Microsoft Plans To Sell Anti-Virus Software 830
EvilCowzGoMoo writes "From the makers of our favorite OS comes: Anti-Virus! Yes you heard me right. According to an article on Reuters.com Microsoft is developing its own brand of anti-virus software. Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash (chief of Microsoft's security business unit) said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows. My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?"
Business Lesson 101 (Score:5, Insightful)
It just goes to show you that business isn't about who's right or who's wrong but who can make it sound good.
Integrated AV (Score:4, Insightful)
It would make the net a safer place for the rest of us if they did so...
Extortion? (Score:4, Insightful)
Sounds like extortion [webster.com] to me.
They make a buggy OS with holes for viruses, and then require consumers to purchase their own AntiVirus to patch them. This removes motivation for producing a secure operating system because the worse their OS software, the more people will buy their AntiVirus product.
It seems like they're trying to figure out a way to charge for bugfixes and incremental updates to their security model, but instead of just selling those fixes like Apple (10.0, 10.1, 10.2--which I understand also have lots of new features), this model actually discourages production of good product in the first place.
Basically, the question must be asked: If they have the capability to provide such a product which tacks onto Windows, why can't they just incorporate it into Windows and make it part of the OS?
They did this already (Score:5, Insightful)
What has changed since then to make them want to get back in the game?
"Anti-virus program as a separate product from Win (Score:5, Insightful)
Whew.. OK, I got that out. Mark me as flamebait or troll if you want, but this should be integrated with Windows. Of course, not everyone will agree, but hear me out first. First, let's put aside the comments that they should build more secure software and that they should be more focused on security than features. The problem is that it's already created and we have to deal with what we (and the 95% of others using Windows) have and not what should have been. The reason why it should be integrated is because if it's being developed by Microsoft, for their own OS, you would imagine that they might have a small niche into what these viruses are going to do and how they would affect the OS. They created the OS, they know the code behind it, and could possibly help prevent more of the "stupid" users who open the email with the "cute" bears. Let's also assume that the AV software was well built with a few minor security bugs that are easily fixable (I said ASSUME :)).
Since Windows has reached market saturation, we really do have to think about the people outside of /. that are not as informed as us. They don't know about certain viruses or worms unless it's on CNN and they are ones to infrequently update the OS (and AV definition files) because they don't see anything wrong with the way it's running now. Virus protection needs to be something that's seamless to these users because they just don't know any better.
*Awaiting flame responses....*
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
Re:A part of the OS (Score:5, Insightful)
Too easy to say this (Score:5, Insightful)
Will the projected earnings from AV division affect security choices?
Off the top of my head... (Score:3, Insightful)
That's off the top of my head, the best way to post on Slashdot
Seperate, until... (Score:5, Insightful)
They'll keep it seperate alright... until it's been out for a while and they don't gain any market share away from competitors. Then it'll be silently built in. There, but not enabled. Then it will be enabled by default, but with the ability to disable it. Then it will be so "tightly integrated" with the OS that you can't turn it off or your computer "will not operate properly"!
Hey, it could happen... and has with previous products.
Re:A part of the OS (Score:4, Insightful)
There, is that clearer?
Isn't that a conflict of interest? (Score:2, Insightful)
Re:the illusive second step (Score:5, Insightful)
Reminds me of the Dilbert with the bonus for finding bugs and the comment is "I'm gonna write myself a minivan!"
Re:Bonus karma (Score:3, Insightful)
you say this as a joke, but seriously there are going to be some losers out there who will attempt to find, and exploit vulnerabilities in their AV app.
i think MS is making a big mistake and should leave the virus software to 3rd party developers.
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
> intercept attempts by something like Outlook to
> execute arbitrary files.
Yes, because that's such a major improvement over just fixing Outlook itself.
The only AV software that Windows needs is Microsoft to stop making so many bloody ways to infect the system.
Re:paranoia mode enabled. (Score:3, Insightful)
You mean like they don't already purposefully allow holes to exist in the OS?
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
That works until everybody cries "anti-trust!" Damned if they do, damned if they don't. There's a lot of lightening up that needs to happen.
Re:Perhaps It Belongs in the OS (Score:4, Insightful)
Pressure for updating AV software (Score:3, Insightful)
My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?"
... Because there's a lot more pressure to keep AV software updated as fast as possible. If a user is not happy with the way Norton manages their AV updates, they can switch to McAfee with little inconvenience. But Microsoft is under no direct threat if they wait an extra day, delaying an OS patch, since switching operating systems is a much more serious undertaking.
Microsoft clearly has the resources together to put together a good product- look at Office, for example. They're not idiots, and I'm sure they realize the urgency of issuing timely AV updates. If they made that one of their priorities, they could probably do a very good job at it.
Re:"Anti-virus program as a separate product from (Score:3, Insightful)
Re:Extortion? (Score:2, Insightful)
Re:paranoia mode enabled. (Score:1, Insightful)
Perfect example. The Windows versions of WP that came out during "the great conflict" with Word were terrible. They also broke most/all of the old methods, which made it much easier to switch to something else. Like....Word. Shitty products getting beaten out by solid product by MS? The horror!
NAV sucks ass. It deserves to be trounced - if it's by MS, so be it.
And yes, you are paranoid. MS patches holes in a timely manner (better than Apple, as we saw recently for gaping holes), just that people don't patch. They've done about everything they can short of forcing updates, which can break software, so it's good they stopped where they did.
Re:Extortion? (Score:3, Insightful)
Are you serious? If MS did that, the anti-virus companies would cry "anti-trust!" You all demand better security from Microsoft, they try to provide it, and the pitchforks come out.
Re:This is actually a good thing (Score:3, Insightful)
It won't help much. If you look at the infection pattern of recent viruses and worms, there's an initial growth period, where most of the infections happen, followed by an exponential decay, as antivirus programs are updated and systems are cleaned out.
The initial growth is usually 24 to 72 hours, during which time the virus is too new for antivirus systems to detect. Where including an antivirus program with Windows will help is the decay period: forced updates will reduce the amount of time infected systems spend spewing out garbage.
Re:Perhaps It Belongs in the OS (Score:1, Insightful)
Not if you designed your fucking software right, so you had to do something more than just "duuh, double-click it" to execute arbitrary code that someone just mailed you. That won't stop fucktards installing this great new screensaver, but it will stop the mindless clickers, which is most of the battle.
free? (Score:2, Insightful)
1. Make it free
2. Have everybody drop their current AntiVirus and move to Microsoft
3. Have Microsoft later on integrate it to the OS
4. Microsoft will have the monopoloy on AntiVirus industry
Not saying it will happen, but hey, it could...
Yea, lots of faith in Microsoft's security (Score:2, Insightful)
wow. (Score:3, Insightful)
Re:You need to read more. (Score:2, Insightful)
Yeah? And how exactly?
"But when Microsoft SPECIFICALLY refers to killing another company's market by leveraging their monopoly, THAT is the problem."
If they could do that, then they'd have more than 3 apps that held monopoly status. Frontpage? Nope. IIS? Nope. Exchange? Nope. Media Player? Nope. Gee, I guess their monopoly isn't all that strong unless people actually want their stuff?
Just wait... (Score:5, Insightful)
It's just a little scary that a company that is responsible for almost all viruses and worms is now going to benefit financially from such failure to secure their product. They're marketing their shortcomings to you as a new product! What will they think of next?
Re:Seperate, until... (Score:2, Insightful)
Re:Business Lesson 101 (Score:1, Insightful)
Listen assholes, Microsoft is patching things fine. You're just not RUNNING the patches! It's like getting shot with an arrow and blaming your blacksmith, when you were the one who didn't raise your shield up to avoid the barrage!
I think if Microsoft releases their AV software for FREE, it'd be a great boon to the community. It could be a good way to help those hold outs who still wait a couple of weeks (or months) before INSTALLING the latest patch "just in case" and who are then surprised when they get fucked by a virus. And then proceed to wail about in on Slashdot. But it they try charging for it, they do institute a big conflict of interest, and to be honest I'd be unlikely to buy it.
Before getting your panties (Score:2, Insightful)
The current batch of mail worms making the rounds require the user to actually unzip a password protected executable and run it manually.
Password protected. The password is included in the badly written email message body.
And yet I can't believe how many of these I get every day, from people who were stupid enough to unzip the file and run it.
That is a "hole for viruses" you can drive a truck through, and you're probably never, ever going to patch, because it cannot be patched.
You can get "infected" (because I wouldn't really call it that) regardless of what mail client or operating system you're using. In fact, most worms require user intervention.
Why aren't they incorporating it into Windows? That's ridiculous. If they did they'd be accused of choking the AV vendors using anti-competitive tactics, and if they don't they'll be accused of everything from extortion to incompetence. It doesn't matter.
People will continue to get infected because they are ignorant. Not stupid - just ignorant.
And then one day Linux will be the dominant desktop OS and there will be a worm that requires the user to untar and chmod +x on a bash script (yay monoculture) called "NAKED PICS", which will delete ~/ or turn the box into a spam generator zombie or exploit some vendor-introduced vulnerability that has a big enough user base, and people will actually get infected with it. But of course it will be their fault, not the software's.
No AV can fix this problem. This is ultimately a PR move by Microsoft. If they have a way to say "hey, we have free AV and you didn't use it" they'll close the final gap. They can patch RPC vulnerabilities 2 months before a live exploit all they want but they can't cure ignorance.
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
Plus it seems odd to make somebody pay more money to overcome some limitations in the original product, kind of like saying "here we sold you a crappy OS, pay us money and we'll protect you from our mistakes! errrrmmmm, but no guarantes, if our anti-virus software doesn't work you can't sue us")
Of course, there is only so much any OS can do from protecting users from being stupid, and I guess that is what the anti-virus software does. But if the anti-virus software can protect customers from being stupid, couldn't the OS too? (thus negating the previous argument of "there is only so much any OS can do from protecting the users from being stupid")
I don't know if bundling the Anti-Virus software would be any better, then you get anti-trust concerns. Plus I think it is extremely important to have multiple Anti-Virus software vendors, if there is only one Anti-Software program (which is what would happen if MS bundled the program with the OS), then it would be a lot easier for virus writers to figure out how to bypass the safe-guards.
Well, those are my rambling thoughts. In conclusion, I guess I think MS should stay out of the anti-virus software market. Maybe they should concentrate on putting better hooks into the OS so that other software vendors could to their jobs better; or better yet, just make the damned OS more secure.
Re:They use dto didn't they? (Score:3, Insightful)
Re:Bonus karma (Score:4, Insightful)
Their goal is the same goal as any monopolist: makeing you completely dependent on them so that it's more difficult to switch to a competing product. Once you understand that you can begin to understand the rest of their actions.
MSAV (Score:3, Insightful)
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
Unfortunately there isn't a program to stop the user being stupid.
True enough. But then it is easier to modify applications and their design than it is to modify human beings and their design (well, at least for now...)
Sometimes products are distributed that haven't been thought out well enough to consider the stupid user problem.
In this case, "convenient features" about Outlook running attachments is colliding with user stupidity, gullibility, etc. [It's like stories of "free baseball night" at the ballgame - "fans" started to throw their free gifts onto the field when play got boring. Somebody wasn't thinking far enough ahead.]
While Outlooks ubiquity might exacerbate the problems that Outlook users experience, other mail clients do not seem to have as many problems as Outlook does and certainly not as widespread an impact.
Careful product design can mitigate the unavoidable problems of "stupid users in a cruel world".
Meh (Score:5, Insightful)
I mean, the only OS which viruses are a major threat is windows.. and now they're going to sell AV software? That just takes the piss in my opinion.
"Hey Bill, we can't possibly fight off all these viruses, surely we'll start losing customers at some point", "Hey, I know! lets sell some Antivirus software, that way we make yet more money and we can get away with releasing patches at an even slower rate, and we get away with terrible programming"...
Re:Other news... (Score:5, Insightful)
Former Oil Company Halliburton executive, now US Vice President lobbies to start a destabilizing war causing oil markets to fluctuate.
Extremely Wealthy President pushes through tax cuts which disproportionately reward the extremely wealthy.
. . . ah, screw it. I could go on all day about these two, but I just don't have the heart anymore.
Re:A part of the OS (Score:2, Insightful)
Re:Extortion? (Score:3, Insightful)
With any product, if the original manufacturer knows of a serious design flaw that will cause their product to cease functioning, they should fix it. By Microsoft creating AntiVirus software, they are admitting that they have the technology to make their product function properly (securely), but they are going to continue, purposefully, to sell a defective product, so that they can then sell you the fix at an additional price. It's seriously outrageous.
TCO (Score:3, Insightful)
Microsoft themselves making AV software is tantamount to admitting that it is pretty much a requirement that you have AV software in order to run any Windows machine (I know I, and most other systems administrators wouldn't considering running Windows without it). At current market prices for Norton/McAfee, that adds about $40 for the first year (license plus 1 year virus signature updates) + $20/yr afterwards (for virus signature updates). Due to the mfr dropping support, you have to pay $40 every couple of years for a new version also. Admittedly you can get site licenses and buy licenses in bulk which reduces the cost.
Re:A new wind? (Score:3, Insightful)
Microsoft has a ridiculously high Price/Earnings ratio. They have to "grow" or their stock price goes down. Anti-Virus software represents one of the very few significant software niches that Microsoft doesn't already dominate.
Microsoft's Anti-Virus moves aren't about security, they are about economics. Microsoft is simply doing what it has always done. Microsoft lets its competitors find out the profitable software niches, and then Microsoft uses its cash hoard to buy themselves a seat at the table. Once Microsoft is in the game they use their influence with the major OEMs to make sure that their product is preloaded on quadzillions of machines. Eventually Microsoft's product becomes the de-facto standard, and an army of MCSEs begin spending their time and effort rooting out the last vestiges of the "non-standard" or "legacy" applications.
On the plus side Microsoft's Anti-Virus software is likely to be less expensive than the competition. So it will probably be a net win for consumers.
Customer demand (Score:3, Insightful)
Re:Perhaps It Belongs in the OS (Score:2, Insightful)
Re:Well, since you asked.... (Score:4, Insightful)
No just try not to be sycophant for a corporation. Especially if that corporation doesn't give a shit about you, your life, your family, your freedom, your health or any other aspect of your life.
Why waste your time and energy defending a giant rich corporation from slashdoters? What's in it for you? Why not go to a forum where people discuss washers and defend maytag. Maytag is a corporation too and I bet they need your help just as much as Microsoft does.
User level virus (Score:5, Insightful)
And if they are running a Unix variant that attachment will only run at user level. No low level system modification can be made, so you can then log in as another user (or root) and delete said infected files which should all be in their home dir and not mixed in with 10000 .dll files. They should also have to make a little extra effort to get it to run in the first place, which will discourage some percentage of them too.
Re:Meh (Score:4, Insightful)
Re:Business Lesson 101 (Score:5, Insightful)
- "Microsoft issued a software patch, MS03-032, on Aug. 20 that was supposed to fix the problem. However, that patch failed to close the hole on Windows machines running Internet Explorer Versions 5.01, 5.5 or 6.0.
On Sept. 8, Microsoft acknowledged problems with the MS03-032 patch and promised to issue a fix as soon as possible. Since that time, no changes have been made to the MS03-032 patch. In the succeeding weeks, hackers moved quickly to take advantage of the company's slow response." ( Computerworld.com [computerworld.com] )
- "Two vulnerabilities have been reported in Internet Explorer, which in combination with other known issues can be exploited by malicious people to compromise a user's system.
1) A variant of the "Location:" local resource access vulnerability can be exploited via a specially crafted URL in the "Location:" HTTP header to open local files.
2) A cross-zone scripting error can be exploited to execute files in the "Local Machine" security zone.
Secunia has confirmed the vulnerabilities in a fully patched system with Internet Explorer 6.0. It has been reported that the preliminary SP2 prevents exploitation by denying access.
Successful exploitation requires that a user can be tricked into following a link or view a malicious HTML document.
NOTE: The vulnerabilities are actively being exploited in the wild to install adware on users' systems." ( Secunia [secunia.com] )
- "The flaw, which is different from RPC DCOM flaw that spawned the Blaster and Nachi worms, makes Windows XP and 2000 servers vulnerable to denial-of-service attacks because of a multi-threaded race condition that exists. A remote attacker could crash the RPC service simply by sending multiple RPC requests. The vulnerability occurs if two threads process the same request, thereby corrupting memory.
Microsoft still has not released a patch for the flaw, leaving nearly every Windows XP and 2000 system exposed to potential exploits. Microsoft may, however, be preparing an all-encompassing RPC patch that would address this issue and previous flaws surrounding the network service, said Gerhard Eschelbeck, chief technology officer with Qualys Inc., at RSA Conference 2004. RPC is a protocol that one program can use to request a service from another program located elsewhere on a network." - ( searchsecurity.com [techtarget.com] )
- "Attackers are taking advantage of a security hole in Internet Explorer not immediately patched by Microsoft
Security experts have warned that a vulnerability that has apparently been left un-patched by Microsoft is being exploited by attackers "in the wild".
The "object type" vulnerability, which was first acknowledged publicly by Microsoft on 20 August this year, allows an attacker to take control of a system by embedding malicious code in a Web-page. If the Web page is viewed by an Internet Explorer browser - even a fully patched browser - the malicious code embedded in the Web-page will execute, experts say. Despite Microsoft acknowledging the patch doesn't work, it evidently has not yet issued a working fix for the vulnerability.
US-based information security company iDefense released a statement over the weekend claiming the vulnerability is being actively exploited "in the wild".
"Whether you are patched or not, attackers can execute code on your computer at will when you visit a hostile website when using vulnerable versions of Internet Explorer," the statement read.
The relevant Microsoft bulletin was issued on 20 August and last updated on 8 September." - ( ZDnet [zdnet.co.uk] - but then again, you didn't say "...after
Re:Well, since you asked.... (Score:3, Insightful)
No. I am simply pointing out that other corporations need defending too. Why limit yourself to shilling for just one corporation? Isn't it more rewarding to shill for lots of corporation in lots of different industries?
I don't think it's fair that you only defend Microsoft. Lots of people hate Ford, GE, Coors, Maytag, Monsanto etc. I am asking you to defend all of these poor helpless corporations against the mean and vicious public.
"you're not well enough informed on the matter to justify hating MS?"
I don't need justification to hate a corporation. They are not human beings. They are soul-less immortal beings. When I was growing up I was told that coul-less immortal beings were devils and demons. I think maybe that was the truth.
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
The problem with this is that people are too used to clicking yes when asked and will do so here as well.
The only solution is to not allow it at all and to have people take very conscious and specific actuions (which preferably also demand knowing what they are doing before even being possible)
Inserting another click is not a solution. Requiring the user to think does go a long way to solving this.
Thunderbird at least requires you to save it to disk and run it outside thunderbird if it doesn't have a handler defined for a file. It wont allow you to run a random program with the file or run the file itself.
Re:Perhaps It Belongs in the OS (Score:3, Insightful)
In itself there is nothing wrong with that.
What is wrong is:
1. Using their monopoly in operating systems to give themself a technical advantage.
2. Using their operating system monopoly to give themselves a market advantage (by for example bundling it with their OS)
Why?
Because both result in it being impossible to compete with them, and as a result prevent competition. It is called anti-competitive behavior, and it is illegal if you have a monopoly already. Not having that illegal would mean allowing mega-corporations that determien every aspect of life and that are unchallangable.
So, while they may enter other markets, they may only do so without using their OS monopoly.
No Need to fix the OS no more (Score:2, Insightful)
What I see as the major issue with Microsoft selling Anti-Virus Software is not them trying to press their monopoly, but that it creates a conflict of interest
The economic viability of antivirus software depends on a virus checker being able to stop a virus and, more importantly, there being a virus in the first place. Basically, I don't like the idea that IE, having contracted a severe case of malware, is essentially going to be earning the boys at redmond money.
Course, i could be wrong.
Re:Perhaps It Belongs in the OS (Score:4, Insightful)
Not quite correct. In recent versions of Outlook, executable attachments cannot be opened or saved without messing with the registry. There is nowhere in the configuration interface to alter this behaviour. While I personally find this extremely irritating, I can understand why Microsoft has done it. Much of the bad publicity they get regarding security is caused by users not taking proper measures to protect themselves.
Yes, there are security vulnerabilities in Microsoft's products, but there are also many vulnerabilities in various versions of Samba, OpenSSH, Bind, Sendmail, and many other software packages that are installed on Linux systems. Open Source evangelists seem to have no problem spreading their own FUD about Microsoft software when it comes to security. Take the quote from this article as an example:
My only question is: If they can't seem to patch their OS fast enough, what makes them think they can keep their AV software up to date?
Microsoft does patch their OS quickly. The only problem is that many many people don't install the patches they provide. The vulnerability that CodeRed exploited was patched three months before the worm was released. The only reason it caused so many issues was because of incompetent Windows sysadmins.
Linux is no more secure than Windows. I'm sure if you added up all the vulnerabilities in Windows 2000 and compared them to a list of vulnerabilities in all the software on a standard Linux distribution of the same age, Linux would have at least as many as Windows. The only reason Linux doesn't have the same bad reputation as Windows in terms of security is because there are many less Internet-facing Linux machines around, and the owners of the existing Linux machines are, in general, more competent than those of the Windows PCs. As Linux becomes a more accepted desktop OS, there will be worms attacking Linux machines, and its "secure" reputation will dissolve. Make sure you're ready for it, because it's not going to be pretty.
Disclaimer: I use Linux and Windows at home. I like them both, and I feel they both have their own advantages and disadvantages. I've got no problem using Linux, Windows or DOS for a task if it's the best tool for the job.
Re:They did this already (Score:4, Insightful)
The revenues of the anti-virus companies have grown significantly. Symantec (SYMC) has FY2004 revenue of US$1,870 million. Just 5 years ago they had revenue of US$632.2 million.
A triple in revenue, above the billion dollar mark, is enough to get even Microsoft interested. They are not inclined to leave money on the table. Selling an anti-virus program, particularly with the now-popular subscription model, is an easy way to add revenue.
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
Thats helpfull, tho for what I can see, this only works for new installations. At any rate...
> Microsoft does patch their OS quickly. The only problem is that many many people don't install the patches they provide.
While we can argue about if they do patch fast enough, you are definitely right about users not installing their patches.
When comparing Microsoft today to Microsoft 5 years ago, they have made a giant leap when it comes to security. That said, none of their systems was designed to be used by multiple users simultaneously, and the results of that are still deeply embedded in their designs.
> Linux is no more secure than Windows. I'm sure if you added up all the vulnerabilities in Windows 2000 and compared them to a list of vulnerabilities in all the software on a standard Linux distribution of the same age, Linux would have at least as many as Windows. The only reason Linux doesn't have the same bad reputation as Windows in terms of security is because there are many less Internet-facing Linux machines around,
First of all, I'd like to see some statistics on that because I strongly doubt there are more vulnerabilities.
But regardless, your statement is not true. The first reason for Linux being more secure is a stricter seperation between what is considered kernel and what is not.
This doesn't mean Linux or any Unix variation is flawless, they have their own problems, and one of the big ones is still privilege escalation due to setuid binaries/scripts.
Such bugs being exposed to remote attackers however happens a lot less often.
Because Linux and Windows mostly get used in different ways, its kinda pointless to really compare numbers anyway.
If you'd want to look at a situation where things compare a lot better, I'd look at IIS and Apache. While Apache's marketshare is bigger, IIS does have a substantial market, and in many cases they are in direct competition with eachother.
I'd really suggest looking at actually compromised machines over time for those two.
What I do know is that despite IIS having a smaller marketshare, the majority of exploit probes that I get in the logs of my webserver are IIS related.
> As Linux becomes a more accepted desktop OS, there will be worms attacking Linux machines, and its "secure" reputation will dissolve. Make sure you're ready for it, because it's not going to be pretty.
While often brought up, the marketshare argument doesn't match reality at all.
Besides the Apache/IIS example above, I suggest lookign at for example the Amiga platform.
While it has a fanatical group of followers still, and had a much larger group of followers in the late 80s and early 90s, it has never had a marketshare of any significance outside some niche markets.
Yet, viruses and malware are a substantial problem on this platform, and both had reached a maturity level that the PC equivalents took quite a few years to catch up with.
The Amiga platform also contains a few features and was surrounded by a culture that make it extremely vulnerable for particular kinds of malware, esp. bootsector infecting viruses. Disk images and disks being the primary way of exchanging software being a large factor in that.
At any rate, a platform needs to have enough users to allow any kind of succesfull virus or trojan, but beyond that popularity seems to be a minor factor, and ease of infecion seems to be a much larger factor.
Re:Perhaps It Belongs in the OS (Score:3, Insightful)
I agree with you, but where do we draw the line? I think this would be a GOOD thing to integrate into the OS at the system level. Sure there's a problem with it due to the fact that Symantec and McAfee and all of these companies sell AV software already. What if they didn't sell it yet? and MS beat them to the punch. Would it be anti-competitive for MS to embed AV software into their OS if no AV software existed yet? In this case it may be a case of taking a good, much needed idea, and putting it where it belongs, in the OS. True, in any fairness they'd probably have to buy out every AV company in existance and hire them on, which would never happen... But this is a real problem. AV works great as is, but I think it could work greater, and eliminate a major percentage of virus threats on the internet if it were built into Windows, and used to eliminate any virus threat on the system. Maybe get ad-aware in there too, heh
-matt
Re:Perhaps It Belongs in the OS (Score:1, Insightful)
No matter how smart the user, if they get hit by a virus 2 hours after it gets into the wild, and it's one which that takes advantage of some absolutely stupid programming in Outlook to auto-execute their payload upon receipt (typically occurs if the "3-line preview" is turned on, which it is by default on some versions of Office, or by manually opening the email), there's no help.
Your system is infected, it is executing the payload, and nobody outside of Microsoft is to blame. Simply opening an email should not create a world of pain for everyone in your address book, web cache, etc. It is, in a word, inexcusable.
You do realize that viruses spread in the wild for a day or more before definitions get released? Yes, I agree, there is no help for the morons who are currently infected with 6+ month old mass-email worms, but I've had to go in and clean up after this situation. Only by my refusal to use Outlook was my system spared.
It's called Windows update (Score:2, Insightful)
conflict of interest (Score:2, Insightful)
now they will want to delay patches to security holes forcing people to pay for their anti-virus software.
I've always figured if you keep windows update up to the minute, then there's no need for an AV suite..
Re:Perhaps It Belongs in the OS (Score:5, Insightful)
You meant: Outlook XP and Outlook Express XP do not let you open attachments by default.
Unfortunately, it will take several years until those versions become the "most prevalent on the internet" versions. Let's see - 2 years ago means that anyone running Office 2002 or prior is a virus-factory.
Re-post this same message in about 6 years when you can convincingly say that "Outlook" [generically] does NOT let you open attachments by default. I dare surmise that the vast majority of Outlook users are NOT running Outlook XP.
Re:Perhaps It Belongs in the OS (Score:2, Insightful)
The problem is not that they produce another product.
The problem is that they profit from the flaws and bugs in one product to sell the other!
Why patch the OS if we can delay the patch for 2 months and add a detection system in the weekly update of the anti-virus (and make a marketing campaign to raise more subscriptor to the virii info updates)...
I would think that there is some liability in there if that scenario happens.