MS To Build Antivirus Into Win8: Boon Or Monopoly?

jfruhlinger writes "Microsoft has quietly announced that it's planning on baking anti-virus protection right into the Windows 8 OS. Users have been criticizing Windows' insecurity for years — but of course this move is raising howls of protest from anti-virus vendors, who have built a nice business out of Windows' security holes. Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"

Anti-Trust

[0123456]

I would love to see governments attacking Microsoft for making its software too secure. That would keep me laughing for years.

Re:Anti-Trust

[gnasher719]

Sandboxing on MacOS X 10.7 solves this quite reasonably. A sandboxed application can request access to all files _that the user opens_.

Re:Anti-Trust

[jbolden]

Capability computing. You don't grant applications the rights of a user. Rather an application is granted the right to do X to thing Y. So getting access to a user's file doesn't mean access to all of them. Some other problem controls granting capabilities.

As an aside the NT kernel 3.51 had an excellent capabilities and Windows still has it. Microsoft just never made their own software, including the shell / GUI work with it.

Re:Anti-Trust

[devent]

The only reason why Linux don't have viruses "in the wild" is because it is extremely difficult to write viruses for Linux that can be run or installed without user interaction.

Sure, I can get a virus for Linux if I go to virus.com, download and run the virus. But for Windows you can get a virus with different means. Like via Email attachment, autorun from a USB-stick, via remote access (in Windows XP I get virus only because I was online).

In Linux you have explicitly tell the system to run the file. But on Windows everything with a .exe is run. Also, many programs are run automatically for the "convenience" of the user, like autorun USB or CDs. Windows still hides the file extension from the user, so if you have a file like porn.jpg.exe Windows will show you porn.jpg.

Also it's very easy to get rid of a virus in Linux. Just delete the infected file and replace it with the original from the package manage. In Windows you can't even delete the file because it's still in use.

Plus the whole-system update management of the Linux distributions. I can run my updates weekly and in the background and it will update the system and all of the applications.

Re:Anti-Trust

[hairyfeet]

But you seem to be missing the fundamental problem mcgrew, which is this: How do you protect the user from themselves without forcing them into an Apple style walled garden where nothing that isn't corporate approved is allowed to run? Because if given the choice i'll take dealing with AV over a walled garden, thanks ever so.

As a guy that builds and fixes Windows every damned day I can tell you EXACTLY where the bugs are coming from, and the vast majority? INSTALLED BY THE USER. Do you think Linux would be safe from a user that would happily run anything they got from an email, complete with putting in their password and chmodding whatever the attacker told them to? of course not. here is the list of the most popular bugs i've seen this month along with the way they got in. you tell me where MSFT could have stopped any of them.

1.-Security tool and AV 20xx variants. These get in with a classic social engineering "ZOMG U Got Teh Viruz! Run "Is_Not_Viruz_iz_Cleanerz.exe" to kill the viruz ZOMG!" 2.- Porn codec malware. Infection source? Horny users. Uses this trick "U want teh hot lezbo teenz? We GOT teh hot lezbo teen right now! Just run "Iz_not_viruz_Iz_codec.exe' to see teh hot lezbo teenz right now!" 3.- social site malware. Infection source? again social engineering "Hey its me! I found this great new site! Just click here to load "Iz_Not_Malware_Site_Iz_cool.html" right now!"

Now in NOT A SINGLE CASE were they exploiting anything but the USER and any of these attacks could just as easily work on Mac (DNSChanger and MacDefender) or Linux (KDELook malware and infected Q3 game) by simply getting the user to go where the attacker wanted or run what the attacker wanted run. Now does this mean MSFT hasn't done dumbshit? Oh Lord No! Whomever thought XP should run as admin by default should have been publicly flogged! and IE 6 was an abomination that has made me hate IE so much to this day I refuse to allow it on a single machine I touch! I toss the links and give them both Firefox and Comodo Dragon with ABP and tell them to stay the fuck away from IE!

But XP is two and soon to be 3 versions out of date so no point in even bringing it up, hell if it weren't for contracts with corps and government they would have already taken it out back and put it down. And since Vista MSFT has been pretty damned good about using best practices, running the users without being admins, DEP and ASLR, having low rights mode (Which neither Linux nor Mac have yet) so that drivebys are that much harder to accomplish...but in the end it all comes down to freedom. If you allow the user control over their own machine that means they have the power to fuck it up, full stop. the ONLY way I've seen that could possibly remove that vector is walled gardens and personally i don't think the loss of freedom is worth the security that an app store brings, do you?

Re:Anti-Trust

[Anthony+Mouse]

So how do you make a file compression program that uses a Sandbox?

Imagine gzip without the ability to read or write to the filesystem. It's still just as useful: you just type 'gzip -c file.gz' and your file gets compressed, and if gzip is broken it can't do anything other than compress the file wrong. And there is no reason why a GUI application can't be designed to work in an analogous way.

It does mean that the world of Windows software development would look a lot different. A zip program doesn't need its own UI. All it needs is to provide an algorithm to the OS and a hook that tells the US it can put it in the 'things you can do to a file' menu. Then the zip program never gets access to the file system, the OS just feeds it data to compress on stdin and takes the compressed data from stdout.

Good for consistency; bad because of consistency

[show+me+altoids]

I think this would be a great idea as long as MS keeps it well updated and people don't rely just on it. It would immediately improve the security of the PCs of all the people who don't bother with antivirus, but it may lull others into a false sense of security and give them an incentive to not get any other antivirus which would put a target for virus writers squarely on MS's solution.

Bill was right

Bill Gates was right. Microsoft had every right to add whatever features and applications it wanted to its OSes. Look at Chrome OS, Android, Mac OS X, iOS. All have browsers and other applications "built-in". In fact, Chrome OS doesn't even allow you to use an alternate browser, while Windows always allowed this. Adding non-intrusive and automatic antivirus to Windows 8 is a step forward.

Re:Perspectives

[jd2112]

The capitalist in me screams, "Anti-competitive!"

The IT guy in me exclaims, "It is about time."

The consumer in worries, "How will this impact performance?"

Microsoft AV is among the lest resource intensive AV programs I have seen.