not, there is a lot of criticism of Linux on that point.

Re:Microsoft Hate

[Blakey+Rat]

Perhaps, but *I DID NOT SAY IT* so why the fuck is it a reply to my posting? Christ.

Re:Microsoft Hate

[Super_Z]

It's all about flexibility and ease of use, isn't is? When data is a text stream you can manipulate it when, with whatever tool you like and where you want. Powershell preparses the data and gives you an interface from which you can retrieve your data using Powershell commands. Here are two examples that lists installed packages:

$strComputer = "."

$colItems = get-wmiobject -class "Win32_Product" -namespace "root\CIMV2" `
-computername $strComputer

foreach ($objItem in $colItems) {
write-host $objItem.Description " " $objItem.Version
write-host
}

dpkg --list | awk '{print $2 " " $3;}'

The former is a bit more readable, the latter is more flexible. I definetly prefer the latter.

Re:It seems wrong for an OS vendor/maker to do thi

[rliden]

I agree that most AV solutions detect a problem after the fact, but Microsoft including Security Essentials doesn't change that either way. According to the report they scored pretty good on real time heuristics. If anything providing an AV solution for free seems like a good move not a bad one.

I've worked with Deep Freeze before and it can be a great solution, but it's more complicated than you're making it. What is the licensing fee to include it? People already bitch about the cost of Windows. How easy is it going to be for a non-tech savvy user to operate? I don't think it will provide any more advantage to the end user or be any less complicated than the current functionality System Restore already provides. Every time a program is installed, or Windows Update is run a Restore Point is made.

UAC is a bit beyond the scope of Microsoft Security Essentials and should Microsoft be implementing a malware solution, but I would say that it is, again, a move in the right direction. It has advantages and disadvantages, just like sudo or su does. It's meant to give the user an opportunity to deny an action they may not want to happen. There is always room for improvement, but it isn't a black and white world. Just because UAC has room for growth doesn't mean it's a bad idea or useless.

Going back to your original argument that Microsoft shouldn't be including anti-malware utilities; I just don't see a good reason why not. Pointing out various other weaknesses or problems you see with Windows has really nothing to do with why they shouldn't include Security Essentials, especially for free.

Re:Microsoft Hate

[colinrichardday]

Because your post brought up, from the other side, the complaint. I was responding more to an attitude than your specific claim.

Re:Microsoft Hate

[Blakey+Rat]

Because your post brought up, from the other side, the complaint.

No it didn't.

Nobody in this thread said anything about Office. Not even "the other side" of it, whatever that means. If you're going to make this crazy claim, please link to the posting in which it was brought up-- Slashdot helpfully lets you link to every posting individually, let's see it.

I was responding more to an attitude than your specific claim.

No, you're responding more to imaginary dancing fairies dancing around in your water-filled brain.

Re:Microsoft Hate

[colinrichardday]

Complaint: Operating system A sucks because it lacks some feature of operating system B.

Response: But operating system A has that feature.

Complaint: But A's implementation of it isn't real.

Re:Microsoft Hate

[Blakey+Rat]

At this point, I have absolutely no idea who you're replying to, or what you're talking about. You've yet to explain who in the thread mentioned Office (most likely because nobody did.) Good job lowering our collective IQs by posting absolutely nonsense.

Re:Microsoft Hate

[colinrichardday]

I didn't say that you mentioned Office, I said that your response was similar to a response about the lack of Office in Linux. I was responding to the form of your post.