Microsoft Beta Includes Built-in Virus Scanner

Ethereal writes "InternetNews.com reports that Microsoft has begun beta-testing a built-in virus scanner for its Windows XP Service Pack 2 (SP2) that will be included in the final product in mid-2004. The tool is among the operating system enhancements the Redmond, Wash., company is developing as part of its Security Center initiative to rebuff viruses, worms, trojans and crackers. Microsoft will also provide free online training to help developers make the most of SP2's security features, Chairman Bill Gates said at today's RSA Security conference. It's the first time the company has offered training with a Windows service pack release."

Re:serious shit for mcafee, norton, zonealarm, etc

[funny-jack]

If there's one software industry I wouldn't shed many tears over the loss of, it's the one whose business model is to profit thanks to viruses.

Get Grisoft. [grisoft.com]

Virus scanner

[asmussen]

I've been working with beta builds of SP2 at work, and from looking at it, I am under the impression that what Microsoft is actually including is not actually a virus scanner, but rather integration with 3rd party virus scanners. The last build I tested (2077), complained that I didn't have any virus scanning software installed, and suggested that I remedy the situation. Poking around revealed that it has the capability to work with many existing virus scanning packages, and warn you when your virus definitions are out of date, and possibly even keep them up to date for you. Of course, maybe what I've seen so far is only a prelude to full blown anti-virus software from MS...

Hardly a big surprise....

[Richard_L_James]

... when it was reported last year by ZDNET [zdnet.co.uk] / news.com [com.com] / Network Fusion [nwfusion.com] / pcmag [pcmag.com]... that Microsoft were to buy a Romanian antivirus company !

Re:serious shit for mcafee, norton, zonealarm, etc

[spacefrog]

obligatory examples are netscape and winzip

The ZIP handling features in XP are licensed from WinZip. I'm sure Microsoft is by far and away Niko's best customer.

Re:Good bye Norton and Mcaffee?

[tb3]

Doubt it. Remember that Microsoft bought an eastern european anti-virus software company a few months ago.

Re:McAffee, Norton?

[OneFix at Work]

You can certainly run more than one virus scanner at a time. Some ppl that use FREE virus scanners on windoze machines use both AVG and Avast!. The only problem is that the more scanners you put on your system, the slower the system will get. So, it's certainly possible (some do it to add an extra level of security)...

Re:Hardly a big surprise....

[Anonymous Coward]

The product was RAV Antivirus. A great little product that we were using happily on our Mail server until M$ came along and bought the company and discontinued the product. No more RAV Antivirus....so long and thanks for all the fish. We were forced to migrate.

Re:Not much of a fix...

[Eponymous Cowboy]

Microsoft WAS in the antivirus business a long time ago.

Microsoft included "MSAV.EXE" [computerhope.com]--Microsoft Anti-Virus--with MS-DOS 6.0 back in the early 90's.

It was, essentially, a cut-down derivative of Central Point Antivirus, which was actually developed by a company in Israel [victoria.tc.ca], not Central Point. Central Point was purchased by Symantec in 1994, and Microsoft quietly removed MSAV from their OS's when Symantec refused to supply updates and Yisrael Radai [google.com] wrote his now famous paper outlining how it was deeply flawed.

Re:Good bye Norton and Mcaffee?

[really?]

RAV if I recall correctly. So, to most people, this is not really news.

Re:Apple has been doing it for years.

[0x0d0a]

In Apple's case, it actually hurt them, since it tended to drive away all the vendors (who happily relocated to Windows). Apple stopped developing their solution once they were happy with how well it worked, and the developers kept advancing.

I mean, I can't even count how many utilities this happened with. I can't think of a really good solution for Apple, though...

I do have to say that including a virus scanner with the OS makes more sense than almost anything else being bundled. It helps patch security holes. It makes it a bitch and a half to pirate Windows (sure, you can pirate it, but you damn well aren't getting any antivirus service -- have fun when the next wave of worms rolls around). It helps Microsoft look good -- instead of Symantec advisories coming out saying "Windows has another worm coming out, buy our AV product", Microsoft says "There was a worm released and we squashed it. Just hit Windows Update."

I'm sure that this thing can be abused and whatnot, but Microsoft could seriously get a lot of mileage out of AV software.

Note that it *is* going to be fun if MS ever fires off false positives, though -- every Windows box on Earth starts going spastic over some innocent package.

This is the second time today that I've felt that Microsoft is doing, if not the "right" thing, something better than their competitors. The world is standing on end.

Re:Oh boy

[Grayputer]

Actually MS bought a company called RAV antivirus. They had a really good Linux product that I used. Since the buy out (several months), the Linux version has been discontinued. If the engine is RAV, it was really good and the staff was good with timely updates.

Re:Monopoly considerations aside...

[IntlHarvester]

Most virus chuckers run with SYSTEM level access so that they can intercept file calls. Which basically means they can do whatever they want. Many people would probably prefer that such a low-level component was written by the OS vendor (presumably correctly), rather than a 3rd party.

As an example, some anti-virus programs even run their GUI control panels as SYSTEM, which means a local user can exploit them to gain access to the machine.

(Also, BSD firewalling might be in userspace.)

Re:serious shit for mcafee, norton, zonealarm, etc

[afidel]

Huh? NTFS has existed forever (NT 3.1 came out in 1993). Besides they liscensed the defrag code in XP from Executive Software makers of Disk Keeper, a MUCH bigger player in the defrag market then Symantec.

RAV Anti-virus

[darken9999]

This isn't really news Microsoft [microsoft.com], so they've probably been using your quote for quite some time now.

I've been using the linux version of the software [ravantivirus.com] they bought-out, and it works great.

Re:Virus scanner

[spectecjr]

But why the heck would that be useful?

Most AV software alredy does that, and more; why would it need to interface to the operating system?

Because most AV software, although they already do it, do it exceptionally poorly, causing system crashes and other problems for running applications.

If the OS defines the interface and enforces it, the AV software can do its magic in a tested environment, which Microsoft can ensure will not crash the system. If the AV software crashes, it can be isolated and the user warned, instead of it taking down the entire system with a BSOD.

Makes perfect sense.

Re:McAffee, Norton?

[afidel]

Don't DO that [aidshelpline.org.za]. I know you're joking but seriously, getting AIDS, an STD, or a child is not something to joke about.

Windows still needs third party software for DVD's

[motown]

Microsoft provides neither an MPEG2 codec nor a CSS decrypter as part of any Windows version.

In order to watch DVD's under Windows, a third party solution (such as WinDVD or PowerDVD) is still required.

Granted, when such a third party-player is installed, Windows Media Player also becomes DVD-enabled automatically, because it will immediately take advantage of the newly installed DVD-related shared libs.

So even if people solely use WMP to watch DVD's, they'll still need third-party software.

Therefore, the same anti-trust argument, as in the case of Netscape, Real and now possibly the antivirus solution providers, doesn't apply here.

The linked article is wrong...

[Aphrika]

The article linked to in the story is wrong and makes this argument slightly invalid.

Have a read of the keynote transcript [microsoft.com].

"...and from an antivirus perspective, Windows Security Center can tell me if I have virus software installed, if it's on, and if it's up to date..."

That's all it is - a console designed to bring all security features together in Windows, including any installed AV software. It is not bundled AV software, just a firewall and a console that aggregates all your settings and preferences into one location.

Re:When every user is Administrator

[RzUpAnmsCwrds]

"and provide a convenient equivalent to Unix's "su"."

You mean like right clicking and choosing "run as"?

Re:I love the smell of Antitrust Lawsuits in the m

[---s3V3n---]

Actually MS didn't license WinZIP they licensed DynaZIP from InnerMedia [innermedia.com].

Re:Bundled with the OS, for free?

[Trelane]

Close, but no cigar.

As is expected, OS updates are free, at least for Red Hat and Solaris. You can pay more and be first in the queue, along with other perks (at least, with RHN).

RHN is free, even if you didn't pay for the OS . You can pay extra for extra RHN features (web-based admin, patch tracking, etc.) and to be guaranteed access to patches even if the free servers are too loaded.

Solaris has a URL you can download patches from. It's free too.

Ummm, not thinkin' are ya?

[AzrealAO]

In order to do its job, Anti-Virus software must be able to intercept File and Memory calls; therefore it must by definition have elevated privileges.

If they have elevated/system level privileges, and they are poorly written (especially considering they're fucking around with the memory of executing programs) there is the potential for a critical failure/kernel panic/BSOD.

Re:When every user is Administrator

[Chester K]

An obvious first (and large) step would be to not have every user running with Administrator privileges. Has anyone heard of any initiative by Microsoft to change this unfortunate default?

Yes. In order to have your software Windows Logo certified, it must run correctly under a normal user account, and support "Install for this user only" and, if you're an admin, "Install for all users" options during install.

Windows Installer pretty much comes set up to enable those sorts of installations by default.

Not there in current SP2 Beta

[hoyty]

I beta tested the PC Satisfaction trial for MS which was an enhanced firewall, antivirus and backup utility. That beta has now ended with no real product in site. The latest drop of XP SP2 has no Anti-Virus in it. It does have an enhanced firewall similar to the PC Sat trial, but not all features. Not sure where they got their info, but it is wrong.

Re:A virus scanner infected with a virus

[Bull999999]

I doubt that MS will write their own AV software. For example, the backup software for 2003 server is licensed for Veritas.

Competition & Monopoly; Alcoa & U.S. Stee

[bettiwettiwoo]

Would this be a vioaltion of their anti-trust agreement? Seems like this could really put the hurt on Norton, etc.

Antitrust law does not forbid you to hurt your competitors.[*] All competition does that. In fact, that is what competition is. Given a fixed number of customers, any enterprise that tries to attract as many customers as possible necessarily hurts its competitors, who will either lose customers or not gain as many new ones as they would have otherwise. Thus, the competitors will be financially worse off than they would have been had if they had been able to lay their grubby little hands on those customers. Or at least they should be. Competition is supposed to punish inefficiencies and reward efficiency, thereby allocating scarce resources the best/most efficient way possible.

What antitrust law primarily seeks to protect is competition, not competitors. Now, it might admittedly be just a little bit hard to have the one (former) without the other (latter) and much of tension within antitrust law and the debate surrounding it centres on that particular problem: should antitrust regulate structure or behaviour?

In Alcoa[**] Justice Learned Hand stated that it was not the objective of antitrust law to punish efficient companies: in case a party has had a monopoly 'thrust upon it', its position was not unlawful. However, he went on to say:

'Nothing compelled [Alcoa] to keep doubling and redoubling its capacity before others entered the field. It insists that it never excluded competitors; but we can think of no more effective exclusion than progressively to embrace each new opportunity as it opened, and to face every newcomer with new capacity already geared into a great organization, having the advantage of experience, trade connections and the elite of personnel.'

This so-called Alcoa doctrine placed monopolies under a strict per se-rule: i.e., monopolies were prohibited as such. The issue became one of structure: does an enterprise occupy a position of monopoly (within a relevant market) or not. If yes, unless it can be proved that the company is a mere passive recipient of its monopoly position, it is unlawful.

The Alcoa doctrine was severly critized, notably by Robert Bork in his The Antitrust Paradox: A Policy At War With Itself. Justice Hand seemed to find Alcoa guilty of being nothing more than a better competitor; better at doing business; in fact, Alcoa was being punished for being more efficient. And as the criticism took hold, courts reverted back to an ante-Alcoa, U.S. Steel[#] rule of reason approach centring on the behaviour of monopolizing: simply put, intent + harm. This would appear to be the (established) law today.

Bork and the Chicago schoolers sometimes seem to go futher than that however: one sometimes gets the impression that to them, the existence of a monopoly shows nothing more and nothing less than superiority in the market place. In other words, a position of monopoly is evidence of superior efficiency; efficiency is a valid exculpatory defence as it contibutes to increased consumer welfare[##]. A lot of the defence of Microsoft's monopoly case seems to rest upon this premise. See, for instance, here [aynrand.org] and here [capmag.com]; for a more sober view, see Posner's article Antitrust in the New Economy [lls.edu], in particular, perhaps, pages 8-9.

Neo-classical economic theory and its antitrust exponents (to which Bork and the Chicago-schoolers obviously belong) are not without critics however. See, for instance, this piece [antitrustinstitute.org] by Metzenbaum and Foer in which they write:

'Antitrust remedies, [Greenspan] says, tend not to be efficient. His attitude is, if we wait long enough, dominant companies (po

Of course you know they didn't write it themselves

[goodEvans]

We used RAV Antivirus for our Qmail installation for about 3 ro 4 years. Smashing product, updated itself every hour over ftp, kept us free of iloveyou, anna kournikova, all the way up to mydoom, netsky and bagle et al, and most of all CHEAP. But, last september, they posted this message [ravantivirus.com], announcing that they would be ceasing new sales and terminating subscriptions at their next renewal because they had just been bought by Microsoft. I Immediately thought Hmmm, how long before we get Microsoft Antivirus. Looks like I was right.

So, those of you who are worried out Microsoft's programming prowess, fear not. Your PCs will be protected by a romanian team with 10 years experience.

Re:serious shit for mcafee, norton, zonealarm, etc

[sheriff_p]

You'll note that AV vendors don't tend to compete on detection - detection rates among most of the established players are pretty much identical - there's also a policy in the industry of swapping virus samples with each other immediately.

There's absolutely no financial sense for AV companies in doing this: best-case scenario is that they have to spend money to get a minute advantage that most AV vendors claim *anyway*, worst-case scenario is that the company directors get ripped away from their yachts, mansions, and BMWs to spend time in prison.

Think, before engaging fingers.

RAE Antivirus

[pixelbend]

Don't think for a second that MS coded this software themselves. They purchased RAE Antivirus about a year ago and promptly shut down their software development (I know, I use their software to do server level email scanning), but definition updates are still forthcoming. I saw this coming a long time ago.