MS To Build Antivirus Into Win8: Boon Or Monopoly? 748
jfruhlinger writes "Microsoft has quietly announced that it's planning on baking anti-virus protection right into the Windows 8 OS. Users have been criticizing Windows' insecurity for years — but of course this move is raising howls of protest from anti-virus vendors, who have built a nice business out of Windows' security holes. Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
Re:Great! (Score:2, Informative)
In DOS 6.2 there was msav...
Re:what are the odds that their virus scanner work (Score:4, Informative)
Actually, from all I've heard, Microsoft's virus scanner for earlier versions of windows, works pretty darn well, comparable with the better commercial products.
So, given that they are probably going to bundle an update of this... I'd have to say from prior experience, the odds of your guess being accurate are as close to zero as I can imagine.
Re:Anti-Trust (Score:4, Informative)
Why do applications need access to all of the user's data?
Re:Anti-Trust (Score:4, Informative)
There's no "one main target" among them. Just holes in their database. Small holes in very large databases.
Avast yesterday told me it had something like 5 million different signatures it could check. Which is both impressive and scary. That's a lot of miscreants being miscreative at a breakneck pace.
Re:Anti-Trust (Score:4, Informative)
No, it's their dime. You're in possession of it until you aren't, then it's someone else's. Most dimes they have were never yours in the first place. You negotiated your pay in full knowledge that a portion of that number would be sent straight to the government.
Now, you have a vote, and a voice, so you have a say in who will be making laws regarding the apportionment of that dime, and you can tell them how you feel about their decisions.
But, no, it is absolutely not your dime, and it probably never was.
Re:Anti-Trust (Score:2, Informative)
Devil's advocate here: What is the difference between having AV versus Os X and its malware kill ability, or in the days in the past, MSAV as part of DOS?
The end result is good for everyone. Antivirus companies won't go out of business. There is a lot of cash to be made on the enterprise scale for additional host intrusion protection, as well as reporting and monitoring of machines. Consumer level antivirus products can start sporting additional functions such as repairing NTFS filesystems and recovering deleted files. Of course, AV built into the OS can't hurt, even if it is merely a copy of MSE that is preinstalled. It means a smaller window that malware can be active before being detected and stopped.
On the legal eagle end, it makes life easier because it means that additional software does not have to be included with the machine to make it compliant for corporate network policies.
So, bundling AV is a no-brainer for MS, and makes sense. I don't see why anyone should be complaining about this. There are plenty of other things to bash MS on; them making their OS more secure isn't really one of them.
Re:Anti-Trust (Score:2, Informative)
Re:Anti-Trust (Score:5, Informative)
Really? So servers running Linux aren't likely to contain information such as credit card details, usernames, passwords, emails...?
A virus would be completely useless on a server, since, by very definition, it requires an infected executable to be run on the machine to infect that machine. And people don't run random software on the servers, Linux or not.
(virus != exploit)
I thought the proliferation of viruses on Windows is simply because most Windows user accounts are administrators. Imagine what would happen if all Linux users ran as root all the time.
It is part of the problem on XP, yes.
Users aren't administrators in Vista/7 - they're more like sudoers in Ubuntu, in that they default to normal user permissions, but can elevate by providing their own credentials. Still, the default is that the ability to write to any random binary on the system is not there. The problem is that casual users will happily elevate explicitly if it's easy and they're convinced that they're doing the right thing.
Also, you don't need to elevate to create binaries in user-writable directories (i.e. %home%), or to infect binaries that are already there - e.g. Chrome installs itself there, and can be infected that way.
Re:Perspectives (Score:5, Informative)
Microsoft AV is among the lest resource intensive AV programs I have seen.
Ditto. The only AV program I've seen that tends to be eat less memory and CPU is F-prot. Even AVG is more resource intensive than MSE now. And don't get me started on Norton or McAffee.
Re:Anti-Trust (Score:5, Informative)
When was the last active Linux virus released?
To be fair.. under Linux you do have userspace exploits that allow you to gain root, and from there install a rootkit. They tend to be really obscur and get patched quickly, but they still exist.
So an attacker usually needs to combine, for example, a Firefox/Libreoffice/PDF/Mail/PHP exploit, userspace exploit, then rootkit. And there are tons and tons of servers out there with old versions of PHP and Linux kernel. Most of the time people discover it only because they are exploited by spammers.
Re:Which is more secure? (Score:4, Informative)
Consideirng how those third party AV vendors were complaining back in 2006 about how MS was putting in protection against patching the kernel into Vista, I don't really think I can take what they have to say seriously.
They're not in the security business, they're in the "sell people bloatware based on fear" business.
Re:Bill was right (Score:3, Informative)
They aren't monopolies. Non monopolies have far fewer restrictions on their actions. What Android, iOS, OSX... do would be absolutely illegal if they were a monopoly.
Re:Anti-Trust (Score:5, Informative)
Take a look at the metro app APIs for one way.
The system level APIs are so locked down in the metro app sandbox that a program like Acrobat, say, that says it reads PDF files literally can't even *see* that other files exist on the filesystem, much less open them.
You can secure things by either locking down what users can do or locking down what the code itself can do. Win8 is taking strides in the latter direction, too.
Re:Anti-Trust (Score:4, Informative)
Of course you can't prevent the user from intentionally or negligently infecting their own computer, just like you can't prevent them from smashing it with a sledgehammer.
But with sandboxing you can leave it up to the runtime to tell the user what the app is trying to do, and what permissions it would like granted, so that at least there much less of a chance of being "tricked". If a runtime displays a clear dialog box that says "this application wants access to all files on your hard drive. This is a dangerous permission and should only be granted if it is highly trusted" and you allow it anyway without trusting the app, you get what you deserve...
Re:Nomenclature (Score:3, Informative)
Let me educate you a little, son. A virus is a piece of code that can replicate and attach itself to another piece of code, which it uses to gain entrance into another machine. Linux (and I think Macs) is immune; they use hash tables and install repositories. And AV only works against known viruses. Brand new viruses are immune to McAffee and Norton until it's discovered and added to their tables.
A worm is a piece of code that replicates and oozes through poorly written programs to get into another machine. Linux and Mac aren't completely immune; a hacker (by "hacker" I'm using the old school term that means "someone who understands the machinery and writes quick and dirty code for it, or modifies a piece of machinery to do what it wasn't designed to do) could concievably find a flaw in a program and write a worm to get in. The Morris worm was a Unix worm and almost took the internet down back in the nineties. AV is helpful against KNOWN worms, not unknown worms -- but the best defense against a worm is patching the faulty code that let the worm in, rather than AV.
A trojan is a program that tricks you into installing it, but contains code to use your acceptance to gain control. No OS is immune from trojans, either. The only trojan immunity comes from education (do NOT install a program from an untrusted source, EVER).
What you non-nerds call "hacking" we call cracking, as in "safecracking" (cracking into vaults). It is one person or a team attcking a single computer or system. No OS is immune from this. But cracking a well defended machine is difficult, writing a Windows virus is child's play.
Re:Anti-Trust (Score:4, Informative)
some of those features have been there since windows nt, not the full sandbox treatment but it's not like windows doesn't have those sort of features.
Re:Perspectives (Score:5, Informative)
I started using MSE because of a story here on Slashdot talking about a review of a large number of antivirus products and I was amazed to see people on Slashdot putting their trust in a Microsoft product.
I've been a hater of Microsoft for a long time now thanks to all the anti-competitive and backstabbing stories I've heard but also because of using their various products. And yet now that I've been using MSE I've turned a corner and started to recommend it to friends and family.
I casually help fix computers for people that know me, sometimes going so far as to do it all over the phone when someone lives too far to visit. At first I tended to browse through their machine looking for the troublemakers and then after finding everything I could I would install and run MSE only to watch it detect and clean 100% of the things I had found and even some I had not, like a trojan hiding in the MBR. I've watched it catch different varieties of the TDSS rootkits, clean up all manner of other nasties and only once have I seen it make a mistake, with Chrome being reported as a virus. Yet, even with that flaw Microsoft had detected the issue and it was on the "More Information" page and had been fixed later that night. Since then I've come to trust MSE to do it's job well and I've started to run it first then clean up afterwords and it hasn't let me down yet.
If Microsoft wants to provide a built in antivirus with Win8 but allows it to be disabled to run other things, just like Windows Firewall, then I am all for it. I would do almost anything to keep people from installing the nightmares that are Norton & McAffee (and these days sadly Zone Alarm Antivirus). I've watched both those powerhouse antivirus programs completely miss fake antivirus programs that sneak through Facebook and in Nortons case it turned a simple "Safe Mode/Delete/Remove Registry Startup Command" into a three day slog that only worked when I finally got mad an uninstalled Norton from the machine.
Microsoft might still make some majorly boneheaded decisions but providing a built in antivirus does not seem to be one of them.