MS To Build Antivirus Into Win8: Boon Or Monopoly? 748
jfruhlinger writes "Microsoft has quietly announced that it's planning on baking anti-virus protection right into the Windows 8 OS. Users have been criticizing Windows' insecurity for years — but of course this move is raising howls of protest from anti-virus vendors, who have built a nice business out of Windows' security holes. Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
Anti-Trust (Score:5, Interesting)
I would love to see governments attacking Microsoft for making its software too secure. That would keep me laughing for years.
Good for consistency; bad because of consistency (Score:5, Interesting)
Monopoly (Score:4, Interesting)
Why on earth would Microsoft want to put the AV competition out of business? It only costs them money.
It's neither boon nor monopoly, it's acknowledging a begrudging reality that no matter how secure your OS you need AV on top and you can't rely on your users to purchase it.
I'm sure Microsoft would be more than happy for everyone to run Norton and save the development expense but... that would be like requiring your customers to buy hamburger bun separately.
Bill was right (Score:5, Interesting)
Bill Gates was right. Microsoft had every right to add whatever features and applications it wanted to its OSes. Look at Chrome OS, Android, Mac OS X, iOS. All have browsers and other applications "built-in". In fact, Chrome OS doesn't even allow you to use an alternate browser, while Windows always allowed this. Adding non-intrusive and automatic antivirus to Windows 8 is a step forward.
Re:Perspectives (Score:5, Interesting)
The capitalist in me screams, "Anti-competitive!"
The IT guy in me exclaims, "It is about time."
The consumer in worries, "How will this impact performance?"
Microsoft AV is among the lest resource intensive AV programs I have seen.
Re:Anti-Trust (Score:2, Interesting)
Given that you can (or at least, for a couple years, could) jailbreak iOS by visiting a web site, I'm surprised there aren't more viruses for it. It seems a pretty wide open target, with a rather profitable victim base (they, at minimum, could drop a couple hundred or more for a cell phone).
Re:Anti-Trust (Score:5, Interesting)
Antiviruses are like unofficial patches (Score:4, Interesting)
Security should not be handled by a third-party program, and equipping Windows with a builtin AV is a step in the right direction. Banning it because of antitrust claims would be ridiculous, but only a minor annoyance, those who want could still get it.
Re:Anti-Trust (Score:4, Interesting)
A large chunk of the enterprise sector uses Linux, as do a large chunk of web servers.
We were talking about viruses. Viruses are useless against servers, since virus, by definition, requires that the infected program is run on the attacked box. People don't usually run random programs on servers. Windows servers don't have a virus problem, either.
A big part of the problem is that Unix and Unix variants have been designed for security from the beginning. They've been designed to sandbox apps, and not run everything with full rights.
Most Linux distros don't sandbox apps - they still run with full user permissions, so any app has access to all user data of any other app. Proper sandboxing would be creating a separate set of permissions for every app that only lets it access and write data that it actually needs - as seen in Android or SELinux.
Of course (as also seen in rooted Android), if your sandboxing has a "full privileges" option, and it only takes an explicit user approval to enable it, casual users will do so when an infected app asks for it. You basically can't trust the user on making that decision if you want security on a platform that's being used by non-tech-savvy users. That's precisely why there's all that heavy sandboxing with no opt-out on iOS.
Windows was designed for users to have admin rights from day 1. Even when Windows started to introduce UAC, they did so in a manner that just annoys most people into turning it off. And so many Windows applications need full rights (because of the Windows mindset that they always could before) that it is difficult to properly sandbox everything.
I've been using Vista since 2008, and Win7 since it came out. I have a lot of applications on my system, but none of them require full admin rights. This really is mostly in the past - it has been 5 years now that applications couldn't reasonably assume to have full admin lest they break the user, so anything that still does so is either old software that hasn't been updated in a long time, or some POS line-of-business app that's written to run on corporate PCs that all still have XP.
Re:Anti-Trust (Score:5, Interesting)
Capability computing. You don't grant applications the rights of a user. Rather an application is granted the right to do X to thing Y. So getting access to a user's file doesn't mean access to all of them. Some other problem controls granting capabilities.
As an aside the NT kernel 3.51 had an excellent capabilities and Windows still has it. Microsoft just never made their own software, including the shell / GUI work with it.
Re:Anti-Trust (Score:5, Interesting)
The only reason why Linux don't have viruses "in the wild" is because it is extremely difficult to write viruses for Linux that can be run or installed without user interaction.
Sure, I can get a virus for Linux if I go to virus.com, download and run the virus. But for Windows you can get a virus with different means. Like via Email attachment, autorun from a USB-stick, via remote access (in Windows XP I get virus only because I was online).
In Linux you have explicitly tell the system to run the file. But on Windows everything with a .exe is run. Also, many programs are run automatically for the "convenience" of the user, like autorun USB or CDs. Windows still hides the file extension from the user, so if you have a file like porn.jpg.exe Windows will show you porn.jpg.
Also it's very easy to get rid of a virus in Linux. Just delete the infected file and replace it with the original from the package manage. In Windows you can't even delete the file because it's still in use.
Plus the whole-system update management of the Linux distributions. I can run my updates weekly and in the background and it will update the system and all of the applications.
Re:Anti-Trust (Score:4, Interesting)
Comment removed (Score:5, Interesting)
Re:Anti-Trust (Score:5, Interesting)
So how do you make a file compression program that uses a Sandbox?
Imagine gzip without the ability to read or write to the filesystem. It's still just as useful: you just type 'gzip -c file.gz' and your file gets compressed, and if gzip is broken it can't do anything other than compress the file wrong. And there is no reason why a GUI application can't be designed to work in an analogous way.
It does mean that the world of Windows software development would look a lot different. A zip program doesn't need its own UI. All it needs is to provide an algorithm to the OS and a hook that tells the US it can put it in the 'things you can do to a file' menu. Then the zip program never gets access to the file system, the OS just feeds it data to compress on stdin and takes the compressed data from stdout.