Slashdot Mirror
MS To Build Antivirus Into Win8: Boon Or Monopoly?
jfruhlinger writes "Microsoft has quietly announced that it's planning on baking anti-virus protection right into the Windows 8 OS. Users have been criticizing Windows' insecurity for years — but of course this move is raising howls of protest from anti-virus vendors, who have built a nice business out of Windows' security holes. Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
Actually, from all I've heard, Microsoft's virus scanner for earlier versions of windows, works pretty darn well, comparable with the better commercial products.
So, given that they are probably going to bundle an update of this... I'd have to say from prior experience, the odds of your guess being accurate are as close to zero as I can imagine.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Why do applications need access to all of the user's data?
There's no "one main target" among them. Just holes in their database. Small holes in very large databases.
Avast yesterday told me it had something like 5 million different signatures it could check. Which is both impressive and scary. That's a lot of miscreants being miscreative at a breakneck pace.
No, it's their dime. You're in possession of it until you aren't, then it's someone else's. Most dimes they have were never yours in the first place. You negotiated your pay in full knowledge that a portion of that number would be sent straight to the government.
Now, you have a vote, and a voice, so you have a say in who will be making laws regarding the apportionment of that dime, and you can tell them how you feel about their decisions.
But, no, it is absolutely not your dime, and it probably never was.
Really? So servers running Linux aren't likely to contain information such as credit card details, usernames, passwords, emails...?
A virus would be completely useless on a server, since, by very definition, it requires an infected executable to be run on the machine to infect that machine. And people don't run random software on the servers, Linux or not.
(virus != exploit)
I thought the proliferation of viruses on Windows is simply because most Windows user accounts are administrators. Imagine what would happen if all Linux users ran as root all the time.
It is part of the problem on XP, yes.
Users aren't administrators in Vista/7 - they're more like sudoers in Ubuntu, in that they default to normal user permissions, but can elevate by providing their own credentials. Still, the default is that the ability to write to any random binary on the system is not there. The problem is that casual users will happily elevate explicitly if it's easy and they're convinced that they're doing the right thing.
Also, you don't need to elevate to create binaries in user-writable directories (i.e. %home%), or to infect binaries that are already there - e.g. Chrome installs itself there, and can be infected that way.
Microsoft AV is among the lest resource intensive AV programs I have seen.
Ditto. The only AV program I've seen that tends to be eat less memory and CPU is F-prot. Even AVG is more resource intensive than MSE now. And don't get me started on Norton or McAffee.
Life is hard, and the world is cruel
When was the last active Linux virus released?
To be fair.. under Linux you do have userspace exploits that allow you to gain root, and from there install a rootkit. They tend to be really obscur and get patched quickly, but they still exist.
So an attacker usually needs to combine, for example, a Firefox/Libreoffice/PDF/Mail/PHP exploit, userspace exploit, then rootkit. And there are tons and tons of servers out there with old versions of PHP and Linux kernel. Most of the time people discover it only because they are exploited by spammers.
Consideirng how those third party AV vendors were complaining back in 2006 about how MS was putting in protection against patching the kernel into Vista, I don't really think I can take what they have to say seriously.
They're not in the security business, they're in the "sell people bloatware based on fear" business.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Take a look at the metro app APIs for one way.
The system level APIs are so locked down in the metro app sandbox that a program like Acrobat, say, that says it reads PDF files literally can't even *see* that other files exist on the filesystem, much less open them.
You can secure things by either locking down what users can do or locking down what the code itself can do. Win8 is taking strides in the latter direction, too.
Of course you can't prevent the user from intentionally or negligently infecting their own computer, just like you can't prevent them from smashing it with a sledgehammer.
But with sandboxing you can leave it up to the runtime to tell the user what the app is trying to do, and what permissions it would like granted, so that at least there much less of a chance of being "tricked". If a runtime displays a clear dialog box that says "this application wants access to all files on your hard drive. This is a dangerous permission and should only be granted if it is highly trusted" and you allow it anyway without trusting the app, you get what you deserve...
some of those features have been there since windows nt, not the full sandbox treatment but it's not like windows doesn't have those sort of features.
https://www.gnu.org/philosophy/free-sw.html
I started using MSE because of a story here on Slashdot talking about a review of a large number of antivirus products and I was amazed to see people on Slashdot putting their trust in a Microsoft product.
I've been a hater of Microsoft for a long time now thanks to all the anti-competitive and backstabbing stories I've heard but also because of using their various products. And yet now that I've been using MSE I've turned a corner and started to recommend it to friends and family.
I casually help fix computers for people that know me, sometimes going so far as to do it all over the phone when someone lives too far to visit. At first I tended to browse through their machine looking for the troublemakers and then after finding everything I could I would install and run MSE only to watch it detect and clean 100% of the things I had found and even some I had not, like a trojan hiding in the MBR. I've watched it catch different varieties of the TDSS rootkits, clean up all manner of other nasties and only once have I seen it make a mistake, with Chrome being reported as a virus. Yet, even with that flaw Microsoft had detected the issue and it was on the "More Information" page and had been fixed later that night. Since then I've come to trust MSE to do it's job well and I've started to run it first then clean up afterwords and it hasn't let me down yet.
If Microsoft wants to provide a built in antivirus with Win8 but allows it to be disabled to run other things, just like Windows Firewall, then I am all for it. I would do almost anything to keep people from installing the nightmares that are Norton & McAffee (and these days sadly Zone Alarm Antivirus). I've watched both those powerhouse antivirus programs completely miss fake antivirus programs that sneak through Facebook and in Nortons case it turned a simple "Safe Mode/Delete/Remove Registry Startup Command" into a three day slog that only worked when I finally got mad an uninstalled Norton from the machine.
Microsoft might still make some majorly boneheaded decisions but providing a built in antivirus does not seem to be one of them.