Slashdot Mirror
MS To Build Antivirus Into Win8: Boon Or Monopoly?
jfruhlinger writes "Microsoft has quietly announced that it's planning on baking anti-virus protection right into the Windows 8 OS. Users have been criticizing Windows' insecurity for years — but of course this move is raising howls of protest from anti-virus vendors, who have built a nice business out of Windows' security holes. Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
I would love to see governments attacking Microsoft for making its software too secure. That would keep me laughing for years.
This is awesome and MS should've done this 10 years ago.
So making an OS more secure (I know, they could get rid of security holes... but...) is also monopolistic?
To me, this is kinda like saying IrfanView should sue because MS includes Paint or Picture Viewer or whatever they include.
IE was a bit trickier, because they did their own thing with HTML and stuff and you HAD to use IE in order to view some stuff, so it was a bit nastier. But a virus detector? What are they going to do, write viruses that only their software can find... but then they wouldn't work on other OSes... so it wouldn't be much of a lock-in.
The capitalist in me screams, "Anti-competitive!"
The IT guy in me exclaims, "It is about time."
The consumer in worries, "How will this impact performance?"
I will not mourn that which I never had to lose. - Unknown
I think this would be a great idea as long as MS keeps it well updated and people don't rely just on it. It would immediately improve the security of the PCs of all the people who don't bother with antivirus, but it may lull others into a false sense of security and give them an incentive to not get any other antivirus which would put a target for virus writers squarely on MS's solution.
I feel sorry for people that don't drink, because when they get up in the morning, that's as good as they're gonna feel
If I somehow end up with a Windows 8 machine, I will continue to use F-Prot or Command anti-virus no mater what is bundled. Microsoft including their own anti-virus software will not compete with such products, it may however be the end of McAfee and Norton. But I honestly think the world is better off without them.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Why on earth would Microsoft want to put the AV competition out of business? It only costs them money.
It's neither boon nor monopoly, it's acknowledging a begrudging reality that no matter how secure your OS you need AV on top and you can't rely on your users to purchase it.
I'm sure Microsoft would be more than happy for everyone to run Norton and save the development expense but... that would be like requiring your customers to buy hamburger bun separately.
I think they're gonna throw parties at ISP hotlines if this AV works good.
Bill Gates was right. Microsoft had every right to add whatever features and applications it wanted to its OSes. Look at Chrome OS, Android, Mac OS X, iOS. All have browsers and other applications "built-in". In fact, Chrome OS doesn't even allow you to use an alternate browser, while Windows always allowed this. Adding non-intrusive and automatic antivirus to Windows 8 is a step forward.
and force people to use a non-administrator account for applications?
Because it would break Whizzbangsoft Whizzywriter '96.
Actually, from all I've heard, Microsoft's virus scanner for earlier versions of windows, works pretty darn well, comparable with the better commercial products.
So, given that they are probably going to bundle an update of this... I'd have to say from prior experience, the odds of your guess being accurate are as close to zero as I can imagine.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
All the Apple people do, is secure the os and claim "We have no viruses" (even though they do)
The Technologist in me screams: "Spend more time making your OS secure and less time trying to band-aid it with virus protection!"
"All great wisdom is contained in .signature files"
"Dam company to provide leak protection in future dams. Dam contractors angry."
it may however be the end of McAfee and Norton.
Nothing of value was lost.
Let's hope they don't just step up their attempts to bundle themselves with *everything*.
No sig today...
Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
If the authorities feel they should "do something" about the MS monopoly then they should force them to spin off MS Office and other business apps as a separate business, look deeply into how their Windows licensing deals with OEMs work, and require open standards for all Government contracts. Without that, arguing over whether they can bundle minor utility "x" is just inconsequential.
Modern operating systems are expected to include a pretty comprehensive suite of utilities, protocol stacks and basic applications. Monopoly or no, its getting a bit silly if OS X, iOS, Android, and the major Linux distros can bundle a web browser (or, more specifically have HTTP and HTML APIs in their OS) but Windows can't.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Because as soon as you do, as soon as you think you're fully secure, Grandma will bypass the security using the Administrator password to install some new program on her computer that she downloaded and thinks she needs... Then all Grandma's base belong to a hacker. You need a virus scanner in the background to babysit the system and stop this stuff, after the fact.
Security should not be handled by a third-party program, and equipping Windows with a builtin AV is a step in the right direction. Banning it because of antitrust claims would be ridiculous, but only a minor annoyance, those who want could still get it.
The problem with Internet Explorer was not the bundling. It was that:
a) Internet Explorer was integrated into things like the shell, rather than separating the browser functionality from the OS functionality.
b) Microsoft prohibited other browsers from being installed as the default.
I'd say the appropriate analogy is bundling Windows Media player.
And while we're at it, why don't we just make cars that run on rainbows to solve our energy problems?
Most viruses in Windows today are spread either by stupid users, or flaws in third party applications (hello Flash!). As it turns out, stopping stupid users from doing stupid things an OS that isn't a locked down walled garden is really hard.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Consideirng how those third party AV vendors were complaining back in 2006 about how MS was putting in protection against patching the kernel into Vista, I don't really think I can take what they have to say seriously.
They're not in the security business, they're in the "sell people bloatware based on fear" business.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
So how do you keep the same user who downloaded malware in the first place from granting rights to the app? What if you want to use four or five different apps with the same document? iOS has one model where you send a copy of a document to another app, but who wants to do that?
And you have dozens of different permissions that the app asks for (see RIM). How do you keep granny from granting unnecessary rights to the app?
You have no understanding of the meaning of "monopoly".
- sure I have.
Somebody owns one of the very few Gutenberg bibles. There are maybe 20 of them left at all, that's pretty close to a monopoly, if you own one copy.
It's your book, you bought it, you have a monopoly on it.
Microsoft has a monopoly on Microsoft Windows, for example Microsoft Windows XP is a Microsoft product. Nobody else makes those products.
As a monopolist on that product, the company holds monopsony on the market of Microsoft Windows XP product.
There are substitute products to Microsoft Windows XP, some are also Microsoft products, some are Apple products, some are Free source products, etc.
There is no monopoly on operating systems, it's a large competitive market. Any of the 'smart' phones today runs a different version of an operating system, Windows is just one of the operating systems out there, I haven't touched it in 2 years and my products allow retailers and suppliers to move off Windows to any OS they want not to have to pay OS license fees for example.
The very point of a monopoly is that it prevents competition, and creates barriers to entry.
- well yes, and the natural barrier of entry into the Gutenberg bible monopoly is the fact that there are so few of them, so the cost is very high.
However in a market absent government privileges and regulations the monopolies don't exist, there are only economies of scale that provide a good product. If the product is not good and the price is too high, the market offers a substitute.
As to whether there is 'pure free market', I'd say that there are things that are more regulated than other things, so whatever is less regulated sees more economic activity and more value is being created there, so we want to maximize the freedom in the market, which automatically means minimizing the amount of government involvement.
You can't handle the truth.
How the hell is making your OS behave the way your customers expect anti-competitive?
What if MS made their OS inherently secure, such that it didn't need AV? Would that also make it anti-competitive? That would completely eliminate the AV software companies!
Ridiculous...
in girum imus nocte et consumimur igni
When it's on windows, its called a "Virus", when its on Linux its called "Hacking".
Ever had a server hacked cause someone uploaded something onto it that gave them root access?
But the sooner the anti-malware "ecosystem" disappears the better.
You should not have to purchase third party software to keep an operating system secure or from eating itself (all the snake-oil "registry cleaners" and "application uninstallers"). Such functions should be part of the OS at worst, or better yet, unnecessary.
--
BMO
My main concern is related to see if I can remove the pre-installed AV. Of if it'll be like IE and other MS stuffs that you can only hidden, not a true uninstall. Anyway, I always miss the advanced setup installer for the OS, like in the Win98, when I can select which programs I want install. The Windows for Legacy PCs has this feature, but it's only for MS partners and it's based on XP.
Looks like a great idea to me if they install it by default and turn on auto updates, because it will mean fewer botnets and less spam. It will raise visibility of virus protection so I don't think it will hurt third-party vendors too much. If people want added protection they will buy it, just like they do today.
What if you want to use four or five different apps with the same document?
Add those apps to the document's ACL. This can happen automatically when the document's owner drags the document onto the application's window or chooses the document from the application's file chooser.
How do you keep granny from granting unnecessary rights to the app?
The Bitfrost page that I linked explains how it makes some capabilities mutually exclusive at install time. For example, because "connect to the Internet" (P_NET) and "read entire home directory" (P_DOCUMENT_RO) are mutually exclusive, a photo viewer can't leak all your photos to the Internet. If the user wants to upload an entire folder full of photos to the Internet, the application's package would request "connect to the Internet" and the user would drag folders to be uploaded onto the app's window.
As I see it the anti-virus peddlers can go the way of the dodo.
What the whole Internet Explorer deal was inherently a different thing, that was about a Microsoft subverting a whole platform and perverting standards with their time honored EEE tactics. In this case I see no harm in them choking the cash flow of the companies that bought us security suites that slow down disk performance to unacceptable rates and consume most of your available RAM. Not to mention the constant fear-mongering on how at risk you are.
If I am bitter it is because I have seen too many computers reduced to useless paperweights by Norton, F-Secure and McAfee and the local ISP is force-selling Internet Protection at 75€/year/computer to customers who don't fight back enough.
My house has security screens and deadbolt doors. I guess that means I don't need a guard dog or a gun, then ?
The last time I asked you how long a fully patched Windows 7 machine without a firewall or AV software would last before it was compromised, you said that was immaterial -- but that is my whole point. To me, if Windows can never last long like that, that would be what I call intrinsically insecure. My idea of an intrinsically secure OS is one that, under the same circumstances, can almost always be relied upon to survive uncompromised up to the next security update. An OS like that has to be designed from the ground up with security in mind. Somehow, though, I don't think it would be accurate to describe Windows that way.
You're effectively adjusting your definition for your own convenience -- you still cannot point out a design flaw. You need to point out a design flaw/architectural flaw to say that it's intrinsically insecure.
Regarding your links:
Security-focused operating system
This is just a random list, compiled by someone on Wikipedia. From the article itself: In our context , "Security-focused" means that the project is devoted to increasing the security as a major goal. As such, something can be secure without being "security-focused." For example, almost all of the operating systems mentioned here are faced with security bug fixes in their lifetime. Regarding the highlighted part above: In who's content?
Security-evaluated operating system
Again -- just a random list of OSes with certain certifications. What random criteria are you using when selecting these silly links??
Why Windows security is awful
And this is an example of the blind leading the blind. You're willfully misinforming yourself by listening to people who know nothing. The guy calls DLLs insecure. Are you familiar with a .so in unix? Do you know the difference between a .so and a .dll? Answer -- there is none. The guy calls Active-X insecure -- (this is repeated ad-infinitum by people who basically know nothing about security). First -- Active-X itself was not the problem -- the problem was that it was enabled by default, which enabled sites use it to load malicious plugins. Problem fixed a very long time ago. In addition there are active-x killbits updates pushed out regularly (no other browser's gets these updates for their respective plugin technology, fyi). There is no material difference between active-x and any plugin technology for any other browser (for example look up mozilla's npapi -- they are equivalent, and do the same thing, and you can write malicious plugins using either one). Lastly, there are even more nasty things in the pipeline (look up NACL from Google) -- if you don't fear that one, and you fear Active-X, you've really outsourced all your thinking to slashdot, and decided not to do any of it yourself. Not to mention sandboxing for active-x again -- so again, your link is outdated and wrong, and your objection is outdated.
Next, the guy objects to OLE. Again -- do you think the equivalent technology does not exist in unix? The guy complains about macros -- yes, any time you have a parser, it is a security risk. This is well-known. This is one of the reasons browsers are such a huge target -- because they are parsers first and foremost, and what they parse is untrusted. Do you still never use a browser?? It goes back to what I told you earlier -- the only way to stay 100% uncompromised is to never use a computer at all. Is your goal to actually get some work done? If yes -- select the best tool for the job, and then secure the tool as best you can. That tool could very well be os-x, unix, linux, whatever. But you're fooling yourself if you think that
I strongly disagree. To me it is proof that Windows is inherently insecure: an OS that relies almost entirely on additional protection (firewalls, AV software) for its security.
You keep on and on circumventing the simple fact that a virus can be contracted through an insecure service (not necessarily a part of the OS), an insecure application (not necessarily a part of the OS), and user interaction (not a part of the OS) among other methods. You said Windows (which happens to be an OS) had woeful intrinsic insecurity. Your conjecture of "relies almost entirely on additional protection" is plain nonsense. What do you think of ASLR / DEP / sandboxing/ Authenticode signing / etc are? The list is endless. Other OSes have introduced almost all these features years after Windows. I hate making overly general negative statements, so I'll stop with that, but please do some research for the love of god. You just keep on and on ingoring facts, and repeating simpleton lines ad-infinitum.
This is important to me, because an inherently secure OS can prevent bad things from happening.
You're confusing security and obscurity here. The net effect is the same though. An OS that nobody cares to attack is likely to remain secure. If you haven't gotten the theme, I have not faulted your choice of OS whatever it might be -- I'm simply pointing out that your conjecture about Windows having brain-damaged security is wrong.
Normal users should simply not have to be so dependent, so aware and so involved at all times with the current state of their virus scanner and the patch level of their computer's OS.
Oh my god.. install MSE and leave auto-updates on. That's it. Nobody is even asking you to do that much, because nobody is even asking you to run Windows. Just realize that your initial assertion was wrong. TFA was about MSE being included in Win8 by default. That reduces this to a no-op. But you'll still be citing 8 year old or 3 year old rants from random people that don't know jack.
Firewalled off as those Windows machines are, they're as safe as they can be
I still don't understand how you think a firewall compensates for AV. Please, just answer this one question directly instead of avoiding it. This level of ignorance is unbearable.
They run noticeably faster (especially when booting up)
Almost a fair point, but not quite. First of all -- bootup would be (for example) 32 seconds instead of 30 seconds (if even that). Second -- only when an active scan is running, will an AV slow things down. The default for an active scan should be around 3am, on a monthly basis (or something like that), when nobody is using the machine. If it runs when you're doing nothing, then why care? If the machine was off, and the scan didn't happen, it'll take place when it next gets idle cycles. Either way, no trouble to you. If you claim to notice a slow down when AV is not actively scanning, then that's your imagination at work.
use less memory
Depends on your AV -- MSE, kaspersky etc. have very low footprints, to the point of it not being worth your time to track this.
there are no AV subscription fees
MSE is free. MSE is being built into Win8 for free. Your original comment was "who cares". Apparently you do. Now do you begin to see why your comment was so fucking annoying? It added nothing to the conversation -- and was misleading/FUD to boot.
and the users never have to be bothered to run any updates.
You're just living in the past here man. Auto-update. Don't bother to look again after that. Auto-update. Do you not apply the security patches on Linux or OS-X? Is this different than that somehow? What logic is this?
Except for the fact that these machines can't be used to surf the Internet, they a
You keep on and on circumventing the simple fact that a virus can be contracted through an insecure service (not necessarily a part of the OS), an insecure application (not necessarily a part of the OS), and user interaction (not a part of the OS) among other methods.
That can't be correct. With Linux, for instance, a virus or a worm that infects a service or an application, perhaps through user interaction, can only succeed in infecting the rest of the OS if that service or application is running as root, which usually is not the case. In particular, normal users never have to run anything as root. Thus, when the service stops, or the user logs out, the virus or worm stops running as well. If we suspect something is wrong, the account in question can be deleted (perhaps replaced with a backup) and that would be the end of it. If Windows was anything like this secure, then we would not be having this conversation
100% wrong. The whole point of a security flaw is that you can exploit it to do something you were not supposed to be able to. See the latest Linux advisories here. Don't bother looking at the whole list -- just skim through the ones at the top intended for Debian. In the descriptions do you see the words "execution of arbitrary code", "privilege escalation", etc.? As the name suggests, the first type of flaw allows you to run any code you want (but in the context of the process you compromised). The second type gets you root. The combination means you own the box. This is true for all OSes. These flaws exist everywhere. Nothing is intrinsically secure or insecure. People write exploits for these flaws on Windows. They don't do it for Linux.
What do you think of ASLR / DEP / sandboxing/ Authenticode signing / etc are?
Linux doesn't have any of those features; they're not necessary (you're not really familiar with Linux, are you?). Only Windows seems to has them, and apparently they can be circumvented.
Unbelievable.
- ASLR and DEP do exist in Linux. It's your first line of defense against buffer overruns.
- Sandboxing does exist in Linux as well.
- Code signing does exist in Linux (that's not the full story on code-signing in Linux, but it'll do for the purpose of this conversation).
Did you just ask me if I'm familiar with Linux??? How can you be so wrong, about such basic things, and yet argue so much? This is unbearable. The worst part is that you're talking out of both sides of your mouth by first claiming that Linux is intrinsically secure, and then boldly stating that it does not have extremely key security measures that are expected at the kernel level.
We would not be running those machines if it were not for the X-ray scanners
Finally some context. As I asked many many posts ago (see the comment RE cash registers) what was the point of this example then? These are obviously fixed-function machines. It's like arguing with an indolent child...
Then you must be running a faster machine and/or more efficient AV software.
No to the speed thing. I use what my company provides. I do recommend 'efficient' AV software regardless. If you're running some piece-of-crap AV why give Windows shit about it?
Also, users have to remember to keep paying for their AV subscription fees
MSE is fee. MSE will be built in to Win8 for free. That was the point of TFA, to which you replied "who cares". Answer: obviously, you do.
You're confusing security and obscurity here. The net effect is the same tho
100% wrong...
Yes, in principle that sort of thing is true for any OS: vulnerabilities are being found in applications all the time, but at least with FOSS they are fixed quickly, sometimes within hours of discovery.
That blanket statement that is simply not true. A security researcher who finds a flaw sometimes makes a binary patch available along with their disclosure. Applying such patches is risky because they are untested, and lack peer review, and the researcher might lack insight into the design of the software they're patching. Speed of deployment depends on whether the flaw is found in an app or service or the kernel (it affects the amount of vetting required). If you're running a stock kernel (eg. ubuntu and many other distros do that) you need to wait for a patch from canonical -- mainline's patch won't work. Etc. etc. etc.
Okay, you got me on that one. I stand corrected. However, it looks like Linux has had ASLR and DEP for longer than Windows (not vice versa) and it seems there is little interest in using sandboxing with Linux.
My dear friend, this is why you can never trust the synopsis -- the devil is truly in the details. There are ASLR implementations, that are wholly ineffective, moderately effective, and extremely effective. There are ASLR/DEP implementations that ship with the OS from scratch and there are versions that got shoe-horned in later with Service Packs. So the exact date depends on how you count. Suffice it to say that both have ASLR, and that's a good thing for everyone. ASLR is a very big deal btw. Let me know if you're curious as to why.
In general, Code signing doesn't appear to be worth bragging about.
Code signing is so incredibly important it isn't even funny. Let's say you received an update notification for some kernel module, and now you applied the update. Without code-signing, that very act might have compromised your system. Let me explain: This update went through many hands before it got to you:
1. the vendor/person that created the update (how do you know this person is trustworthy and will not put something nefarious like a keylogger in the patch?)
2. the repository it was updated to (how do you know this repostory was not hacked, and this patch was not compromised before you downloaded it?)
3. the mirror for that repository (how do you know this mirror was not hacked, and this patch was not compromised before you downloaded it?)
4. your package manager s/w downloaded the patch from the mirror (how do you know actually hit the mirror, as opposed to a spoof that supplied you with a nefarious patch?)
5. finally made it to your machine, and continues to live on your machine (how do you know that *after* you applied the patch and used it many times, it was not compromised by some malware?)
Answer to all of this is code-signing! By verifying the signature, we can trace the person that created the patch. Therefore the creator can be made accountable for putting malware in it. By verifying the signature, we also verify that since the patch was created and signed by the creator it has not been altered (aka compromised) -- which guards against 2, 3, and 4. For point 4, if you're loading a module and you verify the signature everytime, then you know if it got compromised after the fact (after you applied it to your machine). This can be a critical step -- kernel integrity is a huge deal -- even if the rest of your system gets compromised, as long as your kernel is good you might still have a chance to recover. By verifying the integrity of every kernel module you load, you make sure your kernel's integrity is intact. This is still not the whole story on code-signing -- but hopefully you're getting the picture. None of this is science fiction btw. This shit actually happens. Don't let that link worry you though. As I me