MS To Build Antivirus Into Win8: Boon Or Monopoly? 748
jfruhlinger writes "Microsoft has quietly announced that it's planning on baking anti-virus protection right into the Windows 8 OS. Users have been criticizing Windows' insecurity for years — but of course this move is raising howls of protest from anti-virus vendors, who have built a nice business out of Windows' security holes. Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
Anti-Trust (Score:5, Interesting)
I would love to see governments attacking Microsoft for making its software too secure. That would keep me laughing for years.
Re:Anti-Trust (Score:5, Insightful)
I look at anti-virus as a compression bandage. It staunches the bleeding, but does nothing to prevent the injury....
Maybe a more secure OS from the get-go might help? Although Win 7 seems to be a step in the right direction....
Re:Anti-Trust (Score:5, Insightful)
Re: (Score:3, Insightful)
MAC
(and I don't mean the computers from Cupertino)
Re: (Score:3)
Re:Anti-Trust (Score:4, Informative)
Why do applications need access to all of the user's data?
Re:Anti-Trust (Score:5, Insightful)
An application doesn't "need" access to all of the user's data. But how do you prevent code that runs at the users' access level from being able to access all of the data that the user has access to? If the app developer can get users to grant access to their data (not hard to do) how can the OS prevent them without having a locked down environment?
Re:Anti-Trust (Score:5, Interesting)
Capability computing. You don't grant applications the rights of a user. Rather an application is granted the right to do X to thing Y. So getting access to a user's file doesn't mean access to all of them. Some other problem controls granting capabilities.
As an aside the NT kernel 3.51 had an excellent capabilities and Windows still has it. Microsoft just never made their own software, including the shell / GUI work with it.
Re:Anti-Trust (Score:5, Insightful)
Too true! Capability computing has for so long been neglected but it could solve many of the current security issues.
For instance: I would love to grant any new app the following rights:
- interact with my screen
- interact with folder X and subfolders (read-only) in the program location
- interact with folder X and subfolders (read-write) in the data location
- interact with folder X in the registry (read-write)
For games additional rights would be:
- interact with my graphics card directly
- interact with my soundcard directly
Actually, there isn't a single reason why programs shouldn't be sandboxed like that as a default, and only getting additional rights when specifically requested and granted by the OS. Combine that with transparent redirects and most programs should run okay. Sandboxie (http://www.sandboxie.com/index.php) already does it so how hard would it be for the Windows engineer to incorporate something like that into the OS?
Re:Anti-Trust (Score:4, Informative)
some of those features have been there since windows nt, not the full sandbox treatment but it's not like windows doesn't have those sort of features.
Re: (Score:3, Insightful)
So how do you keep the same user who downloaded malware in the first place from granting rights to the app? What if you want to use four or five different apps with the same document? iOS has one model where you send a copy of a document to another app, but who wants to do that?
Add an app to a document's ACL on drag and drop (Score:3)
What if you want to use four or five different apps with the same document?
Add those apps to the document's ACL. This can happen automatically when the document's owner drags the document onto the application's window or chooses the document from the application's file chooser.
How do you keep granny from granting unnecessary rights to the app?
The Bitfrost page that I linked explains how it makes some capabilities mutually exclusive at install time. For example, because "connect to the Internet" (P_NET) and "read entire home directory" (P_DOCUMENT_RO) are mutually exclusive, a photo viewer can't leak all your photos to the Internet. If the user wa
Re:Anti-Trust (Score:5, Insightful)
Personally, I don't care much about the user. I care about the system. I have no control over the user. He can delete every single file in his workspace, for all I care. He can download and run viruses intentionally, for all I care. My concern is, he doesn't compromise the system, the network, or his fellow workers. The user is responsible for his own stuff. Kinda like, the guys I work with are all responsible for their own tools, their own desks, their own housekeeping. I'm not vacuuming cookie crumbs out of their desks, but I'll make sure that the workspaces are locked after hours.
Re:Anti-Trust (Score:4, Informative)
Of course you can't prevent the user from intentionally or negligently infecting their own computer, just like you can't prevent them from smashing it with a sledgehammer.
But with sandboxing you can leave it up to the runtime to tell the user what the app is trying to do, and what permissions it would like granted, so that at least there much less of a chance of being "tricked". If a runtime displays a clear dialog box that says "this application wants access to all files on your hard drive. This is a dangerous permission and should only be granted if it is highly trusted" and you allow it anyway without trusting the app, you get what you deserve...
Re: (Score:3)
File compression is slowly (too slowly?) becoming part of the OS. Go the next step, include per file compression in the OS file system.
For the most part, people use compression utilities to decompress files off the Internet. (I'm guessing on that, but I feel safe in that guess.) The browser could include an decompression plugin to do it automatically. For those that would like to compress files, I would fall back on the aspect of being part of the OS itself.
The granting access part is the big question.
Re:Anti-Trust (Score:5, Interesting)
So how do you make a file compression program that uses a Sandbox?
Imagine gzip without the ability to read or write to the filesystem. It's still just as useful: you just type 'gzip -c file.gz' and your file gets compressed, and if gzip is broken it can't do anything other than compress the file wrong. And there is no reason why a GUI application can't be designed to work in an analogous way.
It does mean that the world of Windows software development would look a lot different. A zip program doesn't need its own UI. All it needs is to provide an algorithm to the OS and a hook that tells the US it can put it in the 'things you can do to a file' menu. Then the zip program never gets access to the file system, the OS just feeds it data to compress on stdin and takes the compressed data from stdout.
Re: (Score:3)
Try using Windows Phone 7.
You'll understand the hell of it when each application is restricted to it's own data space.
Re:Anti-Trust (Score:5, Insightful)
How else would you do it? What if you have a file you want to open up in more than one application? In entirely plausible to have multiple processes operate on a file in series. For instance, you use a photo editor to manipulate an image. Then you insert that image into a document. Then you compress that document. Then you send that document via email. That document has been around the block through several applications. What are you supposed to do, give each application individual permissions to access the document? Is this the height of productivity?
Re:Anti-Trust (Score:5, Interesting)
Re:Anti-Trust (Score:4, Insightful)
How did that work in Vista with UAC?
Re: (Score:3)
So how do you "secure" an OS and still allow users to run whatever they want to?
easy - you let them do what ever they want and when their not looking you reverse all the changes you don't like (aka all).. so let them do what they want - just don't keep anything.
Re:Anti-Trust (Score:5, Informative)
Take a look at the metro app APIs for one way.
The system level APIs are so locked down in the metro app sandbox that a program like Acrobat, say, that says it reads PDF files literally can't even *see* that other files exist on the filesystem, much less open them.
You can secure things by either locking down what users can do or locking down what the code itself can do. Win8 is taking strides in the latter direction, too.
Re:Anti-Trust (Score:5, Insightful)
You can't have an OS that is secure against viruses, so long as 1) it allows the user to install software, and 2) it does not provide a strict sandbox for said software.
Linux, for example, permits viruses to be written. So does OS X. The reason why viruses do not proliferate on those systems is because they're not a particularly interesting attack target, and because (specifically in case of Linux) they are typically run by competent users who don't run random binaries off the Net.
iOS, on the other hand, does not have viruses, because 1) all software comes from a trusted location with no way to circumvent this, and 2) software is sandboxed such that it cannot modify other binaries on the system or create new ones, even in directories otherwise writable by the user who runs the software.
TL;DR version: the kind of security that you want is called a "walled garden". Furthermore, you're going to get just that in Win8. When there'll be the next Slashdot story on the horrors of iOS lockdown, keep that in mind.
Re:Anti-Trust (Score:5, Insightful)
Linux, for example, permits viruses to be written. So does OS X. The reason why viruses do not proliferate on those systems is because they're not a particularly interesting attack target
LOL you must be new to this "internet" thing or channeling 1995.
because (specifically in case of Linux) they are typically run by competent users who don't run random binaries off the Net.... iOS, on the other hand, does not have viruses, because 1) all software comes from a trusted location with no way to circumvent this,
The linux and ios situation are closer than you seem to think.
I would guess than 99.999% of Debian installs have nothing but debian.org packages and perhaps a handful of nvidia drivers, multimedia repo files, and maybe some weird firmware files. All my "server" type boxes are 100% nothing but Debian packages, only my desktops and mythtv frontends have anything else.
Make it impossible to circumvent, people get annoyed at the restriction, simply because it is a restriction, regardless if they intend to actually go beyond it. Make it really inclusive, easy to add, as open as possible, and inconvenient to avoid, and people are OK with it. Golden handcuffs, sorta.
Re:Anti-Trust (Score:5, Insightful)
Linux, for example, permits viruses to be written. So does OS X. The reason why viruses do not proliferate on those systems is because they're not a particularly interesting attack target
LOL you must be new to this "internet" thing or channeling 1995.
No, he's completely right. Windows is still 90%+ of the desktop usage and so is the most interesting target for that reason alone.
The fact that it's also historically been an easier target is gravy.
Re:Anti-Trust (Score:5, Insightful)
He's right about the "typically run by competent users" (or in the case of embedded devices, typically built by competent engineers) but "interesting attack target"?
Hackers and botnet owners would love to have access to the millions of always-on Linux servers (often in colos with huge bandwidth available) or the hundreds of millions of TVs, BD players, and (again, always-on) DVRs that run Linux.
Re: (Score:3)
Servers are generally managed by someone at least half-competent- at least compared to most users' home desktops. A Linux server isn't a particularly attractive target for malware developers. In the grand scheme of things, there aren't enough of them compared to Windows laptops/desktops, and the attack method is more difficult because you shouldn't have people running code from outside the server. Even if a server did get infected with malware, it should be detected relatively quickly. In the end, it's
Re:Anti-Trust (Score:5, Insightful)
I would guess than 99.999% of Debian installs have nothing but debian.org packages and perhaps a handful of nvidia drivers, multimedia repo files, and maybe some weird firmware files. All my "server" type boxes are 100% nothing but Debian packages, only my desktops and mythtv frontends have anything else.
That's because you're not in the "casual user" category. Any sane Linux user would use his distro's package repository first and foremost, and yes, this does reduce the risk of infection down to practically zero. But, so long as you can manually install a downloaded package - and in most Linux distros you can do so by e.g. downloading an .rpm/.deb file and clicking on it (and elevating) - you have to convince non-tech-savvy users that, no, "BARELY_LEGAL_THREESOME.rpm" or "Angry_Birds_2.deb" dropping into their mailbox is really not from some mysterious but benevolent stranger, and they shouldn't try to install it.
In short, you need to make installing software not from repositories so hard that a casual user wouldn't know how to do so, and any instruction for him would be too complicated to be follow on a whim.
Re:Anti-Trust (Score:4, Interesting)
Re: (Score:3)
The harder the process is, the harder it is to motivate the user. Sure, you can send an infected binary along with a two-page instruction on how to chmod +x it, give it all the necessary permissions in SELinux from the console etc. But how many people would be willing to actually do that, even if you promise free something or porn as a reward?
Sure, there'll still probably be a few, but it'll be significantly less than when you just have to click the "Yes, I really wanna fuck myself" button.
Re:Anti-Trust (Score:5, Insightful)
In Linux you have a "default walled garden" that is your distribution and related repositories. You can jump out the garden, but is not so trivial for the casual user and gives time to think what they are really doing.
Still, nothing forbids you to install a .rpm/.deb that as root do evil things in your own system, if you really try and accepts all warnings, root passwords questions and install the needed certificates. There is nothing foolproof if the fool is smart enough.
Re:Anti-Trust (Score:4, Insightful)
A large chunk of the enterprise sector uses Linux, as do a large chunk of web servers.
There is a large and interesting attack target. Usually when they do find exploits for a LAMP stack, it is within PHP or Apache, and not the Linux kernel. So both parties are correct in that Linux does have vulnerabilities as well, but even when people are targeting Linux, it proves to be more secure on the whole than Windows.
A big part of the problem is that Unix and Unix variants have been designed for security from the beginning. They've been designed to sandbox apps, and not run everything with full rights.
Windows was designed for users to have admin rights from day 1. Even when Windows started to introduce UAC, they did so in a manner that just annoys most people into turning it off. And so many Windows applications need full rights (because of the Windows mindset that they always could before) that it is difficult to properly sandbox everything.
Windows has made great strides in security over the past 10 years, but that doesn't make it a secure OS.
Re:Anti-Trust (Score:4, Interesting)
A large chunk of the enterprise sector uses Linux, as do a large chunk of web servers.
We were talking about viruses. Viruses are useless against servers, since virus, by definition, requires that the infected program is run on the attacked box. People don't usually run random programs on servers. Windows servers don't have a virus problem, either.
A big part of the problem is that Unix and Unix variants have been designed for security from the beginning. They've been designed to sandbox apps, and not run everything with full rights.
Most Linux distros don't sandbox apps - they still run with full user permissions, so any app has access to all user data of any other app. Proper sandboxing would be creating a separate set of permissions for every app that only lets it access and write data that it actually needs - as seen in Android or SELinux.
Of course (as also seen in rooted Android), if your sandboxing has a "full privileges" option, and it only takes an explicit user approval to enable it, casual users will do so when an infected app asks for it. You basically can't trust the user on making that decision if you want security on a platform that's being used by non-tech-savvy users. That's precisely why there's all that heavy sandboxing with no opt-out on iOS.
Windows was designed for users to have admin rights from day 1. Even when Windows started to introduce UAC, they did so in a manner that just annoys most people into turning it off. And so many Windows applications need full rights (because of the Windows mindset that they always could before) that it is difficult to properly sandbox everything.
I've been using Vista since 2008, and Win7 since it came out. I have a lot of applications on my system, but none of them require full admin rights. This really is mostly in the past - it has been 5 years now that applications couldn't reasonably assume to have full admin lest they break the user, so anything that still does so is either old software that hasn't been updated in a long time, or some POS line-of-business app that's written to run on corporate PCs that all still have XP.
Re: (Score:3)
Viruses are useless against servers
Seriously? I'm not even sure where to begin with such a statement.
Most Linux distros don't sandbox apps
Novell's SLES/SLED/openSUSE line shipped with AppArmor and AppArmor profiles for popular apps. I believe they have since changed to SELinux. Red Hat/Fedora ships with a configured SELinux out of the box. Given that I was talking about Linux servers, that is the bulk of the server market. Ubuntu server doesn't have it out of the box, but that is just one of many reasons not to run Ubuntu on an enterprise server.
I've been using Vista since 2008, and Win7 since it came out. I have a lot of applications on my system, but none of them require full admin rights.
I take it you don't work in IT,
Re: (Score:3)
Seriously? I'm not even sure where to begin with such a statement.
You can begin with the definition of the virus, and note that not all malware are viruses.
Against servers, you typically use remote access exploit, followed by local elevation exploit, and then install a rootkit. Why would you even need a virus?
I take it you don't work in IT, or an enterprise environment. Proprietary apps in the enterprise sector often require extensive rights.
I work in an enterprise environment (80k people over several different countries, and many have more than one networked machine). I practically never see an elevation prompt, except for when I'm doing development works and copy freshly built binaries to Program Files
Re: (Score:3)
Most "exploits" aren't "exploiting" OS (or even software) problems.
Re:Anti-Trust (Score:5, Interesting)
The only reason why Linux don't have viruses "in the wild" is because it is extremely difficult to write viruses for Linux that can be run or installed without user interaction.
Sure, I can get a virus for Linux if I go to virus.com, download and run the virus. But for Windows you can get a virus with different means. Like via Email attachment, autorun from a USB-stick, via remote access (in Windows XP I get virus only because I was online).
In Linux you have explicitly tell the system to run the file. But on Windows everything with a .exe is run. Also, many programs are run automatically for the "convenience" of the user, like autorun USB or CDs. Windows still hides the file extension from the user, so if you have a file like porn.jpg.exe Windows will show you porn.jpg.
Also it's very easy to get rid of a virus in Linux. Just delete the infected file and replace it with the original from the package manage. In Windows you can't even delete the file because it's still in use.
Plus the whole-system update management of the Linux distributions. I can run my updates weekly and in the background and it will update the system and all of the applications.
Re: (Score:3)
You can't have an OS that is secure against viruses, so long as 1) it allows the user to install software, and 2) it does not provide a strict sandbox for said software.
You're confusing viruses with trojans. Viruses need no user intervention.
TL;DR version: the kind of security that you want is called a "walled garden".
If your walled garden is fifty miles long on each side, it's not a problem. Ever had any trouble getting a needed program from a trusted repository? Neither have I. But in Linux, I do of cour
Re:Anti-Trust (Score:5, Informative)
Really? So servers running Linux aren't likely to contain information such as credit card details, usernames, passwords, emails...?
A virus would be completely useless on a server, since, by very definition, it requires an infected executable to be run on the machine to infect that machine. And people don't run random software on the servers, Linux or not.
(virus != exploit)
I thought the proliferation of viruses on Windows is simply because most Windows user accounts are administrators. Imagine what would happen if all Linux users ran as root all the time.
It is part of the problem on XP, yes.
Users aren't administrators in Vista/7 - they're more like sudoers in Ubuntu, in that they default to normal user permissions, but can elevate by providing their own credentials. Still, the default is that the ability to write to any random binary on the system is not there. The problem is that casual users will happily elevate explicitly if it's easy and they're convinced that they're doing the right thing.
Also, you don't need to elevate to create binaries in user-writable directories (i.e. %home%), or to infect binaries that are already there - e.g. Chrome installs itself there, and can be infected that way.
Re: (Score:3)
Compare linux server infections to Windows Server infections, and you have a viable comparison. Comparing Linux desktop viruses to WIndows would be a little more fair, but not really, since youre talking 0.1% of the market and there really isnt anyone who would want to spend time writing a virus for a heavily fragmented, highly technical userbase with a tiny percentage of the market.
Windows, on the other hand, has a highly cohesive UI across its base (double-clicking an EXE will generally execute it, where
Re: (Score:3)
Re:Anti-Trust (Score:5, Insightful)
Because there are no virus scanners, rootkit detectors, etc. for Linux, right? Oh wait there are...
Linux virus-scanners are primarily used to detect Windows viruses on servers so the Windows machines accessing those servers don't pass their infections around.
When was the last active Linux virus released?
Re:Anti-Trust (Score:5, Funny)
You're typing into it.
Re:Anti-Trust (Score:5, Informative)
When was the last active Linux virus released?
To be fair.. under Linux you do have userspace exploits that allow you to gain root, and from there install a rootkit. They tend to be really obscur and get patched quickly, but they still exist.
So an attacker usually needs to combine, for example, a Firefox/Libreoffice/PDF/Mail/PHP exploit, userspace exploit, then rootkit. And there are tons and tons of servers out there with old versions of PHP and Linux kernel. Most of the time people discover it only because they are exploited by spammers.
Re: (Score:3)
A userspace exploit (let alone a Firefox/Libreoffice/PDF/Mail/PHP exploit, userspace exploit, then rootkit) is not a virus. A virus attaches itself to another program, and replicates, and spreads. Viruses are automatic and need no user intervention to do damage.
No OS is hack proof, but only two OSes have ever been prone to viruses -- DOS and Windows. And AV software isn't going to prevent you from being trojaned (any OS can be trojaned), and it won't prevent a userspace exploit.
You know, I wish Microsoft wo
Comment removed (Score:5, Interesting)
Re: (Score:3)
Re: (Score:3, Informative)
Let me educate you a little, son. A virus is a piece of code that can replicate and attach itself to another piece of code, which it uses to gain entrance into another machine. Linux (and I think Macs) is immune; they use hash tables and install repositories. And AV only works against known viruses. Brand new viruses are immune to McAffee and Norton until it's discovered and added to their tables.
A worm is a piece of code that replicates and oozes through poorly written programs to get into another machine.
Re: (Score:3)
Te definition of a virus is changing to an all-encompassing word. You can change along with the rest or you can be left behind. Arguing semantics will get you no where.
Re: (Score:3)
http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html [blogspot.com]
I want to agree with you, but can't do it.
Major outbreaks? I read of one not to long ago - - - here it is: http://blogs.computerworld.com/14723/no_more_linux_security_bragging_botnet_discovery_worry [computerworld.com]
You should have said, "Linux is more secure than Windows, and we generally don't worry to much about viruses and other trash." Left at that, your statement would have been good.
Now, don't take this the wrong way. I very strongly d
Re:Anti-Trust (Score:5, Insightful)
And also - what kind of anti-virus will be first on the list of the malware producers to circumvent?
Today there are many different AV solutions and it's almost impossible to evade them all, but now there will be one main target.
Re:Anti-Trust (Score:4, Informative)
There's no "one main target" among them. Just holes in their database. Small holes in very large databases.
Avast yesterday told me it had something like 5 million different signatures it could check. Which is both impressive and scary. That's a lot of miscreants being miscreative at a breakneck pace.
Re:Anti-Trust (Score:5, Funny)
I think that's the first time I've ever seen "Microsoft" and "too secure" in the same sentence.
Re:Anti-Trust (Score:5, Insightful)
This whole Microsoft witch hunt is ridiculous.
MS does lots of things that should get people and governments mad but including necessary software is not one of them.
First off you need a browser on OS install, and you really really should have a antivirus so that you don't get infected while searching the internet for one.
Whats next, MS is evil for including paint and notepad?
Or it is unfair for the game industry that solitaire is installed along with the OS?
Re: (Score:3)
MS is evil for including paint and notepad?
The makers of other picture and text editors have tried to make that case.
The users of Paint and Notepad aren't all that happy, either.
Re:Anti-Trust (Score:5, Insightful)
Including a default browser is one thing. Compiling *your* browser into the innards of *your* OS tends to put the competition at a disadvantage. Not to mention opens your OS up to even more security hacks.
If one could remove IE from Windows it would one thing, but you simply can't. It's baked in. Even if you remove the interface for it, the innards and all it's security issues still remain.
Re: (Score:3)
What I find entertaining is watching Microsoft burn its remaining Wintel cohorts one by one. Who's next? Intel?
Re:Anti-Trust (Score:4, Informative)
No, it's their dime. You're in possession of it until you aren't, then it's someone else's. Most dimes they have were never yours in the first place. You negotiated your pay in full knowledge that a portion of that number would be sent straight to the government.
Now, you have a vote, and a voice, so you have a say in who will be making laws regarding the apportionment of that dime, and you can tell them how you feel about their decisions.
But, no, it is absolutely not your dime, and it probably never was.
Re:Anti-Trust (Score:4, Insightful)
Great! (Score:2)
This is awesome and MS should've done this 10 years ago.
Argh. (Score:5, Insightful)
So making an OS more secure (I know, they could get rid of security holes... but...) is also monopolistic?
To me, this is kinda like saying IrfanView should sue because MS includes Paint or Picture Viewer or whatever they include.
IE was a bit trickier, because they did their own thing with HTML and stuff and you HAD to use IE in order to view some stuff, so it was a bit nastier. But a virus detector? What are they going to do, write viruses that only their software can find... but then they wouldn't work on other OSes... so it wouldn't be much of a lock-in.
Re:Argh. (Score:4, Insightful)
To me, this is kinda like saying IrfanView should sue because MS includes Paint or Picture Viewer or whatever they include.
I would see a main difference is that you normally can't run 2 different AV software packages at the same time. It brings the machine to a screeching halt as they fight each other (and they run always in the background). Having Paint or Picture Viewer doesn't hinder IrfanView from working right. Now if MS made it easy enough to turn off their AV so you could use another package, I don't have issues with it.
Re: (Score:3)
Perspectives (Score:5, Insightful)
The capitalist in me screams, "Anti-competitive!"
The IT guy in me exclaims, "It is about time."
The consumer in worries, "How will this impact performance?"
Re:Perspectives (Score:5, Insightful)
The capitalist in me screams, "Anti-competitive!"
The IT guy in me exclaims, "It is about time."
The consumer in worries, "How will this impact performance?"
Did you have the same worries when MS put a firewall in XP with Service Pack 2 in 2004?
Re: (Score:3)
No, my worry was that they misunderstood the word "firewall" and it would set my wall on fire.
Re: (Score:3)
Sure thing, it's fe80::0011:22ff:fe04:0506.
Re: (Score:3)
The consumer in worries, "How will this impact performance?"
You can google for reviews of Microsoft Security Essentials to find out. Or (if you have a Windows box) just install it and judge for yourself.
Re:Perspectives (Score:5, Insightful)
The reason I started using it on Windows desktops is I saw a fairly comprehensive review of 19 different popular anti-virus products.
Security Essentials had the second lowest footprint, and the second best detection engine. And given the price (free and doesn't harass you to upgrade to a paid product) and I think it is hands down the best solution for the average user.
You can blast Microsoft for a lot of products, but Security Essentials is pretty solid.
Re:Perspectives (Score:5, Informative)
I started using MSE because of a story here on Slashdot talking about a review of a large number of antivirus products and I was amazed to see people on Slashdot putting their trust in a Microsoft product.
I've been a hater of Microsoft for a long time now thanks to all the anti-competitive and backstabbing stories I've heard but also because of using their various products. And yet now that I've been using MSE I've turned a corner and started to recommend it to friends and family.
I casually help fix computers for people that know me, sometimes going so far as to do it all over the phone when someone lives too far to visit. At first I tended to browse through their machine looking for the troublemakers and then after finding everything I could I would install and run MSE only to watch it detect and clean 100% of the things I had found and even some I had not, like a trojan hiding in the MBR. I've watched it catch different varieties of the TDSS rootkits, clean up all manner of other nasties and only once have I seen it make a mistake, with Chrome being reported as a virus. Yet, even with that flaw Microsoft had detected the issue and it was on the "More Information" page and had been fixed later that night. Since then I've come to trust MSE to do it's job well and I've started to run it first then clean up afterwords and it hasn't let me down yet.
If Microsoft wants to provide a built in antivirus with Win8 but allows it to be disabled to run other things, just like Windows Firewall, then I am all for it. I would do almost anything to keep people from installing the nightmares that are Norton & McAffee (and these days sadly Zone Alarm Antivirus). I've watched both those powerhouse antivirus programs completely miss fake antivirus programs that sneak through Facebook and in Nortons case it turned a simple "Safe Mode/Delete/Remove Registry Startup Command" into a three day slog that only worked when I finally got mad an uninstalled Norton from the machine.
Microsoft might still make some majorly boneheaded decisions but providing a built in antivirus does not seem to be one of them.
The Technologist Perspective (Score:5, Insightful)
The Technologist in me screams: "Spend more time making your OS secure and less time trying to band-aid it with virus protection!"
Re:Perspectives (Score:5, Interesting)
The capitalist in me screams, "Anti-competitive!"
The IT guy in me exclaims, "It is about time."
The consumer in worries, "How will this impact performance?"
Microsoft AV is among the lest resource intensive AV programs I have seen.
Re:Perspectives (Score:4, Funny)
only snake oil uses less resources.
Re:Perspectives (Score:5, Informative)
Microsoft AV is among the lest resource intensive AV programs I have seen.
Ditto. The only AV program I've seen that tends to be eat less memory and CPU is F-prot. Even AVG is more resource intensive than MSE now. And don't get me started on Norton or McAffee.
Comment removed (Score:4, Insightful)
Re:Perspectives (Score:4, Insightful)
The capitalist in me screams, "Anti-competitive!"
You do realize that all businesses successful under capitalism engage in anti-competitive behavior, right? It's called competing, ironically enough. You compete by beating down other competitors, and if you actually care at all about profits and/or actually believe you have the best product you hope you beat them dead.
I personally think the only capitalist system which won't be anti-competitive in practice and eventually miserable for the general public is one so heavily regulated it occasionally teeters on the brink of socialism. I'm also not averse to actual socialism, but I think pure capitalism was a cruel, inhumane fiction from the beginning (and now that I've said that this comment will be modded down into the depths of -1 troll/flamebait/'overrated').
You can believe in the benefits of more than one of the fundamental economic systems at once. I promise you won't die. You can even mix them together; it's usually even better that way. It's like a tasty, tasty swirl cone with both chocolate AND vanilla!
Re: (Score:3)
What sort of crazy conspiracy theory do you have twirling around in your head that makes you think Microsoft would rather block malware by using AV software than securing the OS? What makes you think Microsoft, who has the software industry's most advanced and rigorous secure software development methodology (SDL), isn't already trying to secure the OS?
Any piece of moderately complex software is going to have vulnerabilities. But the bigger problem for Microsoft is that users need to be able to run untrus
Good for consistency; bad because of consistency (Score:5, Interesting)
Depends on if it can be turned off and if its good (Score:4, Insightful)
Re: (Score:3)
it may however be the end of McAfee and Norton.
Nothing of value was lost.
Let's hope they don't just step up their attempts to bundle themselves with *everything*.
Monopoly (Score:4, Interesting)
Why on earth would Microsoft want to put the AV competition out of business? It only costs them money.
It's neither boon nor monopoly, it's acknowledging a begrudging reality that no matter how secure your OS you need AV on top and you can't rely on your users to purchase it.
I'm sure Microsoft would be more than happy for everyone to run Norton and save the development expense but... that would be like requiring your customers to buy hamburger bun separately.
Re:Monopoly (Score:4, Insightful)
That, and Norton slows down and generally screws up Windows so much that it makes Microsoft look bad. I've never found a problem that couldn't be fixed with "uninstall Norton", because the damn thing is worse then most of the viruses it supposidly stops.
The user experience matters. Microsoft limited what sound drivers could do in kernel space years ago for the same reason - Creative's drivers were so bad that they made Windows as a whole look bad.
Bill was right (Score:5, Interesting)
Bill Gates was right. Microsoft had every right to add whatever features and applications it wanted to its OSes. Look at Chrome OS, Android, Mac OS X, iOS. All have browsers and other applications "built-in". In fact, Chrome OS doesn't even allow you to use an alternate browser, while Windows always allowed this. Adding non-intrusive and automatic antivirus to Windows 8 is a step forward.
Re: (Score:3, Informative)
They aren't monopolies. Non monopolies have far fewer restrictions on their actions. What Android, iOS, OSX... do would be absolutely illegal if they were a monopoly.
Dam(n) (Score:4, Funny)
"Dam company to provide leak protection in future dams. Dam contractors angry."
Re-arranging the deckchairs on the Titanic (Score:4, Insightful)
Is this a good move by Microsoft, or a leveraging of their monopoly as bad as bundling Internet Explorer?"
If the authorities feel they should "do something" about the MS monopoly then they should force them to spin off MS Office and other business apps as a separate business, look deeply into how their Windows licensing deals with OEMs work, and require open standards for all Government contracts. Without that, arguing over whether they can bundle minor utility "x" is just inconsequential.
Modern operating systems are expected to include a pretty comprehensive suite of utilities, protocol stacks and basic applications. Monopoly or no, its getting a bit silly if OS X, iOS, Android, and the major Linux distros can bundle a web browser (or, more specifically have HTTP and HTML APIs in their OS) but Windows can't.
Antiviruses are like unofficial patches (Score:4, Interesting)
Security should not be handled by a third-party program, and equipping Windows with a builtin AV is a step in the right direction. Banning it because of antitrust claims would be ridiculous, but only a minor annoyance, those who want could still get it.
Internet Explorer (Score:3)
The problem with Internet Explorer was not the bundling. It was that:
a) Internet Explorer was integrated into things like the shell, rather than separating the browser functionality from the OS functionality.
b) Microsoft prohibited other browsers from being installed as the default.
I'd say the appropriate analogy is bundling Windows Media player.
Anti-competitive? (Score:5, Insightful)
How the hell is making your OS behave the way your customers expect anti-competitive?
What if MS made their OS inherently secure, such that it didn't need AV? Would that also make it anti-competitive? That would completely eliminate the AV software companies!
Ridiculous...
I have ragged on Microsoft here before... (Score:5, Insightful)
But the sooner the anti-malware "ecosystem" disappears the better.
You should not have to purchase third party software to keep an operating system secure or from eating itself (all the snake-oil "registry cleaners" and "application uninstallers"). Such functions should be part of the OS at worst, or better yet, unnecessary.
--
BMO
Re: (Score:3)
and force people to use a non-administrator account for applications?
Because it would break Whizzbangsoft Whizzywriter '96.
Re:what are the odds that their virus scanner work (Score:4, Informative)
Actually, from all I've heard, Microsoft's virus scanner for earlier versions of windows, works pretty darn well, comparable with the better commercial products.
So, given that they are probably going to bundle an update of this... I'd have to say from prior experience, the odds of your guess being accurate are as close to zero as I can imagine.
Re: (Score:3)
Re: (Score:3)
And while we're at it, why don't we just make cars that run on rainbows to solve our energy problems?
Most viruses in Windows today are spread either by stupid users, or flaws in third party applications (hello Flash!). As it turns out, stopping stupid users from doing stupid things an OS that isn't a locked down walled garden is really hard.
Re:Which is more secure? (Score:4, Informative)
Consideirng how those third party AV vendors were complaining back in 2006 about how MS was putting in protection against patching the kernel into Vista, I don't really think I can take what they have to say seriously.
They're not in the security business, they're in the "sell people bloatware based on fear" business.
Re: (Score:3)
My house has security screens and deadbolt doors. I guess that means I don't need a guard dog or a gun, then ?
Re: (Score:3)
The last time I asked you how long a fully patched Windows 7 machine without a firewall or AV software would last before it was compromised, you said that was immaterial -- but that is my whole point. To me, if Windows can never last long like that, that would be what I call intrinsically insecure. My idea of an intrinsically secure OS is one that, under the same circumstances, can almost always be relied upon to survive uncompromised up to the next security update. An OS like that has to be designed from the ground up with security in mind. Somehow, though, I don't think it would be accurate to describe Windows that way.
You're effectively adjusting your definition for your own convenience -- you still cannot point out a design flaw. You need to point out a design flaw/architectural flaw to say that it's intrinsically insecure.
Regarding your links:
Security-focused operating system [wikipedia.org]
This is just a random list, compiled by someone on Wikipedia. From the article itself: In our context , "Security-focused" means that the project is devoted to increasing the security as a major goal. As such, something can be secure without being "security-focused." For exampl
Re: (Score:3)
I strongly disagree. To me it is proof that Windows is inherently insecure: an OS that relies almost entirely on additional protection (firewalls, AV software) for its security.
You keep on and on circumventing the simple fact that a virus can be contracted through an insecure service (not necessarily a part of the OS), an insecure application (not necessarily a part of the OS), and user interaction (not a part of the OS) among other methods. You said Windows (which happens to be an OS) had woeful intrinsic insecurity. Your conjecture of "relies almost entirely on additional protection" is plain nonsense. What do you think of ASLR / DEP / sandboxing/ Authenticode signing / etc are?
Re: (Score:3)
You keep on and on circumventing the simple fact that a virus can be contracted through an insecure service (not necessarily a part of the OS), an insecure application (not necessarily a part of the OS), and user interaction (not a part of the OS) among other methods.
That can't be correct. With Linux, for instance, a virus or a worm that infects a service or an application, perhaps through user interaction, can only succeed in infecting the rest of the OS if that service or application is running as root, which usually is not the case. In particular, normal users never have to run anything as root. Thus, when the service stops, or the user logs out, the virus or worm stops running as well. If we suspect something is wrong, the account in question can be deleted (perhaps replaced with a backup) and that would be the end of it. If Windows was anything like this secure, then we would not be having this conversation
100% wrong. The whole point of a security flaw is that you can exploit it to do something you were not supposed to be able to. See the latest Linux advisories here [linuxsecurity.com]. Don't bother looking at the whole list -- just skim through the ones at the top intended for Debian. In the descriptions do you see the words "execution of arbitrary code", "privilege escalation", etc.? As the name suggests, the first type of flaw allows you to run any code you want (but in the context of the process you compromised). The second
Re: (Score:3)
100% wrong...
Yes, in principle that sort of thing is true for any OS: vulnerabilities are being found in applications all the time, but at least with FOSS they are fixed quickly, sometimes within hours of discovery.
That blanket statement that is simply not true. A security researcher who finds a flaw sometimes makes a binary patch available along with their disclosure. Applying such patches is risky because they are untested, and lack peer review, and the researcher might lack insight into the design of the software they're patching. Speed of deployment depends on whether the flaw is found in an app or service or the kernel (it affects the amount of vetting required). If you're running a stock kernel (eg. ubuntu and m