MS To Build Antivirus Into Win8: Boon Or Monopoly?

← Back to Stories (view on slashdot.org)

MS To Build Antivirus Into Win8: Boon Or Monopoly?

Posted by Soulskill on Monday November 21, 2011 @06:36AM from the efficacy-to-be-determined dept.

jfruhlinger writes "Microsoft has quietly announced that it's planning on baking anti-virus protection right into the Windows 8 OS. Users have been criticizing Windows' insecurity for years — but of course this move is raising howls of protest from anti-virus vendors, who have built a nice business out of Windows' security holes. Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"

41 of 748 comments (clear)

Min score:

Reason:

Sort:

Anti-Trust by 0123456 · 2011-11-21 06:39 · Score: 5, Interesting

I would love to see governments attacking Microsoft for making its software too secure. That would keep me laughing for years.
1. Re:Anti-Trust by cptdondo · 2011-11-21 06:41 · Score: 5, Insightful
  
  I look at anti-virus as a compression bandage. It staunches the bleeding, but does nothing to prevent the injury....
  Maybe a more secure OS from the get-go might help? Although Win 7 seems to be a step in the right direction....
2. Re:Anti-Trust by Z00L00K · 2011-11-21 06:43 · Score: 5, Insightful
  
  And also - what kind of anti-virus will be first on the list of the malware producers to circumvent?
  Today there are many different AV solutions and it's almost impossible to evade them all, but now there will be one main target.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
3. Re:Anti-Trust by 0123456 · 2011-11-21 06:46 · Score: 5, Insightful
  
  Because there are no virus scanners, rootkit detectors, etc. for Linux, right? Oh wait there are...
  Linux virus-scanners are primarily used to detect Windows viruses on servers so the Windows machines accessing those servers don't pass their infections around.
  When was the last active Linux virus released?
4. Re:Anti-Trust by Karlt1 · 2011-11-21 06:49 · Score: 5, Insightful
  
  So how do you "secure" an OS and still allow users to run whatever they want to?
  And before you say "don't run as administrator", any app that can run with the users privileges has access to all of the users data -- which is harder to replicate than system files.
5. Re:Anti-Trust by roc97007 · 2011-11-21 06:49 · Score: 4, Funny
  
  I think that's the first time I've ever seen "Microsoft" and "too secure" in the same sentence.
  
  --
  Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
6. Re:Anti-Trust by wisnoskij · 2011-11-21 06:52 · Score: 5, Insightful
  
  This whole Microsoft witch hunt is ridiculous.
  MS does lots of things that should get people and governments mad but including necessary software is not one of them.
  First off you need a browser on OS install, and you really really should have a antivirus so that you don't get infected while searching the internet for one.
  Whats next, MS is evil for including paint and notepad?
  Or it is unfair for the game industry that solitaire is installed along with the OS?
  
  --
  Troll is not a replacement for I disagree.
7. Re:Anti-Trust by blair1q · 2011-11-21 06:54 · Score: 5, Funny
  
  You're typing into it.
8. Re:Anti-Trust by shutdown+-p+now · 2011-11-21 06:55 · Score: 5, Insightful
  
  You can't have an OS that is secure against viruses, so long as 1) it allows the user to install software, and 2) it does not provide a strict sandbox for said software.
  Linux, for example, permits viruses to be written. So does OS X. The reason why viruses do not proliferate on those systems is because they're not a particularly interesting attack target, and because (specifically in case of Linux) they are typically run by competent users who don't run random binaries off the Net.
  iOS, on the other hand, does not have viruses, because 1) all software comes from a trusted location with no way to circumvent this, and 2) software is sandboxed such that it cannot modify other binaries on the system or create new ones, even in directories otherwise writable by the user who runs the software.
  TL;DR version: the kind of security that you want is called a "walled garden". Furthermore, you're going to get just that in Win8. When there'll be the next Slashdot story on the horrors of iOS lockdown, keep that in mind.
9. Re:Anti-Trust by Karlt1 · 2011-11-21 07:00 · Score: 5, Insightful
  
  Why do applications need access to all of the user's data?
  An application doesn't "need" access to all of the user's data. But how do you prevent code that runs at the users' access level from being able to access all of the data that the user has access to? If the app developer can get users to grant access to their data (not hard to do) how can the OS prevent them without having a locked down environment?
10. Re:Anti-Trust by jgagnon · 2011-11-21 07:02 · Score: 4, Insightful
  
  How else would you do it? What if you have a file you want to open up in more than one application? In entirely plausible to have multiple processes operate on a file in series. For instance, you use a photo editor to manipulate an image. Then you insert that image into a document. Then you compress that document. Then you send that document via email. That document has been around the block through several applications. What are you supposed to do, give each application individual permissions to access the document? Is this the height of productivity?
  
  --
  Remember to maintain your supply of /facepalm oil to prevent chafing.
11. Re:Anti-Trust by vlm · 2011-11-21 07:04 · Score: 4, Insightful
  
  Linux, for example, permits viruses to be written. So does OS X. The reason why viruses do not proliferate on those systems is because they're not a particularly interesting attack target
  LOL you must be new to this "internet" thing or channeling 1995.
  
  because (specifically in case of Linux) they are typically run by competent users who don't run random binaries off the Net.... iOS, on the other hand, does not have viruses, because 1) all software comes from a trusted location with no way to circumvent this,
  The linux and ios situation are closer than you seem to think.
  I would guess than 99.999% of Debian installs have nothing but debian.org packages and perhaps a handful of nvidia drivers, multimedia repo files, and maybe some weird firmware files. All my "server" type boxes are 100% nothing but Debian packages, only my desktops and mythtv frontends have anything else.
  Make it impossible to circumvent, people get annoyed at the restriction, simply because it is a restriction, regardless if they intend to actually go beyond it. Make it really inclusive, easy to add, as open as possible, and inconvenient to avoid, and people are OK with it. Golden handcuffs, sorta.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
12. Re:Anti-Trust by gnasher719 · 2011-11-21 07:13 · Score: 4, Interesting
  
  Sandboxing on MacOS X 10.7 solves this quite reasonably. A sandboxed application can request access to all files _that the user opens_.
13. Re:Anti-Trust by gmuslera · 2011-11-21 07:13 · Score: 5, Insightful
  
  In Linux you have a "default walled garden" that is your distribution and related repositories. You can jump out the garden, but is not so trivial for the casual user and gives time to think what they are really doing.
  Still, nothing forbids you to install a .rpm/.deb that as root do evil things in your own system, if you really try and accepts all warnings, root passwords questions and install the needed certificates. There is nothing foolproof if the fool is smart enough.
14. Re:Anti-Trust by afabbro · 2011-11-21 07:15 · Score: 4, Insightful
  
  Linux, for example, permits viruses to be written. So does OS X. The reason why viruses do not proliferate on those systems is because they're not a particularly interesting attack target
  LOL you must be new to this "internet" thing or channeling 1995.
  No, he's completely right. Windows is still 90%+ of the desktop usage and so is the most interesting target for that reason alone.
  The fact that it's also historically been an easier target is gravy.
  
  --
  Advice: on VPS providers
15. Re:Anti-Trust by shutdown+-p+now · 2011-11-21 07:16 · Score: 5, Insightful
  
  I would guess than 99.999% of Debian installs have nothing but debian.org packages and perhaps a handful of nvidia drivers, multimedia repo files, and maybe some weird firmware files. All my "server" type boxes are 100% nothing but Debian packages, only my desktops and mythtv frontends have anything else.
  That's because you're not in the "casual user" category. Any sane Linux user would use his distro's package repository first and foremost, and yes, this does reduce the risk of infection down to practically zero. But, so long as you can manually install a downloaded package - and in most Linux distros you can do so by e.g. downloading an .rpm/.deb file and clicking on it (and elevating) - you have to convince non-tech-savvy users that, no, "BARELY_LEGAL_THREESOME.rpm" or "Angry_Birds_2.deb" dropping into their mailbox is really not from some mysterious but benevolent stranger, and they shouldn't try to install it.
  In short, you need to make installing software not from repositories so hard that a casual user wouldn't know how to do so, and any instruction for him would be too complicated to be follow on a whim.
16. Re:Anti-Trust by shutdown+-p+now · 2011-11-21 07:20 · Score: 4, Informative
  
  Really? So servers running Linux aren't likely to contain information such as credit card details, usernames, passwords, emails...?
  A virus would be completely useless on a server, since, by very definition, it requires an infected executable to be run on the machine to infect that machine. And people don't run random software on the servers, Linux or not.
  (virus != exploit)
  
  I thought the proliferation of viruses on Windows is simply because most Windows user accounts are administrators. Imagine what would happen if all Linux users ran as root all the time.
  It is part of the problem on XP, yes.
  Users aren't administrators in Vista/7 - they're more like sudoers in Ubuntu, in that they default to normal user permissions, but can elevate by providing their own credentials. Still, the default is that the ability to write to any random binary on the system is not there. The problem is that casual users will happily elevate explicitly if it's easy and they're convinced that they're doing the right thing.
  Also, you don't need to elevate to create binaries in user-writable directories (i.e. %home%), or to infect binaries that are already there - e.g. Chrome installs itself there, and can be infected that way.
17. Re:Anti-Trust by Mathieu+Lu · 2011-11-21 07:24 · Score: 5, Informative
  
  When was the last active Linux virus released?
  To be fair.. under Linux you do have userspace exploits that allow you to gain root, and from there install a rootkit. They tend to be really obscur and get patched quickly, but they still exist.
  So an attacker usually needs to combine, for example, a Firefox/Libreoffice/PDF/Mail/PHP exploit, userspace exploit, then rootkit. And there are tons and tons of servers out there with old versions of PHP and Linux kernel. Most of the time people discover it only because they are exploited by spammers.
18. Re:Anti-Trust by jbolden · 2011-11-21 07:27 · Score: 5, Interesting
  
  Capability computing. You don't grant applications the rights of a user. Rather an application is granted the right to do X to thing Y. So getting access to a user's file doesn't mean access to all of them. Some other problem controls granting capabilities.
  As an aside the NT kernel 3.51 had an excellent capabilities and Windows still has it. Microsoft just never made their own software, including the shell / GUI work with it.
19. Re:Anti-Trust by Dahamma · 2011-11-21 07:32 · Score: 5, Insightful
  
  He's right about the "typically run by competent users" (or in the case of embedded devices, typically built by competent engineers) but "interesting attack target"?
  Hackers and botnet owners would love to have access to the millions of always-on Linux servers (often in colos with huge bandwidth available) or the hundreds of millions of TVs, BD players, and (again, always-on) DVRs that run Linux.
20. Re:Anti-Trust by pixelpusher220 · 2011-11-21 07:33 · Score: 4, Insightful
  
  You're serious?
  
  Including a default browser is one thing. Compiling *your* browser into the innards of *your* OS tends to put the competition at a disadvantage. Not to mention opens your OS up to even more security hacks.
  
  If one could remove IE from Windows it would one thing, but you simply can't. It's baked in. Even if you remove the interface for it, the innards and all it's security issues still remain.
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
21. Re:Anti-Trust by PGGreens · 2011-11-21 07:40 · Score: 4, Insightful
  
  They already have one: Security Essentials, and it's actually pretty good. Well, for one, I doubt it's significantly worse than a commercial AV package, and two, it doesn't constantly pester me with upgrade or renewal offers/warning/persistent, annoying popups.
22. Re:Anti-Trust by Runaway1956 · 2011-11-21 07:49 · Score: 5, Insightful
  
  Personally, I don't care much about the user. I care about the system. I have no control over the user. He can delete every single file in his workspace, for all I care. He can download and run viruses intentionally, for all I care. My concern is, he doesn't compromise the system, the network, or his fellow workers. The user is responsible for his own stuff. Kinda like, the guys I work with are all responsible for their own tools, their own desks, their own housekeeping. I'm not vacuuming cookie crumbs out of their desks, but I'll make sure that the workspaces are locked after hours.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
23. Re:Anti-Trust by devent · 2011-11-21 07:50 · Score: 4, Interesting
  
  The only reason why Linux don't have viruses "in the wild" is because it is extremely difficult to write viruses for Linux that can be run or installed without user interaction.
  Sure, I can get a virus for Linux if I go to virus.com, download and run the virus. But for Windows you can get a virus with different means. Like via Email attachment, autorun from a USB-stick, via remote access (in Windows XP I get virus only because I was online).
  In Linux you have explicitly tell the system to run the file. But on Windows everything with a .exe is run. Also, many programs are run automatically for the "convenience" of the user, like autorun USB or CDs. Windows still hides the file extension from the user, so if you have a file like porn.jpg.exe Windows will show you porn.jpg.
  Also it's very easy to get rid of a virus in Linux. Just delete the infected file and replace it with the original from the package manage. In Windows you can't even delete the file because it's still in use.
  Plus the whole-system update management of the Linux distributions. I can run my updates weekly and in the background and it will update the system and all of the applications.
  
  --
  http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
24. Re:Anti-Trust by tgd · 2011-11-21 08:12 · Score: 4, Informative
  
  So how do you "secure" an OS and still allow users to run whatever they want to?
  And before you say "don't run as administrator", any app that can run with the users privileges has access to all of the users data -- which is harder to replicate than system files.
  Take a look at the metro app APIs for one way.
  The system level APIs are so locked down in the metro app sandbox that a program like Acrobat, say, that says it reads PDF files literally can't even *see* that other files exist on the filesystem, much less open them.
  You can secure things by either locking down what users can do or locking down what the code itself can do. Win8 is taking strides in the latter direction, too.
25. Re:Anti-Trust by St.Creed · 2011-11-21 08:43 · Score: 5, Insightful
  
  Too true! Capability computing has for so long been neglected but it could solve many of the current security issues.
  For instance: I would love to grant any new app the following rights:
  - interact with my screen
  - interact with folder X and subfolders (read-only) in the program location
  - interact with folder X and subfolders (read-write) in the data location
  - interact with folder X in the registry (read-write)
  For games additional rights would be:
  - interact with my graphics card directly
  - interact with my soundcard directly
  Actually, there isn't a single reason why programs shouldn't be sandboxed like that as a default, and only getting additional rights when specifically requested and granted by the OS. Combine that with transparent redirects and most programs should run okay. Sandboxie (http://www.sandboxie.com/index.php) already does it so how hard would it be for the Windows engineer to incorporate something like that into the OS?
  
  --
  Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
26. Re:Anti-Trust by hairyfeet · 2011-11-21 09:52 · Score: 4, Interesting
  
  But you seem to be missing the fundamental problem mcgrew, which is this: How do you protect the user from themselves without forcing them into an Apple style walled garden where nothing that isn't corporate approved is allowed to run? Because if given the choice i'll take dealing with AV over a walled garden, thanks ever so.
  As a guy that builds and fixes Windows every damned day I can tell you EXACTLY where the bugs are coming from, and the vast majority? INSTALLED BY THE USER. Do you think Linux would be safe from a user that would happily run anything they got from an email, complete with putting in their password and chmodding whatever the attacker told them to? of course not. here is the list of the most popular bugs i've seen this month along with the way they got in. you tell me where MSFT could have stopped any of them.
  1.-Security tool and AV 20xx variants. These get in with a classic social engineering "ZOMG U Got Teh Viruz! Run "Is_Not_Viruz_iz_Cleanerz.exe" to kill the viruz ZOMG!" 2.- Porn codec malware. Infection source? Horny users. Uses this trick "U want teh hot lezbo teenz? We GOT teh hot lezbo teen right now! Just run "Iz_not_viruz_Iz_codec.exe' to see teh hot lezbo teenz right now!" 3.- social site malware. Infection source? again social engineering "Hey its me! I found this great new site! Just click here to load "Iz_Not_Malware_Site_Iz_cool.html" right now!"
  Now in NOT A SINGLE CASE were they exploiting anything but the USER and any of these attacks could just as easily work on Mac (DNSChanger and MacDefender) or Linux (KDELook malware and infected Q3 game) by simply getting the user to go where the attacker wanted or run what the attacker wanted run. Now does this mean MSFT hasn't done dumbshit? Oh Lord No! Whomever thought XP should run as admin by default should have been publicly flogged! and IE 6 was an abomination that has made me hate IE so much to this day I refuse to allow it on a single machine I touch! I toss the links and give them both Firefox and Comodo Dragon with ABP and tell them to stay the fuck away from IE!
  But XP is two and soon to be 3 versions out of date so no point in even bringing it up, hell if it weren't for contracts with corps and government they would have already taken it out back and put it down. And since Vista MSFT has been pretty damned good about using best practices, running the users without being admins, DEP and ASLR, having low rights mode (Which neither Linux nor Mac have yet) so that drivebys are that much harder to accomplish...but in the end it all comes down to freedom. If you allow the user control over their own machine that means they have the power to fuck it up, full stop. the ONLY way I've seen that could possibly remove that vector is walled gardens and personally i don't think the loss of freedom is worth the security that an app store brings, do you?
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
27. Re:Anti-Trust by Anthony+Mouse · 2011-11-21 13:21 · Score: 4, Interesting
  
  So how do you make a file compression program that uses a Sandbox?
  Imagine gzip without the ability to read or write to the filesystem. It's still just as useful: you just type 'gzip -c file.gz' and your file gets compressed, and if gzip is broken it can't do anything other than compress the file wrong. And there is no reason why a GUI application can't be designed to work in an analogous way.
  It does mean that the world of Windows software development would look a lot different. A zip program doesn't need its own UI. All it needs is to provide an algorithm to the OS and a hook that tells the US it can put it in the 'things you can do to a file' menu. Then the zip program never gets access to the file system, the OS just feeds it data to compress on stdin and takes the compressed data from stdout.
Argh. by CannonballHead · 2011-11-21 06:41 · Score: 4, Insightful

So making an OS more secure (I know, they could get rid of security holes... but...) is also monopolistic?
To me, this is kinda like saying IrfanView should sue because MS includes Paint or Picture Viewer or whatever they include.
IE was a bit trickier, because they did their own thing with HTML and stuff and you HAD to use IE in order to view some stuff, so it was a bit nastier. But a virus detector? What are they going to do, write viruses that only their software can find... but then they wouldn't work on other OSes... so it wouldn't be much of a lock-in.
Perspectives by 4pins · 2011-11-21 06:41 · Score: 5, Insightful

The capitalist in me screams, "Anti-competitive!"
The IT guy in me exclaims, "It is about time."
The consumer in worries, "How will this impact performance?"

--
I will not mourn that which I never had to lose. - Unknown
1. Re:Perspectives by redmid17 · 2011-11-21 06:47 · Score: 5, Insightful
  
  The capitalist in me screams, "Anti-competitive!"
  The IT guy in me exclaims, "It is about time."
  The consumer in worries, "How will this impact performance?"
  Did you have the same worries when MS put a firewall in XP with Service Pack 2 in 2004?
2. Re:Perspectives by jd2112 · 2011-11-21 07:01 · Score: 4, Interesting
  
  The capitalist in me screams, "Anti-competitive!"
  The IT guy in me exclaims, "It is about time."
  The consumer in worries, "How will this impact performance?"
  Microsoft AV is among the lest resource intensive AV programs I have seen.
  
  --
  Any insufficiently advanced magic is indistinguishable from technology.
3. Re:Perspectives by tokul · 2011-11-21 07:18 · Score: 4, Funny
  
  Microsoft AV is among the lest resource intensive AV programs I have seen.
  only snake oil uses less resources.
4. Re:Perspectives by DesScorp · 2011-11-21 07:22 · Score: 4, Informative
  
  Microsoft AV is among the lest resource intensive AV programs I have seen.
  Ditto. The only AV program I've seen that tends to be eat less memory and CPU is F-prot. Even AVG is more resource intensive than MSE now. And don't get me started on Norton or McAffee.
  
  --
  Life is hard, and the world is cruel
5. Re:Perspectives by Enderandrew · 2011-11-21 07:24 · Score: 5, Insightful
  
  The reason I started using it on Windows desktops is I saw a fairly comprehensive review of 19 different popular anti-virus products.
  Security Essentials had the second lowest footprint, and the second best detection engine. And given the price (free and doesn't harass you to upgrade to a paid product) and I think it is hands down the best solution for the average user.
  You can blast Microsoft for a lot of products, but Security Essentials is pretty solid.
  
  --
  http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
6. Re:Perspectives by JGuru42 · 2011-11-21 10:32 · Score: 5, Informative
  
  I started using MSE because of a story here on Slashdot talking about a review of a large number of antivirus products and I was amazed to see people on Slashdot putting their trust in a Microsoft product.
  I've been a hater of Microsoft for a long time now thanks to all the anti-competitive and backstabbing stories I've heard but also because of using their various products. And yet now that I've been using MSE I've turned a corner and started to recommend it to friends and family.
  I casually help fix computers for people that know me, sometimes going so far as to do it all over the phone when someone lives too far to visit. At first I tended to browse through their machine looking for the troublemakers and then after finding everything I could I would install and run MSE only to watch it detect and clean 100% of the things I had found and even some I had not, like a trojan hiding in the MBR. I've watched it catch different varieties of the TDSS rootkits, clean up all manner of other nasties and only once have I seen it make a mistake, with Chrome being reported as a virus. Yet, even with that flaw Microsoft had detected the issue and it was on the "More Information" page and had been fixed later that night. Since then I've come to trust MSE to do it's job well and I've started to run it first then clean up afterwords and it hasn't let me down yet.
  If Microsoft wants to provide a built in antivirus with Win8 but allows it to be disabled to run other things, just like Windows Firewall, then I am all for it. I would do almost anything to keep people from installing the nightmares that are Norton & McAffee (and these days sadly Zone Alarm Antivirus). I've watched both those powerhouse antivirus programs completely miss fake antivirus programs that sneak through Facebook and in Nortons case it turned a simple "Safe Mode/Delete/Remove Registry Startup Command" into a three day slog that only worked when I finally got mad an uninstalled Norton from the machine.
  Microsoft might still make some majorly boneheaded decisions but providing a built in antivirus does not seem to be one of them.
Good for consistency; bad because of consistency by show+me+altoids · 2011-11-21 06:41 · Score: 5, Interesting

I think this would be a great idea as long as MS keeps it well updated and people don't rely just on it. It would immediately improve the security of the PCs of all the people who don't bother with antivirus, but it may lull others into a false sense of security and give them an incentive to not get any other antivirus which would put a target for virus writers squarely on MS's solution.

--
I feel sorry for people that don't drink, because when they get up in the morning, that's as good as they're gonna feel
Bill was right by Anonymous Coward · 2011-11-21 06:45 · Score: 5, Interesting

Bill Gates was right. Microsoft had every right to add whatever features and applications it wanted to its OSes. Look at Chrome OS, Android, Mac OS X, iOS. All have browsers and other applications "built-in". In fact, Chrome OS doesn't even allow you to use an alternate browser, while Windows always allowed this. Adding non-intrusive and automatic antivirus to Windows 8 is a step forward.
The Technologist Perspective by hellfire · 2011-11-21 06:58 · Score: 5, Insightful

The Technologist in me screams: "Spend more time making your OS secure and less time trying to band-aid it with virus protection!"

--
"All great wisdom is contained in .signature files"
Anti-competitive? by euxneks · 2011-11-21 07:41 · Score: 4, Insightful

How the hell is making your OS behave the way your customers expect anti-competitive?
What if MS made their OS inherently secure, such that it didn't need AV? Would that also make it anti-competitive? That would completely eliminate the AV software companies!
Ridiculous...

--
in girum imus nocte et consumimur igni
I have ragged on Microsoft here before... by bmo · 2011-11-21 07:41 · Score: 4, Insightful

But the sooner the anti-malware "ecosystem" disappears the better.
You should not have to purchase third party software to keep an operating system secure or from eating itself (all the snake-oil "registry cleaners" and "application uninstallers"). Such functions should be part of the OS at worst, or better yet, unnecessary.
--
BMO