Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS To Build Antivirus Into Win8: Boon Or Monopoly?

Posted by Soulskill on from the efficacy-to-be-determined dept.

jfruhlinger writes "Microsoft has quietly announced that it's planning on baking anti-virus protection right into the Windows 8 OS. Users have been criticizing Windows' insecurity for years — but of course this move is raising howls of protest from anti-virus vendors, who have built a nice business out of Windows' security holes. Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"

5 of 748 comments (clear)

  1. Re:Anti-Trust by shutdown+-p+now · · Score: 4, Informative

    Really? So servers running Linux aren't likely to contain information such as credit card details, usernames, passwords, emails...?

    A virus would be completely useless on a server, since, by very definition, it requires an infected executable to be run on the machine to infect that machine. And people don't run random software on the servers, Linux or not.

    (virus != exploit)

    I thought the proliferation of viruses on Windows is simply because most Windows user accounts are administrators. Imagine what would happen if all Linux users ran as root all the time.

    It is part of the problem on XP, yes.

    Users aren't administrators in Vista/7 - they're more like sudoers in Ubuntu, in that they default to normal user permissions, but can elevate by providing their own credentials. Still, the default is that the ability to write to any random binary on the system is not there. The problem is that casual users will happily elevate explicitly if it's easy and they're convinced that they're doing the right thing.

    Also, you don't need to elevate to create binaries in user-writable directories (i.e. %home%), or to infect binaries that are already there - e.g. Chrome installs itself there, and can be infected that way.

  2. Re:Perspectives by DesScorp · · Score: 4, Informative

    Microsoft AV is among the lest resource intensive AV programs I have seen.

    Ditto. The only AV program I've seen that tends to be eat less memory and CPU is F-prot. Even AVG is more resource intensive than MSE now. And don't get me started on Norton or McAffee.

    --
    Life is hard, and the world is cruel
  3. Re:Anti-Trust by Mathieu+Lu · · Score: 5, Informative

    When was the last active Linux virus released?

    To be fair.. under Linux you do have userspace exploits that allow you to gain root, and from there install a rootkit. They tend to be really obscur and get patched quickly, but they still exist.

    So an attacker usually needs to combine, for example, a Firefox/Libreoffice/PDF/Mail/PHP exploit, userspace exploit, then rootkit. And there are tons and tons of servers out there with old versions of PHP and Linux kernel. Most of the time people discover it only because they are exploited by spammers.

  4. Re:Anti-Trust by tgd · · Score: 4, Informative

    So how do you "secure" an OS and still allow users to run whatever they want to?

    And before you say "don't run as administrator", any app that can run with the users privileges has access to all of the users data -- which is harder to replicate than system files.

    Take a look at the metro app APIs for one way.

    The system level APIs are so locked down in the metro app sandbox that a program like Acrobat, say, that says it reads PDF files literally can't even *see* that other files exist on the filesystem, much less open them.

    You can secure things by either locking down what users can do or locking down what the code itself can do. Win8 is taking strides in the latter direction, too.

  5. Re:Perspectives by JGuru42 · · Score: 5, Informative

    I started using MSE because of a story here on Slashdot talking about a review of a large number of antivirus products and I was amazed to see people on Slashdot putting their trust in a Microsoft product.

    I've been a hater of Microsoft for a long time now thanks to all the anti-competitive and backstabbing stories I've heard but also because of using their various products. And yet now that I've been using MSE I've turned a corner and started to recommend it to friends and family.

    I casually help fix computers for people that know me, sometimes going so far as to do it all over the phone when someone lives too far to visit. At first I tended to browse through their machine looking for the troublemakers and then after finding everything I could I would install and run MSE only to watch it detect and clean 100% of the things I had found and even some I had not, like a trojan hiding in the MBR. I've watched it catch different varieties of the TDSS rootkits, clean up all manner of other nasties and only once have I seen it make a mistake, with Chrome being reported as a virus. Yet, even with that flaw Microsoft had detected the issue and it was on the "More Information" page and had been fixed later that night. Since then I've come to trust MSE to do it's job well and I've started to run it first then clean up afterwords and it hasn't let me down yet.

    If Microsoft wants to provide a built in antivirus with Win8 but allows it to be disabled to run other things, just like Windows Firewall, then I am all for it. I would do almost anything to keep people from installing the nightmares that are Norton & McAffee (and these days sadly Zone Alarm Antivirus). I've watched both those powerhouse antivirus programs completely miss fake antivirus programs that sneak through Facebook and in Nortons case it turned a simple "Safe Mode/Delete/Remove Registry Startup Command" into a three day slog that only worked when I finally got mad an uninstalled Norton from the machine.

    Microsoft might still make some majorly boneheaded decisions but providing a built in antivirus does not seem to be one of them.